Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Many Svchost processes running on safe mode


  • This topic is locked This topic is locked

#1
quin8484

quin8484

    Member

  • Member
  • PipPip
  • 62 posts

I have many svchosts running on safe mode like 9 (prob virus). How do I destroy them? Can't run avg on safe mode even.

 

also dllhosts pops up sometimes in task manager


Edited by quin8484, 07 November 2015 - 04:43 PM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

Multiple instances of Svchost 9 or more of them is normal behavior for windows. See link below.
http://www.howtogeek...-is-it-running/

Dllhost.exe is a safe Windows process created by Microsoft. It is used for launching other applications and services. It should be left running as it is critical to several system resources.

AVG may not scan in the normal manner in safemode, The functionality is limited to command line scan.

If you think your computer in infected, boot it back to normal mode and follow the directions below:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
quin8484

quin8484

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

ok


Edited by quin8484, 07 November 2015 - 07:58 PM.

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Don't attach logs unless asked to.

I'm posting them into the forum. I'll need time to review them.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by John (administrator) on JOHN-PC (07-11-2015 15:28:07)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Administrator)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcfgex.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3812264 2015-10-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\GoToAssist:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xFF000000
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-11-03]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-11-03]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-11-03]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-1644976545-898374883-2013635671-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1644976545-898374883-2013635671-1000] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{F736144D-018C-43C0-A310-361E18A2E25D}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CB29228C-1191-43F5-B356-E32B4C9E89D9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {211C6414-41B6-4464-AC37-A9ED9ACE021C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-08-31] (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
Toolbar: HKU\S-1-5-21-1644976545-898374883-2013635671-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40167.6152199074
DPF: HKLM-x32 {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: livecall - No CLSID Value
Handler: msnim - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838
FF DefaultSearchEngine: Google encrypted
FF DefaultSearchEngine.US: Google encrypted
FF SelectedSearchEngine: Google encrypted
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "74.221.211.12"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "74.221.211.12"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "74.221.211.12"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "201.45.252.42"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "201.45.252.42"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "201.45.252.42"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "201.45.252.42"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-09-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-09-12] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\user.js [2015-11-07]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2013-09-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013-09-12] (RealPlayer)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\searchplugins\google-encrypted.xml [2015-06-04]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-10-04]
FF Extension: Download Manager - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\[email protected] [2015-10-25] [not signed]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2015-10-25] [not signed]
FF Extension: Adblock - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\{34274bf4-1d97-a289-e984-17e546307e4f} [2015-10-25] [not signed]
FF Extension: Flash and Video Download - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-10-28]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2015-10-25] [not signed]
FF Extension: flv movies downloader - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\[email protected] [2015-05-29]
FF Extension: YouTube to MP3 - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\[email protected] [2015-05-29]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\[email protected] [2015-05-29]
FF Extension: Search by Image for Google - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-05-29]
FF Extension: Download YouTube Videos as MP4 - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-05-29]
FF Extension: Adblock Plus - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF Extension: DownThemAll! - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-27]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-25] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://www.dregol.com/?f=1&a=drg_frg01_15_30&cd=2XzuyEtN2Y1L1QzutBtD0A0AyE0B0EyByC0C0E0CzyyDyCzytN0D0Tzu0StCtBzyzztN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtAtBzytCtB0DtCtGtByBzzzytG0B0DyB0FtGtC0CzyyBtG0CtCyDtAyByDyEtC0DyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtA0DtCyDyEyC0AtGzz0FyEzytGyE0AzyyCtGzz0CyD0FtGyEyB0E0CtDyDyD0F0ByByE0A2QtN0A0LzutB&cr=931314817&ir=
CHR DefaultSearchURL: Default -> hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_frg01_15_30&cd=2XzuyEtN2Y1L1QzutBtD0A0AyE0B0EyByC0C0E0CzyyDyCzytN0D0Tzu0StCtBzyzztN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtAtBzytCtB0DtCtGtByBzzzytG0B0DyB0FtGtC0CzyyBtG0CtCyDtAyByDyEtC0DyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtA0DtCyDyEyC0AtGzz0FyEzytGyE0AzyyCtGzz0CyD0FtGyEyB0E0CtDyDyD0F0ByByE0A2QtN0A0LzutB&cr=931314817&ir=
CHR DefaultSearchKeyword: Default -> dregol.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll => No File
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-09]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (RealDownloader) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR HKLM-x32\...\Chrome\Extension: [aoandjglehcbajocflplnnioeinapolh] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-05-20] (Adobe Systems) [File not signed]
S4 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
S4 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-06-14] (AMD) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604712 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1568848 2015-09-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3792880 2015-09-30] (AVG Technologies CZ, s.r.o.)
S4 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [596344 2015-09-30] (AVG Technologies CZ, s.r.o.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1115136 2015-07-07] ()
S4 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878880 2015-05-12] (IObit)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-31] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 wxpSvc; C:\Program Files (x86)\wLite\wService.exe [3217392 2014-02-18] (Moonware Studios)
U4 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AE3000; C:\Windows\System32\DRIVERS\AE3000w764.sys [1798240 2012-10-10] (Ralink Technology Corp.)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6031872 2009-06-14] (ATI Technologies Inc.) [File not signed]
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-09-11] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [293296 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [251312 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [301488 2015-08-28] (AVG Technologies CZ, s.r.o.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-07-16] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 EterlogicVirtualSerialDriver; C:\Windows\system32\drivers\VSPE.sys [40928 2010-05-09] ()
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 hcdriver; C:\Windows\System32\DRIVERS\hcdriver.sys [73128 2013-10-11] (Intel Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-01] (REALiX™)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
S1 ISODisk; C:\Windows\SysWow64\Drivers\ISODisk.sys [9600 2006-04-25] ()
U5 KLIF; C:\Windows\System32\Drivers\KLIF.sys [626272 2014-01-26] (Kaspersky Lab ZAO)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [31024 2012-08-02] (Windows ® Win 7 DDK provider)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PGR1394b; C:\Windows\System32\DRIVERS\PGR1394.sys [88064 2008-03-14] (Point Grey Research)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
S3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [506952 2013-06-17] (Realtek Semiconductor Corporation )
R2 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2015-10-20] () [File not signed]
R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce))
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [33264 2009-04-16] (Windows ® Codename Longhorn DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-22] () [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-02] (Anchorfree Inc.)
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [44656 2014-07-08] (Shaul Eizikovich)
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [34512 2015-02-06] ()
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
U3 alkh2dea; C:\Windows\System32\Drivers\alkh2dea.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 azbtc0d4; C:\Windows\System32\Drivers\azbtc0d4.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 ALSysIO; \??\C:\Users\John\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\John\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 cpuz134; \??\C:\Users\John\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 SNPSTD3; system32\DRIVERS\snpstd3.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 15:28 - 2015-11-07 15:30 - 00034676 _____ C:\Users\John\Desktop\FRST.txt
2015-11-07 15:27 - 2015-11-07 15:28 - 00000000 ____D C:\FRST
2015-11-07 15:25 - 2015-11-07 15:26 - 02198528 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-11-07 14:17 - 2015-11-07 14:42 - 00000160 _____ C:\Windows\wininit.ini
2015-11-07 13:43 - 2015-11-02 05:16 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-11-07 13:38 - 2015-11-02 14:48 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-11-07 13:38 - 2015-11-02 14:48 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 22308472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 18361976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 17515016 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 16553376 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 15120736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 14836064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 11130672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-07 13:37 - 2015-11-02 09:10 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 02490672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435887.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435887.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00862000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00500872 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00468096 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00369456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-11-07 13:37 - 2015-11-02 09:10 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-07 13:35 - 2015-11-02 09:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-11-07 13:35 - 2015-11-02 09:10 - 37882160 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-11-07 13:35 - 2015-11-02 09:10 - 12034440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-07 13:29 - 2015-08-10 20:52 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-11-07 13:29 - 2015-08-10 20:52 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-11-07 13:28 - 2015-11-07 13:28 - 37668288 _____ (NVIDIA Corporation) C:\Users\John\Downloads\GeForce_Experience_v2.5.15.54(1).exe
2015-11-07 13:25 - 2015-11-07 13:25 - 00000000 ____D C:\Users\John\AppData\Roaming\Sun
2015-11-07 13:25 - 2015-11-07 13:25 - 00000000 ____D C:\Users\John\.oracle_jre_usage
2015-11-07 13:18 - 2015-11-07 13:18 - 00080994 _____ C:\Users\John\Downloads\index.aspx
2015-11-07 08:51 - 2015-11-07 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-07 08:51 - 2015-11-07 09:05 - 00000000 ____D C:\Users\John\AppData\Local\NVIDIA Corporation
2015-11-07 08:51 - 2015-11-07 09:05 - 00000000 ____D C:\Users\John\AppData\Local\NVIDIA
2015-11-07 08:51 - 2015-10-11 19:05 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-07 08:51 - 2015-10-11 19:05 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-07 08:51 - 2015-10-11 19:04 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-07 08:51 - 2015-10-11 19:04 - 01710752 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-07 08:50 - 2015-11-07 13:44 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-07 08:50 - 2015-11-02 09:10 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-07 08:50 - 2015-11-02 09:10 - 00105264 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-07 08:50 - 2015-11-02 05:22 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-07 08:50 - 2015-11-02 05:22 - 02983216 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-07 08:50 - 2015-11-02 05:22 - 02554672 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-07 08:50 - 2015-11-02 05:22 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-07 08:50 - 2015-11-02 05:22 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-07 08:50 - 2015-11-02 05:22 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-07 08:50 - 2015-10-28 16:31 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2015-11-07 08:49 - 2015-11-02 14:48 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-11-07 08:49 - 2015-11-02 09:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-07 08:49 - 2015-11-02 09:10 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-07 08:49 - 2015-11-02 09:10 - 03579000 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-07 08:49 - 2015-11-02 09:10 - 03158736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-07 08:49 - 2015-08-10 20:52 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-11-07 08:49 - 2014-10-29 20:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2015-11-07 08:49 - 2014-10-29 20:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2015-11-07 03:06 - 2015-11-07 03:06 - 00034978 _____ C:\ComboFix.txt
2015-11-07 01:21 - 2015-11-07 01:21 - 00000000 ____D C:\Users\John\Desktop\x64
2015-11-07 01:16 - 2015-10-08 18:40 - 01221844 _____ (Igor Pavlov) C:\Users\John\Desktop\DDU v15.5.1.0.exe
2015-11-07 01:14 - 2015-11-07 01:21 - 00000000 ____D C:\Users\John\Desktop\settings
2015-11-07 01:14 - 2015-10-08 06:50 - 01816576 _____ C:\Users\John\Desktop\Display Driver Uninstaller.exe
2015-11-07 01:14 - 2015-10-08 06:50 - 00243200 _____ C:\Users\John\Desktop\Display Driver Uninstaller.pdb
2015-11-07 00:58 - 2015-11-07 00:58 - 01133993 _____ C:\Users\John\Downloads\[Guru3D.com]-DDU(1).zip
2015-11-07 00:51 - 2015-11-07 00:52 - 300325552 _____ (NVIDIA Corporation) C:\Users\John\Downloads\358.87-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-11-07 00:51 - 2015-11-07 00:51 - 37668288 _____ (NVIDIA Corporation) C:\Users\John\Downloads\GeForce_Experience_v2.5.15.54.exe
2015-11-07 00:45 - 2015-11-07 00:45 - 00981744 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-11-07 00:45 - 2015-11-07 00:45 - 00084072 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-11-06 21:08 - 2015-11-06 21:08 - 05637844 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2015-11-06 11:24 - 2015-11-06 11:24 - 00003816 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1446837858
2015-11-06 11:24 - 2015-11-06 11:24 - 00001097 _____ C:\Users\Public\Desktop\Opera.lnk
2015-11-06 11:24 - 2015-11-06 11:24 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-11-06 11:24 - 2015-11-06 11:24 - 00000000 ____D C:\Users\John\AppData\Roaming\Opera Software
2015-11-06 11:24 - 2015-11-06 11:24 - 00000000 ____D C:\Users\John\AppData\Local\Opera Software
2015-11-06 11:20 - 2015-11-06 11:20 - 00002228 _____ C:\Users\John\Documents\explorerpasses.txt
2015-11-06 10:15 - 2015-11-06 10:16 - 00000000 ____D C:\Users\John\Desktop\New folder (2)
2015-11-06 10:05 - 2015-11-06 10:05 - 01235597 _____ C:\Users\John\Downloads\v2_03_43fix1_build.rar
2015-11-06 10:00 - 2015-11-06 10:00 - 03076250 _____ C:\Users\John\Downloads\AutoHotkey112207_Install.exe
2015-11-06 09:54 - 2015-11-06 09:54 - 00437809 _____ C:\Users\John\Downloads\d3dwindower-english(1).rar
2015-11-06 09:09 - 2015-11-06 09:09 - 01286468 _____ C:\Users\John\Downloads\CC1_XP_NoCD.zip
2015-11-06 08:34 - 2015-11-06 08:34 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-11-05 03:09 - 2015-11-05 03:09 - 00000000 _____ C:\Users\John\Desktop\$R0LY7HC.exe
2015-11-04 12:22 - 2015-11-04 12:22 - 00468192 _____ C:\Users\John\Downloads\Yamicsoft.Windows.8.Manager.v1.0.2Keymaker.and.Patch-CORE.rar
2015-11-04 12:20 - 2015-11-04 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Manager
2015-11-04 12:20 - 2015-11-04 12:20 - 00000000 ____D C:\Program Files\Yamicsoft
2015-11-04 10:52 - 2015-11-04 10:54 - 45915360 _____ (PortableApps.com) C:\Users\John\Downloads\FirefoxPortable_42.0_English.paf.exe
2015-11-02 11:23 - 2015-11-02 11:23 - 00000221 ____R C:\Windows\system32\Drivers\etc\hosts.20151102-112338.backup
2015-11-02 11:23 - 2015-03-20 19:15 - 00000116 _____ C:\Windows\system32\Drivers\etc\hosts.20151102-112335.backup
2015-11-02 09:42 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-11-02 00:13 - 2015-11-02 00:13 - 03210240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-02 00:12 - 2015-11-02 09:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-02 00:12 - 2015-11-02 00:12 - 00001353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-11-02 00:12 - 2015-11-02 00:12 - 00001341 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-11-02 00:12 - 2015-11-02 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-11-02 00:12 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-11-02 00:11 - 2015-11-02 00:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-11-02 00:11 - 2015-11-02 00:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-11-02 00:09 - 2015-11-05 19:22 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2015-11-02 00:05 - 2015-11-02 00:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.4.exe
2015-11-01 23:58 - 2015-11-01 23:58 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-10-31 10:35 - 2015-10-31 10:43 - 23787597 _____ C:\Users\John\Downloads\scara2_00151.rar
2015-10-31 00:04 - 2015-10-31 00:04 - 00448512 _____ (OldTimer Tools) C:\Users\John\Downloads\TFC.exe
2015-10-30 11:27 - 2015-10-30 11:27 - 00010238 _____ C:\Users\John\Desktop\hijackthis.log
2015-10-30 11:25 - 2015-10-30 11:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HijackThis.exe
2015-10-29 23:49 - 2015-10-29 23:49 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller(1).exe
2015-10-29 23:01 - 2015-10-29 23:01 - 22924872 _____ C:\Users\John\Desktop\RogueKillerX64.exe
2015-10-29 23:00 - 2015-10-29 23:42 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-29 23:00 - 2015-10-29 23:34 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-29 23:00 - 2015-10-29 23:00 - 18965064 _____ C:\Users\John\Downloads\RogueKiller.exe
2015-10-27 20:08 - 2015-11-04 12:20 - 00002085 _____ C:\Users\Public\Desktop\Windows 7 Manager.lnk
2015-10-27 20:07 - 2015-11-04 12:20 - 00002074 _____ C:\Users\Public\Desktop\1-Click Cleaner.lnk
2015-10-27 20:06 - 2015-10-27 20:06 - 16787192 _____ (Yamicsoft) C:\Users\John\Downloads\windows7manager(1).exe
2015-10-27 20:06 - 2015-10-27 20:06 - 00000000 ____D C:\Users\John\AppData\Roaming\Yamicsoft
2015-10-27 15:31 - 2015-10-27 15:31 - 00000000 ____D C:\$AVG
2015-10-27 15:28 - 2015-11-07 14:48 - 00000000 ____D C:\ProgramData\MFAData
2015-10-27 15:28 - 2015-10-27 15:28 - 00000000 ____D C:\Users\John\AppData\Local\MFAData
2015-10-27 15:16 - 2015-10-27 15:24 - 236991096 _____ (AVG Technologies) C:\Users\John\Downloads\AVG_Internet_Security_x64_743.exe
2015-10-27 15:15 - 2015-10-27 15:16 - 02894552 _____ (AVG Technologies) C:\Users\John\Downloads\AVG_Internet_Security_742(1).exe
2015-10-25 23:18 - 2015-10-25 23:18 - 00000000 _____ C:\Users\John\Downloads\videoplayback(2).htm
2015-10-25 23:16 - 2015-10-25 23:16 - 00000000 _____ C:\Users\John\Downloads\videoplayback.htm
2015-10-25 23:02 - 2015-10-25 23:02 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\John\Downloads\avg_remover_stf_x64_2015_5501(1).exe
2015-10-25 10:52 - 2015-10-25 10:53 - 15587840 _____ C:\Users\John\Downloads\avsdk15.msi
2015-10-25 00:25 - 2015-10-25 00:25 - 02894552 _____ (AVG Technologies) C:\Users\John\Downloads\AVG_Internet_Security_742.exe
2015-10-25 00:05 - 2015-10-25 00:05 - 00000930 _____ C:\Users\Public\Desktop\AVG.lnk
2015-10-25 00:05 - 2015-10-25 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-10-25 00:00 - 2015-10-25 00:00 - 02895464 _____ (AVG Technologies) C:\Users\John\Downloads\AVG_Protection_Free_1115.exe
2015-10-24 23:19 - 2015-10-24 23:20 - 00100306 _____ C:\sfcdetails.txt
2015-10-24 23:14 - 2015-10-27 15:10 - 01093877 _____ C:\Users\John\Downloads\avgremover.log
2015-10-24 23:12 - 2015-10-24 23:12 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\John\Downloads\avg_remover_stf_x64_2015_5501.exe
2015-10-24 22:27 - 2015-10-25 00:53 - 00000000 ____D C:\Users\John\Desktop\Old Firefox Data
2015-10-24 07:02 - 2015-10-24 07:02 - 00000000 ____D C:\Users\John\AppData\Roaming\AVG
2015-10-24 06:50 - 2015-10-25 00:05 - 00000000 ____D C:\ProgramData\Avg
2015-10-24 06:46 - 2015-10-27 15:25 - 00000000 ____D C:\Users\John\AppData\Local\AvgSetupLog
2015-10-22 09:49 - 2015-11-02 11:24 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2015-10-22 09:47 - 2015-10-22 09:47 - 00000000 ____D C:\ProgramData\Shared Space
2015-10-22 09:44 - 2015-10-24 09:00 - 00000000 ____D C:\Program Files\COMODO
2015-10-22 09:44 - 2015-10-22 09:44 - 00002015 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2015-10-22 09:43 - 2015-10-24 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-10-22 09:43 - 2015-10-22 10:51 - 00000000 ____D C:\Users\John\AppData\Local\Comodo
2015-10-20 07:22 - 2015-10-20 07:57 - 00011376 _____ C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2015-10-19 12:00 - 2015-10-24 12:03 - 00000000 ___RD C:\Users\John\Virtual Machines
2015-10-19 01:17 - 2015-07-30 05:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-19 01:17 - 2015-07-30 05:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-10-19 00:54 - 2015-10-01 10:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-19 00:54 - 2015-10-01 10:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-19 00:54 - 2015-10-01 10:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-19 00:54 - 2015-10-01 10:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-19 00:54 - 2015-10-01 10:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-19 00:54 - 2015-10-01 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-19 00:54 - 2015-10-01 10:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-19 00:54 - 2015-10-01 09:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-19 00:54 - 2015-10-01 09:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-19 00:51 - 2015-09-28 19:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-19 00:51 - 2015-09-28 19:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-19 00:51 - 2015-09-28 19:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-19 00:51 - 2015-09-28 19:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-19 00:51 - 2015-09-28 19:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-19 00:51 - 2015-09-28 19:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-19 00:51 - 2015-09-28 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-19 00:51 - 2015-09-28 19:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-19 00:51 - 2015-09-28 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-19 00:51 - 2015-09-28 19:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-19 00:51 - 2015-09-28 19:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-19 00:51 - 2015-09-28 19:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-19 00:51 - 2015-09-28 19:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-19 00:51 - 2015-09-28 19:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-19 00:51 - 2015-09-28 19:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-19 00:51 - 2015-09-28 19:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-19 00:51 - 2015-09-28 19:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-19 00:51 - 2015-09-28 19:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-19 00:51 - 2015-09-28 19:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-19 00:51 - 2015-09-28 19:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-19 00:51 - 2015-09-28 19:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-19 00:51 - 2015-09-28 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-19 00:51 - 2015-09-28 19:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-19 00:51 - 2015-09-28 19:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-19 00:51 - 2015-09-28 19:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-19 00:51 - 2015-09-28 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-19 00:51 - 2015-09-28 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-19 00:51 - 2015-09-28 19:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-19 00:51 - 2015-09-28 18:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-19 00:51 - 2015-09-28 18:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-19 00:51 - 2015-09-28 18:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-19 00:51 - 2015-09-28 18:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-19 00:51 - 2015-09-28 18:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-19 00:51 - 2015-09-28 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-19 00:51 - 2015-09-28 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-19 00:51 - 2015-09-28 18:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-19 00:51 - 2015-09-28 18:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-19 00:51 - 2015-09-28 18:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-19 00:51 - 2015-09-28 18:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-19 00:51 - 2015-09-28 18:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-19 00:51 - 2015-09-28 18:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-19 00:51 - 2015-09-28 18:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-19 00:51 - 2015-09-28 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 17:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-19 00:51 - 2015-09-28 17:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-19 00:51 - 2015-09-28 17:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-19 00:51 - 2015-09-28 17:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-19 00:51 - 2015-09-28 17:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-19 00:51 - 2015-09-28 17:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 17:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 17:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-19 00:51 - 2015-09-28 17:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-19 00:51 - 2015-09-18 11:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-19 00:51 - 2015-09-18 11:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-19 00:51 - 2015-09-18 11:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-19 00:51 - 2015-09-18 11:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-19 00:51 - 2015-09-18 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-19 00:51 - 2015-09-18 11:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-19 00:51 - 2015-09-18 11:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-19 00:51 - 2015-09-15 10:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-19 00:51 - 2015-09-15 10:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-19 00:51 - 2015-09-15 10:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-19 00:51 - 2015-09-15 10:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-19 00:51 - 2015-09-15 10:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-19 00:51 - 2015-09-15 10:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-19 00:51 - 2015-09-15 10:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-19 00:51 - 2015-09-15 10:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-19 00:51 - 2015-09-15 10:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-19 00:51 - 2015-09-15 09:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-19 00:51 - 2015-09-15 09:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-19 00:51 - 2015-09-15 09:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-19 00:51 - 2015-09-15 09:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-19 00:51 - 2015-07-14 19:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-10-19 00:51 - 2015-07-14 19:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-10-19 00:51 - 2015-07-14 18:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-10-19 00:49 - 2015-09-25 10:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-19 00:49 - 2015-09-25 10:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-19 00:49 - 2015-09-25 10:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-19 00:49 - 2015-09-25 10:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-19 00:49 - 2015-09-25 10:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-19 00:49 - 2015-09-25 10:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-19 00:49 - 2015-09-25 10:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-19 00:49 - 2015-09-25 10:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-19 00:49 - 2015-09-25 10:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-19 00:49 - 2015-09-25 10:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-19 00:49 - 2015-09-25 10:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-19 00:49 - 2015-09-25 09:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-19 00:49 - 2015-09-25 09:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-19 00:49 - 2015-09-25 09:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-19 00:49 - 2015-09-25 09:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-19 00:49 - 2015-09-25 09:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-19 00:49 - 2015-09-18 11:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-19 00:49 - 2015-09-18 10:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-19 00:49 - 2015-09-15 20:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-19 00:49 - 2015-09-15 20:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-19 00:49 - 2015-09-15 20:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-19 00:49 - 2015-09-15 20:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-19 00:49 - 2015-09-15 20:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-19 00:49 - 2015-09-15 20:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-19 00:49 - 2015-09-15 20:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-19 00:49 - 2015-09-15 20:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-19 00:49 - 2015-09-15 20:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-19 00:49 - 2015-09-15 20:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-19 00:49 - 2015-09-15 20:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-19 00:49 - 2015-09-15 20:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-19 00:49 - 2015-09-15 20:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-19 00:49 - 2015-09-15 20:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-19 00:49 - 2015-09-15 20:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-19 00:49 - 2015-09-15 20:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-19 00:49 - 2015-09-15 20:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-19 00:49 - 2015-09-15 20:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-19 00:49 - 2015-09-15 19:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-19 00:49 - 2015-09-15 19:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-19 00:49 - 2015-09-15 19:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-19 00:49 - 2015-09-15 19:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-19 00:49 - 2015-09-15 19:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-19 00:49 - 2015-09-15 19:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-19 00:49 - 2015-09-15 19:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-19 00:49 - 2015-09-15 19:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-19 00:49 - 2015-09-15 19:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-19 00:49 - 2015-09-15 19:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-19 00:49 - 2015-09-15 19:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-19 00:49 - 2015-09-15 19:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-19 00:49 - 2015-09-15 19:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-19 00:49 - 2015-09-15 19:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-19 00:49 - 2015-09-15 19:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-19 00:49 - 2015-09-15 19:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-19 00:49 - 2015-09-15 19:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-19 00:49 - 2015-09-15 19:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-19 00:49 - 2015-09-15 19:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-19 00:49 - 2015-09-15 19:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-19 00:49 - 2015-09-15 19:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-19 00:49 - 2015-09-15 19:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-19 00:49 - 2015-09-15 19:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-19 00:49 - 2015-09-15 19:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-19 00:49 - 2015-09-15 19:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-19 00:49 - 2015-09-15 19:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-19 00:49 - 2015-09-15 19:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-19 00:49 - 2015-09-15 19:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-19 00:49 - 2015-09-15 19:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-19 00:49 - 2015-09-15 19:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-19 00:49 - 2015-09-15 19:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-19 00:49 - 2015-09-15 19:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-19 00:49 - 2015-09-15 19:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-19 00:49 - 2015-09-15 19:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-19 00:49 - 2015-09-15 18:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-19 00:49 - 2015-09-15 18:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-19 00:49 - 2015-09-15 18:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-19 00:49 - 2015-09-15 18:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-19 00:49 - 2015-09-15 18:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-19 00:49 - 2015-09-15 18:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-19 00:49 - 2015-09-15 18:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-19 00:49 - 2015-09-15 18:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-19 00:49 - 2015-09-15 18:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-19 00:49 - 2015-09-15 18:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-19 00:49 - 2015-06-25 02:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-10-19 00:49 - 2015-06-25 02:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-10-19 00:49 - 2015-06-25 02:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-10-19 00:49 - 2015-06-25 01:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-10-19 00:48 - 2015-08-06 10:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-19 00:48 - 2015-08-06 10:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-19 00:48 - 2015-08-06 09:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-19 00:48 - 2015-08-06 09:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-19 00:48 - 2015-07-22 16:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-10-19 00:48 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-10-19 00:48 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-19 00:48 - 2015-07-22 09:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-19 00:48 - 2015-07-22 09:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-10-19 00:48 - 2015-07-22 08:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-10-19 00:48 - 2015-07-15 10:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-10-19 00:48 - 2015-07-15 10:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-10-19 00:48 - 2015-07-15 10:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-10-19 00:47 - 2015-07-30 10:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-10-19 00:47 - 2015-07-30 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-10-19 00:47 - 2015-07-30 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-10-19 00:47 - 2015-07-30 09:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-10-19 00:47 - 2015-07-30 09:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-10-19 00:47 - 2015-07-01 12:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-10-19 00:47 - 2015-07-01 12:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-10-19 00:47 - 2015-07-01 12:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-10-19 00:47 - 2015-07-01 12:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-10-19 00:46 - 2015-08-05 09:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-10-19 00:41 - 2015-08-05 09:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-10-19 00:41 - 2015-08-05 09:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-10-19 00:41 - 2015-08-05 09:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-19 00:41 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-19 00:38 - 2015-07-16 11:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-10-19 00:38 - 2015-07-16 11:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-10-19 00:38 - 2015-07-16 11:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-10-19 00:38 - 2015-07-16 11:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-10-19 00:38 - 2015-07-16 11:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-10-19 00:38 - 2015-07-16 11:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-10-19 00:38 - 2015-07-09 09:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-10-19 00:38 - 2015-07-09 09:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-10-19 00:38 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-10-19 00:38 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-10-19 00:38 - 2015-07-09 09:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-10-19 00:38 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-10-19 00:38 - 2015-07-09 09:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-10-19 00:33 - 2015-08-27 10:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-10-19 00:33 - 2015-08-27 10:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-10-19 00:33 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-10-19 00:33 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-10-19 00:33 - 2015-08-27 09:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-10-19 00:33 - 2015-08-27 09:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-10-19 00:33 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-10-19 00:33 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-10-19 00:12 - 2015-09-01 19:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-10-19 00:12 - 2015-09-01 19:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-10-19 00:12 - 2015-09-01 19:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-10-19 00:12 - 2015-09-01 19:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-10-19 00:12 - 2015-09-01 18:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-10-19 00:12 - 2015-09-01 18:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-10-19 00:12 - 2015-09-01 18:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-10-19 00:12 - 2015-09-01 18:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-10-19 00:12 - 2015-09-01 17:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-10-19 00:12 - 2015-09-01 17:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-10-18 22:57 - 2015-10-18 22:57 - 04632090 _____ C:\Users\John\Downloads\cfs3_skins.zip
2015-10-16 09:04 - 2015-10-16 09:04 - 00000000 ____D C:\Users\John\Documents\CFS3 ETO Expansion_________
2015-10-16 08:58 - 2015-10-16 08:58 - 00002300 _____ C:\Users\John\Desktop\ETO Spawn Selector.lnk
2015-10-16 08:58 - 2015-10-16 08:58 - 00002250 _____ C:\Users\John\Desktop\ETO BDP Zapper.lnk
2015-10-16 08:58 - 2015-10-16 08:58 - 00002185 _____ C:\Users\John\Desktop\ETO Start.lnk
2015-10-16 08:58 - 2015-10-16 08:58 - 00002180 _____ C:\Users\John\Desktop\ETO Backup.lnk
2015-10-16 08:58 - 2015-10-16 08:58 - 00002126 _____ C:\Users\John\Desktop\ETO Resolution.lnk
2015-10-15 22:38 - 2015-10-15 22:38 - 00000000 ____D C:\Users\John\AppData\Local\{85330A65-334F-454E-A5A8-0EFA8CED3B4E}
2015-10-15 16:08 - 2015-10-15 16:08 - 00000000 ____D C:\Users\John\Documents\Combat Flight Simulator 3.0
2015-10-15 15:10 - 2015-10-15 15:10 - 00347440 _____ (Microsoft Corporation) C:\Users\John\Downloads\MicrosoftFixit-portable.exe
2015-10-15 15:03 - 2015-10-15 15:03 - 00000359 _____ C:\Users\John\Desktop\Recycle Bin - Shortcut.lnk
2015-10-14 19:26 - 2015-10-14 19:26 - 00650752 _____ C:\Users\John\Downloads\MicrosoftFixit50210.msi
2015-10-14 14:31 - 2015-10-14 14:31 - 00359530 _____ C:\Users\John\Downloads\dgVoodoo1.50Beta2(1).zip
2015-10-14 10:59 - 2015-10-14 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2015-10-14 10:58 - 2015-10-14 10:58 - 02451912 _____ (IObit ) C:\Users\John\Downloads\unlocker-setup.exe
2015-10-13 20:41 - 2015-10-13 20:41 - 00014637 _____ C:\Users\John\Downloads\caffeine.zip
2015-10-13 11:05 - 2015-10-13 11:06 - 32899570 _____ C:\Users\John\Downloads\Aris WOFF HD Cloud Textures.rar
2015-10-13 11:05 - 2015-10-13 11:05 - 00195785 _____ C:\Users\John\Downloads\d3d8.20150506.beta(1).zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 14:20 - 2012-12-05 20:08 - 00000110 _____ C:\Windows\wininit.tmp
2015-11-07 14:07 - 2009-07-13 20:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-07 14:07 - 2009-07-13 20:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-07 14:06 - 2009-07-13 21:10 - 01906979 _____ C:\Windows\WindowsUpdate.log
2015-11-07 14:01 - 2015-10-01 08:14 - 00009468 _____ C:\Windows\setupact.log
2015-11-07 13:57 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-07 13:56 - 2015-10-01 08:14 - 00081628 _____ C:\Windows\PFRO.log
2015-11-07 13:56 - 2009-11-03 22:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-07 13:40 - 2010-01-01 06:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-07 13:33 - 2015-09-30 23:58 - 00002900 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_John
2015-11-07 13:31 - 2015-07-11 22:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-07 13:26 - 2013-10-18 05:24 - 00000000 ____D C:\ProgramData\Oracle
2015-11-07 13:25 - 2009-11-13 12:10 - 00000000 ____D C:\Users\John
2015-11-07 13:25 - 2009-11-03 22:23 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-07 12:51 - 2009-11-13 17:25 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5F41E5DF-F605-4918-BC00-DB41D3A98C86}
2015-11-07 08:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2015-11-07 03:06 - 2015-03-06 21:16 - 00000000 ____D C:\Qoobox
2015-11-07 03:03 - 2009-07-13 18:34 - 00000242 _____ C:\Windows\system.ini
2015-11-07 02:38 - 2010-11-20 13:46 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-07 02:27 - 2015-07-29 09:40 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2015-11-07 01:03 - 2014-06-26 19:03 - 00000000 ____D C:\Users\John\Desktop\pz1
2015-11-07 00:45 - 2009-11-12 04:24 - 00117824 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-11-07 00:43 - 2015-09-30 23:58 - 00000000 ____D C:\ProgramData\ProductData
2015-11-07 00:42 - 2015-10-01 07:37 - 00003238 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2015-11-07 00:42 - 2015-10-01 07:37 - 00002870 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (John)
2015-11-06 21:30 - 2012-04-26 08:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-06 20:57 - 2009-06-21 09:31 - 18109440 ___SH C:\Users\John\Desktop\Thumbs.db
2015-11-06 15:04 - 2015-07-03 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 11:43 - 2014-05-15 19:51 - 00000000 ____D C:\Users\John\downthemall
2015-11-06 10:33 - 2010-08-08 09:42 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2015-11-06 09:36 - 2014-03-07 16:04 - 00000000 ____D C:\InstallCC
2015-11-06 09:19 - 2015-06-17 08:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2015-11-05 10:46 - 2015-10-01 07:41 - 00002143 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-11-04 11:30 - 2009-11-13 17:07 - 00000000 ____D C:\Users\John\AppData\Roaming\Mozilla
2015-11-03 08:18 - 2013-09-30 15:23 - 00000000 ____D C:\Users\John\Documents\VirtualDJ
2015-11-03 06:36 - 2009-07-13 21:13 - 00875148 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-02 23:41 - 2015-03-06 21:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-02 12:02 - 2009-07-13 20:45 - 00287872 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-02 09:42 - 2015-06-26 23:37 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-02 00:12 - 2010-12-24 10:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-01 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-31 22:49 - 2014-06-07 08:18 - 00000000 ____D C:\Program Files\PeerBlock
2015-10-31 16:31 - 2015-07-15 17:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-31 16:30 - 2014-12-26 11:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 09:03 - 2015-08-06 20:28 - 00000000 ____D C:\Users\John\Desktop\screens
2015-10-29 23:52 - 2015-03-06 21:14 - 05637361 _____ (Swearware) C:\Users\John\Downloads\ComboFix.exe
2015-10-25 11:49 - 2014-06-17 13:23 - 00000142 _____ C:\Users\John\Desktop\New Text Document.txt
2015-10-25 02:18 - 2011-06-05 20:20 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-25 01:45 - 2015-06-02 07:48 - 00000000 ____D C:\Users\John\AppData\Local\Avg
2015-10-25 00:07 - 2015-04-14 09:02 - 00000000 ____D C:\Program Files (x86)\AVG
2015-10-24 12:01 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-10-24 11:34 - 2015-10-01 07:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-10-24 11:34 - 2015-09-30 23:58 - 00000000 ____D C:\Users\John\AppData\Roaming\ProductData
2015-10-24 11:34 - 2015-04-04 20:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-24 11:34 - 2010-06-29 18:35 - 00000000 ____D C:\Users\John\AppData\Roaming\IObit
2015-10-24 11:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-10-22 09:44 - 2015-08-05 09:20 - 00000000 ____D C:\ProgramData\Comodo
2015-10-19 11:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-10-19 10:36 - 2012-05-09 06:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-19 10:36 - 2012-05-09 06:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-19 10:31 - 2015-04-04 20:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-19 10:31 - 2014-12-10 01:54 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-19 10:31 - 2014-04-25 19:11 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-19 10:31 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-19 10:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-19 01:37 - 2013-07-27 03:10 - 00000000 ____D C:\Windows\system32\MRT
2015-10-19 01:17 - 2012-05-09 06:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-16 11:37 - 2014-06-26 20:27 - 00000000 ____D C:\Panzer Commander
2015-10-16 10:59 - 2009-11-15 12:54 - 00000000 ____D C:\Users\Administrator
2015-10-15 21:51 - 2011-08-18 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-10-15 20:44 - 2011-08-23 05:20 - 00000000 ____D C:\Users\John\Desktop\planes
2015-10-15 20:44 - 2009-11-14 22:44 - 00000000 ____D C:\Users\John\Desktop\Games
2015-10-15 15:21 - 2015-07-12 11:00 - 00000000 ____D C:\Users\John\Desktop\outwars
2015-10-15 15:21 - 2015-04-19 17:29 - 00000000 ____D C:\Users\John\Desktop\New folder (9)
2015-10-15 15:21 - 2015-03-30 09:00 - 00000000 ____D C:\Users\John\Desktop\diet
2015-10-15 15:21 - 2015-01-08 00:53 - 00000000 ____D C:\Users\John\Desktop\Database Fix
2015-10-15 15:21 - 2013-12-22 18:10 - 00000000 ____D C:\Users\John\Desktop\phone
2015-10-15 15:21 - 2013-09-19 16:19 - 00000000 ____D C:\Users\John\Desktop\dd
2015-10-15 15:21 - 2013-09-12 11:17 - 00000000 ____D C:\Users\John\Desktop\alt
2015-10-15 15:21 - 2013-06-28 06:20 - 00000000 ____D C:\Users\John\Desktop\mlp
2015-10-15 15:21 - 2012-09-14 16:14 - 00000000 ____D C:\ProgramData\IObit
2015-10-15 15:21 - 2011-09-03 20:03 - 00000000 ____D C:\Users\John\Desktop\gh
2015-10-15 15:21 - 2011-01-15 11:43 - 00000000 ____D C:\Users\John\Desktop\paypal
2015-10-15 15:11 - 2013-06-28 20:39 - 00000000 ____D C:\Users\John\Desktop\A2B_Editor
2015-10-14 18:41 - 2015-08-08 19:57 - 00000695 _____ C:\Users\John\Desktop\Readme.txt
2015-10-14 10:59 - 2010-06-29 18:35 - 00000000 ____D C:\Program Files (x86)\IObit
2015-10-12 14:44 - 2014-12-23 09:29 - 00000000 ____D C:\Users\John\Desktop\gg

==================== Files in the root of some directories =======

2013-05-20 07:56 - 2014-06-22 09:50 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-08-20 15:50 - 1999-06-25 06:55 - 0149504 _____ () C:\Program Files (x86)\UNWISE.EXE
2011-08-20 15:50 - 2011-08-20 16:47 - 0000072 _____ () C:\Program Files (x86)\UNWISE.INI
2010-05-29 16:00 - 2010-05-29 16:00 - 0000012 _____ () C:\Users\John\AppData\Roaming\bpzmnq.dat
2015-02-13 11:42 - 2015-09-18 11:34 - 0004097 _____ () C:\Users\John\AppData\Roaming\CompatAdmin.log
2013-01-21 12:28 - 2015-08-04 19:54 - 0003228 _____ () C:\Users\John\AppData\Roaming\glide_wrapper.zbag.ini
2010-05-06 06:52 - 2010-05-06 06:52 - 0000012 _____ () C:\Users\John\AppData\Roaming\jmkneq.dat
2010-05-12 19:24 - 2010-05-12 19:24 - 0000012 _____ () C:\Users\John\AppData\Roaming\kyvgsz.dat
2010-05-03 19:12 - 2010-05-03 19:12 - 0000012 _____ () C:\Users\John\AppData\Roaming\lipoqz.dat
2014-03-30 11:07 - 2014-03-30 11:07 - 0000010 _____ () C:\Users\John\AppData\Roaming\mbam.context.scan
2012-01-28 11:26 - 2012-01-28 11:28 - 0214016 _____ () C:\Users\John\AppData\Roaming\SharedSettings.ccs
2015-02-06 22:12 - 2015-02-06 22:12 - 0001181 _____ () C:\Users\John\AppData\Roaming\trace_FilterInstaller.txt
2015-02-06 22:12 - 2015-02-06 22:12 - 0000000 _____ () C:\Users\John\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-05-14 10:50 - 2014-05-14 10:50 - 0000045 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2013-08-20 05:51 - 2013-08-20 05:52 - 0029457 _____ () C:\Users\John\AppData\Roaming\XFLR5.ini
2015-06-28 01:42 - 2015-06-28 01:42 - 0000038 ___SH () C:\Users\John\AppData\Local\69ff07055291669bb2b218.72821112
2013-08-08 18:36 - 2013-08-08 18:36 - 0000037 ___SH () C:\Users\John\AppData\Local\70149b02515b3bb20dd492.47983420
2015-08-06 19:26 - 2015-08-06 19:26 - 0000892 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2009-11-13 21:35 - 2015-07-24 22:56 - 0007674 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2009-11-14 13:16 - 2009-11-14 13:16 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-08-16 11:37 - 2001-07-17 06:38 - 0005120 ___SH () C:\ProgramData\reg441tiff.lib

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\John\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-31 01:13

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by John (2015-11-07 15:38:24)
Running from C:\Users\John\Desktop
Windows 7 Ultimate (X64) (2009-11-13 20:10:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1644976545-898374883-2013635671-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1644976545-898374883-2013635671-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1644976545-898374883-2013635671-1002 - Limited - Enabled)
John (S-1-5-21-1644976545-898374883-2013635671-1000 - Administrator - Enabled) => C:\Users\John
oldcomp (S-1-5-21-1644976545-898374883-2013635671-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Acoustica Basic Edition 6.0 (HKLM-x32\...\{947C5345-DAF2-4516-97E1-5BC72F1FE3B6}_is1) (Version: 6.0.14 - Acon AS)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKLM-x32\...\{6E356EEF-203C-451B-9144-CBF099E3738A}) (Version: 4.54.55.1642 - Elcomsoft Co. Ltd.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
Aimersoft Video Converter Ultimate(Build 5.6.0.1) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.6.0.1 - Aimersoft Software)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Audio Converter 3.5.6 (HKLM-x32\...\Any Audio Converter_is1) (Version: - Any-Audio-Converter.com)
Any Video Converter Ultimate 5.5.6 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft WebCam Companion 2 (HKLM-x32\...\{D41D01A7-2A32-415B-9DFC-7A83820956CF}) (Version: - ArcSoft)
Arma 2 (HKLM-x32\...\Steam App 33900) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audio Record Wizard (HKLM-x32\...\{71F775EA-BA03-4F3E-BE41-15D4B8C439AA}) (Version: 5.1.2 - NowSmart Studio)
Audio Record Wizard (HKLM-x32\...\Audio Record Wizard) (Version: 7.16 - NowSmart)
AV Voice Changer Software DIAMOND 5.5 (HKLM-x32\...\AV Voice Changer Software DIAMOND 5.5) (Version: - )
AVG (HKLM\...\AvgZen) (Version: 1.13.1.26255 - AVG Technologies)
AVG (Version: 16.4.7161 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4457 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.4.7161 - AVG Technologies)
AVG Zen (Version: 1.13.1 - AVG Technologies) Hidden
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Editor 5 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Awesomium Redistributable (HKLM-x32\...\{5BCB064B-9F65-4E15-BAFB-669E72E54FD9}) (Version: 1.7.4.2 - SIX Networks GmbH)
AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH)
Battle HQ (HKLM-x32\...\Battle HQ) (Version: - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BMI Flight Simulator 0.2.1 (HKLM\...\{070CF190-681A-4c62-A0C1-B0B1CFD13A88}_is1) (Version: - BMI nv/sa)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
CC TLD Meuse (HKLM-x32\...\CC TLD Meuse_is1) (Version: - )
CC TLD OnGroundFX SoundMod (HKLM-x32\...\CC TLD OnGroundFX SoundMod_is1) (Version: - )
CC WAR StockMod (HKLM-x32\...\CC WAR StockMod_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CCV Patch 501a (HKLM-x32\...\CCV Patch 501a) (Version: - Atomic (Unsupported))
Chanalyzer 2.1.7 (HKLM-x32\...\{FD736238-55EB-420B-9BFC-B8A9983B21C9}) (Version: 2.1.7 - MetaGeek, LLC)
Chanalyzer 4 (HKLM-x32\...\{A9ACEB1B-6CBA-4558-B15C-FD8A4ACC3EA5}) (Version: 4.2.2.27 - MetaGeek, LLC)
Chanalyzer Lite (HKLM-x32\...\{B8781AF1-E29A-435C-B88F-8B468790C52B}) (Version: 1.1.1 - MetaGeek, LLC)
Chanalyzer Lite (HKLM-x32\...\{EA8CFCFE-0E2C-4E74-9C59-13A8AA7E7A8E}) (Version: 2.0.6 - MetaGeek, LLC)
Channel Picker for Wi-Spy (HKLM-x32\...\{17967368-055E-4165-B700-B933C93B37BD}) (Version: 0.1.2 - MetaGeek, LLC)
ChargeMonitor V1.2 (HKLM-x32\...\ChargeMonitor_is1) (Version: - )
Chromium (HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\Chromium) (Version: 45.0.2423.0 - Chromium)
Close Combat (HKLM-x32\...\Close Combat1.00) (Version: 1.00 - Matrix Games)
Close Combat Cross of Iron (HKLM-x32\...\Close Combat Cross of Iron1.00) (Version: 1.00 - Matrix Games)
Close Combat Invasion Normandy (HKLM-x32\...\{66545400-DEF6-11D3-A09A-00E02919016C}) (Version: - )
Close Combat IV (HKLM-x32\...\Close Combat IV) (Version: - )
Close Combat Last Stand Arnhem (HKLM-x32\...\Close Combat Last Stand Arnhem5.60) (Version: 5.60 - Matrix Games)
Close Combat Panthers in the Fog (HKLM-x32\...\Close Combat Panthers in the Fog6.00.00) (Version: 6.00.00 - Matrix Games)
Close Combat The Longest Day (HKLM-x32\...\Close Combat The Longest Day5.50) (Version: 5.50 - Matrix Games)
Close Combat Wacht am Rhein (HKLM-x32\...\Close Combat Wacht am Rhein4.50) (Version: 4.50 - Matrix Games)
CM Mod Option Selector (HKLM-x32\...\CM Mod Option Selector) (Version: - )
CM Mod Option Selector Upgrade (HKLM-x32\...\{059A54D8-D99B-43AE-A298-ECBB25F5EB89}) (Version: 4.05 - MT Enterprises)
Combat Mission Barbarossa to Berlin (HKLM-x32\...\Combat Mission Barbarossa to Berlin_is1) (Version: 1.0 - Strategy First Inc.)
Combat Mission Battle for Normandy (HKLM-x32\...\CMBN10_is1) (Version: - Battlefront.com)
Combat Mission Beyond Overlord (HKLM-x32\...\Combat Mission Beyond Overlord_is1) (Version: - GOG.com)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
Cool Edit 2000 (HKLM-x32\...\Cool Edit 2000) (Version: - )
Covert Operations (HKLM-x32\...\Covert Operations) (Version: - )
Cpukiller3 v1.0.5 (HKLM-x32\...\Cpukiller3_is1) (Version: - Robyrobo)
CRRCSim 0.9.12 (HKLM-x32\...\CRRCSim) (Version: 0.9.12 - CRRCSim DevTeam)
CSVed 2.3.2 (HKLM-x32\...\CSVed_is1) (Version: 2.3.2 - Sam Francke)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 1.1.0.0103 - Disc Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
Defraggler (HKLM\...\Defraggler) (Version: 2.11 - Piriform)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.36 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Direct WAV MP3 Splitter version 2.7.0.25 (HKLM-x32\...\Direct WAV MP3 Splitter_is1) (Version: 2.7.0.25 - Piston Software)
DiskAid 5.43 (HKLM-x32\...\DiskAid_is1) (Version: 5.43 - DigiDNA)
DiskAid 6.5.4.0 (HKLM\...\DiskAid_is1) (Version: 6.5.4.0 - DigiDNA)
Driver Booster 3.0 (HKLM-x32\...\Driver Booster_is1) (Version: 3.0 - IObit)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
East-Tec Eraser 2010 Version 9.6 (HKLM-x32\...\East-Tec Eraser 2010_is1) (Version: 9.6.0.100 - EAST Technologies)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Fighters Anthology (HKLM-x32\...\Fighters Anthology) (Version: - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free ISO Burn Wizard 3.6.1.1 (HKLM-x32\...\Free ISO Burn Wizard_is1) (Version: - FreeAudioVideoSoftTech, Inc.)
Free RM to MP3 Converter 1.12 (HKLM-x32\...\Free RM to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
Freeraser (HKLM-x32\...\Freeraser) (Version: 1.0.0.23 - Codyssey.com)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.56.5181 - Gretech Corporation)
Google Chrome (HKLM-x32\...\{E86E510B-CBAD-354D-841B-853E23EF038A}) (Version: 64.240.49198 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
Grand Theft Auto IV (x32 Version: 1.0.0011.131 - Rockstar Games Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HPP-22 (HKLM-x32\...\HPP-22) (Version: - )
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
HyperLobby client (HKLM-x32\...\{A869FEA9-B223-4324-B130-008AC50B054B}) (Version: 4.3.2 - Jiri Fojtasek)
iExplorer 3.1.0.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
IL-2 Sturmovik: 1946 (HKLM-x32\...\Steam App 15320) (Version: - 1C: Maddox Games)
ImTOO MP4 to MP3 Converter 6 (HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\ImTOO MP4 to MP3 Converter 6) (Version: 6.8.0.1101 - ImTOO)
inSSIDer 4 (HKLM-x32\...\{068F709E-5BA2-4C2F-84E9-B2DFF374F366}) (Version: 4.2.0.12 - MetaGeek, LLC)
Install Creator (HKLM-x32\...\Install Creator) (Version: - )
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.0.3.171 - IObit)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
ISO Creator 1.0 (HKLM-x32\...\{78D80EAF-1ADB-46A8-AF6F-EBB18B6ADBCE}) (Version: 1.0.0 - Bunny-Wabbit)
ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman)
ISODisk 1.1 (HKLM-x32\...\{BF731945-7AAD-45E3-A202-A60C9213915C}_is1) (Version: - ISODisk.com)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Jane's Attack Squadron (HKLM-x32\...\{EF57B24A-76A3-43CE-814F-DBB7A55548D9}) (Version: - )
Jane's Combat Simulations WWII Fighters (HKLM-x32\...\WWII Fighters) (Version: - )
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lock On: Modern Air Combat (HKLM-x32\...\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}) (Version: 1.00.000 - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Longbow 2 (HKLM-x32\...\Longbow 2) (Version: - )
Longbow 2 Fix (HKLM\...\{a090c09b-4a53-4a68-bd50-e43b89901fbe}.sdb) (Version: - )
Magic ISO Maker v5.3 (build 0221) (HKLM-x32\...\Magic ISO Maker v5.3 (build 0221)) (Version: - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MFC RunTime files x64 (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Close Combat (HKLM-x32\...\Close Combat) (Version: - )
Microsoft Combat Flight Simulator 3.1 (HKLM-x32\...\Combat Flight Simulator 3.0) (Version: - )
Microsoft Encarta 97 World Atlas (HKLM-x32\...\Encarta World Atlas 2.0) (Version: - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MP4Tools v3.1 (HKLM-x32\...\MP4Tools_is1) (Version: - )
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 33.0.1990.58 (HKLM-x32\...\Opera 33.0.1990.58) (Version: 33.0.1990.58 - Opera Software)
Paint.NET v3.5.8 (HKLM\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}) (Version: 3.58.0 - dotPDN LLC)
Panzer Elite (HKLM-x32\...\GOGPACKPANZERELITE_is1) (Version: 2.0.0.3 - GOG.com)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PDFill FREE PDF Tools (HKLM\...\{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}) (Version: 11.0 - PlotSoft LLC)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PhoenixRC (HKLM-x32\...\{6D44070C-86F9-424A-B514-6907E4335BCE}) (Version: 3.00.16 - Runtime Games Ltd)
PicaSim (HKLM-x32\...\PicaSim_is1) (Version: - )
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
R/C Data Recorder (Release Version) (HKLM-x32\...\{2EB8E4A4-CDE1-4F2A-B8DE-65D429FF2AC0}) (Version: 10.48.00 - Eagle Tree Systems, LLC)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1546.4 - AMD)
RAIDXpert (x32 Version: 2.4.1546.4 - AMD) Hidden
RC Desk Pilot 0.1.3 (HKLM\...\{DFFD7D4F-6C61-402D-8D16-72B8AC33FE5A}_is1) (Version: - rcdeskpilot.com)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.39 - Piriform)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RM to MP3 Converter 1.60 (HKLM-x32\...\RM to MP3 Converter_is1) (Version: - Boilsoft, Inc.)
Rogue Spear (HKLM-x32\...\Rogue Spear) (Version: - )
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - )
Silicon Laboratories CP210x VCP Drivers for Windows 2000 (HKLM-x32\...\{ADB2ECEC-147E-4204-B794-DFADCD7BDFCD}) (Version: 6.3a - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows 7 (HKLM-x32\...\{65259104-95FE-4F45-A21F-2F60A0F80089}) (Version: 5.40.24 - Silicon Laboratories, Inc.)
Six Updater (HKLM-x32\...\{C1C8BCB7-3C00-4830-A361-902DC488743F}) (Version: 2.08.0026 - Six Projects)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartFTP Client Setup Files 4.0 (x64) (remove only) (HKLM-x32\...\SmartFTP Client 4.0 (x64) Setup Files) (Version: 4.0 - SmartSoft Ltd)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StorageCrypt 3.0.1 (HKLM-x32\...\{B8F65545-EF87-43EA-9FA0-BC2A831FCFF5}_is1) (Version: - Magiclab software)
SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM-x32\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
System Requirements Lab for Intel (HKLM-x32\...\{4B4E8814-F682-4197-8F4B-E9FFC6F08977}) (Version: 4.3.13.0 - Husdawg, LLC)
Tom Clancy's Rainbow Six (HKLM-x32\...\Tom Clancy's Rainbow Six) (Version: - )
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412 (HKLM-x32\...\{AF131494-F5D8-45C5-938C-D5F020CF1B0D}) (Version: 1.60.412 - )
Tom Clancy's Rainbow Six Demo (HKLM-x32\...\Tom Clancy's Rainbow Six Demo) (Version: - )
Tom Clancy's Rainbow Six: Eagle Watch (HKLM-x32\...\Tom Clancy's Rainbow Six: Eagle Watch) (Version: - )
ubi.com (HKLM-x32\...\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}) (Version: - )
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Urban Operations (HKLM-x32\...\Urban Operations) (Version: - )
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VETBoB (HKLM-x32\...\VETBoB_is1) (Version: - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
ViaCleaner 7.0 Demo (Remove Only) (HKLM-x32\...\{85EBE1DD-B45D-443E-8B57-227B401526A5}) (Version: - )
Vidmex 1.39 (HKLM-x32\...\Vidmex) (Version: - )
Virtual Serial Ports Emulator (HKLM-x32\...\{DB936DD1-7A6A-4143-B549-05C085B0DEAC}) (Version: 0.937 - Eterlogic.com)
VirtualDJ 8 (HKLM-x32\...\{C6E3A694-9AEA-4F2B-B365-EE36D41606E0}) (Version: 8.0.2441.0 - Atomix Productions)
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 1.11 - NCH Software)
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg)
Watson (HKLM-x32\...\{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}) (Version: 1.0.0 - Windows Live Safety Center)
WAV Cutter 1.0 (HKLM-x32\...\WAV Cutter_is1) (Version: - spgsoft.com)
WAV MP3 Converter v3.9 build 972 (HKLM-x32\...\{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1) (Version: - Hoo Technologies)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.96 - NCH Software)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
webcamXP 5 (HKLM-x32\...\wLite) (Version: 5.8.2.0 - Moonware Studios)
Weeny Free ePub to PDF Converter 2.0 (HKLM-x32\...\Weeny Free ePub to PDF Converter_is1) (Version: - Weeny Software)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WinDirStat 1.1.2 (HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\WinDirStat) (Version: - )
Windows 7 Manager (HKLM\...\{20F511FC-1A61-434E-AEEC-BF98126A83BD}) (Version: 5.1.6 - Yamicsoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
XLS Reader (HKLM-x32\...\{30D6D257-BE4B-48F2-8D9E-E787A52A0738}_is1) (Version: 1.0 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

23-09-2015 10:45:42 Removed Logitech Gaming Software 5.10.
23-09-2015 10:49:43 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
23-09-2015 10:50:09 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
23-09-2015 10:51:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
01-10-2015 00:41:45 Scheduled Checkpoint
01-10-2015 08:43:52 Driver Booster : Unknown device
01-10-2015 12:30:08 Restore Operation
09-10-2015 11:58:43 Scheduled Checkpoint
17-10-2015 00:43:53 Scheduled Checkpoint
19-10-2015 00:55:05 Windows Update
22-10-2015 09:45:34 Installing COMODO Firewall
22-10-2015 09:48:14 Device Driver Package Install: COMODO Network Service
22-10-2015 10:44:49 Removed GeekBuddy.
24-10-2015 06:53:30 Installed AVG 2016
24-10-2015 06:56:01 Installed AVG
24-10-2015 09:15:45 Windows Update
24-10-2015 09:54:04 Restore Operation
25-10-2015 00:06:55 Installed AVG 2016
25-10-2015 00:07:31 Installed AVG
27-10-2015 15:28:58 Installed AVG 2016
27-10-2015 15:29:36 Installed AVG
27-10-2015 20:07:11 Installed Windows 7 Manager
02-11-2015 00:04:44 Windows Modules Installer
02-11-2015 00:08:14 Windows Modules Installer
04-11-2015 12:04:12 Removed Windows 7 Manager
04-11-2015 12:09:57 Installed Windows 7 Manager
04-11-2015 12:19:54 Installed Windows 7 Manager
07-11-2015 00:44:33 Driver Booster : Realtek PCIe FE Family Controller
07-11-2015 08:52:28 Installed DirectX
07-11-2015 13:33:34 Removed Java 8 Update 65
07-11-2015 13:44:09 Removed NVIDIA PhysX

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-11-07 03:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {1F82FF20-2C7A-4B08-8554-7DCABFF2BD81} - System32\Tasks\{30D144F8-A725-4926-8720-39DE5DF7FDA6} => pcalua.exe -a C:\Users\John\Desktop\Setup.exe -d C:\Users\John\Desktop
Task: {2528F617-665A-4C50-A3B3-A535EA11AD22} - System32\Tasks\{B944652F-BBC9-4EAA-8BE4-6B87D7570B6F} => pcalua.exe -a C:\Users\John\Downloads\Il2_411_INT.exe -d C:\Users\John\Downloads
Task: {2EFE5442-0922-4E30-83C3-D87FD8217214} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {33BADD84-F7A7-4841-86B4-1E9FB7A103CE} - \COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} -> No File <==== ATTENTION
Task: {457B65BA-E903-43AC-B3E9-69D68595F430} - \COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} -> No File <==== ATTENTION
Task: {465EBFC5-49E2-45AF-A1BC-F0DE020223B8} - System32\Tasks\Driver Booster SkipUAC (John) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-09-18] (IObit)
Task: {4B653E11-1423-4D51-B9B6-985CE929868C} - System32\Tasks\Uninstaller_SkipUac_John => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {4D17DBE0-5996-4B38-984C-26DE458CD944} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {5048D780-73CD-46B7-89A7-C2E0A8648A4F} - System32\Tasks\Opera scheduled Autoupdate 1446837858 => C:\Program Files (x86)\Opera\launcher.exe [2015-10-30] (Opera Software)
Task: {52D90F54-7252-4956-82A0-2378C16A442E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644976545-898374883-2013635671-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {54CCDD5A-3018-46BC-AF22-25DD8B0919EE} - System32\Tasks\{8747070D-C133-4DE0-8EA1-6031A5E1F3F4} => pcalua.exe -a "C:\Users\John\Desktop\flaming cliffs e\LOMAC\autorun.exe" -d "C:\Users\John\Desktop\flaming cliffs e\LOMAC"
Task: {585E4A17-F860-45F2-832A-6A9148958370} - System32\Tasks\{E7DE7B89-CE20-4D24-B041-DF75F7CD35B7} => pcalua.exe -a "C:\Users\John\Downloads\Janes Combat Sim\Janes USAF\Setup.exe" -d "C:\Users\John\Downloads\Janes Combat Sim\Janes USAF"
Task: {699EEE23-2F33-4A7C-8B1F-247F8A52785B} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {6B0B3A39-8C5A-48A6-BF91-64854F6CF666} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {6FB0ACC1-7679-4A40-AF86-2D890C4C4500} - System32\Tasks\ASC8_SkipUac_John => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {7047A3FA-B3D2-4E8C-8D3F-F90D453175D4} - System32\Tasks\{6F442F86-1455-44F4-A5E8-AF4E0D436449} => pcalua.exe -a "C:\Program Files (x86)\Freenet\freenet-latest-installer-windows.exe" -d "C:\Program Files (x86)\Freenet"
Task: {9FBCFEE9-8A5F-4E02-A8C5-D52F2948BA68} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1644976545-898374883-2013635671-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A254BCCE-1070-4737-BBF4-8A4CA7DAB0F6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644976545-898374883-2013635671-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BFCA3DEC-0980-4100-9F97-CD5024062C21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C12D20E4-27C6-4E8F-86A1-48E269B31C78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C5A13E42-8B93-480E-B3E6-423719D77687} - System32\Tasks\{8506ACC3-90C7-4BEA-9FE0-1CB338D1EFDC} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {D1DF37B7-2336-4657-B109-C47D1229A2AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {D58CA127-DADF-4646-928E-62A7E4DCD0CF} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-09-14] (IObit)
Task: {DCFBE014-84A3-4DF0-A094-C5021447D872} - System32\Tasks\{3880DEB3-F62A-4E7D-9A4C-38AFE01C78B8} => pcalua.exe -a C:\Users\John\Desktop\a.exe -d C:\Users\John\Desktop
Task: {DD82303E-814D-41E8-9A5D-0E3D3C3C877A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644976545-898374883-2013635671-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E209C4E9-59D9-4E4A-A78C-213A87F469B0} - System32\Tasks\{90F1AE76-9905-46E2-9FFE-A1E97F377B20} => pcalua.exe -a "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCCInstall.exe" -d "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static"
Task: {E372BCAD-9013-4379-A1BC-0AAA15AE555E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1644976545-898374883-2013635671-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E59165F0-043C-43DF-BCC6-7DA3FA082FEF} - System32\Tasks\{1DC71A3A-93C9-4422-A534-4405D6BD81C0} => pcalua.exe -a C:\Users\John\Downloads\afpd18025.exe -d C:\Users\John\Downloads
Task: {E9C0B2D2-D3CD-4E90-85CE-71FE5C5F95E8} - System32\Tasks\{4F348182-7BFD-4600-92D3-4A218A9BCB9B} => pcalua.exe -a "C:\Users\John\Downloads\RealFlight G4.5 + Extras Larkspeed\Updates\RealFlight4_00_051.exe" -d "C:\Users\John\Downloads\RealFlight G4.5 + Extras Larkspeed\Updates"
Task: {EA8224A9-4340-43C6-8078-FEBE2CE0E0E2} - \COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} -> No File <==== ATTENTION
Task: {F4EF6F23-F234-40F0-A4E3-D683CD66BBE8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1644976545-898374883-2013635671-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F9902B53-0A40-4597-90A0-38756A6D6420} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1644976545-898374883-2013635671-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-11-07 08:50 - 2015-11-02 05:22 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-26 12:33 - 2013-10-23 13:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2009-11-13 17:38 - 2009-08-16 14:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-20 05:59 - 2013-08-23 09:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2015-11-07 13:30 - 2015-10-11 19:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Windows\uninst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\revoflt.sys:$CmdTcID
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\John:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6
AlternateDataStreams: C:\ProgramData\TEMP:C97C8631
AlternateDataStreams: C:\Users\John\Application Data:gs5sys
AlternateDataStreams: C:\Users\John\Cookies:gs5sys
AlternateDataStreams: C:\Users\John\Local Settings:gs5sys
AlternateDataStreams: C:\Users\John\Templates:gs5sys
AlternateDataStreams: C:\Users\John\Desktop\cf1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\John\Desktop\cf2.jpg:$CmdZnID
AlternateDataStreams: C:\Users\John\Desktop\L1532-1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\cmdemo102.exe:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\cmdemo102.exe:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\dgVoodoo.conf:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\dgVoodoo.conf:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\JK_AMD_FIX.7z:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\JK_AMD_FIX.7z:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\RevoUninProSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\RevoUninProSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\John\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\John\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\John\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\John\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\John\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7544 more sites.

IE trusted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1644976545-898374883-2013635671-1000\...\123simsen.com -> www.123simsen.com

There are 7542 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1644976545-898374883-2013635671-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Disc Soft Bus Service => 3
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: Garmin Device Interaction Service => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 3
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: wxpSvc => 3
MSCONFIG\Services: ZAPrivacyService => 2
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Synchronizer =>
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI =>
MSCONFIG\startupreg: CCleaner Monitoring => "c:\program files\ccleaner\ccleaner64.exe" /monitor
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: DellSystemDetect =>
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DownloadManager =>
MSCONFIG\startupreg: DriverMax =>
MSCONFIG\startupreg: DriverMax_RESTART =>
MSCONFIG\startupreg: DriveUtilitiesHelper => c:\program files (x86)\western digital\wd utilities\wddriveutilitieshelper.exe
MSCONFIG\startupreg: Eraser RiskMonitor => "C:\Program Files (x86)\East-Tec Eraser 2010\Launch.exe" "C:\Program Files (x86)\East-Tec Eraser 2010\etRiskMon.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iTunesHelper => "c:\program files\itunes\ituneshelper.exe"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: msnmsgr =>
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: OutfoxTV =>
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: PeerBlock => c:\program files\peerblock\peerblock.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickTime Task => "c:\program files (x86)\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap64.dll,shadowplayonsystemstart
MSCONFIG\startupreg: snpstd3 =>
MSCONFIG\startupreg: SpybotSD TeaTimer => G:\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched =>
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: WD Drive Unlocker => c:\program files (x86)\western digital\wd security\wddriveautounlock.exe
MSCONFIG\startupreg: WD Quick View => c:\program files (x86)\western digital\wd quick view\wddmstatus.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [RemoteDesktop-UserMode-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-OUT-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-Out-TCP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-TCP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-Out-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-Out-TCP-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-RAServer-Out-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [{5E18E01D-62D4-4C0C-AAD6-417373EB1113}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F19301BD-AECF-43DF-A12D-9A3C7AFD164A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{56345B3B-02A3-49FB-A35D-2BD1BB94A2B4}C:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe
FirewallRules: [UDP Query User{49CBB312-3B10-4404-A1B1-152DEA8640FF}C:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe
FirewallRules: [{65679974-B724-4DED-BE9D-A9345151D8D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F1DE250-ADC8-4C68-B6E8-682733D05C59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DD94AAF-ADB0-4A98-8922-0D5E6AF01463}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{38B0975C-633A-462E-BEFC-EF65051E1A7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{A0FEE03C-7277-4C5D-8518-2ADDC387BE90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{46F2EDD7-98B7-494E-BFCC-D4B487852125}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{939E70D2-3580-4AC0-96E7-B000AE537950}] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [{628F57E0-1F02-4F5F-A080-2A5A8ADE8AA5}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{E9DD32E3-49C7-47F9-8EB1-5D8ECCB511D2}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{A2DC42D3-5E3D-42FD-A3FE-A9C2D8B2C522}] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [{104FBAB6-D0DC-46AA-8DD0-F7C92358B40F}] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{C62CAC98-23DA-47E2-A163-6DED1E1EB1D2}] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{5DED38B3-C56E-4024-997D-B16B6DBC3F5F}] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{6F8A3C21-1AB6-4DA2-8270-D1B34E864988}] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{84155097-81FD-4A94-9301-B7065AB18881}] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{019DCD7D-ACC3-4A78-BEB6-9B7C7E701BEF}] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{41165162-E259-4BBF-A046-FEC637ADDC2C}] => (Block) C:\Program Files (x86)\Microsoft Games\CFS3 ETO Expansion\cfs3.exe
FirewallRules: [{A9477EF2-42C7-43F7-84CB-4E6111313CAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{4E094793-8C55-4C1D-A05C-4D3C81B97487}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{09E982F9-A56A-4C27-A541-E504A948AF7A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{EB1699AE-BC44-42EA-8B99-615A019BC2EC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{0EA0D269-A190-47F1-9B79-A4FEEFA9B204}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1B52CCDC-B7CB-4B20-A509-DE96B50D3F69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0E0B908B-074F-459F-B3A4-B1448C00B4AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{572778D1-DD90-478E-992D-1A094B064CEA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4AD054F9-26F7-4897-8DEA-BC55276CB425}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9297D05A-1764-4501-ADA2-D4644FCE2202}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E7B183E5-ACF8-484D-BF61-0438E25A9AF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{59E56D7D-E569-44A2-A29F-2DCFD74AC7F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E946DF80-A768-494D-9108-342E0CCE44B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{426AC6B9-04ED-4E19-8AEA-E82F9E2B449C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: COMODO Internet Security Firewall Driver
Description: COMODO Internet Security Firewall Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: inspect
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2015 02:42:53 PM) (Source: ) (EventID: 0) (User: )
Description: 1

Error: (11/07/2015 02:20:01 PM) (Source: ) (EventID: 0) (User: )
Description: 1

Error: (11/07/2015 01:51:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GFExperience.exe version 2.5.15.54 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10ec

Start Time: 01d119a399b31be5

Termination Time: 8

Application Path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

Report Id: bae19206-8599-11e5-a1b5-002564d3612a

Error: (11/07/2015 01:21:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GFExperience.exe version 16.13.56.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1630

Start Time: 01d119a1ad8760b0

Termination Time: 74

Application Path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

Report Id: 6ff272b4-8595-11e5-a1b5-002564d3612a

Error: (11/07/2015 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program taskmgr.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13f0

Start Time: 01d1197b4ed03f42

Termination Time: 23329

Application Path: C:\Windows\system32\taskmgr.exe

Report Id: 94b6a066-856e-11e5-80b5-002564d3612a

Error: (11/07/2015 08:23:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (11/07/2015 02:50:21 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (11/07/2015 02:50:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (11/07/2015 02:50:21 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (11/07/2015 02:18:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 74c

Start Time: 01d11943f82ac928

Termination Time: 3

Application Path: C:\Windows\explorer.exe

Report Id: d7a59e52-8538-11e5-965e-002564d3612a


System errors:
=============
Error: (11/07/2015 01:59:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd
inspect
ISODisk

Error: (11/07/2015 01:59:19 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/07/2015 01:59:10 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/07/2015 01:59:01 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/07/2015 01:58:05 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/07/2015 01:57:56 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/07/2015 01:57:47 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/07/2015 01:57:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1058

Error: (11/07/2015 01:57:38 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/07/2015 01:57:29 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.


CodeIntegrity:
===================================
Date: 2015-11-07 03:03:14.449
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-07 03:03:14.293
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-07 03:03:14.153
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-07 03:03:13.997
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-06 21:28:32.567
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-06 21:28:32.411
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-06 21:28:32.255
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-06 21:28:32.099
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-12 11:07:02.261
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-12 11:07:02.044
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom™ II X4 945 Processor
Percentage of memory in use: 49%
Total physical RAM: 6143.12 MB
Available physical RAM: 3083.75 MB
Total Virtual: 16141.32 MB
Available Virtual: 13538.7 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:62.16 GB) NTFS
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:869.83 GB) NTFS
Drive g: (CFS3_CD1) (CDROM) (Total:0.51 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 0E31A92E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: D786438F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

Would you post the Combofix log, it's location is here==> C:\ComboFix.txt. Post the log directly into the forum. I need to see what was deleted.

What problems are you having with the computer ? Do you have a proxy set in firefox?

Thanks
Joe :)
  • 0

#6
quin8484

quin8484

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

hello, just the many svchosts in safe mode..

 

ComboFix 15-11-05.01 - John 11/07/2015   2:51.4.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.4430 [GMT -8:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: AVG Internet Security *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
FW: AVG Internet Security *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\programdata\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
c:\windows\iun6002.exe
c:\windows\SysWow64\run.bat
c:\windows\SysWow64\win.ini
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-07 to 2015-11-07  )))))))))))))))))))))))))))))))
.
.
2015-11-07 11:03 . 2015-11-07 11:03    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-11-07 11:03 . 2015-11-07 11:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-11-07 11:03 . 2015-11-07 11:03    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2015-11-07 08:45 . 2015-11-07 08:45    981744    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2015-11-07 08:45 . 2015-11-07 08:45    84072    ----a-w-    c:\windows\system32\RtNicProp64.dll
2015-11-06 23:04 . 2015-11-06 23:04    10592424    ----a-w-    c:\program files (x86)\Mozilla Firefox\icudt55.dll
2015-11-06 23:04 . 2015-11-06 23:04    901288    ----a-w-    c:\program files (x86)\Mozilla Firefox\icuuc55.dll
2015-11-06 23:04 . 2015-11-06 23:04    59560    ----a-w-    c:\program files (x86)\Mozilla Firefox\lgpllibs.dll
2015-11-06 23:04 . 2015-11-06 23:04    1287848    ----a-w-    c:\program files (x86)\Mozilla Firefox\icuin55.dll
2015-11-06 19:24 . 2015-11-06 19:24    --------    d-----w-    c:\users\John\AppData\Roaming\Opera Software
2015-11-06 19:24 . 2015-11-06 19:24    --------    d-----w-    c:\users\John\AppData\Local\Opera Software
2015-11-06 17:22 . 2001-05-23 04:59    4934144    ----a-w-    c:\program files (x86)\Microsoft Games\Close Combat\cc.exe
2015-11-06 16:06 . 2015-11-06 16:06    1371224    ----a-w-    c:\program files (x86)\Microsoft Games\Close Combat\ccupdate(2).EXE
2015-11-04 20:20 . 2015-11-04 20:20    --------    d-----w-    c:\program files\Yamicsoft
2015-11-02 08:13 . 2015-11-02 08:13    3210240    ----a-w-    c:\windows\system32\win32k.sys
2015-11-02 08:12 . 2013-09-20 18:49    21040    ----a-w-    c:\windows\system32\sdnclean64.exe
2015-11-02 08:12 . 2015-11-02 17:42    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2015-11-02 08:11 . 2015-11-02 08:11    39936    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2015-11-02 08:11 . 2015-11-02 08:11    22528    ----a-w-    c:\windows\system32\icaapi.dll
2015-11-02 07:58 . 2015-11-02 07:58    --------    d-----w-    c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-10-30 07:00 . 2015-10-30 07:42    37624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-10-30 07:00 . 2015-10-30 07:34    --------    d-----w-    c:\programdata\RogueKiller
2015-10-29 17:40 . 2015-10-29 17:41    5504627    ----a-w-    c:\program files (x86)\Microsoft Games\cfs3.exe
2015-10-28 04:06 . 2015-10-28 04:06    --------    d-----w-    c:\users\John\AppData\Roaming\Yamicsoft
2015-10-27 23:31 . 2015-10-27 23:31    --------    d-----w-    C:\$AVG
2015-10-27 23:28 . 2015-11-07 10:35    --------    d-----w-    c:\programdata\MFAData
2015-10-27 23:28 . 2015-10-27 23:28    --------    d-----w-    c:\users\John\AppData\Local\MFAData
2015-10-24 17:16 . 2015-10-20 11:33    11140960    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF1C3104-7919-4308-ABE8-E936E870EE00}\mpengine.dll
2015-10-24 15:02 . 2015-10-24 15:02    --------    d-----w-    c:\users\John\AppData\Roaming\AVG
2015-10-24 14:50 . 2015-10-25 08:05    --------    d-----w-    c:\programdata\Avg
2015-10-24 14:46 . 2015-10-27 23:25    --------    d-----w-    c:\users\John\AppData\Local\AvgSetupLog
2015-10-22 17:47 . 2015-10-22 17:47    --------    d-----w-    c:\programdata\Shared Space
2015-10-22 17:44 . 2015-10-24 17:00    --------    d-----w-    c:\program files\COMODO
2015-10-22 17:43 . 2015-10-22 18:51    --------    d-----w-    c:\users\John\AppData\Local\Comodo
2015-10-20 15:22 . 2015-10-20 15:57    11376    ----a-w-    c:\windows\SysWow64\drivers\SECDRV.SYS
2015-10-19 20:00 . 2015-10-24 20:03    --------    d-----r-    c:\users\John\Virtual Machines
2015-10-19 09:17 . 2015-07-30 13:13    103120    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-10-19 09:17 . 2015-07-30 13:13    124624    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-19 08:54 . 2015-10-01 18:04    616360    ----a-w-    c:\windows\system32\winresume.efi
2015-10-19 08:54 . 2015-10-01 18:00    147456    ----a-w-    c:\windows\system32\appidpolicyconverter.exe
2015-10-19 08:54 . 2015-10-01 18:06    692672    ----a-w-    c:\windows\system32\winload.efi
2015-10-19 08:54 . 2015-10-01 18:00    63488    ----a-w-    c:\windows\system32\setbcdlocale.dll
2015-10-19 08:54 . 2015-10-01 18:00    59392    ----a-w-    c:\windows\system32\appidapi.dll
2015-10-19 08:54 . 2015-10-01 18:00    32768    ----a-w-    c:\windows\system32\appidsvc.dll
2015-10-19 08:54 . 2015-10-01 18:00    17920    ----a-w-    c:\windows\system32\appidcertstorecheck.exe
2015-10-19 08:54 . 2015-10-01 17:50    50688    ----a-w-    c:\windows\SysWow64\appidapi.dll
2015-10-19 08:54 . 2015-10-01 17:00    61440    ----a-w-    c:\windows\system32\drivers\appid.sys
2015-10-19 08:49 . 2015-06-25 10:06    115136    ----a-w-    c:\windows\system32\consent.exe
2015-10-19 08:48 . 2015-08-06 18:04    14176768    ----a-w-    c:\windows\system32\shell32.dll
2015-10-19 08:47 . 2015-07-30 18:06    1180160    ----a-w-    c:\windows\system32\FntCache.dll
2015-10-19 08:47 . 2015-07-30 18:06    1648128    ----a-w-    c:\windows\system32\DWrite.dll
2015-10-19 08:47 . 2015-07-30 17:57    1251328    ----a-w-    c:\windows\SysWow64\DWrite.dll
2015-10-19 08:47 . 2015-07-30 18:06    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2015-10-19 08:47 . 2015-07-30 17:57    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2015-10-19 08:47 . 2015-07-01 20:49    260096    ----a-w-    c:\windows\system32\WebClnt.dll
2015-10-19 08:47 . 2015-07-01 20:48    102912    ----a-w-    c:\windows\system32\davclnt.dll
2015-10-19 08:47 . 2015-07-01 20:30    206848    ----a-w-    c:\windows\SysWow64\WebClnt.dll
2015-10-19 08:47 . 2015-07-01 20:30    82432    ----a-w-    c:\windows\SysWow64\davclnt.dll
2015-10-19 08:46 . 2015-08-05 17:56    1110016    ----a-w-    c:\windows\system32\schedsvc.dll
2015-10-19 08:38 . 2015-07-09 17:58    1632256    ----a-w-    c:\windows\system32\dwmcore.dll
2015-10-19 08:38 . 2015-07-09 17:58    82944    ----a-w-    c:\windows\system32\dwmapi.dll
2015-10-19 08:38 . 2015-07-09 17:42    67584    ----a-w-    c:\windows\SysWow64\dwmapi.dll
2015-10-19 08:38 . 2015-07-09 17:42    1372160    ----a-w-    c:\windows\SysWow64\dwmcore.dll
2015-10-19 08:38 . 2015-07-09 17:57    193536    ----a-w-    c:\windows\system32\notepad.exe
2015-10-19 08:38 . 2015-07-09 17:57    193536    ----a-w-    c:\windows\notepad.exe
2015-10-19 08:38 . 2015-07-09 17:42    179712    ----a-w-    c:\windows\SysWow64\notepad.exe
2015-10-19 08:38 . 2015-07-16 19:12    37376    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2015-10-19 08:38 . 2015-07-16 19:12    4922368    ----a-w-    c:\windows\SysWow64\mstscax.dll
2015-10-19 08:38 . 2015-07-16 19:12    269824    ----a-w-    c:\windows\SysWow64\aaclient.dll
2015-10-19 08:38 . 2015-07-16 19:11    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2015-10-19 08:38 . 2015-07-16 19:11    5779456    ----a-w-    c:\windows\system32\mstscax.dll
2015-10-19 08:38 . 2015-07-16 19:11    322560    ----a-w-    c:\windows\system32\aaclient.dll
2015-10-19 08:33 . 2015-08-27 18:18    2004480    ----a-w-    c:\windows\system32\msxml6.dll
2015-10-19 08:33 . 2015-08-27 18:18    1887232    ----a-w-    c:\windows\system32\msxml3.dll
2015-10-19 08:33 . 2015-08-27 18:13    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2015-10-19 08:33 . 2015-08-27 18:13    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2015-10-19 08:33 . 2015-08-27 17:58    1391104    ----a-w-    c:\windows\SysWow64\msxml6.dll
2015-10-19 08:33 . 2015-08-27 17:58    1241088    ----a-w-    c:\windows\SysWow64\msxml3.dll
2015-10-19 08:33 . 2015-08-27 17:51    2048    ----a-w-    c:\windows\SysWow64\msxml6r.dll
2015-10-19 08:33 . 2015-08-27 17:51    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2015-10-19 08:12 . 2015-09-02 03:04    41984    ----a-w-    c:\windows\system32\lpk.dll
2015-10-19 08:12 . 2015-09-02 03:04    100864    ----a-w-    c:\windows\system32\fontsub.dll
2015-10-19 08:12 . 2015-09-02 03:04    14336    ----a-w-    c:\windows\system32\dciman32.dll
2015-10-19 08:12 . 2015-09-02 03:04    46080    ----a-w-    c:\windows\system32\atmlib.dll
2015-10-19 08:12 . 2015-09-02 02:48    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
2015-10-19 08:12 . 2015-09-02 02:48    10240    ----a-w-    c:\windows\SysWow64\dciman32.dll
2015-10-19 08:12 . 2015-09-02 02:48    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2015-10-19 08:12 . 2015-09-02 02:47    25600    ----a-w-    c:\windows\SysWow64\lpk.dll
2015-10-19 08:12 . 2015-09-02 01:47    372736    ----a-w-    c:\windows\system32\atmfd.dll
2015-10-19 08:12 . 2015-09-02 01:33    299520    ----a-w-    c:\windows\SysWow64\atmfd.dll
2015-10-19 06:58 . 2015-10-19 06:58    --------    d-----w-    c:\program files (x86)\Object Desktop
2015-10-16 18:52 . 2015-05-06 18:57    324608    ----a-w-    c:\program files (x86)\Microsoft Games\Combat Flight Simulator 3\d3d8.dll
2015-10-16 18:52 . 2015-05-06 18:57    324608    ----a-w-    c:\program files (x86)\Microsoft Games\CFS3 ETO Expansion\d3d8.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-07 08:45 . 2009-11-12 12:24    117824    ----a-w-    c:\windows\system32\RTNUninst64.dll
2015-11-06 23:06 . 2012-12-06 04:08    5730    ----a-w-    c:\windows\wininit.tmp
2015-10-02 19:09 . 2009-11-14 01:17    143481208    ----a-w-    c:\windows\system32\MRT.exe
2015-10-01 15:37 . 2015-10-01 15:37    26528    ----a-w-    c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-09-29 02:58 . 2015-10-19 08:51    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-09-11 22:59 . 2015-09-11 22:59    312752    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2015-09-03 19:52 . 2015-09-03 19:52    445472    ----a-w-    c:\windows\SysWow64\guard32.dll
2015-09-03 19:52 . 2015-09-03 19:52    579408    ----a-w-    c:\windows\system32\guard64.dll
2015-08-29 22:31 . 2015-08-29 22:31    97208    ----a-w-    c:\windows\system32\drivers\avgfwd6a.sys
2015-08-28 19:45 . 2015-08-28 19:45    301488    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2015-08-20 20:58 . 2015-08-20 20:58    298416    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2015-08-14 21:24 . 2015-08-14 21:24    398256    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2015-08-12 23:03 . 2015-08-12 23:03    96528    ----a-w-    c:\windows\system32\dns-sd.exe
2015-08-12 23:03 . 2015-08-12 23:03    86288    ----a-w-    c:\windows\system32\dnssd.dll
2015-08-12 23:03 . 2015-08-12 23:03    84240    ----a-w-    c:\windows\SysWow64\dns-sd.exe
2015-08-12 23:03 . 2015-08-12 23:03    72976    ----a-w-    c:\windows\SysWow64\dnssd.dll
2015-08-10 22:32 . 2015-08-10 22:32    293296    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2015-08-10 22:32 . 2015-08-10 22:32    197040    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2015-08-10 22:31 . 2015-08-10 22:31    251312    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2015-08-10 22:25 . 2015-08-10 22:25    42416    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
1999-06-25 14:55 . 2011-08-20 23:50    149504    ----a-w-    c:\program files (x86)\UNWISE.EXE
2014-03-07 18:03    3109520    --sha-r-    c:\windows\SysWOW64\avcodec-lav-55.dll
2014-03-07 18:03    98960    --sha-r-    c:\windows\SysWOW64\avfilter-lav-4.dll
2014-03-07 18:03    550032    --sha-r-    c:\windows\SysWOW64\avformat-lav-55.dll
2009-09-27 16:39    415744    --sh--w-    c:\windows\SysWOW64\avisynth.dll
2014-03-07 18:03    59536    --sha-r-    c:\windows\SysWOW64\avresample-lav-1.dll
2005-07-14 19:31    32256    --sh--w-    c:\windows\SysWOW64\AVSredirect.dll
2014-03-07 18:03    181392    --sha-r-    c:\windows\SysWOW64\avutil-lav-52.dll
2004-02-22 17:11    764416    --sh--w-    c:\windows\SysWOW64\devil.dll
2014-03-07 18:03    122512    --sha-r-    c:\windows\SysWOW64\HLaudio.dll
2014-03-07 18:03    203408    --sha-r-    c:\windows\SysWOW64\HLsplit.dll
2014-03-07 18:03    313520    --sha-r-    c:\windows\SysWOW64\HLvideo.dll
2014-03-07 18:03    166544    --sha-r-    c:\windows\SysWOW64\IntelQuickSyncDecoder.dll
2014-03-07 18:03    109712    --sha-r-    c:\windows\SysWOW64\libbluray.dll
2011-02-11 17:26    112128    --sha-r-    c:\windows\SysWOW64\OptimFROG.dll
2014-03-07 18:03    118416    --sha-r-    c:\windows\SysWOW64\swscale-lav-2.dll
2010-01-07 07:00    107520    --sha-r-    c:\windows\SysWOW64\TAKDSDecoder.dll
2012-10-06 02:54    188416    --sha-r-    c:\windows\SysWOW64\winDCE32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 8"="c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-04-08 2429728]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-29 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\Av\avgui.exe" [2015-10-12 3812264]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-09-11 1403192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
"AVG_UI"="c:\program files (x86)\AVG\Av\avgui.exe" /TRAYONLY
.
R0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x]
R0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
R1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;c:\windows\system32\drivers\VSPE.sys;c:\windows\SYSNATIVE\drivers\VSPE.sys [x]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
R1 ISODisk;ISODisk; [x]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\Av\avgfws.exe;c:\program files (x86)\AVG\Av\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\Av\avgidsagent.exe;c:\program files (x86)\AVG\Av\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\Av\avgwdsvcx.exe;c:\program files (x86)\AVG\Av\avgwdsvcx.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys;c:\windows\SYSNATIVE\DRIVERS\ubsbm.sys [x]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys;c:\windows\SYSNATIVE\DRIVERS\ubumapi.sys [x]
R3 ALSysIO;ALSysIO;c:\users\John\AppData\Local\Temp\ALSysIO64.sys;c:\users\John\AppData\Local\Temp\ALSysIO64.sys [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 AvgAMPS;AvgAMPS;c:\program files (x86)\AVG\Av\avgamps.exe;c:\program files (x86)\AVG\Av\avgamps.exe [x]
R3 cpuz134;cpuz134;c:\users\John\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\John\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 hcdriver;EHCI Compliance Test Tool Device Driver;c:\windows\system32\DRIVERS\hcdriver.sys;c:\windows\SYSNATIVE\DRIVERS\hcdriver.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 PGR1394b;PGR IEEE 1394 Bus host controllers;c:\windows\system32\DRIVERS\PGR1394.sys;c:\windows\SYSNATIVE\DRIVERS\PGR1394.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtenic64.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys;c:\windows\SYSNATIVE\drivers\SndTAudio.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys;c:\windows\SYSNATIVE\DRIVERS\ubohci.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 vjoy;vJoy Device;c:\windows\system32\DRIVERS\vjoy.sys;c:\windows\SYSNATIVE\DRIVERS\vjoy.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 voxaldriver;Voxal Filter Driver 2.12.01;c:\windows\system32\DRIVERS\voxaldriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\voxaldriverx64.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
R4 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R4 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
R4 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R4 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
R4 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R4 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
R4 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
R4 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
R4 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
R4 wxpSvc;webcamXP Service;c:\program files (x86)\wLite\wService.exe;c:\program files (x86)\wLite\wService.exe [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys;c:\windows\SYSNATIVE\drivers\sfdrv01a.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S3 AE3000;Linksys AE3000 Driver;c:\windows\system32\DRIVERS\AE3000w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE3000w764.sys [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-27 07:11    997704    ----a-w-    c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 17:36]
.
2015-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 17:36]
.
2015-11-07 c:\windows\Tasks\Uninstaller_SkipUac_John.job
- c:\program files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-10-01 00:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-09-01 00:45    2472224    ----a-w-    c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = localhost:8080
uInternet Settings,ProxyOverride = *.local
Trusted Zone: dell.com
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\skjdr7rf.default-1445754295838\
FF - prefs.js: browser.search.selectedEngine - Google encrypted
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 201.45.252.42
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 201.45.252.42
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 201.45.252.42
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 201.45.252.42
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2015-10-01 01:41; [email protected]; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\udnxlxgw.default\extensions\[email protected]
FF - ExtSQL: 2015-10-18 18:02; [email protected]; c:\program files (x86)\IObit Apps Toolbar\FF
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-PAexec
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Close Combat IV - c:\program files (x86)\Close Combat IV\Uninst.isu
AddRemove-Covert Operations - c:\program files (x86)\Red Storm Entertainment\Covert Operations\Uninst.isu
AddRemove-Fighters Anthology - c:\windows\system32\EAREMOVE.EXE
AddRemove-Longbow 2 - c:\windows\system32\EAREMOVE.EXE
AddRemove-Tom Clancy's Rainbow Six Demo - c:\program files (x86)\Red Storm Entertainment\Tom Clancy's Rainbow Six Demo\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files (x86)\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644976545-898374883-2013635671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1644976545-898374883-2013635671-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8DD6840B-1696-AD82-2672-A0162E41EFBE}*]
@Allowed: (Read) (RestrictedCode)
"oaokhpkobgpjfjekoplongcmlkdbmh"=hex:64,61,6f,69,65,67,70,69,00,fc
"oacmpflgendkalhnocflkfgajgkaop"=hex:6a,61,6e,69,69,66,62,64,66,6c,64,67,69,6b,
   6d,6d,65,6d,61,65,00,fb
"nailbakhcgldnojnajikbaldonjn"=hex:6a,61,6f,69,68,66,6a,6a,6e,6c,64,68,68,66,
   61,68,6b,69,64,6d,00,fb
.
[HKEY_USERS\S-1-5-21-1644976545-898374883-2013635671-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,0a,14,4f,c8,d3,14,b9,1f,9a,b2,9d,72,73,ef,92,35,34,27,85,90,18,9f,
   8d,2f,a2,66,48,98,d0,db,f3,06,53,39,9f,a0,11,76,58,cc,5f,b3,fb,de,5f,91,2a,\
"??"=hex:56,1e,1b,12,94,4c,1a,c2,c4,3e,00,1a,d7,ef,6e,8d
.
[HKEY_USERS\S-1-5-21-1644976545-898374883-2013635671-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,f3,fe,06,8e,f0,dd,a6,4e,87,fa,d4,4b,35,59,c4,93,9c,27,c3,70,
   47,12,26,ad,d8,d9,dc,2c,57,1e,28,98,61,70,3a,85,5e,e8,de,b2,67,05,a8,09,fe,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}]
@DACL=(02 0000)
@SACL=
@="CElevateWlanUi"
"DllSurrogate"=""
"AccessPermission"=hex:01,00,04,80,60,00,00,00,70,00,00,00,00,00,00,00,14,00,
   00,00,02,00,4c,00,03,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2015-11-07  03:06:27
ComboFix-quarantined-files.txt  2015-11-07 11:06
ComboFix2.txt  2015-11-07 05:42
ComboFix3.txt  2015-03-08 01:49
ComboFix4.txt  2015-03-07 05:52
.
Pre-Run: 77,750,394,880 bytes free
Post-Run: 77,591,019,520 bytes free
.
- - End Of File - - A47449F7C114C85704F1BC3D65A2B536
CDB4DE4BBD714F152979DA2DCBEF57EB
 


Edited by quin8484, 07 November 2015 - 07:55 PM.

  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts

hello, just the many svchosts in safe mode..


That's normal for windows to have many svchosts. That is a non issue here. You have some left over junk in the FRST Logs, lets clean that up now.

Download the enclosed Attached File  fixlist.txt   5.68KB   90 downloads file. Save it in the location FRST64 is (Your Desktop.) Run FRST64 and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST64 is, (Fixlog.txt). Please post it to your reply.

Thanks
Joe :)
  • 0

#8
quin8484

quin8484

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by John (2015-11-07 18:09:45) Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKU\S-1-5-21-1644976545-898374883-2013635671-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CB29228C-1191-43F5-B356-E32B4C9E89D9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {211C6414-41B6-4464-AC37-A9ED9ACE021C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
Toolbar: HKU\S-1-5-21-1644976545-898374883-2013635671-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-25] <==== ATTENTION
CHR HomePage: Default -> hxxp://www.dregol.com/?f=1&a=drg_frg01_15_30&cd=2XzuyEtN2Y1L1QzutBtD0A0AyE0B0EyByC0C0E0CzyyDyCzytN0D0Tzu0StCtBzyzztN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtAtBzytCtB0DtCtGtByBzzzytG0B0DyB0FtGtC0CzyyBtG0CtCyDtAyByDyEtC0DyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtA0DtCyDyEyC0AtGzz0FyEzytGyE0AzyyCtGzz0CyD0FtGyEyB0E0CtDyDyD0F0ByByE0A2QtN0A0LzutB&cr=931314817&ir=
CHR DefaultSearchURL: Default -> hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_frg01_15_30&cd=2XzuyEtN2Y1L1QzutBtD0A0AyE0B0EyByC0C0E0CzyyDyCzytN0D0Tzu0StCtBzyzztN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtAtBzytCtB0DtCtGtByBzzzytG0B0DyB0FtGtC0CzyyBtG0CtCyDtAyByDyEtC0DyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtA0DtCyDyEyC0AtGzz0FyEzytGyE0AzyyCtGzz0CyD0FtGyEyB0E0CtDyDyD0F0ByByE0A2QtN0A0LzutB&cr=931314817&ir=
CHR DefaultSearchKeyword: Default -> dregol.com
U4 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
S3 ALSysIO; \??\C:\Users\John\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\John\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 cpuz134; \??\C:\Users\John\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 SNPSTD3; system32\DRIVERS\snpstd3.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
2015-10-22 09:44 - 2015-08-05 09:20 - 00000000 ____D C:\ProgramData\Comodo
Task: {33BADD84-F7A7-4841-86B4-1E9FB7A103CE} - \COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} -> No File <==== ATTENTION
Task: {457B65BA-E903-43AC-B3E9-69D68595F430} - \COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} -> No File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {EA8224A9-4340-43C6-8078-FEBE2CE0E0E2} - \COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Windows\uninst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\revoflt.sys:$CmdTcID
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\John:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6
AlternateDataStreams: C:\ProgramData\TEMP:C97C8631
AlternateDataStreams: C:\Users\John\Application Data:gs5sys
AlternateDataStreams: C:\Users\John\Cookies:gs5sys
AlternateDataStreams: C:\Users\John\Local Settings:gs5sys
AlternateDataStreams: C:\Users\John\Templates:gs5sys
AlternateDataStreams: C:\Users\John\Desktop\cf1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\John\Desktop\cf2.jpg:$CmdZnID
AlternateDataStreams: C:\Users\John\Desktop\L1532-1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\cmdemo102.exe:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\cmdemo102.exe:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\dgVoodoo.conf:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\dgVoodoo.conf:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\JK_AMD_FIX.7z:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\JK_AMD_FIX.7z:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\RevoUninProSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\RevoUninProSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\John\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\John\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\John\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\John\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\John\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key could not remove. Access Denied.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\SOFTWARE\Policies\Google => key could not remove. Access Denied.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key could not remove. Access Denied.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB29228C-1191-43F5-B356-E32B4C9E89D9} => key could not remove. Access Denied.
HKCR\CLSID\{CB29228C-1191-43F5-B356-E32B4C9E89D9} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{211C6414-41B6-4464-AC37-A9ED9ACE021C} => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{211C6414-41B6-4464-AC37-A9ED9ACE021C} => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} => value removed successfully
HKCR\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326} => key not found.
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
CmdAgent => service could not remove
cmderd => Unable to stop service.
cmderd => service could not remove
cmdGuard => Unable to stop service.
cmdGuard => service could not remove
cmdHlp => Unable to stop service.
cmdHlp => service could not remove
ALSysIO => service could not remove
catchme => service removed successfully
cpuz132 => service could not remove
cpuz134 => service could not remove
SNPSTD3 => service removed successfully
VBoxNetFlt => service could not remove
vmci => service removed successfully
VMnetAdapter => service removed successfully
WinRing0_1_2_0 => service could not remove
C:\ProgramData\Comodo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{33BADD84-F7A7-4841-86B4-1E9FB7A103CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33BADD84-F7A7-4841-86B4-1E9FB7A103CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{457B65BA-E903-43AC-B3E9-69D68595F430}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{457B65BA-E903-43AC-B3E9-69D68595F430}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EA8224A9-4340-43C6-8078-FEBE2CE0E0E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA8224A9-4340-43C6-8078-FEBE2CE0E0E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" => key removed successfully
C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Windows\uninst.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\revoflt.sys" => ":$CmdTcID" ADS not found.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\John => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":9341E0C6" ADS removed successfully.
C:\ProgramData\TEMP => ":C97C8631" ADS removed successfully.
"C:\Users\John\Application Data" => ":gs5sys" ADS not found.
"C:\Users\John\Cookies" => ":gs5sys" ADS not found.
"C:\Users\John\Local Settings" => ":gs5sys" ADS not found.
"C:\Users\John\Templates" => ":gs5sys" ADS not found.
C:\Users\John\Desktop\cf1.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\John\Desktop\cf2.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\John\Desktop\L1532-1.jpg => ":$CmdZnID" ADS removed successfully.
"C:\Users\John\Downloads\cmdemo102.exe" => ":$CmdTcID" ADS not found.
C:\Users\John\Downloads\cmdemo102.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\John\Downloads\dgVoodoo.conf" => ":$CmdTcID" ADS not found.
C:\Users\John\Downloads\dgVoodoo.conf => ":$CmdZnID" ADS removed successfully.
"C:\Users\John\Downloads\JK_AMD_FIX.7z" => ":$CmdTcID" ADS not found.
C:\Users\John\Downloads\JK_AMD_FIX.7z => ":$CmdZnID" ADS removed successfully.
"C:\Users\John\Downloads\RevoUninProSetup.exe" => ":$CmdTcID" ADS not found.
C:\Users\John\Downloads\RevoUninProSetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\John\AppData\Local => ":gs5sys" ADS removed successfully.
C:\Users\John\AppData\Roaming => ":gs5sys" ADS removed successfully.
"C:\Users\John\AppData\Local\Application Data" => ":gs5sys" ADS not found.
"C:\Users\John\AppData\Local\History" => ":gs5sys" ADS not found.
C:\Users\John\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 4.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:16:23 ====


  • 0

#9
quin8484

quin8484

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

i dont have any sound though


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
How long has sound been out ?
  • 0

#11
quin8484

quin8484

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

since pc started after that fix, but I believe I have an audio conflict with another driver, from my nvidia sound on the graphics card. I want to disable the VIA and use only nvidia HD. both may be running.


Edited by quin8484, 07 November 2015 - 08:36 PM.

  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Yes I saw your post about that VIA issue. That is something I don't address, but a tech will help you with that problem probably not tonight I don't see a tech on line at the moment.

To finish up the malware part please remove combofix this is important to do.

:Uninstall ComboFix:
  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

  • 0

#13
quin8484

quin8484

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Thanks a bunch Zep, Everything seems to be working good if not faster.  Please delete all my posted logs. Thanks


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

You're welcome
We keep the logs here, so others can see how we did it, however you can delete FRST from your desktop and any logs we created.

I'll close the topic since we are done, a tech will help you with that sound problem.

Thanks
Joe :)
  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP