[Moose78]

So, anytime I run google, I find this after I run adw.  Log File below.  I run adwcleaner, but it keeps coming back.

 

 

 

# AdwCleaner v5.025 - Logfile created 23/12/2015 at 23:33:59
# Updated 13/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : j - CHUCKWAGON
# Running from : C:\Users\j\Downloads\adwcleaner_5.025.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.freecause.com
[C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com_
[C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : yahoo.com search
[C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M23EF82B7-5327-4A4E-BA71-3D7C6EFA35FE&SearchSource=55&CUI=&UM=5&UP=SP12DD5E86-2ABB-4BF8-BB4D-1B48855FAA7C&SSPV=

########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [1384 bytes] ##########
 

[Advertisements]

Hi Moose78,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.

Let's get started....

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update. Allow it do this please.
• Once the tool shows "The tool is ready to use." message, please press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[dbreeze]

Hi Moose78,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.

Let's get started....

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update. Allow it do this please.
• Once the tool shows "The tool is ready to use." message, please press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[Moose78]

Hello dbreeze, thanks for looking into this with me.  Here is the FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
Ran by j (administrator) on CHUCKWAGON (25-12-2015 11:50:56)
Running from C:\Users\j\Downloads
Loaded Profiles: j (Available Profiles: j)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\System32\PnkBstrA.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Hammer & Chisel, Inc.) C:\Users\j\AppData\Local\Discord\app-0.0.283\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\j\AppData\Local\Discord\app-0.0.283\Discord.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Optical Mouse\KoneXTDOpticalMonitor.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Hammer & Chisel, Inc.) C:\Users\j\AppData\Local\Discord\app-0.0.283\Discord.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
() C:\Users\j\Desktop\Desktop Folder\New folder\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RoccatKonePureOptical] => C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\KonePureOpticalMonitor.exe [561152 2014-01-20] (ROCCAT GmbH)
HKLM-x32\...\Run: [RoccatKoneXTDOptical] => C:\Program Files (x86)\ROCCAT\Kone XTD Optical Mouse\KoneXTDOpticalMonitor.EXE [552960 2014-04-14] (ROCCAT GmbH)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2015-12-16] (Electronic Arts)
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\Run: [Spotify Web Helper] => C:\Users\j\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-29] (Spotify Ltd)
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\Run: [Spotify] => C:\Users\j\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-29] (Spotify Ltd)
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\Run: [OpenHardwareMonitor] => C:\Program Files (x86)\NZXT\NZXT Kraken Control\OpenHardwareMonitor\OpenHardwareMonitor.exe [486912 2013-07-30] ()
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\Run: [Discord] => C:\Users\j\AppData\Local\Discord\app-0.0.283\Discord.exe [51716784 2015-11-17] (Hammer & Chisel, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\j\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\j\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\j\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\j\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\j\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\j\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-18] (Microsoft Corporation)
Startup: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2015-09-20]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 97.64.201.122 97.64.155.75
Tcpip\..\Interfaces\{66533185-cb23-43e5-9583-55ffaef50e64}: [DhcpNameServer] 97.64.201.122 97.64.155.75
Tcpip\..\Interfaces\{99917609-5589-4f8e-ad9b-503adf761064}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{c8cf5eaf-1e1d-4791-9bc7-cb2208b45bef}: [DhcpNameServer] 198.18.16.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-315420830-2266763828-2972201612-1001 -> {C71C0A31-837E-45CE-AB80-18377236B145} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-06] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-06] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\bxrw0i1r.default-1429236796332
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-05] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-05] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-12-18]
FF Extension: Astrill Proxy Switcher - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\bxrw0i1r.default-1429236796332\Extensions\[email protected] [2015-10-03] [not signed]
FF Extension: Better Battlelog (BBLog) - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\bxrw0i1r.default-1429236796332\Extensions\jid1-qQSMEVsYTOjgYA@jetpack [2015-04-18] [not signed]
FF Extension: AVG PrivacyFix - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\bxrw0i1r.default-1429236796332\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2015-07-05] [not signed]
FF Extension: FlipClock - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\bxrw0i1r.default-1429236796332\Extensions\{cdd09450-7280-11de-8a39-0800200c9a66}.xpi [2015-05-28]
FF Extension: Adblock Plus - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\bxrw0i1r.default-1429236796332\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF Extension: FoxClocks - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\bxrw0i1r.default-1429236796332\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}.xpi [2015-10-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M23EF82B7-5327-4A4E-BA71-3D7C6EFA35FE&SearchSource=55&CUI=&UM=5&UP=SP12DD5E86-2ABB-4BF8-BB4D-1B48855FAA7C&SSPV=
CHR StartupUrls: Default -> "hxxps://plus.google.com/b/101098568255429266043/101098568255429266043/posts","hxxps://www.google.com/calendar/render?pli=1#h","hxxp://8020.net/","hxxp://8020.net/PostalLookup.asp","hxxp://catalogs.8020.net/app.php?RelId=6.1.7.5","hxxp://intranet.8020.net/Pages/Main.aspx"
CHR Profile: C:\Users\j\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Theme Creator) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Calendar) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Clock for Google Chrome™) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg [2015-12-19]
CHR Extension: (AdBlock) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Better Battlelog (BBLog)) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2015-12-08]
CHR Extension: (The Great Suspender) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-12-23]
CHR Extension: (Hex v1) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbifpgkeajgidkmhheigfceghlngjedf [2015-12-05]
CHR Extension: (Ghostery) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-18]
CHR Extension: (Click&Clean App) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-10-27]
CHR Extension: (Gmail) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\j\AppData\Local\Google\Chrome\User Data\Profile 2
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-07-31] (ASUSTeK Computer Inc.)
S3 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [434016 2015-03-26] (Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2607640 2015-09-03] (Astrill)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-08] (ASUSTeK Computer Inc.) [File not signed]
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-18] (Kaspersky Lab ZAO)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1257504 2015-12-10] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [344288 2015-03-20] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-08] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-16] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-12-18] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-12-18] ()
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-07-09] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (hxxp://www.asmedia.com.tw) [File not signed]
R2 AsRamDisk; C:\Windows\system32\DRIVERS\asramdisk.sys [106296 2013-04-09] (Asus)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R3 asvpndrv; C:\Windows\System32\drivers\asvpndrv.sys [31744 2014-05-17] (Astrill)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2013-12-24] (The OpenVPN Project)
S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [21456 2012-12-20] (Olof Lagerkvist)
S3 CmHdAudAddService; C:\Windows\system32\DRIVERS\CMHDAudioV64.sys [62464 2012-12-25] (C-Media Electronics Inc.) [File not signed]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 CORK70; C:\Windows\system32\drivers\CORK70.sys [25600 2012-10-31] ( )
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-06] (REALiX™)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-06-17] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-18] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-18] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-18] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-18] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-18] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-02-13] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-11-24] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-12-06] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 VBAudioVACAMME; C:\Windows\system32\DRIVERS\vbaudio_cablea64_win7.sys [41192 2013-07-22] (Windows ® Win 7 DDK provider)
R3 VBAudioVACBMME; C:\Windows\system32\DRIVERS\vbaudio_cableb64_win7.sys [41192 2013-07-22] (Windows ® Win 7 DDK provider)
R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2015-09-07] (Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-09-07] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Users\j\Desktop\Desktop Folder\New folder\OpenHardwareMonitor\OpenHardwareMonitor.sys [14544 2015-12-24] (OpenLibSys.org)
S3 e1dexpress; \SystemRoot\system32\DRIVERS\e1d65x64.sys [X]
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-25 11:50 - 2015-12-25 11:51 - 00032549 _____ C:\Users\j\Downloads\FRST.txt
2015-12-25 11:50 - 2015-12-25 11:50 - 02370560 _____ (Farbar) C:\Users\j\Downloads\FRST64.exe
2015-12-25 11:50 - 2015-12-25 11:50 - 00000000 ____D C:\FRST
2015-12-25 11:22 - 2015-12-25 11:22 - 00016148 _____ C:\WINDOWS\system32\CHUCKWAGON_j_HistoryPrediction.bin
2015-12-24 18:38 - 2015-12-25 08:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-24 14:04 - 2015-12-24 14:04 - 00857590 _____ C:\Users\j\Downloads\dreamstime_40305534.eps
2015-12-24 11:25 - 2015-12-24 11:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4C1449C7.sys
2015-12-23 23:41 - 2015-12-23 23:41 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2015-12-23 23:30 - 2015-12-23 23:30 - 00000000 ____D C:\Users\j\AppData\Roaming\ProductData
2015-12-23 23:22 - 2015-12-23 23:23 - 01599336 _____ (Malwarebytes) C:\Users\j\Downloads\JRT.exe
2015-12-23 23:19 - 2015-12-23 23:19 - 00000000 ____D C:\_OTL
2015-12-23 23:17 - 2015-12-23 23:18 - 00602112 _____ (OldTimer Tools) C:\Users\j\Downloads\OTL.exe
2015-12-23 20:39 - 2015-12-08 20:51 - 01846016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-12-23 20:39 - 2015-12-08 20:51 - 01530240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-12-22 21:38 - 2015-12-22 21:38 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-12-22 21:38 - 2015-12-22 21:38 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-12-21 22:46 - 2015-12-21 22:46 - 00000000 ____D C:\Users\j\AppData\Roaming\NVIDIA
2015-12-21 11:24 - 2015-12-21 11:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\63BC5E5C.sys
2015-12-20 21:35 - 2015-12-20 21:35 - 00001076 _____ C:\Users\Public\Desktop\softMCCS.lnk
2015-12-20 21:33 - 2015-12-20 21:50 - 00000000 ____D C:\Users\j\AppData\Local\NVIDIA Corporation
2015-12-20 21:33 - 2015-12-20 21:33 - 00000000 ____D C:\Users\j\Desktop\DDU
2015-12-20 21:33 - 2015-12-20 21:33 - 00000000 ____D C:\Users\j\AppData\Local\NVIDIA
2015-12-20 21:33 - 2015-12-20 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-20 21:33 - 2015-12-08 20:51 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-12-20 21:33 - 2015-12-08 20:51 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-12-20 21:32 - 2015-12-23 20:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-20 21:32 - 2015-12-20 21:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-20 21:32 - 2015-12-20 21:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-20 21:32 - 2015-11-25 19:34 - 11228488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-12-20 21:32 - 2015-11-24 18:07 - 42913912 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 37882672 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 22345336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 18487360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 18389624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 16561320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 15933400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 15839392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 14844304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 13533416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 12870384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 12040952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 03540360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 03126800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 02876536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 02496816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 01905272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435906.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435906.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 01016360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00877872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00823232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00689784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00673912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00539464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00503416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00501056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00446768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00445400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00422752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00413816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00369272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00177416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00155976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00112760 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00105080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00072504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 00050472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-12-20 21:32 - 2015-11-24 18:07 - 00034494 _____ C:\WINDOWS\system32\nvinfo.pb
2015-12-20 21:32 - 2015-11-24 14:32 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-12-20 21:32 - 2015-11-24 14:32 - 02983032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-12-20 21:32 - 2015-11-24 14:32 - 02554672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-12-20 21:32 - 2015-11-24 14:32 - 00938616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-12-20 21:32 - 2015-11-24 14:32 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-12-20 21:32 - 2015-11-24 14:32 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-12-20 21:32 - 2015-11-23 15:35 - 06049858 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-12-20 21:31 - 2015-12-20 21:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-20 21:30 - 2015-12-20 21:30 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-12-20 21:20 - 2015-12-20 21:21 - 01138314 _____ C:\Users\j\Downloads\[Guru3D.com]-DDU(1).zip
2015-12-20 21:12 - 2015-12-20 21:20 - 00000000 ____D C:\Users\j\AppData\Roaming\discord
2015-12-20 21:12 - 2015-12-20 21:12 - 00000000 ____D C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2015-12-20 21:12 - 2015-12-20 21:12 - 00000000 ____D C:\Users\j\AppData\Local\SquirrelTemp
2015-12-20 21:12 - 2015-12-20 21:12 - 00000000 ____D C:\Users\j\AppData\Local\Discord
2015-12-20 19:16 - 2015-12-20 21:31 - 318505032 _____ (NVIDIA Corporation) C:\Users\j\Downloads\359.06-desktop-win10-64bit-international-whql.exe
2015-12-20 18:11 - 2015-12-20 21:12 - 49419440 _____ (Hammer & Chisel, Inc.) C:\Users\j\Downloads\DiscordSetup.exe
2015-12-19 15:45 - 2015-12-19 15:45 - 00000233 _____ C:\Users\j\Desktop\Tom Clancy's Rainbow Six Siege.url
2015-12-19 15:44 - 2015-12-19 15:44 - 00000000 ____D C:\Users\j\ubi
2015-12-18 23:17 - 2015-12-18 23:17 - 00000000 ____D C:\Users\j\AppData\Roaming\.mono
2015-12-18 23:17 - 2015-12-18 23:17 - 00000000 ____D C:\ProgramData\.mono
2015-12-18 20:38 - 2015-12-18 20:38 - 00002391 _____ C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-18 18:15 - 2015-12-18 18:15 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2015-12-18 18:15 - 2015-12-18 18:15 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2015-12-18 18:15 - 2015-12-18 18:15 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-12-18 18:15 - 2015-12-18 18:15 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2015-12-18 18:15 - 2015-12-18 18:05 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2015-12-18 17:56 - 2015-12-18 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-12-18 17:55 - 2015-12-25 11:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-18 17:55 - 2015-12-18 17:55 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-12-18 17:55 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-12-17 23:01 - 2015-12-18 17:55 - 173955456 _____ (Kaspersky Lab) C:\Users\j\Downloads\kts16.0.0.614en_8976.exe
2015-12-14 22:51 - 2015-12-14 22:51 - 01740288 _____ C:\Users\j\Downloads\adwcleaner_5.025.exe
2015-12-11 23:51 - 2015-12-11 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Matrox VFW Software Codecs
2015-12-11 23:43 - 2015-12-11 23:43 - 10591744 _____ (x264 project) C:\Users\j\Downloads\x264.exe
2015-12-11 23:42 - 2015-12-11 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NZXT
2015-12-10 19:57 - 2015-12-12 00:14 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2015-12-08 18:05 - 2015-11-30 19:32 - 00826872 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-08 18:05 - 2015-11-30 19:32 - 00176632 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 18:04 - 2015-12-01 02:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-08 18:04 - 2015-12-01 01:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-08 18:04 - 2015-12-01 00:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-08 18:04 - 2015-12-01 00:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-08 18:04 - 2015-12-01 00:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 18:04 - 2015-12-01 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 18:04 - 2015-11-30 23:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-08 18:04 - 2015-11-25 00:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-08 18:04 - 2015-11-25 00:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-08 18:04 - 2015-11-25 00:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 18:04 - 2015-11-25 00:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 18:04 - 2015-11-25 00:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 18:04 - 2015-11-25 00:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-08 18:04 - 2015-11-25 00:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 18:04 - 2015-11-25 00:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-08 18:04 - 2015-11-25 00:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 18:04 - 2015-11-25 00:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 18:04 - 2015-11-25 00:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 18:04 - 2015-11-24 23:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-08 18:04 - 2015-11-24 23:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 18:04 - 2015-11-24 23:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-08 18:04 - 2015-11-24 23:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-08 18:04 - 2015-11-24 23:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-08 18:04 - 2015-11-24 23:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-08 18:04 - 2015-11-24 23:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-08 18:04 - 2015-11-24 23:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-08 18:04 - 2015-11-24 23:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 18:04 - 2015-11-24 23:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 18:04 - 2015-11-24 23:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-08 18:04 - 2015-11-24 23:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-08 18:04 - 2015-11-24 23:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-08 18:04 - 2015-11-24 23:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-08 18:04 - 2015-11-24 23:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 18:04 - 2015-11-24 23:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-08 18:04 - 2015-11-24 23:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-08 18:04 - 2015-11-24 23:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 18:04 - 2015-11-24 23:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-08 18:04 - 2015-11-24 23:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 18:04 - 2015-11-24 23:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-08 18:04 - 2015-11-24 23:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 18:04 - 2015-11-24 23:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 18:04 - 2015-11-24 23:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-08 18:04 - 2015-11-24 23:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-08 18:04 - 2015-11-24 23:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-08 18:04 - 2015-11-24 23:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-08 18:04 - 2015-11-24 23:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-08 18:04 - 2015-11-24 23:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 18:04 - 2015-11-24 23:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-08 18:04 - 2015-11-24 23:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 18:04 - 2015-11-24 23:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 18:04 - 2015-11-24 23:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-08 18:04 - 2015-11-24 23:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-08 18:04 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 18:04 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 18:04 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 18:04 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 18:04 - 2015-11-24 23:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-08 18:04 - 2015-11-24 23:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-08 18:04 - 2015-11-24 23:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 18:04 - 2015-11-24 23:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-08 18:04 - 2015-11-24 23:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-08 18:04 - 2015-11-24 23:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-08 18:04 - 2015-11-24 23:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 18:04 - 2015-11-24 23:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-08 18:04 - 2015-11-24 23:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-08 18:04 - 2015-11-24 23:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 18:04 - 2015-11-24 23:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 18:04 - 2015-11-24 23:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 18:04 - 2015-11-24 23:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-08 18:04 - 2015-11-24 23:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-08 18:04 - 2015-11-24 23:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 18:04 - 2015-11-24 23:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 18:04 - 2015-11-24 23:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-08 18:04 - 2015-11-24 23:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 18:04 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 18:04 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 18:04 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 18:04 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 18:04 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 18:04 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-07 19:45 - 2015-12-07 19:46 - 07086848 _____ C:\Users\j\Downloads\OBS_0_657b_Installer.exe
2015-12-07 19:44 - 2015-12-07 19:45 - 09411866 _____ C:\Users\j\Downloads\OBS_0_657b.zip
2015-12-06 22:36 - 2015-12-06 22:36 - 08144808 _____ C:\Users\j\Downloads\wheelv1.1.blend
2015-12-06 20:26 - 2015-12-06 20:26 - 00096756 _____ C:\Users\j\Downloads\Parents night out.pdf
2015-12-06 20:05 - 2015-12-06 20:05 - 00097888 ____N (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-12-06 20:05 - 2015-12-06 20:05 - 00000000 ____D C:\Users\j\AppData\Roaming\Sun
2015-12-06 20:05 - 2015-12-06 20:05 - 00000000 ____D C:\Users\j\.oracle_jre_usage
2015-12-06 20:05 - 2015-03-22 12:47 - 00111016 ____N (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2015-12-06 19:54 - 2015-12-06 19:54 - 00584288 _____ (Oracle Corporation) C:\Users\j\Downloads\JavaSetup8u66.exe
2015-12-06 19:41 - 2015-12-06 19:41 - 00000000 ____D C:\Users\j\AppData\Roaming\Locktime
2015-12-06 19:41 - 2015-12-06 19:41 - 00000000 ____D C:\ProgramData\Locktime
2015-12-06 19:40 - 2015-12-06 19:40 - 00000000 ____D C:\Users\j\AppData\Roaming\Locktime Software
2015-12-06 19:39 - 2015-12-06 19:40 - 08030664 _____ (Locktime Software) C:\Users\j\Downloads\netlimiter-4.0.15.0.exe
2015-12-04 22:54 - 2015-12-21 22:28 - 00000000 ____D C:\Users\j\Documents\The Witcher 3
2015-12-04 20:31 - 2015-12-04 20:31 - 00029677 _____ C:\Users\j\Downloads\SweetFX_Settings_The Witcher 3- Wild Hunt_- _⌂ The Witcher 3 - SS V1.1.txt
2015-12-04 20:30 - 2015-12-04 20:30 - 23784080 _____ C:\Users\j\Downloads\ReShade Framework 1.1.0.7z
2015-12-04 20:28 - 2015-12-04 20:28 - 01393950 _____ C:\Users\j\Downloads\ReShade_1.1.0_with_SweetFX_2.0.7z
2015-12-02 05:39 - 2015-12-25 11:44 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 05:39 - 2015-12-25 05:44 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-27 18:43 - 2015-12-08 20:51 - 00111520 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-25 11:50 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-12-25 09:26 - 2015-07-04 18:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-25 08:28 - 2015-04-16 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-25 07:11 - 2013-12-24 22:44 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{35B7A7F9-36AB-4429-84D5-75948E00B9F3}
2015-12-23 23:47 - 2015-07-30 16:19 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-23 23:47 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-23 23:41 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-23 23:41 - 2014-01-27 18:35 - 00000000 ____D C:\Users\j\AppData\Local\CrashDumps
2015-12-23 23:41 - 2013-12-25 02:39 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2015-12-23 23:41 - 2013-12-24 23:58 - 00000000 ____D C:\ProgramData\Origin
2015-12-23 23:40 - 2015-07-10 04:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-12-23 23:40 - 2014-05-31 07:18 - 00000000 ____D C:\AdwCleaner
2015-12-23 23:23 - 2013-12-28 10:54 - 00000000 ____D C:\Users\j\AppData\Roaming\IObit
2015-12-23 23:23 - 2013-12-28 10:54 - 00000000 ____D C:\ProgramData\IObit
2015-12-23 23:23 - 2013-12-28 10:54 - 00000000 ____D C:\Program Files (x86)\IObit
2015-12-23 20:30 - 2014-08-21 20:22 - 00000000 ____D C:\Users\j\AppData\Local\Adobe
2015-12-23 20:29 - 2015-09-07 10:57 - 00002867 _____ C:\Users\j\AppData\Roaming\VoiceMeeterDefault.xml
2015-12-23 20:28 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-22 22:33 - 2015-04-03 00:32 - 00000000 ____D C:\Program Files (x86)\18 Wheels of Steel Haulin
2015-12-22 20:38 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-21 23:01 - 2015-07-31 14:15 - 00000000 ___RD C:\Users\j\Desktop\Desktop Folder
2015-12-21 20:32 - 2014-09-14 18:12 - 00000000 ____D C:\Users\j\AppData\Roaming\Audacity
2015-12-21 20:19 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-21 06:14 - 2014-12-26 22:59 - 00000000 ____D C:\Users\j\AppData\Roaming\MPC-HC
2015-12-20 21:35 - 2015-11-15 12:02 - 01473480 _____ (EnTech Taiwan ) C:\Users\j\Downloads\sm_setup(3).exe
2015-12-20 21:35 - 2014-09-18 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\softMCCS
2015-12-20 21:35 - 2014-09-18 19:18 - 00000000 ____D C:\Program Files (x86)\softMCCS
2015-12-20 21:32 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Help
2015-12-20 21:30 - 2015-06-28 08:59 - 00189112 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
2015-12-19 17:12 - 2014-06-21 15:38 - 00000000 ____D C:\Users\j\Documents\My Games
2015-12-19 15:44 - 2015-07-30 16:16 - 00000000 ____D C:\Users\j
2015-12-18 21:27 - 2013-12-29 21:34 - 00076152 _____ C:\WINDOWS\system32\PnkBstrA.exe
2015-12-18 20:38 - 2015-05-07 00:24 - 00000000 ___RD C:\Users\j\OneDrive
2015-12-18 20:11 - 2015-03-31 17:03 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-12-18 20:11 - 2014-02-09 11:19 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-12-18 17:55 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-18 17:55 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-18 17:55 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Default.migrated
2015-12-18 17:54 - 2014-12-26 12:56 - 00000000 ____D C:\ProgramData\AVG2015
2015-12-18 17:54 - 2014-11-23 12:43 - 00000000 ____D C:\ProgramData\MFAData
2015-12-18 17:51 - 2014-12-25 20:25 - 00000000 ____D C:\Users\j\AppData\Local\AvgSetupLog
2015-12-18 17:50 - 2014-12-26 12:56 - 00000000 ___HD C:\$AVG
2015-12-16 22:26 - 2013-12-24 23:58 - 00000000 ____D C:\Program Files (x86)\Origin
2015-12-15 22:55 - 2014-01-07 12:50 - 00000000 ____D C:\Users\j\AppData\Local\ElevatedDiagnostics
2015-12-14 23:03 - 2013-12-31 20:58 - 00000000 ____D C:\Program Files\CCleaner
2015-12-14 21:11 - 2014-01-24 21:46 - 00000000 ____D C:\Users\j\AppData\Local\DayZ
2015-12-12 00:11 - 2014-12-27 16:18 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-11 23:56 - 2015-01-11 16:28 - 00000000 ____D C:\Users\j\AppData\Roaming\OBS
2015-12-11 23:51 - 2015-08-30 15:18 - 00000000 ____D C:\Program Files\Matrox VFW Software Codecs
2015-12-11 23:48 - 2015-07-10 07:20 - 05042936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 23:48 - 2014-08-21 20:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-11 23:42 - 2015-10-08 18:37 - 00000000 ____D C:\ProgramData\Cisco
2015-12-11 23:42 - 2015-10-08 18:37 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-12-11 23:42 - 2014-05-19 05:44 - 00000000 ____D C:\Program Files (x86)\NZXT
2015-12-11 23:38 - 2014-01-27 18:31 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-11 23:13 - 2015-07-31 10:01 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2015-12-11 23:06 - 2015-07-10 04:05 - 94371840 _____ C:\WINDOWS\system32\config\SOFTWARE_tureg_old
2015-12-11 23:06 - 2015-07-10 04:05 - 19136512 _____ C:\WINDOWS\system32\config\SYSTEM_tureg_old
2015-12-11 23:06 - 2015-07-10 04:05 - 00049152 _____ C:\WINDOWS\system32\config\SECURITY_tureg_old
2015-12-11 23:05 - 2015-07-10 04:05 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT_tureg_old
2015-12-11 22:01 - 2013-12-24 22:43 - 00000000 ____D C:\Users\j\AppData\Roaming\Adobe
2015-12-11 12:25 - 2014-11-11 21:02 - 00000000 ____D C:\Users\j\Documents\Assassin's Creed Unity
2015-12-10 23:01 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-10 19:36 - 2015-03-01 16:30 - 00000000 ____D C:\Users\j\AppData\Local\Steam
2015-12-08 22:39 - 2014-01-19 23:09 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 19:32 - 2014-03-06 22:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-08 19:32 - 2014-03-06 22:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-08 19:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-08 18:09 - 2014-03-06 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 18:08 - 2013-12-25 21:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 18:05 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-08 18:05 - 2013-12-25 21:52 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 17:53 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Web
2015-12-07 19:46 - 2015-01-11 17:08 - 00000000 ____D C:\Program Files (x86)\OBS
2015-12-06 22:18 - 2015-01-11 16:28 - 00000000 ____D C:\Program Files\OBS
2015-12-06 20:06 - 2014-04-24 21:18 - 00000000 __SHD C:\Users\j\AppData\LocalLow\EmieUserList
2015-12-06 20:06 - 2014-04-24 21:18 - 00000000 __SHD C:\Users\j\AppData\Local\EmieUserList
2015-12-06 20:06 - 2014-04-24 21:18 - 00000000 __SHD C:\Users\j\AppData\Local\EmieSiteList
2015-12-06 20:06 - 2014-04-24 21:17 - 00000000 __SHD C:\Users\j\AppData\LocalLow\EmieSiteList
2015-12-06 20:06 - 2014-01-13 18:23 - 00000000 ____D C:\ProgramData\Oracle
2015-12-06 20:05 - 2014-01-13 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-06 20:05 - 2014-01-13 18:23 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-02 05:39 - 2014-09-29 16:58 - 00003986 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 05:39 - 2014-09-29 16:58 - 00003754 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-29 15:32 - 2014-01-12 18:44 - 00348360 ____N C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-11-29 13:25 - 2015-04-02 13:57 - 00000000 ____D C:\Users\j\AppData\Local\Spotify
2015-11-29 13:19 - 2015-04-02 13:57 - 00000000 ____D C:\Users\j\AppData\Roaming\Spotify

==================== Files in the root of some directories =======

2014-08-21 20:27 - 2012-04-14 12:01 - 0285478 _____ () C:\Program Files\ae_disc.ico
2014-08-21 20:27 - 2012-04-14 12:01 - 0050224 _____ () C:\Program Files\Installation Instructions.pdf
2014-08-21 20:27 - 2012-04-14 12:01 - 0463286 _____ () C:\Program Files\Installationsanweisungen.pdf
2014-08-21 20:27 - 2012-04-14 12:01 - 0459430 _____ () C:\Program Files\Instrucciones de instalación.pdf
2014-08-21 20:27 - 2012-04-14 12:01 - 0471089 _____ () C:\Program Files\Instructions d'installation.pdf
2014-08-21 20:27 - 2012-04-14 12:01 - 0456531 _____ () C:\Program Files\Istruzioni di installazione.pdf
2014-08-21 20:27 - 2014-08-21 20:27 - 0148323 _____ () C:\Program Files\インストール手順.pdf
2014-08-21 20:27 - 2014-08-21 20:27 - 0274337 _____ () C:\Program Files\설치 지침.pdf
2015-04-02 09:40 - 2015-09-05 16:21 - 0000132 _____ () C:\Users\j\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-08-23 12:44 - 2015-08-30 14:06 - 0000132 _____ () C:\Users\j\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-12-24 23:37 - 2014-05-19 19:07 - 0000021 _____ () C:\Users\j\AppData\Roaming\config_data.dat
2015-09-07 10:57 - 2015-12-23 20:29 - 0002867 _____ () C:\Users\j\AppData\Roaming\VoiceMeeterDefault.xml
2015-01-02 10:42 - 2015-01-02 10:42 - 0001456 _____ () C:\Users\j\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-03-28 10:40 - 2015-03-28 10:49 - 1065984 _____ () C:\Users\j\AppData\Local\file__0.localstorage
2014-08-22 21:09 - 2014-08-22 21:09 - 0000731 _____ () C:\Users\j\AppData\Local\recently-used.xbel
2014-12-22 19:15 - 2015-11-22 15:08 - 0007601 _____ () C:\Users\j\AppData\Local\resmon.resmoncfg
2015-04-09 19:29 - 2015-04-09 19:29 - 0000000 _____ () C:\Users\j\AppData\Local\{19B0D861-ABBC-4053-8526-4D00B93A930E}
2015-06-30 19:35 - 2015-06-30 19:35 - 0000000 _____ () C:\Users\j\AppData\Local\{9DEC8075-F990-4466-A32D-2EAAE3A87BC3}
2015-07-04 17:01 - 2015-07-04 17:01 - 0000000 _____ () C:\Users\j\AppData\Local\{EF10EE69-7146-4164-BA74-5517F188B89B}
2013-12-25 09:47 - 2013-12-25 09:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\j\Razer Synapse Tournament Drivers 20150802_1430.exe


Some files in TEMP:
====================
C:\Users\j\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-17 20:46

==================== End of FRST.txt ============================

 

 

And here is the Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by j (2015-12-25 11:51:15)
Running from C:\Users\j\Downloads
Windows 10 Pro (X64) (2015-07-30 21:32:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-315420830-2266763828-2972201612-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-315420830-2266763828-2972201612-503 - Limited - Disabled)
Guest (S-1-5-21-315420830-2266763828-2972201612-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-315420830-2266763828-2972201612-1005 - Limited - Enabled)
j (S-1-5-21-315420830-2266763828-2972201612-1001 - Administrator - Enabled) => C:\Users\j

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel: Haulin'  (HKLM-x32\...\18 Wheels of Steel: Haulin') (Version:  - ValuSoft)
3DMark (HKLM-x32\...\Steam App 223850) (Version:  - Futuremark)
Ad-Aware Web Companion (x32 Version: 1.0.702.1343 - Lavasoft) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11.0.4 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.1.0 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.56 - ASUSTeK Computer Inc.)
AIDA64 Extreme v5.20 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.20 - FinalWire Ltd.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version:  - Astrill)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman™: Arkham Knight (HKLM-x32\...\Steam App 208650) (Version:  - Rocksteady Studios)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.2.5.7 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BF3 Settings Editor (HKLM\...\{0122EDA0-52FC-4EC2-9A31-A2A757A7D40E}) (Version: 2.3 - Realmware)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
CCVI Driver x64 (x32 Version: 0.2.0000 - Asetek A/S) Hidden
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Color Suite v11.0.3 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.0.3 - Red Giant, LLC)
Corsair K70 Firmware Update Application (HKLM-x32\...\{8C9DA353-2101-4658-BAA7-53F88EA0D3AB}_is1) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Discord (HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\Discord) (Version: 0.0.283 - Hammer & Chisel, Inc.)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dxtory version 2.0.133 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.133 - ExKode Co. Ltd.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVGA PrecisionX 16 (HKLM-x32\...\{9914A7AB-3FFC-4A34-837A-E89D0B61362E}) (Version: 5.2.3 - EVGA Corporation)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
FastStone Image Viewer 4.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
Futuremark SystemInfo (HKLM-x32\...\{79659071-4B68-4EC8-833C-49C97B68FCD0}) (Version: 4.36.512.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel Extreme Tuning Utility (HKLM-x32\...\{a6e81627-a651-408c-8fb6-19a078070830}) (Version: 5.1.0.23 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 5.1.0.23 - Intel Corporation) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1036 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IObit Apps Toolbar v9.5 (HKLM-x32\...\{895BDDEC-11D0-423A-823D-8A1B7CA7A855}) (Version: 9.5 - Spigot, Inc.) <==== ATTENTION
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Matrox VFW Software Codecs, build 2.0.0.11381  (HKLM\...\Matrox VFW Software Codecs) (Version:  - Matrox Electronic Systems)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2.5833 - Mozilla)
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Port Forward Network Utilities 2.0.16 (HKLM-x32\...\Port Forward Network Utilities) (Version: 2.0.16 - Portforward.com)
Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
softMCCS (HKLM-x32\...\{D7D4A4A0-6D24-4337-BFD9-069E957222F6}_is1) (Version:  - EnTech Taiwan)
Splinter Cell Blacklist (HKLM-x32\...\Uplay Install 91) (Version:  - Ubisoft)
Spotify (HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\Spotify) (Version: 1.0.18.60.g5fe0413d - Spotify AB)
Stinky (HKLM-x32\...\{6435C8A1-ABFF-4CD7-9EBE-8A5FB0EF52DF}_is1) (Version: 1.4 - Stelulu Inc.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft)
TRANSFORMERS: Devastation (HKLM-x32\...\Steam App 338930) (Version:  - PlatinumGames)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: v3.70 - )
VASST Cinema Looks Vol.2 (HKLM-x32\...\VASST Cinema Looks Vol.2) (Version: 1.0.1 - VASST Software)
VASST Cinema Looks Vol.5 (HKLM-x32\...\VASST Cinema Looks Vol.5) (Version: 1.0.1 - VASST Software)
VASST Render Assistant 1.0.2 (HKLM-x32\...\VASST Render Assistant) (Version: 1.0.2 - VASST Software)
VASST TitleStrip Vol.1 (HKLM-x32\...\VASST TitleStrip Vol.1) (Version: 1.0.0 - VASST Software)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
VBCABLE-A, The Virtual Audio Cable (HKLM\...\VB:VBCABLEA {87459874-1236-4469}) (Version:  - VB-Audio Software)
VBCABLE-B, The Virtual Audio Cable (HKLM\...\VB:VBCABLEB {87459874-1236-4469}) (Version:  - VB-Audio Software)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Virtual Audio Cable 4.14 (HKLM\...\Virtual Audio Cable 4.14) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)
Wolfenstein: The Old Blood  (HKLM-x32\...\Steam App 350080) (Version:  - MachineGames)
WWE 2K15 (HKLM-x32\...\Steam App 240460) (Version:  - YUKE’S Co., Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-315420830-2266763828-2972201612-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E8F1E287CE79}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-315420830-2266763828-2972201612-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\j\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0269F54C-B21F-408E-862E-2A98A667F957} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ceo.eelrivertransport@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {0338EB7E-5338-4FEB-AFD4-0A8FFA271E4D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {0EF26A7B-2FC8-495E-AF10-91AA3A9566B0} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-08-08] ()
Task: {12183F3D-92A5-4651-95B5-AE24AA5A6A4E} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe
Task: {179A9BDB-5F52-4168-A07E-0CD7B8047C40} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation)
Task: {1802C53E-906D-4914-A5AB-90601E01978F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {32349376-E5F9-40B6-81E3-5292593175E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {33E170E3-62EB-438B-B8B9-6BE6B57E3CD7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {388484EE-EFC8-4ACF-A667-1C2B8BA1E26D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3A39D916-41D0-4DC2-AD0F-0AABF24E9D6A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4A589200-81A3-4F89-902E-40B51272063F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {501C378D-7F42-4265-BE60-8A69177E6BA0} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {59FC69EC-E506-4CAF-96B6-BC40B7F6EEFE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-05] (Adobe Systems Incorporated)
Task: {5EA63AB0-DBE3-44C7-81B0-8EEEB105FF0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {615AE805-0225-483D-BA88-E376BC742BBC} - System32\Tasks\Western Digital\SmartWare\____Volume_b9c15fdc_6d9b_11e3_824b_806e6f6e6963__dropbox_fcf989ef_357c_421a_8f85_19a7de6d3d73_dropbox_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-07-22] (Western Digital Technologies, Inc.)
Task: {669329CB-A3DF-41DD-8215-B35AF9DC7838} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6C898645-93E5-432E-A878-A7B25EE87B06} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-315420830-2266763828-2972201612-1001
Task: {6DCB2B5C-0DC3-48E3-9889-0F649B031815} - System32\Tasks\{6CBBF961-5B87-4951-8AED-968C7A98CBA3} => pcalua.exe -a D:\setup.exe -d D:\
Task: {7369F5C9-F72F-485B-A91A-9DAACB9BC46B} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
Task: {8501CD6F-107C-4C2F-9047-D7D4D98CB3EC} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-07] (ASUSTeK Computer Inc.)
Task: {906D7447-E4FA-4A1C-A51E-3AFC7C425D9E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A35D4FEA-B060-4403-A1A4-43C8B9B4B511} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A933AC0D-5E13-4294-8986-6C36DB45FCE5} - System32\Tasks\{0B321D0B-B688-4FA5-91C9-8D2DAB9F6914} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {B42BA7A6-7668-45EC-83F3-67BA17F4E542} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {BC1A0AEA-4E0F-4F86-8022-9C851FCBB861} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E28B71BE-6DCA-4C75-AA94-DF91A338DBDA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {E5F6C594-DA8A-4E18-AE7E-CF6E8B1F1145} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EDCEDD96-B0C6-426C-90CE-D3C1B67C937B} - System32\Tasks\{08FA5086-6A48-4899-BD6B-4CCEF24E69F8} => pcalua.exe -a C:\Users\j\Downloads\Xbox360_64Eng.exe -d C:\Users\j\Downloads
Task: {FA58037C-835C-4309-92F1-27432BFF773B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {FD1A36FC-FA23-4A56-AEDE-6DD7FA33507A} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe
Task: {FE03F6B6-5686-4A36-B6B5-25E7AA29C8ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Default\Web Applications\www.speedtest.net\http_80\Speedtest.net by Ookla - The Global Broadband Speed Test.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.speedtest.net/
ShortcutWithArgument: C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Default\Web Applications\www.irregulargamers.com\http_80\The Irregulars.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.irregulargamers.com/default.php
ShortcutWithArgument: C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Default\Web Applications\battlelog.battlefield.com\http_80\Battlelog _ Battlefield 4.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://battlelog.battlefield.com/bf4/

==================== Loaded Modules (Whitelisted) ==============

2015-07-30 20:08 - 2015-07-30 20:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-12-20 21:32 - 2015-11-24 14:32 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-07-30 16:15 - 2013-07-04 06:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-12-23 20:39 - 2015-12-08 20:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-12-29 21:34 - 2015-12-18 21:27 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2015-10-01 16:14 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-11-27 20:16 - 2013-08-08 14:34 - 01225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2015-10-01 16:14 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-22 00:02 - 2015-07-22 00:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-01 16:13 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-20 21:33 - 2015-12-08 20:53 - 00708728 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2015-12-20 21:33 - 2015-12-08 20:53 - 00854136 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-11-27 20:16 - 2013-08-08 14:34 - 01221912 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
2015-06-24 21:56 - 2015-06-24 21:56 - 00118592 _____ () C:\WINDOWS\SYSTEM32\AcpiServiceVnA64.dll
2015-06-24 21:57 - 2015-06-24 21:57 - 00105312 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll
2015-11-14 03:24 - 2015-11-14 03:24 - 53316304 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\Plug-Ins\Spaces2\libcef.dll
2015-11-14 03:22 - 2015-11-14 03:22 - 04100304 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2015\aif.dll
2015-12-20 21:32 - 2015-11-24 18:07 - 42913912 _____ () C:\WINDOWS\system32\nvcompiler.dll
2014-05-25 09:10 - 2013-07-14 10:33 - 00486912 _____ () C:\Users\j\Desktop\Desktop Folder\New folder\OpenHardwareMonitor\OpenHardwareMonitor.exe
2015-12-08 18:04 - 2015-11-24 23:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 18:04 - 2015-11-24 23:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 18:04 - 2015-11-24 23:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 16:14 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2015-12-23 23:41 - 2015-12-23 23:41 - 00040592 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-07-30 16:15 - 2013-07-04 06:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2013-12-28 10:54 - 2014-11-23 12:31 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2014-11-27 20:16 - 2013-08-08 14:34 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-11-27 20:16 - 2013-08-08 14:34 - 00825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-11-27 20:16 - 2013-08-08 14:34 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-11-27 20:16 - 2013-08-08 14:34 - 00776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-11-27 20:16 - 2013-08-08 14:34 - 00904704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\UsbPowerManager.dll
2014-11-27 20:16 - 2013-08-08 14:34 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll
2014-11-27 20:16 - 2013-08-07 19:11 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-11-27 20:16 - 2013-03-13 17:12 - 00870912 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AI Charger+\AIChargerPlus.dll
2014-11-27 20:16 - 2013-08-08 14:41 - 02747392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-11-27 20:16 - 2013-08-29 15:59 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2013-12-24 23:10 - 2013-06-04 04:41 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-11-27 20:16 - 2013-08-07 19:11 - 00053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2014-11-27 20:16 - 2013-08-08 14:35 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\IccHelper.dll
2014-11-27 20:17 - 2012-01-19 09:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2014-11-27 20:16 - 2013-08-07 19:11 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2014-11-27 20:16 - 2013-08-07 19:11 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2015-12-20 21:33 - 2015-12-08 20:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-16 22:26 - 2015-12-16 22:26 - 01016832 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2015-12-16 22:26 - 2015-12-16 22:26 - 00028160 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2015-12-16 22:26 - 2015-12-16 22:26 - 00029696 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2015-12-16 22:26 - 2015-12-16 22:26 - 00256000 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2015-12-16 22:26 - 2015-12-16 22:26 - 00266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2015-12-16 22:26 - 2015-12-16 22:26 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2015-12-16 22:26 - 2015-12-16 22:26 - 00346112 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2015-12-16 22:26 - 2015-12-16 22:26 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2015-12-16 22:26 - 2015-12-16 22:26 - 00243200 _____ () C:\Program Files (x86)\Origin\mediaservice\wmfengine.dll
2015-12-20 21:12 - 2015-11-17 12:07 - 02397696 _____ () C:\Users\j\AppData\Local\Discord\app-0.0.283\libdiscord.dll
2015-12-23 23:41 - 2015-12-23 23:41 - 00380416 _____ () C:\Users\j\AppData\Local\Temp\7ACD.tmp
2015-12-20 21:12 - 2015-11-17 12:07 - 00240128 _____ () C:\Users\j\AppData\Local\Discord\app-0.0.283\resources\node_modules\discord_toaster\discord_toaster.node
2015-12-20 21:12 - 2015-11-17 12:07 - 00049664 _____ () C:\Users\j\AppData\Local\Discord\app-0.0.283\resources\node_modules\discord_overlay\discord_overlay.node
2015-12-20 21:12 - 2015-11-17 12:07 - 01581568 _____ () C:\Users\j\AppData\Local\Discord\app-0.0.283\libglesv2.dll
2015-12-20 21:12 - 2015-11-17 12:07 - 00012288 _____ () C:\Users\j\AppData\Local\Discord\app-0.0.283\libegl.dll
2015-12-20 21:12 - 2015-11-17 12:07 - 00371712 _____ () C:\Users\j\AppData\Local\Discord\app-0.0.283\server.x86.dll
2015-05-23 14:38 - 2014-03-18 08:45 - 00045056 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Optical Mouse\hiddriver.dll
2015-04-25 10:56 - 2014-09-28 16:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2015-11-18 17:45 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-11-18 17:45 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-11-18 17:45 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-11-14 03:24 - 2015-11-14 03:24 - 44046544 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\CEP\CEPHtmlEngine\libcef.dll
2015-11-14 03:24 - 2015-11-14 03:24 - 01488592 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\CEP\CEPHtmlEngine\libglesv2.dll
2015-11-14 03:24 - 2015-11-14 03:24 - 00080080 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\CEP\CEPHtmlEngine\libegl.dll
2015-12-10 19:30 - 2015-11-10 14:55 - 00778752 _____ () E:\Program Files (x86)\Steam\SDL2.dll
2015-07-23 19:02 - 2015-07-03 11:12 - 04962816 _____ () E:\Program Files (x86)\Steam\v8.dll
2015-12-14 20:21 - 2015-12-14 15:01 - 02547280 _____ () E:\Program Files (x86)\Steam\video.dll
2015-07-23 19:02 - 2015-07-03 11:12 - 01556992 _____ () E:\Program Files (x86)\Steam\icui18n.dll
2015-07-23 19:02 - 2015-07-03 11:12 - 01187840 _____ () E:\Program Files (x86)\Steam\icuuc.dll
2015-10-15 12:53 - 2015-09-23 19:33 - 02549248 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll
2015-10-15 12:53 - 2015-09-23 19:33 - 00491008 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll
2015-10-15 12:53 - 2015-09-23 19:33 - 00332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll
2015-10-15 12:53 - 2015-09-23 19:33 - 00442880 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll
2015-10-15 12:53 - 2015-09-23 19:33 - 00485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll
2015-12-14 20:21 - 2015-12-14 15:01 - 00804432 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-11-05 18:20 - 2015-11-03 17:00 - 00201728 _____ () E:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-12-10 19:29 - 2015-11-16 19:31 - 47846176 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll
2015-10-15 12:53 - 2015-09-24 18:56 - 00119208 _____ () E:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website:TASKICON_0pm906100878
AlternateDataStreams: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website:TASKICON_1Squarebf393458395
AlternateDataStreams: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website:TASKICON_2Squarebf3-247412600

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ASProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-12-23 23:19 - 2015-12-23 23:19 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-315420830-2266763828-2972201612-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\j\AppData\Roaming\FastStone\FSIV\FSViewerWallPaper.bmp
DNS Servers: 97.64.201.122 - 97.64.155.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Creative Cloud => "c:\program files (x86)\adobe\adobe creative cloud\acc\creative cloud.exe" --showwindow=false --onosstartup=true
MSCONFIG\startupreg: amd_dc_opt => c:\program files (x86)\amd\dual-core optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: APSDaemon => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: ASUS AiChargerPlus Execute => c:\program files (x86)\installshield installation information\{e6931688-da2b-4e16-8539-3d323d69c677}\aichargerplus.exe
MSCONFIG\startupreg: CAM => c:\program files (x86)\nzxt\cam\cam_client.exe
MSCONFIG\startupreg: CCleaner Monitoring => "c:\program files\ccleaner\ccleaner64.exe" /monitor
MSCONFIG\startupreg: NvBackend => c:\program files (x86)\nvidia corporation\update core\nvbackend.exe
MSCONFIG\startupreg: OpenHardwareMonitor => c:\program files (x86)\nzxt\nzxt kraken control\openhardwaremonitor\openhardwaremonitor.exe
MSCONFIG\startupreg: QuickTime Task => "c:\program files (x86)\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => c:\program files (x86)\razer\synapse\rzsynapse.exe
MSCONFIG\startupreg: ROG GameFirst II =>
MSCONFIG\startupreg: WD Quick View => c:\program files (x86)\western digital\wd quick view\wddmstatus.exe
HKLM\...\StartupApproved\StartupFolder: => "Ryos Driver.lnk"
HKLM\...\StartupApproved\Run: => "ROG GameFirst II"
HKLM\...\StartupApproved\Run32: => "ASUS AiChargerPlus Execute"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RoccatKonePureOptical"
HKLM\...\StartupApproved\Run32: => "CAM"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\StartupFolder: => "Game Assistant.lnk"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_C0A832FBA3DE88C6BCC073377A7A221F"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "OpenHardwareMonitor"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "NZXT Kraken Control"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\...\StartupApproved\Run: => "NetLimiter"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{052FE7CC-8376-4FFB-A1F1-415E7226CEA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{18A5D6EE-7717-46F5-AF99-6A695730955C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{066EF09F-A47E-4B77-9DC0-5C1BDE535748}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{76814581-5BA6-40F4-A181-523DA8AC4E68}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DDFE3C87-BC02-48F3-8506-8063CA2EA35E}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A4EFC16B-A4B6-4FFB-9A46-DBE7A5F4D460}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe

==================== Restore Points =========================

23-12-2015 23:23:26 JRT Pre-Junkware Removal
23-12-2015 23:25:22 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2015 11:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DipAwayMode.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xc0000409
Fault offset: 0x000b3e28
Faulting process id: 0x14a0
Faulting application start time: 0xDipAwayMode.exe0
Faulting application path: DipAwayMode.exe1
Faulting module path: DipAwayMode.exe2
Report Id: DipAwayMode.exe3
Faulting package full name: DipAwayMode.exe4
Faulting package-relative application ID: DipAwayMode.exe5

Error: (12/23/2015 11:40:15 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler4

Error: (12/23/2015 11:29:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DipAwayMode.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xc0000409
Fault offset: 0x000b3e28
Faulting process id: 0x1434
Faulting application start time: 0xDipAwayMode.exe0
Faulting application path: DipAwayMode.exe1
Faulting module path: DipAwayMode.exe2
Report Id: DipAwayMode.exe3
Faulting package full name: DipAwayMode.exe4
Faulting package-relative application ID: DipAwayMode.exe5

Error: (12/23/2015 11:25:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/23/2015 11:25:18 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (16412) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (12/23/2015 11:25:18 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (16412) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (12/23/2015 11:25:07 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (16412) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (12/23/2015 11:25:07 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (16412) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (12/23/2015 11:24:57 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (16412) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (12/23/2015 11:24:57 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (16412) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (12/25/2015 12:37:23 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (12/23/2015 11:53:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (12/23/2015 11:44:32 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (12/23/2015 11:41:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (12/23/2015 11:41:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (12/23/2015 11:41:25 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/23/2015 11:40:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/23/2015 11:40:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/23/2015 11:40:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/23/2015 11:40:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2015-12-19 15:31:05.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-19 15:31:05.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-19 15:28:59.767
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-19 15:28:59.751
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-19 15:28:57.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-19 15:28:57.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-19 15:28:55.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-19 15:28:55.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-19 15:28:49.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-19 15:28:49.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 24%
Total physical RAM: 32705.33 MB
Available physical RAM: 24534.89 MB
Total Virtual: 37569.33 MB
Available Virtual: 26524.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:419.18 GB) (Free:290.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (WD Velociraptor) (Fixed) (Total:931.17 GB) (Free:152.4 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (New Volume) (Fixed) (Total:232.88 GB) (Free:3.5 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

[dbreeze]

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

IObit Apps Toolbar v9.5

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-315420830-2266763828-2972201612-1001 -> {C71C0A31-837E-45CE-AB80-18377236B145} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
FF NetworkProxy: "type", 0
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn => not found
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M23EF82B7-5327-4A4E-BA71-3D7C6EFA35FE&SearchSource=55&CUI=&UM=5&UP=SP12DD5E86-2ABB-4BF8-BB4D-1B48855FAA7C&SSPV=
CHR StartupUrls: Default -> "hxxps://plus.google.com/b/101098568255429266043/101098568255429266043/posts","hxxps://www.google.com/calendar/render?pli=1#h","hxxp://8020.net/","hxxp://8020.net/PostalLookup.asp","hxxp://catalogs.8020.net/app.php?RelId=6.1.7.5","hxxp://intranet.8020.net/Pages/Main.aspx"
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
S3 e1dexpress; \SystemRoot\system32\DRIVERS\e1d65x64.sys [X]
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Windows\system32\DRIVERS\e1d65x64.sys
C:\Windows\System32\drivers\vpnva64-6.sys
C:\Windows\System32\drivers\wfpcapture.sys
2015-12-11 23:13 - 2015-07-31 10:01 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2015-12-06 20:06 - 2014-04-24 21:18 - 00000000 __SHD C:\Users\j\AppData\LocalLow\EmieUserList
2015-12-06 20:06 - 2014-04-24 21:18 - 00000000 __SHD C:\Users\j\AppData\Local\EmieUserList
2015-12-06 20:06 - 2014-04-24 21:18 - 00000000 __SHD C:\Users\j\AppData\Local\EmieSiteList
2015-12-06 20:06 - 2014-04-24 21:17 - 00000000 __SHD C:\Users\j\AppData\LocalLow\EmieSiteList
2015-04-09 19:29 - 2015-04-09 19:29 - 0000000 _____ () C:\Users\j\AppData\Local\{19B0D861-ABBC-4053-8526-4D00B93A930E}
2015-06-30 19:35 - 2015-06-30 19:35 - 0000000 _____ () C:\Users\j\AppData\Local\{9DEC8075-F990-4466-A32D-2EAAE3A87BC3}
2015-07-04 17:01 - 2015-07-04 17:01 - 0000000 _____ () C:\Users\j\AppData\Local\{EF10EE69-7146-4164-BA74-5517F188B89B}
2013-12-25 09:47 - 2013-12-25 09:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\j\Razer Synapse Tournament Drivers 20150802_1430.exe
C:\Users\j\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-315420830-2266763828-2972201612-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E8F1E287CE79}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {1802C53E-906D-4914-A5AB-90601E01978F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {33E170E3-62EB-438B-B8B9-6BE6B57E3CD7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {388484EE-EFC8-4ACF-A667-1C2B8BA1E26D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3A39D916-41D0-4DC2-AD0F-0AABF24E9D6A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4A589200-81A3-4F89-902E-40B51272063F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {669329CB-A3DF-41DD-8215-B35AF9DC7838} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6DCB2B5C-0DC3-48E3-9889-0F649B031815} - System32\Tasks\{6CBBF961-5B87-4951-8AED-968C7A98CBA3} => pcalua.exe -a D:\setup.exe -d D:\
Task: {906D7447-E4FA-4A1C-A51E-3AFC7C425D9E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A35D4FEA-B060-4403-A1A4-43C8B9B4B511} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BC1A0AEA-4E0F-4F86-8022-9C851FCBB861} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E5F6C594-DA8A-4E18-AE7E-CF6E8B1F1145} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EDCEDD96-B0C6-426C-90CE-D3C1B67C937B} - System32\Tasks\{08FA5086-6A48-4899-BD6B-4CCEF24E69F8} => pcalua.exe -a C:\Users\j\Downloads\Xbox360_64Eng.exe -d C:\Users\j\Downloads
Task: {FE03F6B6-5686-4A36-B6B5-25E7AA29C8ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website:TASKICON_0pm906100878
AlternateDataStreams: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website:TASKICON_1Squarebf393458395
AlternateDataStreams: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website:TASKICON_2Squarebf3-247412600
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

AdwCleaner by Xplode

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
• Click the Report button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

[Moose78]

Ok, so this is what I'm seeing when trying to remove the io toolbar:

 

 

 

Here are the log files:

 

fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by j (2015-12-26 08:41:59) Run:1
Running from C:\Users\j\Desktop
Loaded Profiles: j (Available Profiles: j)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-315420830-2266763828-2972201612-1001 -> {C71C0A31-837E-45CE-AB80-18377236B145} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
FF NetworkProxy: "type", 0
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn => not found
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M23EF82B7-5327-4A4E-BA71-3D7C6EFA35FE&SearchSource=55&CUI=&UM=5&UP=SP12DD5E86-2ABB-4BF8-BB4D-1B48855FAA7C&SSPV=
CHR StartupUrls: Default -> "hxxps://plus.google.com/b/101098568255429266043/101098568255429266043/posts","hxxps://www.google.com/calendar/render?pli=1#h","hxxp://8020.net/","hxxp://8020.net/PostalLookup.asp","hxxp://catalogs.8020.net/app.php?RelId=6.1.7.5","hxxp://intranet.8020.net/Pages/Main.aspx"
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
S3 e1dexpress; \SystemRoot\system32\DRIVERS\e1d65x64.sys [X]
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Windows\system32\DRIVERS\e1d65x64.sys
C:\Windows\System32\drivers\vpnva64-6.sys
C:\Windows\System32\drivers\wfpcapture.sys
2015-12-11 23:13 - 2015-07-31 10:01 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2015-12-06 20:06 - 2014-04-24 21:18 - 00000000 __SHD C:\Users\j\AppData\LocalLow\EmieUserList
2015-12-06 20:06 - 2014-04-24 21:18 - 00000000 __SHD C:\Users\j\AppData\Local\EmieUserList
2015-12-06 20:06 - 2014-04-24 21:18 - 00000000 __SHD C:\Users\j\AppData\Local\EmieSiteList
2015-12-06 20:06 - 2014-04-24 21:17 - 00000000 __SHD C:\Users\j\AppData\LocalLow\EmieSiteList
2015-04-09 19:29 - 2015-04-09 19:29 - 0000000 _____ () C:\Users\j\AppData\Local\{19B0D861-ABBC-4053-8526-4D00B93A930E}
2015-06-30 19:35 - 2015-06-30 19:35 - 0000000 _____ () C:\Users\j\AppData\Local\{9DEC8075-F990-4466-A32D-2EAAE3A87BC3}
2015-07-04 17:01 - 2015-07-04 17:01 - 0000000 _____ () C:\Users\j\AppData\Local\{EF10EE69-7146-4164-BA74-5517F188B89B}
2013-12-25 09:47 - 2013-12-25 09:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\j\Razer Synapse Tournament Drivers 20150802_1430.exe
C:\Users\j\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-315420830-2266763828-2972201612-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E8F1E287CE79}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {1802C53E-906D-4914-A5AB-90601E01978F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {33E170E3-62EB-438B-B8B9-6BE6B57E3CD7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {388484EE-EFC8-4ACF-A667-1C2B8BA1E26D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3A39D916-41D0-4DC2-AD0F-0AABF24E9D6A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4A589200-81A3-4F89-902E-40B51272063F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {669329CB-A3DF-41DD-8215-B35AF9DC7838} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6DCB2B5C-0DC3-48E3-9889-0F649B031815} - System32\Tasks\{6CBBF961-5B87-4951-8AED-968C7A98CBA3} => pcalua.exe -a D:\setup.exe -d D:\
Task: {906D7447-E4FA-4A1C-A51E-3AFC7C425D9E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A35D4FEA-B060-4403-A1A4-43C8B9B4B511} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BC1A0AEA-4E0F-4F86-8022-9C851FCBB861} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E5F6C594-DA8A-4E18-AE7E-CF6E8B1F1145} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EDCEDD96-B0C6-426C-90CE-D3C1B67C937B} - System32\Tasks\{08FA5086-6A48-4899-BD6B-4CCEF24E69F8} => pcalua.exe -a C:\Users\j\Downloads\Xbox360_64Eng.exe -d C:\Users\j\Downloads
Task: {FE03F6B6-5686-4A36-B6B5-25E7AA29C8ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website:TASKICON_0pm906100878
AlternateDataStreams: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website:TASKICON_1Squarebf393458395
AlternateDataStreams: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website:TASKICON_2Squarebf3-247412600
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-315420830-2266763828-2972201612-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C71C0A31-837E-45CE-AB80-18377236B145}" => key removed successfully
HKCR\CLSID\{C71C0A31-837E-45CE-AB80-18377236B145} => key not found.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.6.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki" => key removed successfully
e1dexpress => service removed successfully
vpnva => service removed successfully
wfpcapture => service removed successfully
"C:\Windows\system32\DRIVERS\e1d65x64.sys" => not found.
"C:\Windows\System32\drivers\vpnva64-6.sys" => not found.
"C:\Windows\System32\drivers\wfpcapture.sys" => not found.
C:\WINDOWS\SysWOW64\AI_RecycleBin => moved successfully
C:\Users\j\AppData\LocalLow\EmieUserList => moved successfully
C:\Users\j\AppData\Local\EmieUserList => moved successfully
C:\Users\j\AppData\Local\EmieSiteList => moved successfully
C:\Users\j\AppData\LocalLow\EmieSiteList => moved successfully
C:\Users\j\AppData\Local\{19B0D861-ABBC-4053-8526-4D00B93A930E} => moved successfully
C:\Users\j\AppData\Local\{9DEC8075-F990-4466-A32D-2EAAE3A87BC3} => moved successfully
C:\Users\j\AppData\Local\{EF10EE69-7146-4164-BA74-5517F188B89B} => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\j\Razer Synapse Tournament Drivers 20150802_1430.exe => moved successfully
C:\Users\j\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKU\S-1-5-21-315420830-2266763828-2972201612-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E8F1E287CE79}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1802C53E-906D-4914-A5AB-90601E01978F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1802C53E-906D-4914-A5AB-90601E01978F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33E170E3-62EB-438B-B8B9-6BE6B57E3CD7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33E170E3-62EB-438B-B8B9-6BE6B57E3CD7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{388484EE-EFC8-4ACF-A667-1C2B8BA1E26D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{388484EE-EFC8-4ACF-A667-1C2B8BA1E26D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A39D916-41D0-4DC2-AD0F-0AABF24E9D6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A39D916-41D0-4DC2-AD0F-0AABF24E9D6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A589200-81A3-4F89-902E-40B51272063F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A589200-81A3-4F89-902E-40B51272063F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{669329CB-A3DF-41DD-8215-B35AF9DC7838}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{669329CB-A3DF-41DD-8215-B35AF9DC7838}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DCB2B5C-0DC3-48E3-9889-0F649B031815}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DCB2B5C-0DC3-48E3-9889-0F649B031815}" => key removed successfully
C:\WINDOWS\System32\Tasks\{6CBBF961-5B87-4951-8AED-968C7A98CBA3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CBBF961-5B87-4951-8AED-968C7A98CBA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{906D7447-E4FA-4A1C-A51E-3AFC7C425D9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{906D7447-E4FA-4A1C-A51E-3AFC7C425D9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A35D4FEA-B060-4403-A1A4-43C8B9B4B511}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A35D4FEA-B060-4403-A1A4-43C8B9B4B511}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC1A0AEA-4E0F-4F86-8022-9C851FCBB861}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC1A0AEA-4E0F-4F86-8022-9C851FCBB861}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5F6C594-DA8A-4E18-AE7E-CF6E8B1F1145}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5F6C594-DA8A-4E18-AE7E-CF6E8B1F1145}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDCEDD96-B0C6-426C-90CE-D3C1B67C937B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDCEDD96-B0C6-426C-90CE-D3C1B67C937B}" => key removed successfully
C:\WINDOWS\System32\Tasks\{08FA5086-6A48-4899-BD6B-4CCEF24E69F8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{08FA5086-6A48-4899-BD6B-4CCEF24E69F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE03F6B6-5686-4A36-B6B5-25E7AA29C8ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE03F6B6-5686-4A36-B6B5-25E7AA29C8ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website => ":TASKICON_0pm906100878" ADS removed successfully.
C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website => ":TASKICON_1Squarebf393458395" ADS removed successfully.
C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\The Irregulars.website => ":TASKICON_2Squarebf3-247412600" ADS removed successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-315420830-2266763828-2972201612-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 1013.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:42:15 ====

 

And ADW

 

 

# AdwCleaner v5.026 - Logfile created 26/12/2015 at 08:50:31
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : j - CHUCKWAGON
# Running from : C:\Users\j\Downloads\adwcleaner_5.026.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.freecause.com
[C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com_
[C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : yahoo.com search

########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [1100 bytes] ##########
 

 

[dbreeze]

Very good!

 

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.
 

[Moose78]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Pro x64
Ran by j (Administrator) on Sun 12/27/2015 at 12:44:31.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg (Folder)
Successfully deleted: C:\Users\j\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_j (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_j.job (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/27/2015 at 12:45:50.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[dbreeze]

How is the system running now?

[Moose78]

Good, a little snappier than before. Is there any further scans needed, or anything deleted?

[dbreeze]

All right!! Your logs are clean and you're good to go now!! We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks.


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
If you did not do so at the end of its scan, please uninstall ESET Online Scanner at this time.  You can use the Control Panel 'Add / Remove Programs' or 'Programs and Features' utility to uninstall it.

• Download Delfix from here to your desktop and double click it to start the program
• Ensure Remove disinfection tools is ticked
  Also tick:
• Activate UAC
• Create registry backup
• Purge system restore
• Reset system settings
• 
• Click Run
• The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

• Click Start and then type Settings.
• Whe the Search list is populated, under Programs, click on Settings.
• Click on the Update and Security and select Advanced Options under Windows Updates.
• Check that Automatic (recommended)is selected.
• You can close the Settings page after that.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).


You are now done!

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Zone Alarm Free Firewall  -  installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing.  By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.  You can read the details about this program here.

Also, consider keeping MalwareBytes Antimalware in your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
 How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!

[Moose78]

All good hear! Thanks for the help!

[dbreeze]

Can you post the DelFix log or is it gone?

 

Glad to hear that everything is well now. 

[dbreeze]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.