Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected by Malware. Need help understanding Farbar Scan

malware virus farbar

  • Please log in to reply

#16
Dwashba

Dwashba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Right after I posted that (sorry about the double I'm not sure why that happened), I ended the process that was taking the most RAM. It was calling itself Malwarebytes, but MB is still running in the system tray so I don't think it really was. Now things seem to be back to normal. Any idea about a more permanent solution? I'll go ahead and run the FRST and Process Explorer again and post them when I have them.


  • 0

Advertisements


#17
Dwashba

Dwashba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

OK, so the process I ended (which then came back) was Mbamservice.exe *32. I went ahead and ended the other Mbam.exe as well since it came back and I maybe misjudged what was happening. Then FRST hung and the computer was getting slow again. I ended up ending a process that was jumping all over the place in terms of CPU use called Trustedinstaller.exe, as well as another installer process that seemed related. Now things seem to be normal, but I wouldn't be surprised if something happened again I guess. In any case I was able to scan so here are my results.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016

Ran by devin (administrator) on DEVIN-PC (06-08-2016 18:55:37)
Running from C:\Users\devin\Desktop
Loaded Profiles: devin (Available Profiles: devin & mom & Top Dog)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Dropbox, Inc.) C:\Users\devin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
( ) C:\Windows\System32\lxeccoms.exe
(Google Inc.) C:\Users\devin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dropbox, Inc.) C:\Users\devin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp461-kb3102433-x86-x64-enu.exe
(Microsoft Corporation) D:\bdd38748b4d8fd3ff6206bf48cc4\Setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-03-10] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-07-21] (Raptr, Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9071752 2016-08-06] (AVAST Software)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Run: [Dropbox Update] => C:\Users\devin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Run: [MusicManager] => C:\Users\devin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Run: [Google Update] => C:\Users\devin\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Run: [GoogleChromeAutoLaunch_90E53751D683971B577ECCEE9D752113] => C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\MAGENT~1.SCR
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-06] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\Users\devin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\devin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2A78499E-E19C-40FE-9992-09A7F4DAB577}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-24] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-06] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-03-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-24] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-06] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-24] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll [2011-09-07] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3688702354-2117096547-3842074458-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\devin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3688702354-2117096547-3842074458-1000: @talk.google.com/O1DPlugin -> C:\Users\devin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3688702354-2117096547-3842074458-1000: @tools.google.com/Google Update;version=3 -> C:\Users\devin\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3688702354-2117096547-3842074458-1000: @tools.google.com/Google Update;version=9 -> C:\Users\devin\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\devin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\devin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-06]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3306061&octid=EB_ORIGINAL_CTID&SearchSource=61&CUI=UN21798395310090278&UM=2&UP=SP49497951-6663-43F6-9591-64AF001E09E6&SSPV=","hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN21798395310090278&UM=2","hxxp://docs.gresham.k12.or.us","hxxp://homepage-web.com/?s=lenovo&m=start","hxxp://home.lenovo.com"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\devin\AppData\Local\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Ge.tt) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdgghbbgmhcpidlmnepkbihehhkmjomc [2013-05-26]
CHR Extension: (OneTab) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-10]
CHR Extension: (Mainichi) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfekdjmdikicceaiokcmmchenpilglhn [2016-06-30]
CHR Extension: (Google Calendar) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-16]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2013-07-05]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-07-31]
CHR Extension: (TweetDeck by Twitter) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-25]
CHR Extension: (rikaikun) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2016-06-30]
CHR Extension: (Conceptboard for Google+ Hangouts) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklieeaongcaklpejdodbkcmbdfpdabj [2013-06-25]
CHR Extension: (Google Hangouts) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-03]
CHR Profile: C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-16]
CHR Extension: (Google Docs) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-16]
CHR Extension: (Google Drive) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR Extension: (YouTube) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Google Search) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (Google Sheets) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-16]
CHR Extension: (Avast Online Security) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-16]
CHR Extension: (Connect DLC 5) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2015-01-16] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3306061&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (Gmail) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]
StartMenuInternet: Google Chrome - C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197640 2016-08-06] (AVAST Software)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\Windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-03-10] (Plays.tv, LLC)
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-10] ()
S3 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [183264 2013-01-27] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2013-01-27] (Soluto) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
S3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S2 wscsvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 wscsvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-06] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [968536 2016-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-06] (AVAST Software)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2012-03-28] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs)
R2 hitbliss; C:\Windows\System32\drivers\hitbliss.sys [19928 2014-03-18] (Project Concord, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-03-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-06 18:49 - 2016-08-06 18:49 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1470534544
2016-08-06 18:49 - 2016-08-06 18:49 - 00001003 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-08-06 18:49 - 2016-08-06 18:49 - 00001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-06 18:48 - 2016-08-06 18:47 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-06 15:03 - 2016-08-06 15:03 - 00003161 _____ C:\junk.txt
2016-08-06 15:01 - 2016-08-06 15:01 - 00004001 _____ C:\Users\devin\Desktop\System Idle Process.txt
2016-08-06 14:57 - 2016-08-06 14:57 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\devin\Desktop\procexp.exe
2016-08-06 14:10 - 2016-08-06 14:12 - 00001375 _____ C:\VEW.txt
2016-08-06 14:09 - 2016-08-06 14:09 - 00061440 _____ ( ) C:\Users\devin\Desktop\VEW.exe
2016-08-06 14:08 - 2016-08-06 14:08 - 00061440 _____ ( ) C:\Users\devin\Downloads\VEW.exe
2016-08-06 13:25 - 2016-08-06 13:26 - 00316175 _____ C:\Users\devin\Desktop\Fixlog.txt
2016-08-06 13:24 - 2016-08-06 13:24 - 00000448 _____ C:\Users\devin\Desktop\spldr.zip
2016-08-06 11:13 - 2016-08-06 14:17 - 00047703 _____ C:\Users\devin\Desktop\Addition.txt
2016-08-06 11:10 - 2016-08-06 18:55 - 00029582 _____ C:\Users\devin\Desktop\FRST.txt
2016-08-06 11:10 - 2016-08-06 18:55 - 00000000 ____D C:\FRST
2016-08-06 11:10 - 2016-08-06 11:10 - 02393600 _____ (Farbar) C:\Users\devin\Downloads\FRST64 (1).exe
2016-08-06 11:10 - 2016-08-06 11:10 - 02393600 _____ (Farbar) C:\Users\devin\Desktop\FRST64.exe
2016-08-06 11:09 - 2016-08-06 11:10 - 02393600 _____ (Farbar) C:\Users\devin\Downloads\FRST64.exe
2016-08-06 01:06 - 2016-08-06 01:06 - 00000000 ____D C:\Users\devin\AppData\Roaming\AVAST Software
2016-08-06 01:05 - 2016-08-06 01:05 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-06 01:05 - 2016-08-06 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-06 01:04 - 2016-08-06 01:05 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00968536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-06 01:04 - 2016-08-06 01:04 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-06 01:04 - 2016-08-06 01:04 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-06 01:03 - 2016-08-06 18:47 - 00000000 ____D C:\Program Files\AVAST Software
2016-08-06 01:03 - 2016-08-06 01:03 - 06253376 _____ (AVAST Software) C:\Users\devin\Downloads\avast_free_antivirus_setup_online.exe
2016-08-06 00:16 - 2016-08-06 00:16 - 00002603 _____ C:\Users\devin\Desktop\Hkey.reg
2016-08-06 00:13 - 2016-08-06 00:13 - 01239084 _____ C:\Users\devin\Documents\cc_20160806_001330.reg
2016-08-06 00:10 - 2016-08-06 00:10 - 505462110 _____ C:\Users\devin\Desktop\regback.reg
2016-08-05 23:13 - 2016-08-06 17:09 - 00760468 _____ C:\Windows\ntbtlog.txt
2016-08-05 17:28 - 2016-08-05 19:37 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2016-08-05 15:40 - 2016-08-06 18:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-05 15:39 - 2016-08-05 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-05 15:39 - 2016-08-05 15:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-05 15:39 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-05 15:39 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-05 15:39 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-05 15:36 - 2016-08-05 15:37 - 22851472 _____ (Malwarebytes ) C:\Users\devin\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-05 10:33 - 2016-08-05 10:33 - 00000000 ____D C:\Users\devin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-29 18:17 - 2016-07-29 18:17 - 00038842 _____ C:\Users\devin\Downloads\cold-fish-tsumetai-nettaigyo_english-516238.zip
2016-07-24 10:39 - 2016-07-24 10:37 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-07-24 10:36 - 2016-07-24 10:36 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-07-18 19:26 - 2016-07-18 19:26 - 00034450 _____ C:\Users\devin\Downloads\himizu.(2011).eng.1cd.(4626313).zip
2016-07-18 19:26 - 2016-07-18 19:26 - 00016887 _____ C:\Users\devin\Downloads\4626313.htm
2016-07-18 18:21 - 2016-07-18 19:27 - 00000000 ____D C:\Users\devin\Desktop\Himizu.2012.JAP.BDRip.x264.AAC-ADiOS
2016-07-15 10:42 - 2016-06-10 21:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-15 10:42 - 2016-06-10 14:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-15 10:42 - 2016-06-10 14:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-15 10:42 - 2016-06-10 14:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-15 10:42 - 2016-06-10 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-15 10:42 - 2016-06-10 13:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-15 10:42 - 2016-06-10 13:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-15 10:42 - 2016-06-10 11:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-15 10:42 - 2016-06-10 11:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-15 10:42 - 2016-06-10 11:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-15 10:42 - 2016-06-10 11:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-15 10:42 - 2016-06-10 11:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-15 10:42 - 2016-06-10 11:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-15 10:42 - 2016-06-10 11:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-15 10:42 - 2016-06-10 11:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-15 10:42 - 2016-06-10 11:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-15 10:42 - 2016-06-10 11:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-15 10:42 - 2016-06-10 11:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-15 10:42 - 2016-06-10 10:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-15 10:41 - 2016-06-25 17:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-15 10:41 - 2016-06-25 17:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-15 10:41 - 2016-06-25 17:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-15 10:41 - 2016-06-25 17:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-15 10:41 - 2016-06-25 17:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-15 10:41 - 2016-06-25 17:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-15 10:41 - 2016-06-25 17:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-15 10:41 - 2016-06-25 12:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-15 10:41 - 2016-06-25 12:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-15 10:41 - 2016-06-25 12:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-15 10:41 - 2016-06-25 12:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-15 10:41 - 2016-06-25 12:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-15 10:41 - 2016-06-22 06:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-15 10:41 - 2016-06-14 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-15 10:41 - 2016-06-10 23:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-15 10:41 - 2016-06-10 14:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-15 10:41 - 2016-06-10 14:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-15 10:41 - 2016-06-10 14:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-15 10:41 - 2016-06-10 14:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-15 10:41 - 2016-06-10 14:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-15 10:41 - 2016-06-10 14:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-15 10:41 - 2016-06-10 14:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-15 10:41 - 2016-06-10 14:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-15 10:41 - 2016-06-10 14:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-15 10:41 - 2016-06-10 14:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-15 10:41 - 2016-06-10 14:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-15 10:41 - 2016-06-10 14:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-15 10:41 - 2016-06-10 14:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-15 10:41 - 2016-06-10 13:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-15 10:41 - 2016-06-10 13:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-15 10:41 - 2016-06-10 13:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-15 10:41 - 2016-06-10 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-15 10:41 - 2016-06-10 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-15 10:41 - 2016-06-10 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-15 10:41 - 2016-06-10 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-15 10:41 - 2016-06-10 13:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-15 10:41 - 2016-06-10 13:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-15 10:41 - 2016-06-10 13:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-15 10:41 - 2016-06-10 13:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-15 10:41 - 2016-06-10 12:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-15 10:41 - 2016-06-10 12:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-15 10:41 - 2016-06-10 12:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-15 10:41 - 2016-06-10 12:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-15 10:41 - 2016-06-10 12:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-15 10:41 - 2016-06-10 11:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-15 10:41 - 2016-06-10 11:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-15 10:41 - 2016-06-10 11:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-15 10:41 - 2016-06-10 11:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-15 10:41 - 2016-06-10 11:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-15 10:41 - 2016-06-10 11:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-15 10:41 - 2016-06-10 11:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-15 10:41 - 2016-06-10 11:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-15 10:41 - 2016-06-10 11:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-15 10:41 - 2016-06-10 11:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-15 10:41 - 2016-06-10 11:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-15 10:41 - 2016-06-10 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-15 10:41 - 2016-06-10 11:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-15 10:41 - 2016-06-10 11:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-15 10:41 - 2016-06-10 10:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-15 10:41 - 2016-06-10 10:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-15 10:41 - 2016-06-10 10:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-06 18:52 - 2009-07-13 21:45 - 00023632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-06 18:52 - 2009-07-13 21:45 - 00023632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-06 18:47 - 2011-12-19 11:39 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-06 18:24 - 2014-07-10 21:37 - 00000000 ____D C:\Users\devin\AppData\Roaming\Raptr
2016-08-06 18:21 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-06 16:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-08-06 16:49 - 2013-04-21 10:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-06 13:25 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-08-06 11:49 - 2011-12-10 12:53 - 00000000 ____D C:\Users\devin\AppData\Roaming\Audacity
2016-08-05 23:12 - 2011-11-11 22:22 - 00000000 ____D C:\Users\devin\AppData\Roaming\uTorrent
2016-08-05 15:40 - 2011-11-11 22:20 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-05 15:39 - 2012-02-18 19:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-05 10:32 - 2011-11-11 22:25 - 00000000 ____D C:\Users\devin\AppData\Roaming\Dropbox
2016-08-05 09:43 - 2011-11-12 19:32 - 00000000 ____D C:\Users\devin\AppData\Local\Adobe
2016-07-31 16:13 - 2014-12-14 12:22 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2016-07-31 15:51 - 2009-07-13 21:45 - 07095608 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-29 22:09 - 2013-04-20 22:48 - 02180776 ____H C:\Users\devin\AppData\Local\IconCache.db.backup
2016-07-29 22:01 - 2011-11-12 15:12 - 00000000 ____D C:\Users\devin\AppData\Roaming\vlc
2016-07-28 15:10 - 2012-08-23 10:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 15:10 - 2012-08-23 10:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 14:49 - 2011-11-11 22:18 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000UA
2016-07-28 14:49 - 2011-11-11 22:18 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000Core
2016-07-28 10:46 - 2011-11-11 22:09 - 00176152 _____ C:\Users\devin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-24 11:07 - 2014-05-29 21:25 - 00000000 ____D C:\ProgramData\Oracle
2016-07-24 10:39 - 2014-05-29 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-24 10:39 - 2011-12-16 11:54 - 00000000 ____D C:\Program Files\Java
2016-07-24 10:39 - 2011-11-11 22:22 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-24 10:38 - 2015-10-20 13:35 - 00000000 ____D C:\Users\devin\.oracle_jre_usage
2016-07-24 10:37 - 2015-10-20 13:36 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-07-22 15:40 - 2014-09-04 18:25 - 00000000 ____D C:\Program Files (x86)\Scrivener
2016-07-21 03:01 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-21 03:01 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-18 18:24 - 2009-07-13 22:13 - 00782296 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-16 12:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-16 12:08 - 2011-11-20 17:30 - 00000000 ____D C:\Users\devin\AppData\Local\ElevatedDiagnostics
2016-07-16 04:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-07-16 03:20 - 2014-12-10 04:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-16 03:20 - 2009-07-14 00:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-15 10:12 - 2014-12-21 21:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 10:12 - 2012-04-08 08:10 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 10:12 - 2011-11-11 22:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-15 09:12 - 2011-11-11 22:19 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-15 09:12 - 2011-11-11 22:19 - 00000000 ____D C:\Windows\system32\Macromed
 
==================== Files in the root of some directories =======
 
2013-01-28 12:25 - 2013-01-28 12:25 - 0000132 _____ () C:\Users\devin\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-02-14 21:11 - 2015-02-21 19:59 - 0000132 _____ () C:\Users\devin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-25 17:46 - 2014-02-25 16:38 - 0012005 _____ () C:\Users\devin\AppData\Roaming\alsoft.ini
2013-01-28 12:26 - 2015-11-16 17:44 - 0001456 _____ () C:\Users\devin\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-07-19 13:58 - 2016-05-30 16:13 - 0009216 _____ () C:\Users\devin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 17:08 - 2014-02-10 17:08 - 0009892 _____ () C:\Users\devin\AppData\Local\recently-used.xbel
2012-08-07 09:23 - 2012-08-07 09:23 - 0007597 _____ () C:\Users\devin\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\devin\AppData\Local\setup.txt
2012-01-05 20:14 - 2012-01-05 20:14 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-11-12 14:02 - 2011-11-12 14:02 - 0000252 _____ () C:\ProgramData\FastPics.log
2011-12-20 12:37 - 2011-10-21 12:37 - 0000032 ____R () C:\ProgramData\hash.dat
2012-01-05 20:22 - 2012-02-20 14:44 - 0014220 _____ () C:\ProgramData\lxecJSW.log
2011-11-12 12:19 - 2014-04-18 16:48 - 0067623 _____ () C:\ProgramData\lxecscan.log
2012-01-05 20:14 - 2012-01-05 20:14 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2011-12-15 21:56 - 2012-01-17 17:12 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-05-07 09:25 - 2012-05-07 09:26 - 0000340 _____ () C:\ProgramData\pswx.html
2014-02-05 21:01 - 2014-02-05 21:01 - 5059417 _____ () C:\ProgramData\SPLECB6.tmp
2011-11-12 12:15 - 2011-11-12 12:15 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
C:\Users\devin\AppData\Local\Temp\w5ssroxi.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-27 12:15
 
==================== End of FRST.txt ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by devin (2016-08-06 18:58:20)
Running from C:\Users\devin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2011-11-12 04:39:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3688702354-2117096547-3842074458-500 - Administrator - Disabled)
devin (S-1-5-21-3688702354-2117096547-3842074458-1000 - Administrator - Enabled) => C:\Users\devin
Guest (S-1-5-21-3688702354-2117096547-3842074458-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3688702354-2117096547-3842074458-1004 - Limited - Enabled)
mom (S-1-5-21-3688702354-2117096547-3842074458-1001 - Limited - Enabled) => C:\Users\mom
Top Dog (S-1-5-21-3688702354-2117096547-3842074458-1006 - Limited - Enabled) => C:\Users\Top Dog
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader 9.5.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Aeon (HKLM-x32\...\Aeon) (Version: 3.4.1 - SoundSpectrum)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.2.2276 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.3.492 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Card Hunter (HKLM-x32\...\Steam App 293260) (Version:  - Blue Manchu)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Crusader Kings II (HKLM\...\Steam App 203770) (Version:  - Paradox Development Studio)
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version:  - Brace Yourself Games)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version:  - Visceral Games)
Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Desktop Dungeons (HKLM-x32\...\Steam App 226620) (Version:  - QCF Design)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
doubleTwist Sync (HKLM-x32\...\doubleTwist) (Version: 4.0.4.19767 - doubleTwist Corporation)
Dropbox (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeons of Dredmor (HKLM-x32\...\Steam App 98800) (Version:  - Gaslamp Games, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Epic Games Launcher (HKLM-x32\...\{16969EF2-23EA-4BD9-B085-4952D95E8A7D}) (Version: 1.1.48.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Eternal Senia (HKLM-x32\...\Steam App 351640) (Version:  - Holy Priest)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Final Effects Complete 6.0.0 64Bit (HKLM\...\{D076B586-8F4A-4033-9B6C-A451B6E04611}) (Version: 6.00.0000 - Boris Fx, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
Gtk# for .Net 2.12.10 (HKLM-x32\...\{550B72C4-F404-4812-971F-947E835A877E}) (Version: 2.12.10 - Novell, Inc.)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Hatoful Boyfriend (HKLM-x32\...\Steam App 310080) (Version:  - Mediatonic)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HitBliss (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\HitBliss) (Version: 1.0.0.25740 - Project Concord, Inc.)
Intel® Desktop Utilities (HKLM-x32\...\{F01CBA59-B5BD-4608-A834-1CBE8C292A71}) (Version: 1.0.0 - Intel Corporation)
Intel® Integrator Assistant (HKLM-x32\...\{D1A35687-AEA9-422C-B237-FC4F8136B6F6}) (Version: 1.0.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java™ SE Development Kit 6 Update 30 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160300}) (Version: 1.6.0.300 - Oracle)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Kindle Previewer (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\KindlePreviewer) (Version: 2.9 - Amazon)
Knights of Pen and Paper +1 (HKLM-x32\...\Steam App 231740) (Version:  - Behold Studios)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version:  - Lexmark International, Inc.)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{4D2F05BB-228E-4081-B94C-50AD015EE462}) (Version: 11.4.2 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.4.2 - Red Giant Software) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McPixel (HKLM-x32\...\Steam App 220860) (Version:  - Sos)
Mercenary Kings (HKLM-x32\...\Steam App 218820) (Version:  - Tribute Games Inc.)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20901.0) (Version: 4.0.20901.0 - Microsoft Corporation)
Microsoft Expression Blend 4 Add-in for Adobe FXG Import (HKLM-x32\...\{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}) (Version: 1.0.10901.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone 7 (HKLM-x32\...\{69E11501-75F7-4ACE-8103-52513DDCFE26}) (Version: 2.0.20901.0 - Microsoft Corporation)
Microsoft Flight (HKLM-x32\...\GFWL_{4D5308D2-DC8E-4658-A37C-351000058100}) (Version: 1.0.0005.129 - Microsoft Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft Silverlight Tools for Visual Studio 2010 (HKLM-x32\...\{558358E5-E4F3-4374-BA1D-26FF39EF87D9}) (Version: 10.0.30319.400 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Phone 7 Developer Resources (HKLM-x32\...\{B86149D3-18A2-41FD-A153-60AF944E47FE}) (Version: 7.0.7003.0 - Microsoft Corporation)
Microsoft Windows Phone Developer Tools - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Express for Windows Phone  - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 Windows Phone Extensions (HKLM-x32\...\{5DDF31D2-63BB-4268-895B-FB05A82A1C00}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{0666E46E-A860-4353-BE6D-13AA72FABB57}) (Version: 1.3.0.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
MP3 Skype Recorder (HKLM-x32\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - Alexander Nikiforov)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\MusicManager) (Version:  - Google, Inc.)
My Lockbox 2.8.5 (HKLM\...\My Lockbox_is1) (Version: 2.8.5 - )
Network Recording Player (HKLM-x32\...\{CC5BDE4C-A0D2-4DE0-ACB9-1D5CB019C9CF}) (Version: 28.12.2.17378 - Cisco WebEx LLC)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.12.11 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PAC-MAN Championship Edition DX+ (HKLM-x32\...\Steam App 236450) (Version:  - Mine Loader Software Co., Ltd.)
Papers, Please (HKLM-x32\...\1207659209_is1) (Version: 2.5.0.11 - GOG.com)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.8.11-r110387-release - Plays.tv, LLC)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version:  - Prism Studios)
PowerDirector (Version: 9.00.0000 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.3-r114633-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Red Giant PlaneSpace (HKLM-x32\...\Red Giant PlaneSpace) (Version:  - )
Red Giant Psunami (HKLM-x32\...\InstallShield_{97F381E0-CCC3-4F22-9078-033CBC597391}) (Version: 1.4.0 - Red Giant Software)
Red Giant Psunami (Version: 1.4.0 - Red Giant Software) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
SafeZone Stable 1.51.2220.47 (x32 Version: 1.51.2220.47 - Avast Software) Hidden
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Scrivener Update (HKLM-x32\...\Scrivener 1900) (Version: 1950 - Literature and Latte)
Search Protection (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Search Protection) (Version: 9.5.0.3 - Spigot, Inc.) <==== ATTENTION
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
Soluto (HKLM\...\{32F9DBC7-95D1-469F-B7A3-678948D6DA32}) (Version: 1.3.1140.0 - Soluto)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Victoria II (HKLM-x32\...\Steam App 42960) (Version:  - Paradox Development Studio)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Wallpaper Master v2.16 (HKLM-x32\...\Wallpaper Master_is1) (Version:  - James Garton)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Warcraft III) (Version:  - )
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebM Project Directshow Filters (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
WinDirStat 1.1.2 (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\WinDirStat) (Version:  - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Phone Emulator x64 - ENU (HKLM\...\{0F7861E5-3B24-33CA-AECF-B5477194CEEB}) (Version: 10.0.30319 - Microsoft Corporation)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
XMind (HKLM-x32\...\XMind) (Version: 3.3.0 - XMind Ltd.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\devin\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\devin\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01FE1553-6233-4E45-B58B-E465A2CE89E8} - System32\Tasks\SafeZone scheduled Autoupdate 1462581905 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-07-25] (Avast Software)
Task: {0271FFDF-60DF-4D58-B579-6449B3FF049E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000UA => C:\Users\devin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.)
Task: {0B247A65-5114-4BB7-A8AA-82AB5D260286} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000UA => C:\Users\devin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {189E30CD-2987-4074-A515-BB6D8A8ED8B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {337EC0E7-954C-4B7D-BD37-27D1ACFCFE9E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000Core => C:\Users\devin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.)
Task: {3833673B-6656-4CCA-8C6B-AD1277356D75} - System32\Tasks\AdobeAAMUpdater-1.0-devin-PC-devin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {3F622639-4F5B-44EA-A746-412C8F72D1AD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-06] (AVAST Software)
Task: {447EB743-7879-43E2-896C-3D4E9387CCFF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {56AE0AF9-85AC-4548-8861-E814F0A64AD2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
Task: {5CE39C32-06A8-45B9-B00F-62919667B38C} - System32\Tasks\{E6EEA09D-7DE1-46BD-843E-DBCA8853D90F} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {6177EB0D-B4D9-4504-A313-320FE70B6DF6} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {6196102C-6003-44D2-949D-98A458DC5DCB} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {8E3BCAE8-D6F2-4B57-942E-211C9FF8A1C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9FF97AF3-DCB0-44F3-BAE5-BD24E60FBE1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AD0B3581-38BC-4513-9837-1283AA62FA26} - System32\Tasks\{D4980C0B-E5EE-4E9C-8901-49046F409D54} => pcalua.exe -a "D:\Steam Library\SteamApps\common\Batman Arkham City GOTY\Setup\vcredist_x86.exe"
Task: {BD194227-E603-4B55-9828-BF74F5EFA807} - System32\Tasks\{5DAFDFE5-6703-4518-BE3C-1B3B527C313B} => pcalua.exe -a "C:\Users\Public\Videos\Dungeons and Dragons 4ed Character Builder\CB_(09)Sep_2009.exe" -d "C:\Users\Public\Videos\Dungeons and Dragons 4ed Character Builder"
Task: {C0B5E7B4-0D7D-44CD-96C7-FD7A6910C323} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000Core => C:\Users\devin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C56AE83D-E3A1-4EB2-AF0B-3AEC8624807C} - System32\Tasks\{24609C97-A20B-468B-9673-EE643B5AF42F} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {D0C244A7-A9A2-443B-BF27-81D36DB0B3F6} - System32\Tasks\{FDE37696-56DC-495C-9492-4906CA78FC2B} => pcalua.exe -a C:\Users\devin\Downloads\GAP.2.6_win\GAP-installer\Gimp-GAP-2.6.0-Setup2.exe -d C:\Users\devin\Downloads\GAP.2.6_win\GAP-installer
Task: {E303469E-6AF3-42F4-9BBB-E045B49F7A52} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {EC0C6609-787D-4141-B1DD-055B948C4762} - System32\Tasks\SafeZone scheduled Autoupdate 1470534544 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-07-25] (Avast Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\devin\AppData\Local\Microsoft\Windows\GameExplorer\{8D163581-5E78-46F0-AAA3-9A9B792B155F}\SupportTasks\0\Support.lnk -> hxxp://www.activision.com/support/
Shortcut: C:\Users\devin\AppData\Local\Microsoft\Windows\GameExplorer\{7B1EB2E4-703C-4914-B6EC-EEB15B5D0290}\SupportTasks\1\Support.lnk -> hxxp://www.ea.com/tech_support/
Shortcut: C:\Users\devin\AppData\Local\Microsoft\Windows\GameExplorer\{7B1EB2E4-703C-4914-B6EC-EEB15B5D0290}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.totalwar.com/
 
ShortcutWithArgument: C:\Users\devin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Hangouts.lnk -> C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-14 19:01 - 2014-03-16 08:44 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-11-12 12:19 - 2009-11-25 23:09 - 00053760 _____ () C:\Windows\System32\LXECPMON.DLL
2011-11-12 12:18 - 2009-01-13 06:15 - 04485120 _____ () C:\Windows\System32\LXECOEM.DLL
2011-11-12 12:20 - 2009-11-04 06:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2016-05-11 11:24 - 2016-05-11 11:24 - 01665024 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGPreCompiled\eca5df98fa15582baf26daf7b3299f14\PCGPreCompiled.ni.dll
2016-05-11 11:26 - 2016-05-11 11:26 - 00237568 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGAppControlPlugin#\9011eb6014c80e3048c7adc8ba46b637\PCGAppControlPluginLoader.ni.dll
2013-01-27 10:00 - 2013-01-27 10:00 - 00091192 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2016-08-06 01:04 - 2016-08-06 01:04 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-06 01:04 - 2016-08-06 01:04 - 03004416 _____ () C:\Program Files\AVAST Software\Avast\defs\16080300\algo.dll
2016-08-06 01:04 - 2016-08-06 01:04 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-06 18:48 - 2016-08-06 18:48 - 03012096 _____ () C:\Program Files\AVAST Software\Avast\defs\16080600\algo.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-17 10:44 - 2015-11-17 10:44 - 00117248 _____ () C:\Users\devin\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-11-17 10:45 - 2015-11-17 10:45 - 00234496 _____ () C:\Users\devin\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-11-17 10:45 - 2015-11-17 10:45 - 00253440 _____ () C:\Users\devin\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-11-17 10:44 - 2015-11-17 10:44 - 00344064 _____ () C:\Users\devin\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2016-04-14 19:09 - 2016-06-29 19:25 - 00035792 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-08-05 10:33 - 2016-06-29 19:25 - 00145864 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-08-05 10:33 - 2016-06-29 19:26 - 00019408 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-08-05 10:33 - 2016-06-29 19:25 - 00116688 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-04-14 19:09 - 2016-06-29 19:25 - 00100296 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 18:00 - 2016-06-29 19:25 - 00018888 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 18:00 - 2016-08-01 14:27 - 00019760 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 18:00 - 2016-06-29 19:25 - 00694224 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-08-05 10:33 - 2016-08-01 14:26 - 00020816 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-04-14 19:09 - 2016-06-29 19:26 - 00123856 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-08-05 10:33 - 2016-08-01 14:26 - 01682760 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-08-05 10:33 - 2016-08-01 14:26 - 00020808 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00021312 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00052024 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00038696 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00105928 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 10:33 - 2016-06-29 19:25 - 00392144 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-08-05 10:33 - 2016-06-29 19:27 - 00020936 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00024528 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00114640 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 18:00 - 2016-08-01 14:27 - 00381752 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00124880 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00025424 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00024016 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00175560 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00030160 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00043472 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00048592 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00026456 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00057808 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00024016 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-08-05 10:33 - 2016-08-01 14:26 - 00246592 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00028616 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-04-14 19:09 - 2016-08-01 14:27 - 00020800 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-14 19:09 - 2016-08-01 14:27 - 00019776 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-04-14 19:09 - 2016-08-01 14:27 - 00020800 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-14 19:09 - 2016-06-29 19:25 - 00144848 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-08-05 10:33 - 2016-06-29 19:26 - 00241104 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-08-05 10:33 - 2016-08-01 14:26 - 00020280 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-04-14 19:09 - 2016-08-01 14:27 - 00023376 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-14 19:09 - 2016-06-29 19:27 - 00350152 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-04-14 19:09 - 2016-08-01 14:27 - 00022352 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00024392 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-08-05 10:33 - 2016-06-29 19:28 - 00036296 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\librsync.dll
2016-08-05 10:33 - 2016-08-01 14:27 - 00084280 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-08-05 10:33 - 2016-08-01 14:27 - 01826096 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 18:00 - 2016-06-29 19:26 - 00083912 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\sip.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 03929392 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 01972016 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00531248 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00132912 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00224056 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00207672 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00020288 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00060880 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00024904 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00546096 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00357680 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00168248 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00042808 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-08-06 01:04 - 2016-08-06 01:04 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-17 15:49 - 2016-06-15 02:15 - 01745560 _____ () C:\Users\devin\AppData\Local\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 15:49 - 2016-06-15 02:15 - 00091288 _____ () C:\Users\devin\AppData\Local\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-05-11 11:39 - 2016-05-11 11:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22e6307b0cd5955ebf3f8abd9e3ab58d\IsdiInterop.ni.dll
2011-11-11 21:54 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\devin\AppData\Local\Temporary Internet Files:HODqZLMEThJuprida [2306]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-01-02 14:22 - 2013-04-21 10:33 - 00001458 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1                               mpa.one.microsoft.com 
127.0.0.1                               genuine.microsoft.com
127.0.0.1                               wat.microsoft.com
127.0.0.1                               mpa.microsoft.com127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\devin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: doubleTwist => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\devin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: HitBliss => "C:\Users\devin\AppData\Roaming\HitBliss\Player\HitBliss.exe" --minimize
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\devin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\devin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\devin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WallpaperChanger => C:\Program Files (x86)\Wallpaper Master\Wallpaper.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
10-05-2016 23:02:09 Windows Update
12-05-2016 03:00:44 Windows Update
23-05-2016 14:32:39 Scheduled Checkpoint
26-05-2016 03:00:28 Windows Update
02-06-2016 18:16:40 Scheduled Checkpoint
10-06-2016 00:00:01 Scheduled Checkpoint
12-06-2016 13:13:10 Installed iCloud
12-06-2016 13:57:25 Removed iCloud
16-06-2016 03:00:31 Windows Update
23-06-2016 11:11:52 Scheduled Checkpoint
23-06-2016 13:30:09 Windows Update
30-06-2016 15:17:07 Scheduled Checkpoint
15-07-2016 11:06:19 Scheduled Checkpoint
16-07-2016 03:00:46 Windows Update
21-07-2016 03:00:29 Windows Update
29-07-2016 14:42:16 Scheduled Checkpoint
06-08-2016 18:49:22 Windows Update
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/06/2016 06:53:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 3.8.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 16a4
 
Start Time: 01d1f04d5be8bf81
 
Termination Time: 60000
 
Application Path: C:\Users\devin\Desktop\FRST64.exe
 
Report Id: 90ce971d-5c41-11e6-9617-e069954f6a50
 
Error: (08/06/2016 06:38:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/06/2016 06:38:02 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/06/2016 06:38:02 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/06/2016 06:38:02 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (08/06/2016 06:37:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/06/2016 06:37:16 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (08/06/2016 06:37:16 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/06/2016 06:37:16 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/06/2016 06:37:16 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
 
System errors:
=============
Error: (08/06/2016 07:00:54 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
Error: (08/06/2016 06:58:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
Error: (08/06/2016 06:56:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 4.6.1 for Windows 7 for x64 (KB3102433).
 
Error: (08/06/2016 06:56:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (08/06/2016 06:55:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (08/06/2016 06:55:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (08/06/2016 06:48:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Security Center service terminated with the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/06/2016 06:45:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891 = Access is denied.
 
Error: (08/06/2016 06:45:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891 = Access is denied.
 
Error: (08/06/2016 06:45:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 2 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 32%
Total physical RAM: 8171.96 MB
Available physical RAM: 5509.34 MB
Total Virtual: 16342.1 MB
Available Virtual: 13658.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:41.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Volume 2) (Fixed) (Total:931.51 GB) (Free:54.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9AA4A94C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4B454B44)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Hardware interrupts and DPC's (from Process Explorer)
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 95.43 0 K 24 K 0
procexp64.exe 1.88 31,016 K 52,776 K 5664 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
taskmgr.exe 0.53 4,428 K 12,732 K 4052 Windows Task Manager Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.45 139,092 K 43,564 K 1444 avast! Service AVAST Software (Verified) AVAST Software a.s.
Interrupts 0.37 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.33 32,068 K 40,048 K 1812 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.32 83,520 K 115,872 K 3380 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.17 4,432 K 9,776 K 672 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.12 2,428 K 112,584 K 4
MusicManager.exe 0.09 19,084 K 31,944 K 2200 Music Manager Google Inc. (No signature was present in the subject) Google Inc.
SolutoService.exe 0.08 55,216 K 65,344 K 3872 Soluto Soluto (Verified) Soluto
chrome.exe 0.06 59,540 K 95,668 K 2344 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.02 28,688 K 54,488 K 1828 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
IAStorDataMgrSvc.exe 0.02 20,048 K 16,772 K 5536 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
services.exe 0.02 6,172 K 10,348 K 768 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 0.02 2,280 K 4,896 K 5884 Local Manageability Service Intel Corporation (Verified) Intel Corporation
svchost.exe 0.02 4,928 K 10,480 K 876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 192,160 K 194,796 K 4384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wsc_proxy.exe 0.01 1,392 K 5,016 K 4260 Avast remediation exe AVAST Software (Verified) AVAST Software a.s.
wsc_proxy.exe 0.01 1,392 K 5,024 K 5456 Avast remediation exe AVAST Software (Verified) AVAST Software a.s.
svchost.exe 0.01 5,600 K 10,968 K 5244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
XBoxStat.exe 0.01 2,748 K 6,612 K 1600 XBoxStat.exe Microsoft Corporation (Verified) Microsoft Corporation
Dropbox.exe < 0.01 136,568 K 164,780 K 2656 Dropbox Dropbox, Inc. (Verified) Dropbox
iPodService.exe < 0.01 3,188 K 7,596 K 3688 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 35,000 K 53,592 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
avastui.exe < 0.01 31,316 K 17,152 K 2568 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
svchost.exe < 0.01 8,360 K 15,656 K 1060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe < 0.01 3,476 K 10,640 K 1656 MobileDeviceService Apple Inc. (Verified) Apple Inc.
taskhost.exe < 0.01 8,184 K 11,256 K 1496 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TiltWheelMouse.exe < 0.01 1,524 K 5,964 K 396 pximouse Pixart Imaging Inc (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe < 0.01 32,436 K 35,452 K 1364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 9,420 K 19,072 K 1092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 15,208 K 8,304 K 5228 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,532 K 5,048 K 588 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
IAStorIcon.exe < 0.01 29,140 K 24,904 K 2620 IAStorIcon Intel Corporation (Verified) Intel Corporation
iTunesHelper.exe < 0.01 4,180 K 12,532 K 2772 iTunesHelper Apple Inc. (Verified) Apple Inc.
lxeccoms.exe < 0.01 2,796 K 6,716 K 2188 Printer Communication System (Verified) Lexmark International
wuauclt.exe 2,284 K 6,984 K 1756 Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,896 K 6,660 K 3320 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 7,260 K 13,176 K 2732 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,588 K 8,108 K 712 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,652 K 4,780 K 664 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
VSSVC.exe 2,136 K 6,992 K 4796 Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,172 K 6,096 K 5428 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 17,412 K 20,636 K 2612 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 2,156 K 5,240 K 5168 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,116 K 5,620 K 1996 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,600 K 8,552 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,808 K 8,668 K 1220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,808 K 16,408 K 120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,804 K 5,372 K 1212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,932 K 5,496 K 4088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,420 K 12,504 K 1436 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,096 K 5,884 K 4352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 9,932 K 17,308 K 1984 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SolutoLauncherService.exe 1,392 K 3,868 K 3796 Soluto Launcher Service Soluto (Verified) Soluto
smss.exe 584 K 1,260 K 388 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 10,992 K 12,232 K 1664 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 2,448 K 7,620 K 4456 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 30,440 K 25,668 K 972 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
nusb3mon.exe 1,752 K 5,448 K 2628 USB 3.0 Monitor Renesas Electronics Corporation (Verified) Renesas Electronics Corporation
msiexec.exe 2,460 K 6,448 K 2336 Windows® installer Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 2,284 K 5,920 K 1808 Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamscheduler.exe 4,712 K 10,340 K 5152 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
lsm.exe 2,672 K 4,536 K 788 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 6,804 K 14,264 K 776 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 2,360 K 5,460 K 3000 Java Update Scheduler Oracle Corporation (Verified) Oracle America
IPROSetMonitor.exe 1,652 K 4,532 K 1704 Intel® PROSet Monitoring Service Intel Corporation (Verified) Intel Corporation
GoogleUpdate.exe 2,252 K 800 K 2304 Google Installer Google Inc. (Verified) Google Inc
GoogleUpdate.exe 2,100 K 824 K 2636 Google Installer Google Inc. (Verified) Google Inc
DropboxUpdate.exe 3,160 K 3,260 K 2156 Dropbox Update Dropbox, Inc. (Verified) Dropbox
chrome.exe 32,540 K 59,824 K 3388 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 33,168 K 28,940 K 3172 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,164 K 51,412 K 3368 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,580 K 4,688 K 2448 Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 18,240 K 17,748 K 2404 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 1,608 K 4,940 K 756 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,688 K 7,484 K 1464 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
 
 

  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,896 posts
  • MVP

MBAM is Malwarebytes Anti-Malware so apparently it was running a scan.

 

Trusted Installer is the install process for Microsoft Updates so it was apparently trying to install something.

 

If we look at the FRST log we see:

 

(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp461-kb3102433-x86-x64-enu.exe <==Install for Microsoft .NET Framework 4.6.1

(Microsoft Corporation) D:\bdd38748b4d8fd3ff6206bf48cc4\Setup.exe <==No idea why we have this one since it's on D: and not C:
(Microsoft Corporation) C:\Windows\System32\msiexec.exe <==MS Installer

 

 
 
Wlidsvc.exe is Windows Live ID Services
 
​Personally I have no use for Windows Live.  I think it's very poorly written software.  It is always causing problems like hanging on to the Registry went it shouldn't.
 
 
 
Let's try another fixlist:
 
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   2.91KB   103 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 
 

  • 0

#19
Dwashba

Dwashba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

I had to restart a couple of times. I'm more and more sure it's connected with MB because I got a blue screen from trying to end it after I'd let it go on too long, then after restarting again I ended the process while it was still only a few thousand K worth of RAM big and the computer is running. It's weird that I have that Wlidsvc.exe because I don't use Windows Live.

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by devin (2016-08-06 21:27:53) Run:2
Running from C:\Users\devin\Desktop
Loaded Profiles: devin & Top Dog (Available Profiles: devin & mom & Top Dog)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3306061&octid=EB_ORIGINAL_CTID&SearchSource=61&CUI=UN21798395310090278&UM=2&UP=SP49497951-6663-43F6-9591-64AF001E09E6&SSPV=","hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN21798395310090278&UM=2","hxxp://docs.gresham.k12.or.us","hxxp://homepage-web.com/?
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Extension: (Connect DLC 5) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2015-01-16] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3306061&extensionData=\u003Cextension_data>] <==== ATTENTION
S2 wscsvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
C:\Users\devin\AppData\Local\Temp\w5ssroxi.dll
AlternateDataStreams: C:\Users\devin\AppData\Local\Temporary Internet Files:HODqZLMEThJuprida [2306]
CMD: sc stop wscsvc
CMD: sc config wscsvc start= disabled
C:\Windows\ntbtlog.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
EmptyTemp:
 
 
 
 
 
 
 
*****************
 
Chrome StartupUrls => removed successfully
C:\Users\devin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Users\devin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil <==== ATTENTION => not found
wscsvc => service removed successfully
cpuz136 => Service stopped successfully.
cpuz136 => service removed successfully
C:\Users\devin\AppData\Local\Temp\w5ssroxi.dll => moved successfully
"C:\Users\devin\AppData\Local\Temporary Internet Files" => ":HODqZLMEThJuprida" ADS not found.
 
========= sc stop wscsvc =========
 
[SC] ControlService FAILED 1062:
 
The service has not been started.
 
 
========= End ofCMD: =========
 
 
========= sc config wscsvc start= disabled =========
 
[SC] QueryServiceConfig2 (delayed autostart flag) FAILED 2:
 
The system cannot find the file specified.
 
 
========= End ofCMD: =========
 
C:\Windows\ntbtlog.txt => moved successfully
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End ofCMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4200840 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2347580 B
Edge => 0 B
Chrome => 57635173 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
devin => 1830463 B
mom => 0 B
Top Dog => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 71 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:28:38 ====

  • 0

#20
Dwashba

Dwashba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Should I run an Avast scan now that I can? Uninstall Malwarebytes or something?

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by devin (administrator) on DEVIN-PC (06-08-2016 22:28:15)
Running from C:\Users\devin\Desktop
Loaded Profiles: devin (Available Profiles: devin & mom & Top Dog)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
( ) C:\Windows\System32\lxeccoms.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Dropbox, Inc.) C:\Users\devin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dropbox, Inc.) C:\Users\devin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Elaborate Bytes AG) D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-03-10] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-04] (Raptr, Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9071752 2016-08-06] (AVAST Software)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Run: [Dropbox Update] => C:\Users\devin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Run: [MusicManager] => C:\Users\devin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Run: [Google Update] => C:\Users\devin\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Run: [GoogleChromeAutoLaunch_90E53751D683971B577ECCEE9D752113] => C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\MAGENT~1.SCR
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-06] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\Users\devin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\devin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2A78499E-E19C-40FE-9992-09A7F4DAB577}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-24] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-06] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-03-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-24] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-06] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-24] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll [2011-09-07] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3688702354-2117096547-3842074458-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\devin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3688702354-2117096547-3842074458-1000: @talk.google.com/O1DPlugin -> C:\Users\devin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3688702354-2117096547-3842074458-1000: @tools.google.com/Google Update;version=3 -> C:\Users\devin\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3688702354-2117096547-3842074458-1000: @tools.google.com/Google Update;version=9 -> C:\Users\devin\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\devin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\devin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-06]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3306061&octid=EB_ORIGINAL_CTID&SearchSource=61&CUI=UN21798395310090278&UM=2&UP=SP49497951-6663-43F6-9591-64AF001E09E6&SSPV=","hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN21798395310090278&UM=2","hxxp://docs.gresham.k12.or.us","hxxp://homepage-web.com/?s=lenovo&m=start","hxxp://home.lenovo.com"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\devin\AppData\Local\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Ge.tt) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdgghbbgmhcpidlmnepkbihehhkmjomc [2013-05-26]
CHR Extension: (OneTab) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-10]
CHR Extension: (Mainichi) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfekdjmdikicceaiokcmmchenpilglhn [2016-06-30]
CHR Extension: (Google Calendar) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-16]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2013-07-05]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-07-31]
CHR Extension: (TweetDeck by Twitter) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-25]
CHR Extension: (rikaikun) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2016-06-30]
CHR Extension: (Conceptboard for Google+ Hangouts) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklieeaongcaklpejdodbkcmbdfpdabj [2013-06-25]
CHR Extension: (Google Hangouts) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-03]
CHR Profile: C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-16]
CHR Extension: (Google Docs) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-16]
CHR Extension: (Google Drive) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR Extension: (YouTube) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Google Search) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (Google Sheets) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-16]
CHR Extension: (Avast Online Security) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-16]
CHR Extension: (Connect DLC 5) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2015-01-16] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3306061&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (Gmail) - C:\Users\devin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]
StartMenuInternet: Google Chrome - C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197640 2016-08-06] (AVAST Software)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\Windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-03-10] (Plays.tv, LLC)
R3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-10] ()
S3 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [183264 2013-01-27] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2013-01-27] (Soluto) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [968536 2016-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-06] (AVAST Software)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2012-03-28] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs)
R2 hitbliss; C:\Windows\System32\drivers\hitbliss.sys [19928 2014-03-18] (Project Concord, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-03-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-06 21:57 - 2016-08-06 21:57 - 00275784 _____ C:\Windows\Minidump\080616-35240-01.dmp
2016-08-06 21:56 - 2016-08-06 21:56 - 528461513 _____ C:\Windows\MEMORY.DMP
2016-08-06 19:05 - 2016-08-06 19:05 - 00008686 _____ C:\Users\devin\Desktop\Hardware Interrupts and DPCs.txt
2016-08-06 18:49 - 2016-08-06 18:49 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1470534544
2016-08-06 18:49 - 2016-08-06 18:49 - 00001003 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-08-06 18:49 - 2016-08-06 18:49 - 00001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-06 18:48 - 2016-08-06 18:47 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-06 15:03 - 2016-08-06 15:03 - 00003161 _____ C:\junk.txt
2016-08-06 15:01 - 2016-08-06 15:01 - 00004001 _____ C:\Users\devin\Desktop\System Idle Process.txt
2016-08-06 14:57 - 2016-08-06 14:57 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\devin\Desktop\procexp.exe
2016-08-06 14:10 - 2016-08-06 14:12 - 00001375 _____ C:\VEW.txt
2016-08-06 14:09 - 2016-08-06 14:09 - 00061440 _____ ( ) C:\Users\devin\Desktop\VEW.exe
2016-08-06 14:08 - 2016-08-06 14:08 - 00061440 _____ ( ) C:\Users\devin\Downloads\VEW.exe
2016-08-06 13:25 - 2016-08-06 21:28 - 00003821 _____ C:\Users\devin\Desktop\Fixlog.txt
2016-08-06 13:24 - 2016-08-06 13:24 - 00000448 _____ C:\Users\devin\Desktop\spldr.zip
2016-08-06 11:13 - 2016-08-06 19:03 - 00059290 _____ C:\Users\devin\Desktop\Addition.txt
2016-08-06 11:10 - 2016-08-06 22:28 - 00029402 _____ C:\Users\devin\Desktop\FRST.txt
2016-08-06 11:10 - 2016-08-06 22:28 - 00000000 ____D C:\FRST
2016-08-06 11:10 - 2016-08-06 11:10 - 02393600 _____ (Farbar) C:\Users\devin\Downloads\FRST64 (1).exe
2016-08-06 11:10 - 2016-08-06 11:10 - 02393600 _____ (Farbar) C:\Users\devin\Desktop\FRST64.exe
2016-08-06 11:09 - 2016-08-06 11:10 - 02393600 _____ (Farbar) C:\Users\devin\Downloads\FRST64.exe
2016-08-06 01:06 - 2016-08-06 01:06 - 00000000 ____D C:\Users\devin\AppData\Roaming\AVAST Software
2016-08-06 01:05 - 2016-08-06 01:05 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-06 01:05 - 2016-08-06 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-06 01:04 - 2016-08-06 01:05 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00968536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-06 01:04 - 2016-08-06 01:04 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-06 01:04 - 2016-08-06 01:04 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-06 01:04 - 2016-08-06 01:04 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-06 01:03 - 2016-08-06 18:47 - 00000000 ____D C:\Program Files\AVAST Software
2016-08-06 01:03 - 2016-08-06 01:03 - 06253376 _____ (AVAST Software) C:\Users\devin\Downloads\avast_free_antivirus_setup_online.exe
2016-08-06 00:16 - 2016-08-06 00:16 - 00002603 _____ C:\Users\devin\Desktop\Hkey.reg
2016-08-06 00:13 - 2016-08-06 00:13 - 01239084 _____ C:\Users\devin\Documents\cc_20160806_001330.reg
2016-08-06 00:10 - 2016-08-06 00:10 - 505462110 _____ C:\Users\devin\Desktop\regback.reg
2016-08-05 17:28 - 2016-08-05 19:37 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2016-08-05 15:40 - 2016-08-06 21:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-05 15:39 - 2016-08-05 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-05 15:39 - 2016-08-05 15:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-05 15:39 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-05 15:39 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-05 15:39 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-05 15:36 - 2016-08-05 15:37 - 22851472 _____ (Malwarebytes ) C:\Users\devin\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-05 10:33 - 2016-08-05 10:33 - 00000000 ____D C:\Users\devin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-29 18:17 - 2016-07-29 18:17 - 00038842 _____ C:\Users\devin\Downloads\cold-fish-tsumetai-nettaigyo_english-516238.zip
2016-07-24 10:39 - 2016-07-24 10:37 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-07-24 10:36 - 2016-07-24 10:36 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-07-18 19:26 - 2016-07-18 19:26 - 00034450 _____ C:\Users\devin\Downloads\himizu.(2011).eng.1cd.(4626313).zip
2016-07-18 19:26 - 2016-07-18 19:26 - 00016887 _____ C:\Users\devin\Downloads\4626313.htm
2016-07-18 18:21 - 2016-07-18 19:27 - 00000000 ____D C:\Users\devin\Desktop\Himizu.2012.JAP.BDRip.x264.AAC-ADiOS
2016-07-15 10:42 - 2016-06-10 21:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-15 10:42 - 2016-06-10 14:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-15 10:42 - 2016-06-10 14:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-15 10:42 - 2016-06-10 14:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-15 10:42 - 2016-06-10 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-15 10:42 - 2016-06-10 13:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-15 10:42 - 2016-06-10 13:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-15 10:42 - 2016-06-10 11:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-15 10:42 - 2016-06-10 11:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-15 10:42 - 2016-06-10 11:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-15 10:42 - 2016-06-10 11:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-15 10:42 - 2016-06-10 11:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-15 10:42 - 2016-06-10 11:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-15 10:42 - 2016-06-10 11:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-15 10:42 - 2016-06-10 11:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-15 10:42 - 2016-06-10 11:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-15 10:42 - 2016-06-10 11:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-15 10:42 - 2016-06-10 11:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-15 10:42 - 2016-06-10 10:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-15 10:41 - 2016-06-25 17:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-15 10:41 - 2016-06-25 17:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-15 10:41 - 2016-06-25 17:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-15 10:41 - 2016-06-25 17:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-15 10:41 - 2016-06-25 17:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-15 10:41 - 2016-06-25 17:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-15 10:41 - 2016-06-25 17:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-15 10:41 - 2016-06-25 12:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-15 10:41 - 2016-06-25 12:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-15 10:41 - 2016-06-25 12:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-15 10:41 - 2016-06-25 12:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-15 10:41 - 2016-06-25 12:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-15 10:41 - 2016-06-22 06:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-15 10:41 - 2016-06-17 11:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-15 10:41 - 2016-06-14 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-15 10:41 - 2016-06-10 23:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-15 10:41 - 2016-06-10 14:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-15 10:41 - 2016-06-10 14:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-15 10:41 - 2016-06-10 14:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-15 10:41 - 2016-06-10 14:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-15 10:41 - 2016-06-10 14:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-15 10:41 - 2016-06-10 14:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-15 10:41 - 2016-06-10 14:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-15 10:41 - 2016-06-10 14:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-15 10:41 - 2016-06-10 14:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-15 10:41 - 2016-06-10 14:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-15 10:41 - 2016-06-10 14:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-15 10:41 - 2016-06-10 14:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-15 10:41 - 2016-06-10 14:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-15 10:41 - 2016-06-10 13:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-15 10:41 - 2016-06-10 13:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-15 10:41 - 2016-06-10 13:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-15 10:41 - 2016-06-10 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-15 10:41 - 2016-06-10 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-15 10:41 - 2016-06-10 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-15 10:41 - 2016-06-10 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-15 10:41 - 2016-06-10 13:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-15 10:41 - 2016-06-10 13:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-15 10:41 - 2016-06-10 13:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-15 10:41 - 2016-06-10 13:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-15 10:41 - 2016-06-10 12:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-15 10:41 - 2016-06-10 12:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-15 10:41 - 2016-06-10 12:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-15 10:41 - 2016-06-10 12:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-15 10:41 - 2016-06-10 12:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-15 10:41 - 2016-06-10 11:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-15 10:41 - 2016-06-10 11:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-15 10:41 - 2016-06-10 11:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-15 10:41 - 2016-06-10 11:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-15 10:41 - 2016-06-10 11:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-15 10:41 - 2016-06-10 11:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-15 10:41 - 2016-06-10 11:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-15 10:41 - 2016-06-10 11:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-15 10:41 - 2016-06-10 11:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-15 10:41 - 2016-06-10 11:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-15 10:41 - 2016-06-10 11:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-15 10:41 - 2016-06-10 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-15 10:41 - 2016-06-10 11:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-15 10:41 - 2016-06-10 11:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-15 10:41 - 2016-06-10 10:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-15 10:41 - 2016-06-10 10:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-15 10:41 - 2016-06-10 10:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-06 22:28 - 2009-07-13 21:45 - 00023632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-06 22:28 - 2009-07-13 21:45 - 00023632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-06 22:21 - 2014-07-10 21:37 - 00000000 ____D C:\Users\devin\AppData\Roaming\Raptr
2016-08-06 22:20 - 2014-12-14 12:22 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2016-08-06 22:11 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-06 21:57 - 2012-04-11 15:16 - 00000000 ____D C:\Windows\Minidump
2016-08-06 18:47 - 2011-12-19 11:39 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-06 16:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-08-06 16:49 - 2013-04-21 10:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-06 13:25 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-08-06 11:49 - 2011-12-10 12:53 - 00000000 ____D C:\Users\devin\AppData\Roaming\Audacity
2016-08-05 23:12 - 2011-11-11 22:22 - 00000000 ____D C:\Users\devin\AppData\Roaming\uTorrent
2016-08-05 15:40 - 2011-11-11 22:20 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-05 15:39 - 2012-02-18 19:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-05 10:32 - 2011-11-11 22:25 - 00000000 ____D C:\Users\devin\AppData\Roaming\Dropbox
2016-08-05 09:43 - 2011-11-12 19:32 - 00000000 ____D C:\Users\devin\AppData\Local\Adobe
2016-07-31 15:51 - 2009-07-13 21:45 - 07095608 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-29 22:09 - 2013-04-20 22:48 - 02180776 ____H C:\Users\devin\AppData\Local\IconCache.db.backup
2016-07-29 22:01 - 2011-11-12 15:12 - 00000000 ____D C:\Users\devin\AppData\Roaming\vlc
2016-07-28 15:10 - 2012-08-23 10:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 15:10 - 2012-08-23 10:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 14:49 - 2011-11-11 22:18 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000UA
2016-07-28 14:49 - 2011-11-11 22:18 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000Core
2016-07-28 10:46 - 2011-11-11 22:09 - 00176152 _____ C:\Users\devin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-24 11:07 - 2014-05-29 21:25 - 00000000 ____D C:\ProgramData\Oracle
2016-07-24 10:39 - 2014-05-29 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-24 10:39 - 2011-12-16 11:54 - 00000000 ____D C:\Program Files\Java
2016-07-24 10:39 - 2011-11-11 22:22 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-24 10:38 - 2015-10-20 13:35 - 00000000 ____D C:\Users\devin\.oracle_jre_usage
2016-07-24 10:37 - 2015-10-20 13:36 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-07-22 15:40 - 2014-09-04 18:25 - 00000000 ____D C:\Program Files (x86)\Scrivener
2016-07-21 03:01 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-21 03:01 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-18 18:24 - 2009-07-13 22:13 - 00782296 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-16 12:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-16 12:08 - 2011-11-20 17:30 - 00000000 ____D C:\Users\devin\AppData\Local\ElevatedDiagnostics
2016-07-16 04:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-07-16 03:20 - 2014-12-10 04:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-16 03:20 - 2009-07-14 00:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-15 10:12 - 2014-12-21 21:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 10:12 - 2012-04-08 08:10 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 10:12 - 2011-11-11 22:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-15 09:12 - 2011-11-11 22:19 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-15 09:12 - 2011-11-11 22:19 - 00000000 ____D C:\Windows\system32\Macromed
 
==================== Files in the root of some directories =======
 
2013-01-28 12:25 - 2013-01-28 12:25 - 0000132 _____ () C:\Users\devin\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-02-14 21:11 - 2015-02-21 19:59 - 0000132 _____ () C:\Users\devin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-25 17:46 - 2014-02-25 16:38 - 0012005 _____ () C:\Users\devin\AppData\Roaming\alsoft.ini
2013-01-28 12:26 - 2015-11-16 17:44 - 0001456 _____ () C:\Users\devin\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-07-19 13:58 - 2016-05-30 16:13 - 0009216 _____ () C:\Users\devin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 17:08 - 2014-02-10 17:08 - 0009892 _____ () C:\Users\devin\AppData\Local\recently-used.xbel
2012-08-07 09:23 - 2012-08-07 09:23 - 0007597 _____ () C:\Users\devin\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\devin\AppData\Local\setup.txt
2012-01-05 20:14 - 2012-01-05 20:14 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-11-12 14:02 - 2011-11-12 14:02 - 0000252 _____ () C:\ProgramData\FastPics.log
2011-12-20 12:37 - 2011-10-21 12:37 - 0000032 ____R () C:\ProgramData\hash.dat
2012-01-05 20:22 - 2012-02-20 14:44 - 0014220 _____ () C:\ProgramData\lxecJSW.log
2011-11-12 12:19 - 2014-04-18 16:48 - 0067623 _____ () C:\ProgramData\lxecscan.log
2012-01-05 20:14 - 2012-01-05 20:14 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2011-12-15 21:56 - 2012-01-17 17:12 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-05-07 09:25 - 2012-05-07 09:26 - 0000340 _____ () C:\ProgramData\pswx.html
2014-02-05 21:01 - 2014-02-05 21:01 - 5059417 _____ () C:\ProgramData\SPLECB6.tmp
2011-11-12 12:15 - 2011-11-12 12:15 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
C:\Users\devin\AppData\Local\Temp\0ukadpkk.dll
C:\Users\devin\AppData\Local\Temp\cvqw8hzs.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-27 12:15
 
==================== End of FRST.txt ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by devin (2016-08-06 22:29:23)
Running from C:\Users\devin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2011-11-12 04:39:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3688702354-2117096547-3842074458-500 - Administrator - Disabled)
devin (S-1-5-21-3688702354-2117096547-3842074458-1000 - Administrator - Enabled) => C:\Users\devin
Guest (S-1-5-21-3688702354-2117096547-3842074458-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3688702354-2117096547-3842074458-1004 - Limited - Enabled)
mom (S-1-5-21-3688702354-2117096547-3842074458-1001 - Limited - Enabled) => C:\Users\mom
Top Dog (S-1-5-21-3688702354-2117096547-3842074458-1006 - Limited - Enabled) => C:\Users\Top Dog
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader 9.5.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Aeon (HKLM-x32\...\Aeon) (Version: 3.4.1 - SoundSpectrum)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.2.2276 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.3.492 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Card Hunter (HKLM-x32\...\Steam App 293260) (Version:  - Blue Manchu)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Crusader Kings II (HKLM\...\Steam App 203770) (Version:  - Paradox Development Studio)
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version:  - Brace Yourself Games)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version:  - Visceral Games)
Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Desktop Dungeons (HKLM-x32\...\Steam App 226620) (Version:  - QCF Design)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
doubleTwist Sync (HKLM-x32\...\doubleTwist) (Version: 4.0.4.19767 - doubleTwist Corporation)
Dropbox (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeons of Dredmor (HKLM-x32\...\Steam App 98800) (Version:  - Gaslamp Games, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Epic Games Launcher (HKLM-x32\...\{16969EF2-23EA-4BD9-B085-4952D95E8A7D}) (Version: 1.1.48.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Eternal Senia (HKLM-x32\...\Steam App 351640) (Version:  - Holy Priest)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Final Effects Complete 6.0.0 64Bit (HKLM\...\{D076B586-8F4A-4033-9B6C-A451B6E04611}) (Version: 6.00.0000 - Boris Fx, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
Gtk# for .Net 2.12.10 (HKLM-x32\...\{550B72C4-F404-4812-971F-947E835A877E}) (Version: 2.12.10 - Novell, Inc.)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Hatoful Boyfriend (HKLM-x32\...\Steam App 310080) (Version:  - Mediatonic)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HitBliss (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\HitBliss) (Version: 1.0.0.25740 - Project Concord, Inc.)
Intel® Desktop Utilities (HKLM-x32\...\{F01CBA59-B5BD-4608-A834-1CBE8C292A71}) (Version: 1.0.0 - Intel Corporation)
Intel® Integrator Assistant (HKLM-x32\...\{D1A35687-AEA9-422C-B237-FC4F8136B6F6}) (Version: 1.0.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java™ SE Development Kit 6 Update 30 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160300}) (Version: 1.6.0.300 - Oracle)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Kindle Previewer (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\KindlePreviewer) (Version: 2.9 - Amazon)
Knights of Pen and Paper +1 (HKLM-x32\...\Steam App 231740) (Version:  - Behold Studios)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version:  - Lexmark International, Inc.)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{4D2F05BB-228E-4081-B94C-50AD015EE462}) (Version: 11.4.2 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.4.2 - Red Giant Software) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McPixel (HKLM-x32\...\Steam App 220860) (Version:  - Sos)
Mercenary Kings (HKLM-x32\...\Steam App 218820) (Version:  - Tribute Games Inc.)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20901.0) (Version: 4.0.20901.0 - Microsoft Corporation)
Microsoft Expression Blend 4 Add-in for Adobe FXG Import (HKLM-x32\...\{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}) (Version: 1.0.10901.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone 7 (HKLM-x32\...\{69E11501-75F7-4ACE-8103-52513DDCFE26}) (Version: 2.0.20901.0 - Microsoft Corporation)
Microsoft Flight (HKLM-x32\...\GFWL_{4D5308D2-DC8E-4658-A37C-351000058100}) (Version: 1.0.0005.129 - Microsoft Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft Silverlight Tools for Visual Studio 2010 (HKLM-x32\...\{558358E5-E4F3-4374-BA1D-26FF39EF87D9}) (Version: 10.0.30319.400 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Phone 7 Developer Resources (HKLM-x32\...\{B86149D3-18A2-41FD-A153-60AF944E47FE}) (Version: 7.0.7003.0 - Microsoft Corporation)
Microsoft Windows Phone Developer Tools - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Express for Windows Phone  - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 Windows Phone Extensions (HKLM-x32\...\{5DDF31D2-63BB-4268-895B-FB05A82A1C00}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{0666E46E-A860-4353-BE6D-13AA72FABB57}) (Version: 1.3.0.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
MP3 Skype Recorder (HKLM-x32\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - Alexander Nikiforov)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\MusicManager) (Version:  - Google, Inc.)
My Lockbox 2.8.5 (HKLM\...\My Lockbox_is1) (Version: 2.8.5 - )
Network Recording Player (HKLM-x32\...\{CC5BDE4C-A0D2-4DE0-ACB9-1D5CB019C9CF}) (Version: 28.12.2.17378 - Cisco WebEx LLC)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.12.11 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PAC-MAN Championship Edition DX+ (HKLM-x32\...\Steam App 236450) (Version:  - Mine Loader Software Co., Ltd.)
Papers, Please (HKLM-x32\...\1207659209_is1) (Version: 2.5.0.11 - GOG.com)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.8.11-r110387-release - Plays.tv, LLC)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version:  - Prism Studios)
PowerDirector (Version: 9.00.0000 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.5-r115042-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Red Giant PlaneSpace (HKLM-x32\...\Red Giant PlaneSpace) (Version:  - )
Red Giant Psunami (HKLM-x32\...\InstallShield_{97F381E0-CCC3-4F22-9078-033CBC597391}) (Version: 1.4.0 - Red Giant Software)
Red Giant Psunami (Version: 1.4.0 - Red Giant Software) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
SafeZone Stable 1.51.2220.47 (x32 Version: 1.51.2220.47 - Avast Software) Hidden
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Scrivener Update (HKLM-x32\...\Scrivener 1900) (Version: 1950 - Literature and Latte)
Search Protection (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Search Protection) (Version: 9.5.0.3 - Spigot, Inc.) <==== ATTENTION
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
Soluto (HKLM\...\{32F9DBC7-95D1-469F-B7A3-678948D6DA32}) (Version: 1.3.1140.0 - Soluto)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Victoria II (HKLM-x32\...\Steam App 42960) (Version:  - Paradox Development Studio)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Wallpaper Master v2.16 (HKLM-x32\...\Wallpaper Master_is1) (Version:  - James Garton)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\Warcraft III) (Version:  - )
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebM Project Directshow Filters (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
WinDirStat 1.1.2 (HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\...\WinDirStat) (Version:  - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Phone Emulator x64 - ENU (HKLM\...\{0F7861E5-3B24-33CA-AECF-B5477194CEEB}) (Version: 10.0.30319 - Microsoft Corporation)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
XMind (HKLM-x32\...\XMind) (Version: 3.3.0 - XMind Ltd.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\devin\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\devin\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3688702354-2117096547-3842074458-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\devin\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01FE1553-6233-4E45-B58B-E465A2CE89E8} - System32\Tasks\SafeZone scheduled Autoupdate 1462581905 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-07-25] (Avast Software)
Task: {0271FFDF-60DF-4D58-B579-6449B3FF049E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000UA => C:\Users\devin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.)
Task: {0B247A65-5114-4BB7-A8AA-82AB5D260286} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000UA => C:\Users\devin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {189E30CD-2987-4074-A515-BB6D8A8ED8B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {337EC0E7-954C-4B7D-BD37-27D1ACFCFE9E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000Core => C:\Users\devin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.)
Task: {3833673B-6656-4CCA-8C6B-AD1277356D75} - System32\Tasks\AdobeAAMUpdater-1.0-devin-PC-devin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {3F622639-4F5B-44EA-A746-412C8F72D1AD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-06] (AVAST Software)
Task: {447EB743-7879-43E2-896C-3D4E9387CCFF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {56AE0AF9-85AC-4548-8861-E814F0A64AD2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
Task: {5CE39C32-06A8-45B9-B00F-62919667B38C} - System32\Tasks\{E6EEA09D-7DE1-46BD-843E-DBCA8853D90F} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {6177EB0D-B4D9-4504-A313-320FE70B6DF6} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {6196102C-6003-44D2-949D-98A458DC5DCB} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {8E3BCAE8-D6F2-4B57-942E-211C9FF8A1C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9FF97AF3-DCB0-44F3-BAE5-BD24E60FBE1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AD0B3581-38BC-4513-9837-1283AA62FA26} - System32\Tasks\{D4980C0B-E5EE-4E9C-8901-49046F409D54} => pcalua.exe -a "D:\Steam Library\SteamApps\common\Batman Arkham City GOTY\Setup\vcredist_x86.exe"
Task: {BD194227-E603-4B55-9828-BF74F5EFA807} - System32\Tasks\{5DAFDFE5-6703-4518-BE3C-1B3B527C313B} => pcalua.exe -a "C:\Users\Public\Videos\Dungeons and Dragons 4ed Character Builder\CB_(09)Sep_2009.exe" -d "C:\Users\Public\Videos\Dungeons and Dragons 4ed Character Builder"
Task: {C0B5E7B4-0D7D-44CD-96C7-FD7A6910C323} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688702354-2117096547-3842074458-1000Core => C:\Users\devin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C56AE83D-E3A1-4EB2-AF0B-3AEC8624807C} - System32\Tasks\{24609C97-A20B-468B-9673-EE643B5AF42F} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {D0C244A7-A9A2-443B-BF27-81D36DB0B3F6} - System32\Tasks\{FDE37696-56DC-495C-9492-4906CA78FC2B} => pcalua.exe -a C:\Users\devin\Downloads\GAP.2.6_win\GAP-installer\Gimp-GAP-2.6.0-Setup2.exe -d C:\Users\devin\Downloads\GAP.2.6_win\GAP-installer
Task: {E303469E-6AF3-42F4-9BBB-E045B49F7A52} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {EC0C6609-787D-4141-B1DD-055B948C4762} - System32\Tasks\SafeZone scheduled Autoupdate 1470534544 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-07-25] (Avast Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\devin\AppData\Local\Microsoft\Windows\GameExplorer\{8D163581-5E78-46F0-AAA3-9A9B792B155F}\SupportTasks\0\Support.lnk -> hxxp://www.activision.com/support/
Shortcut: C:\Users\devin\AppData\Local\Microsoft\Windows\GameExplorer\{7B1EB2E4-703C-4914-B6EC-EEB15B5D0290}\SupportTasks\1\Support.lnk -> hxxp://www.ea.com/tech_support/
Shortcut: C:\Users\devin\AppData\Local\Microsoft\Windows\GameExplorer\{7B1EB2E4-703C-4914-B6EC-EEB15B5D0290}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.totalwar.com/
 
ShortcutWithArgument: C:\Users\devin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Hangouts.lnk -> C:\Users\devin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-11 11:26 - 2016-05-11 11:26 - 00237568 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGAppControlPlugin#\9011eb6014c80e3048c7adc8ba46b637\PCGAppControlPluginLoader.ni.dll
2016-05-11 11:24 - 2016-05-11 11:24 - 01665024 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGPreCompiled\eca5df98fa15582baf26daf7b3299f14\PCGPreCompiled.ni.dll
2013-01-27 10:00 - 2013-01-27 10:00 - 00091192 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2014-01-14 19:01 - 2014-03-16 08:44 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-11-12 12:19 - 2009-11-25 23:09 - 00053760 _____ () C:\Windows\System32\LXECPMON.DLL
2011-11-12 12:18 - 2009-01-13 06:15 - 04485120 _____ () C:\Windows\System32\LXECOEM.DLL
2011-11-12 12:20 - 2009-11-04 06:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2013-01-27 10:00 - 2013-01-27 10:00 - 00091192 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2014-06-03 11:49 - 2014-06-10 21:18 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-08-06 01:04 - 2016-08-06 01:04 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-06 18:48 - 2016-08-06 18:48 - 03012096 _____ () C:\Program Files\AVAST Software\Avast\defs\16080600\algo.dll
2016-08-06 01:04 - 2016-08-06 01:04 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-14 19:09 - 2016-06-29 19:25 - 00035792 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-08-05 10:33 - 2016-06-29 19:25 - 00145864 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-08-05 10:33 - 2016-06-29 19:26 - 00019408 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-08-05 10:33 - 2016-06-29 19:25 - 00116688 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-04-14 19:09 - 2016-06-29 19:25 - 00100296 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 18:00 - 2016-06-29 19:25 - 00018888 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 18:00 - 2016-08-01 14:27 - 00019760 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 18:00 - 2016-06-29 19:25 - 00694224 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-08-05 10:33 - 2016-08-01 14:26 - 00020816 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-04-14 19:09 - 2016-06-29 19:26 - 00123856 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-08-05 10:33 - 2016-08-01 14:26 - 01682760 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-08-05 10:33 - 2016-08-01 14:26 - 00020808 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00021312 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00052024 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00038696 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00105928 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 10:33 - 2016-06-29 19:25 - 00392144 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-08-05 10:33 - 2016-06-29 19:27 - 00020936 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00024528 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00114640 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 18:00 - 2016-08-01 14:27 - 00381752 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00124880 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00025424 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00024016 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00175560 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00030160 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00043472 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00048592 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00026456 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00057808 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00024016 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-08-05 10:33 - 2016-08-01 14:26 - 00246592 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00028616 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-04-14 19:09 - 2016-08-01 14:27 - 00020800 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-14 19:09 - 2016-08-01 14:27 - 00019776 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-04-14 19:09 - 2016-08-01 14:27 - 00020800 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-14 19:09 - 2016-06-29 19:25 - 00144848 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-08-05 10:33 - 2016-06-29 19:26 - 00241104 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-08-05 10:33 - 2016-08-01 14:26 - 00020280 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-04-14 19:09 - 2016-08-01 14:27 - 00023376 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-14 19:09 - 2016-06-29 19:27 - 00350152 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-04-14 19:09 - 2016-08-01 14:27 - 00022352 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00024392 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-08-05 10:33 - 2016-06-29 19:28 - 00036296 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\librsync.dll
2016-08-05 10:33 - 2016-08-01 14:27 - 00084280 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-08-05 10:33 - 2016-08-01 14:27 - 01826096 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 18:00 - 2016-06-29 19:26 - 00083912 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\sip.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 03929392 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 01972016 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00531248 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00132912 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00224056 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00207672 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00020288 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2015-12-12 18:00 - 2016-06-29 19:27 - 00060880 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00024904 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00546096 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00357680 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00168248 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-08-05 10:33 - 2016-08-01 14:27 - 00042808 _____ () C:\Users\devin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-08-06 01:04 - 2016-08-06 01:04 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-17 15:49 - 2016-06-15 02:15 - 01745560 _____ () C:\Users\devin\AppData\Local\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 15:49 - 2016-06-15 02:15 - 00091288 _____ () C:\Users\devin\AppData\Local\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-05-11 11:39 - 2016-05-11 11:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22e6307b0cd5955ebf3f8abd9e3ab58d\IsdiInterop.ni.dll
2011-11-11 21:54 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\devin\AppData\Local\Temporary Internet Files:HODqZLMEThJuprida [2306]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-01-02 14:22 - 2013-04-21 10:33 - 00001458 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1                               mpa.one.microsoft.com 
127.0.0.1                               genuine.microsoft.com
127.0.0.1                               wat.microsoft.com
127.0.0.1                               mpa.microsoft.com127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3688702354-2117096547-3842074458-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\devin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: doubleTwist => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\devin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: HitBliss => "C:\Users\devin\AppData\Roaming\HitBliss\Player\HitBliss.exe" --minimize
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\devin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\devin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\devin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WallpaperChanger => C:\Program Files (x86)\Wallpaper Master\Wallpaper.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
10-05-2016 23:02:09 Windows Update
12-05-2016 03:00:44 Windows Update
23-05-2016 14:32:39 Scheduled Checkpoint
26-05-2016 03:00:28 Windows Update
02-06-2016 18:16:40 Scheduled Checkpoint
10-06-2016 00:00:01 Scheduled Checkpoint
12-06-2016 13:13:10 Installed iCloud
12-06-2016 13:57:25 Removed iCloud
16-06-2016 03:00:31 Windows Update
23-06-2016 11:11:52 Scheduled Checkpoint
23-06-2016 13:30:09 Windows Update
30-06-2016 15:17:07 Scheduled Checkpoint
15-07-2016 11:06:19 Scheduled Checkpoint
16-07-2016 03:00:46 Windows Update
21-07-2016 03:00:29 Windows Update
29-07-2016 14:42:16 Scheduled Checkpoint
06-08-2016 18:49:22 Windows Update
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/06/2016 10:27:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 3.8.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f3c
 
Start Time: 01d1f06c057d987f
 
Termination Time: 60000
 
Application Path: C:\Users\devin\Desktop\FRST64.exe
 
Report Id: 86cc6c0e-5c5f-11e6-9c3a-e069954f6a50
 
 
System errors:
=============
Error: (08/06/2016 10:21:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (08/06/2016 10:19:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cpuz136 service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/06/2016 10:18:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/06/2016 10:18:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891 = Access is denied.
 
Error: (08/06/2016 10:18:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891 = Access is denied.
 
Error: (08/06/2016 10:17:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Plays.tv Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/06/2016 10:17:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/06/2016 10:16:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (08/06/2016 10:15:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060 = The specified service does not exist as an installed service.
 
Error: (08/06/2016 10:14:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 43%
Total physical RAM: 8171.96 MB
Available physical RAM: 4624.14 MB
Total Virtual: 16342.1 MB
Available Virtual: 12915.58 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:40.92 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Volume 2) (Fixed) (Total:931.51 GB) (Free:54.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9AA4A94C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4B454B44)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,896 posts
  • MVP

Probably best to Uninstall MalwareBytes and sSince you aren't using Windows Live

Uninstall:

 

Windows Live ID Sign-in Assistant 

 

You should also get rid of this obsolete version of Java:

 

Java™ SE Development Kit 6 Update 30 (64-bit) 

 

You had a Zero Access infection and one thing it likes to do is take over your anti-virus.  It may have also taken over MalwareBytes.

 

If Avast is working have it do a boot-time scan.  It takes like 6 hours so I usually let it run at night.

 
Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
 
Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.

  • 0

#22
Dwashba

Dwashba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

I can't seem to find the log anywhere though I'm pretty sure it said C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt during the scan. I even did a search across the whole drive and it didn't come up. I noticed that "Enable dubug logging" was unchecked on Avast's settings. In the scan history it says it found 0 infected files.


  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,896 posts
  • MVP

I'm surprised it didn't find anything.  It should have at least flagged some of the stuff we removed with FRST.

 

If you can't find the log that's OK since it didn't find anything.

 

How  does the Process Eplorer log look?


  • 0

#24
Dwashba

Dwashba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Things seem OK now. Everything loaded on startup like it normally does.

Process Explorer:

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 95.05 0 K 24 K 0
procexp64.exe 1.71 30,892 K 52,400 K 936 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
chrome.exe 1.26 51,816 K 85,768 K 4752 Google Chrome Google Inc. (Verified) Google Inc
Soluto.exe 0.43 49,004 K 30,372 K 3304 Soluto Soluto (Verified) Soluto
chrome.exe 0.27 158,036 K 210,084 K 4176 Google Chrome Google Inc. (Verified) Google Inc
Interrupts 0.21 0 K 0 K n/a Hardware Interrupts and DPCs
SolutoService.exe 0.20 187,756 K 66,560 K 2944 Soluto Soluto (Verified) Soluto
chrome.exe 0.20 78,324 K 112,660 K 4744 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.13 134,568 K 187,364 K 3444 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.08 4,088 K 10,136 K 712 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.08 55,920 K 97,164 K 1760 Google Chrome Google Inc. (Verified) Google Inc
dwm.exe 0.07 32,676 K 41,432 K 2712 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 0.06 2,348 K 108,624 K 4
raptr.exe 0.03 123,284 K 12,908 K 4520 Raptr Desktop App Raptr, Inc (Verified) Raptr
LMS.exe 0.03 2,700 K 5,308 K 2980 Local Manageability Service Intel Corporation (Verified) Intel Corporation
AppleMobileDeviceService.exe 0.03 3,612 K 10,812 K 1888 MobileDeviceService Apple Inc. (Verified) Apple Inc.
IAStorDataMgrSvc.exe 0.02 19,768 K 17,480 K 2192 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
explorer.exe 0.02 50,768 K 83,016 K 3396 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.02 110,960 K 41,440 K 1540 avast! Service AVAST Software (Verified) AVAST Software a.s.
svchost.exe 0.02 4,888 K 10,208 K 928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
raptr_im.exe 0.01 14,524 K 5,820 K 4828 Raptr Desktop App Raptr, Inc (Verified) Raptr
WDDriveService.exe 0.01 8,708 K 13,268 K 1244 WD Drive Service Western Digital Technologies, Inc. (Verified) Western Digital Technologies
XBoxStat.exe 0.01 2,960 K 6,996 K 3484 XBoxStat.exe Microsoft Corporation (Verified) Microsoft Corporation
avastui.exe 0.01 34,048 K 13,460 K 4104 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
svchost.exe < 0.01 16,736 K 18,376 K 1456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 27,680 K 44,552 K 1112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe < 0.01 3,120 K 7,528 K 4144 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
plays_service.exe < 0.01 13,852 K 22,836 K 2392 Plays.tv Service Plays.tv, LLC (Verified) Plays.tv
svchost.exe < 0.01 16,712 K 15,964 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
services.exe < 0.01 5,912 K 11,068 K 808 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
PnkBstrA.exe < 0.01 1,264 K 4,384 K 3312 (Verified) Even Balance
TiltWheelMouse.exe < 0.01 1,696 K 6,176 K 3480 pximouse Pixart Imaging Inc (Verified) Microsoft Windows Hardware Compatibility Publisher
lsass.exe < 0.01 6,696 K 15,152 K 816 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 17,440 K 9,176 K 5096 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 5,364 K 10,728 K 5268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 40,736 K 20,752 K 1400 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
VCDDaemon.exe < 0.01 1,632 K 6,004 K 6612 Virtual CloneDrive Daemon Elaborate Bytes AG (Verified) Elaborate Bytes AG
csrss.exe < 0.01 2,752 K 5,292 K 632 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
IAStorIcon.exe < 0.01 25,272 K 23,940 K 2968 IAStorIcon Intel Corporation (Verified) Intel Corporation
iTunesHelper.exe < 0.01 4,148 K 12,600 K 3788 iTunesHelper Apple Inc. (Verified) Apple Inc.
WDBackupEngine.exe < 0.01 27,348 K 30,496 K 4204 WD Backup Engine Western Digital Technologies, Inc. (Verified) Western Digital Technologies
svchost.exe < 0.01 8,196 K 15,328 K 1048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SolutoLauncherService.exe < 0.01 1,444 K 3,940 K 2904 Soluto Launcher Service Soluto (Verified) Soluto
wuauclt.exe 2,272 K 6,932 K 952 Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 6,980 K 12,916 K 4664 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,884 K 6,620 K 5260 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,316 K 8,060 K 752 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,656 K 4,808 K 704 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,604 K 6,952 K 6828 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 3,080 K 7,448 K 2728 User Notification Service Intel Corporation (Verified) Intel Corporation
TrustedInstaller.exe 12,692 K 17,600 K 2660 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 5,752 K 12,348 K 3728 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 207,064 K 207,204 K 2440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,708 K 8,764 K 588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,320 K 8,248 K 1812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 8,172 K 17,728 K 1076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,716 K 12,956 K 1352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 9,516 K 16,900 K 1748 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 584 K 1,256 K 404 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 9,708 K 12,040 K 3864 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
raptr_ep64.exe 4,040 K 9,024 K 6236 Elevation Proxy Raptr Inc. (Verified) Raptr
procexp.exe 2,456 K 7,600 K 6620 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 30,460 K 25,660 K 120 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
nusb3mon.exe 1,796 K 5,584 K 4068 USB 3.0 Monitor Renesas Electronics Corporation (Verified) Renesas Electronics Corporation
mDNSResponder.exe 2,284 K 5,916 K 1556 Bonjour Service Apple Inc. (Verified) Apple Inc.
lxeccoms.exe 2,500 K 6,260 K 2184 Printer Communication System (Verified) Lexmark International
lsm.exe 2,912 K 4,692 K 824 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 2,336 K 5,484 K 1856 Java Update Scheduler Oracle Corporation (Verified) Oracle America
IPROSetMonitor.exe 1,648 K 4,532 K 1288 Intel® PROSet Monitoring Service Intel Corporation (Verified) Intel Corporation
GoogleUpdate.exe 2,152 K 856 K 2804 Google Installer Google Inc. (Verified) Google Inc
GoogleUpdate.exe 2,324 K 684 K 3300 Google Installer Google Inc. (Verified) Google Inc
DropboxUpdate.exe 3,160 K 3,708 K 3756 Dropbox Update Dropbox, Inc. (Verified) Dropbox
Dropbox.exe 103,556 K 130,764 K 2208 Dropbox Dropbox, Inc. (Verified) Dropbox
chrome.exe 67,232 K 76,152 K 4476 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 120,468 K 131,456 K 3832 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 25,732 K 56,576 K 4736 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,600 K 4,672 K 2792 Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 19,012 K 18,520 K 5372 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 1,612 K 4,952 K 796 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,692 K 7,484 K 1320 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher

  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,896 posts
  • MVP

Let's clear the alarms, reboot and run vew again to see if anything got broken that we need to fix.

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
 
 
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

  • 0

Advertisements


#26
Dwashba

Dwashba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

System Log:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/08/2016 12:53:47 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/08/2016 7:37:00 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.
 
Log: 'System' Date/Time: 07/08/2016 7:33:36 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
 
Log: 'System' Date/Time: 07/08/2016 7:33:36 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
 
Log: 'System' Date/Time: 07/08/2016 7:32:08 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 07/08/2016 7:32:03 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
 
Log: 'System' Date/Time: 07/08/2016 7:31:31 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The VBoxAsw Support Driver service failed to start due to the following error:  The system cannot find the path specified.
 
Log: 'System' Date/Time: 07/08/2016 7:31:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Plays.tv Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 07/08/2016 7:31:19 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Plays.tv Update Service service to connect.
 
Log: 'System' Date/Time: 07/08/2016 7:30:42 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The atksgt service failed to start due to the following error:  This driver has been blocked from loading
 
Log: 'System' Date/Time: 07/08/2016 7:30:42 PM
Type: Error Category: 0
Event: 875 Source: Application Popup
Driver atksgt.sys has been blocked from loading.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/08/2016 7:30:07 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

  • 0

#27
Dwashba

Dwashba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Application Log:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/08/2016 12:54:21 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/08/2016 7:30:46 PM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Tages Protection, from vendor Tages SA) has the following problem: A driver is installed that causes stability problems with your system. This driver will be disabled. Please contact the driver manufacturer for an update that is compatible with this version of Windows.
 
Log: 'Application' Date/Time: 07/08/2016 7:29:09 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   9 user registry handles leaked from \Registry\User\S-1-5-21-3688702354-2117096547-3842074458-1000:
Process 2944 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-3688702354-2117096547-3842074458-1000
Process 2944 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-3688702354-2117096547-3842074458-1000
Process 2944 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Microsoft\SystemCertificates\Root
Process 2944 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Microsoft\SystemCertificates\My
Process 2944 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Microsoft\SystemCertificates\CA
Process 2944 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Microsoft\SystemCertificates\trust
Process 2944 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2944 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Policies\Microsoft\SystemCertificates
Process 2944 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-3688702354-2117096547-3842074458-1000\Software\Policies\Microsoft\SystemCertificates

  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,896 posts
  • MVP

You have someTagos drivers that are being blocked from loading:

 

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2012-03-28] ()

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-03-11] ()

Apparently this is installed by some game as copy protection.  Apparently the game is not totally win 7 compatible.  Probably the drivers aren't signed.  We could remove them for good with FRST but you might prefer to just Disable them:

 

Right click on Computer and select Manage and then Device Manager then View, Show Hidden Drivers.  Now look in the right pane for atksgt and lirsgt (probably they will be under non plug and play - might be a yellow flag next to one of them)  Right click on each and Disable.

 

Another possibility would be to run Autoruns, find the drivers and uncheck them

 

get autoruns from

 
Download Save and Run the program by right clicking and Run As Admin. 
 
You have something called PlaysTV which is not working well.  IF you need it for something then uninstall it and get a new version.  If you don't need it then just uninstall it.
 
 

 

Also Soluto is not really happy   It is holding open the registry when Windows shuts down.  I don't think it's something you really need so I would just uninstall it.  If you really must have it then get a new version.  Perhaps it wil work better.

 

Function Discovery Resource Publication appears to have a permission problem.

 

Search for

 

services.msc

 

and hit Enter.

 

Scroll down until you find 

 

Function Discovery Resource Publication (not the Function Discovery Provider Host which comes first)  Try to Start the service.  Does it give you an error?

 

Also check Windows Update.  Is it Started?  If not try to Start it.  Do you get an error?


  • 0

#29
Dwashba

Dwashba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

OK did all of that. Windows Update is running. I have a couple of updates it wants me to do.

 

The FDRP didn't run. I got this error message: Error 0x80070005: Access is denied.


  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,896 posts
  • MVP

let's try this fixlist:

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   1.15KB   98 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 

  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, virus, farbar

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP