Solved Bad Image error when loading .exe files.

X

XjamathonX

Posts: 20   +0
Good afternoon.. After some trial and error and more than a few sleepless nights struggling with this I figured I'd reach out for help from people far more experienced and educated in this than myself...

Any help with this would be greatly appreciated.. Thanks so much for your time..

Per the initial post here are the FRST.txt and Addition.txt logs...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by XjamathonX (administrator) on BFNERDGASM (11-04-2016 12:23:48)
Running from C:\Users\XjamathonX\Desktop
Loaded Profiles: XjamathonX (Available Profiles: XjamathonX)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "kernel32::GetLongPathNameW(w R8, w .R7, I 1024)I .R6" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) D:\Samsung Magician\Samsung Magician.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Users\XjamathonX\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390096 2016-04-07] (AVAST Software)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-07] (AVAST Software)
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{32D1360D-2E52-4463-858F-B807B4E5D191}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> DefaultScope {E6F7284B-8EE1-4A43-A4CA-6A5AC402DBF9} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> {E6F7284B-8EE1-4A43-A4CA-6A5AC402DBF9} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-07] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-07] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\XjamathonX\AppData\Roaming\Mozilla\Firefox\Profiles\rswjl8f6.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe Acrobat\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-28] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\XjamathonX\AppData\Roaming\Mozilla\Firefox\Profiles\rswjl8f6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-04-05] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCFirefoxExtn [2012-11-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-07]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02]
CHR Extension: (Google Drive) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-05]
CHR Extension: (YouTube) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (APK Downloader) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-10-02]
CHR Extension: (Google Search) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02]
CHR Extension: (ARC Welder) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2016-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (Avast Online Security) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-05]
CHR Extension: (APK Downloader) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR Extension: (__MSG_extName__) - D:\Program Files (x86)\ARC Chrome\Flash Fire Aerial Ops_1.0_1.apk_export_GApkc [2015-10-02]
CHR Extension: (__MSG_extName__) - D:\Program Files (x86)\ARC Chrome\Flash Fire Aerial Ops_1.0_1.apk_export_GApkc [2015-10-02]
CHR HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-07] (AVAST Software)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-06-13] () [File not signed]
R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Seagate Dashboard Services; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-07] (AVAST Software)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-07-15] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-07-15] (BIOSTAR Group)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-05] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-12-10] () [File not signed]
S3 TIEHDUSB; C:\Windows\System32\DRIVERS\tiehdusb.sys [128512 2012-03-07] (Texas Instruments) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-04-07] ()
U3 a6o487fi; C:\Windows\System32\Drivers\a6o487fi.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 12:23 - 2016-04-11 12:23 - 00023261 _____ C:\Users\XjamathonX\Desktop\FRST.txt
2016-04-07 19:17 - 2016-04-07 19:17 - 00005798 _____ C:\Users\XjamathonX\Documents\cc_20160407_191721.reg
2016-04-07 19:16 - 2016-04-07 19:16 - 00184314 _____ C:\Users\XjamathonX\Documents\cc_20160407_191650.reg
2016-04-07 14:15 - 2016-04-07 19:13 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-07 14:15 - 2016-04-07 19:05 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-07 14:15 - 2016-04-07 14:15 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-04-07 14:15 - 2016-04-07 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-04-07 14:15 - 2016-04-07 14:15 - 00000000 ____D C:\Program Files\RogueKiller
2016-04-07 14:09 - 2016-04-07 14:09 - 01610352 _____ (Malwarebytes) C:\Users\XjamathonX\Desktop\JRT.exe
2016-04-07 13:56 - 2016-04-07 13:55 - 00602112 _____ (OldTimer Tools) C:\Users\XjamathonX\Desktop\OTL.exe
2016-04-07 13:48 - 2016-04-11 12:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-07 13:48 - 2016-04-07 13:48 - 00000613 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-07 13:48 - 2016-04-07 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-07 13:48 - 2016-04-07 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-07 13:48 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-07 13:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-07 13:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-07 13:46 - 2016-04-07 13:47 - 00231744 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_13.46.04_log.txt
2016-04-07 13:43 - 2016-04-07 13:43 - 00000000 ____D C:\KVRT_Data
2016-04-07 13:19 - 2016-04-07 13:19 - 00042131 _____ C:\ComboFix.txt
2016-04-07 13:11 - 2016-04-07 13:11 - 05660031 ____R (Swearware) C:\Users\XjamathonX\Desktop\ComboFix.exe
2016-04-07 13:00 - 2016-04-07 18:57 - 00000000 ____D C:\AdwCleaner
2016-04-07 13:00 - 2016-04-07 13:00 - 03119168 _____ C:\Users\XjamathonX\Desktop\adwcleaner_5.109.exe
2016-04-07 13:00 - 2016-04-07 12:59 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-07 12:59 - 2016-04-07 12:59 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-07 12:55 - 2016-04-11 12:23 - 00000000 ____D C:\FRST
2016-04-07 12:53 - 2016-04-07 12:53 - 02374144 _____ (Farbar) C:\Users\XjamathonX\Desktop\FRST64.exe
2016-04-05 23:26 - 2016-04-05 23:54 - 00421106 _____ C:\spyhunter.fix
2016-04-05 23:26 - 2016-04-05 23:26 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-04-05 23:04 - 2016-04-05 23:04 - 00022400 ____R C:\Windows\SysWOW64\sh4native.exe
2016-04-05 22:39 - 2016-04-05 22:39 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Enigma Software Group
2016-04-05 22:39 - 2016-04-05 22:39 - 00000000 _____ C:\autoexec.bat
2016-04-05 22:38 - 2016-04-05 22:38 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-05 22:11 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-05 22:11 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-05 22:11 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-05 22:10 - 2016-04-07 13:19 - 00000000 ____D C:\Qoobox
2016-04-05 22:10 - 2016-04-05 22:18 - 00000000 ____D C:\Windows\erdnt
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2016-04-05 15:59 - 2016-04-05 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-05 15:04 - 2016-04-05 15:03 - 00380928 _____ C:\Users\XjamathonX\Desktop\tomy88gb.exe
2016-03-28 19:11 - 2016-03-28 19:11 - 00002531 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-03-28 19:11 - 2016-03-28 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-03-23 04:25 - 2016-04-07 13:06 - 00003050 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458721533
2016-03-23 04:25 - 2016-04-07 12:59 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-23 04:25 - 2016-03-23 04:25 - 00000997 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-23 04:25 - 2016-03-23 04:25 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 12:19 - 2014-12-27 19:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-11 12:19 - 2014-12-27 19:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-11 12:19 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-07 19:00 - 2009-07-14 01:13 - 00809218 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-07 19:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-07 18:54 - 2012-04-03 10:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-07 18:51 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-07 18:51 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-07 18:45 - 2014-12-27 19:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-07 18:45 - 2012-04-03 10:12 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 18:45 - 2012-04-03 10:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 18:45 - 2011-12-09 19:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 14:19 - 2011-12-10 17:38 - 00000000 ____D C:\Users\XjamathonX\AppData\Local\Apps\2.0
2016-04-07 14:07 - 2012-07-12 16:53 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\uTorrent
2016-04-07 13:57 - 2016-03-02 04:42 - 00000000 ____D C:\Users\XjamathonX\AppData\LocalLow\uTorrent
2016-04-07 13:57 - 2015-02-22 10:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-07 13:56 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2016-04-07 13:17 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-04-07 13:05 - 2014-12-27 19:45 - 00000000 ____D C:\Program Files\Google
2016-04-07 13:05 - 2013-02-07 18:35 - 00000000 ____D C:\Program Files (x86)\epson
2016-04-07 13:05 - 2011-12-09 19:20 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-07 13:05 - 2009-07-14 00:45 - 04986424 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-07 13:04 - 2012-03-28 23:14 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Yahoo!
2016-04-07 13:00 - 2012-07-12 00:33 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-07 12:59 - 2014-05-05 17:32 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-07 12:59 - 2014-01-02 13:27 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-07 12:59 - 2013-03-17 11:47 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-07 12:59 - 2013-03-17 11:47 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-07 12:59 - 2012-03-24 12:14 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-05 23:56 - 2011-12-09 19:20 - 00000000 ____D C:\ProgramData\Google
2016-04-05 23:53 - 2013-08-23 12:07 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\VMware
2016-04-05 23:53 - 2013-08-23 12:07 - 00000000 ____D C:\ProgramData\VMware
2016-04-05 23:53 - 2013-02-07 18:35 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-04-05 23:52 - 2011-12-09 19:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-05 23:51 - 2013-02-07 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-04-05 23:50 - 2012-01-11 21:31 - 00000000 ____D C:\ProgramData\Citrix
2016-04-05 23:50 - 2012-01-11 21:31 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-04-05 22:25 - 2012-05-10 11:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-05 22:04 - 2014-10-16 10:11 - 00000000 ____D C:\Temp
2016-04-05 21:44 - 2015-11-26 22:40 - 00000000 ____D C:\Windows\pss
2016-04-05 14:54 - 2015-09-12 09:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-05 04:31 - 2011-12-09 17:22 - 00000000 ____D C:\Users\XjamathonX
2016-04-04 14:10 - 2012-06-26 20:36 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\vlc
2016-03-28 19:16 - 2014-03-18 10:54 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Intuit
2016-03-28 19:12 - 2014-03-18 10:54 - 00000774 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-28 19:10 - 2014-03-18 10:53 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-03-23 04:25 - 2011-12-09 19:36 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-23 04:25 - 2011-12-09 19:36 - 00000000 ____D C:\Program Files\AVAST Software

==================== Files in the root of some directories =======

2015-09-05 20:25 - 2015-09-05 20:25 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-06-29 10:32 - 2015-11-16 17:38 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-07 20:50 - 2013-04-07 20:50 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe Targa Format CS5 Prefs
2011-12-30 18:40 - 2016-03-17 22:09 - 0001456 _____ () C:\Users\XjamathonX\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-22 10:27 - 2014-01-22 10:27 - 0007606 _____ () C:\Users\XjamathonX\AppData\Local\Resmon.ResmonCfg
2011-12-09 19:55 - 2011-12-09 19:55 - 0000000 _____ () C:\Users\XjamathonX\AppData\Local\{414AF067-011E-4897-B01B-245E88F1279E}
2012-03-28 23:12 - 2013-12-26 23:27 - 0006285 _____ () C:\ProgramData\hpzinstall.log
2014-03-18 10:54 - 2016-03-28 19:12 - 0000774 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 03:58

==================== End of FRST.txt ============================
 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by XjamathonX (2016-04-11 12:24:07)
Running from C:\Users\XjamathonX\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-12-09 21:22:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1048063312-2773705554-3676865481-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1048063312-2773705554-3676865481-1033 - Limited - Enabled)
Guest (S-1-5-21-1048063312-2773705554-3676865481-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1048063312-2773705554-3676865481-1036 - Limited - Enabled)
XjamathonX (S-1-5-21-1048063312-2773705554-3676865481-1000 - Administrator - Enabled) => C:\Users\XjamathonX

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apotheon (HKLM-x32\...\Apotheon_is1) (Version: - Alientrap)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Assassins Creed IV Black Flag Freedom Cry (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2260 - AVAST Software)
Awesomenauts (HKLM-x32\...\Awesomenauts) (Version: - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{473E82D7-79E2-43DF-8FA0-025407C93191}) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broforce Beta Update 7 October 2014 (HKLM-x32\...\Broforce Beta Update 7 October 2014) (Version: Update 7 October 2014 - Devolver Digital)
Brothers - A Tale of Two Sons (HKLM-x32\...\Brothers - A Tale of Two Sons_is1) (Version: - 505 Games)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Castle Crashers (HKLM-x32\...\Castle Crashers) (Version: 1.4 - Jimbo)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Dead Rising 3 v.1.0 (HKLM-x32\...\Dead Rising 3_is1) (Version: - )
Dont Starve Reign of Giants (HKLM-x32\...\Dont Starve Reign of Giants_is1) (Version: - )
Double Dragon: Neon (HKLM-x32\...\RG91YmxlRHJhZ29uTmVvbg==_is1) (Version: 1 - )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DuckTales Remastered (HKLM-x32\...\RHVja1RhbGVzUmVtYXN0ZXJlZA==_is1) (Version: 1 - )
Dying Light (HKLM-x32\...\Dying Light_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
Email Sender Deluxe (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\Email Sender Deluxe) (Version: 02.00.00.00 - Kristanix Software)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
ePub Converter (HKLM-x32\...\ePubConverter) (Version: 1.2.1 - eBook Converter)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fallout 3 Game of the Year Edition - DLCs (HKLM-x32\...\{12CFDA5C-BDB9-460D-9E0D-F7879D9E2351}}_is1) (Version: - Bethesda Softworks)
Fallout 3 Game of the Year Edition (HKLM-x32\...\{552F1CCF-1364-424C-85F7-46D4D006BB69}}_is1) (Version: - Bethesda Softworks)
FlacSquisher 1.3.4 (HKLM-x32\...\FlacSquisher) (Version: 1.3.4 - FlacSquisher)
Foul Play (HKLM-x32\...\Foul Play_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Free ePub reader 1.1 (HKLM-x32\...\{BB49A5B5-FEAE-46DB-91BC-F9F914A72DBA}_is1) (Version: 1.1 - SoftDevResource)
Gauntlet (HKLM-x32\...\Gauntlet_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Gods Will Be Watching (HKLM-x32\...\1207664883_is1) (Version: 2.0.0.1 - GOG.com)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\Grim Fandango Remastered_is1) (Version: - )
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Hatred (HKLM-x32\...\SGF0cmVk_is1) (Version: 1 - )
Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.0.0.4 - GOG.com)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\SW5qdXN0aWNlR29kc0Ftb25nVXNVbHRpbWF0ZUVkaXRpb24=_is1) (Version: 1 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1015 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Kentucky Route Zero (HKLM-x32\...\GOGPACKKENTUCKYROUTEZERO_is1) (Version: 2.1.0.3 - GOG.com)
K-Lite Codec Pack 8.7.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
Kodi (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\Kodi) (Version: - XBMC-Foundation)
Limits and Demonstrations (HKLM-x32\...\GOGPACKKRZBONUS2_is1) (Version: 2.0.0.1 - GOG.com)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moveslink2 (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\09caaf8ee8bfbd57) (Version: 1.3.31.14 - Suunto)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Mozilla Thunderbird 16.0.1 (x86 en-US) (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\Mozilla Thunderbird 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 en-US) (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\Mozilla Thunderbird 38.5.0 (x86 en-US)) (Version: 38.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NexusFont 2.5 (ver 2.5.8.1582) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version: - )
Outlast: Whistleblower (HKLM-x32\...\T3V0bGFzdFdoaXN0bGVibG93ZXI=_is1) (Version: 1 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.58.411.2012 - Realtek)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung SSD 840 EVO Performance Restoration (HKLM-x32\...\{B4B18E77-4C37-46F2-BC38-9451E65C9AEC}_is1) (Version: 1.0 - Samsung Electronics)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.0.34.1 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.6.0.13 - GOG.com)
Sideway - New York (HKLM-x32\...\Sideway - New York_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
skidrow (HKLM-x32\...\Insanely Twisted Shadow Planet_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Styx: Master of Shadows (HKLM-x32\...\U3R5eE1hc3Rlcm9mU2hhZG93cw==_is1) (Version: 1 - )
The Entertainment (HKLM-x32\...\GOGPACKKRZBONUS1_is1) (Version: 2.0.0.1 - GOG.com)
The Vanishing of Ethan Carter (HKLM-x32\...\The Vanishing of Ethan Carter_is1) (Version: - )
The Walking Dead - Season 2 (HKLM-x32\...\The Walking Dead - Season 2_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
The Wolf Among Us (HKLM-x32\...\The Wolf Among Us_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
This War of Mine (HKLM-x32\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOVERCLOCKER (HKLM-x32\...\{C9CC7CE9-B185-40BE-A9A8-504303EA06F7}) (Version: - )
Trine 2 (HKLM-x32\...\Trine 2_is1) (Version: - )
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
Valiant Hearts - The Great War (HKLM-x32\...\Valiant Hearts - The Great War_is1) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03958C7D-55C9-4328-B124-971E92791E62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0F0A667B-F75B-44AC-95B1-CE8887811421} - System32\Tasks\{96F074D1-494B-4501-88BF-473A08DC633C} => pcalua.exe -a C:\Users\XjamathonX\Desktop\Setup.exe -d C:\Users\XjamathonX\Desktop
Task: {1FF5E063-21D4-4567-9060-FA96408C3DDF} - System32\Tasks\SafeZone scheduled Autoupdate 1458721533 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {234D1BE1-BBE4-45B8-98F5-28A52DDAC8E9} - System32\Tasks\XjamathonX DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
Task: {2FF23BC6-3035-47AE-81DD-ED06B1DB8E54} - System32\Tasks\SpyHunter4Startup => D:\Torrents\SpyHunter 4.20.9.4533 Portable - AppzDam\App\SpyHunter\SpyHunter4.exe
Task: {33A9483E-360A-4D7A-BD38-A72B08BF3A14} - System32\Tasks\Seagate_Install_Launch => D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-02-10] (Seagate Technology LLC)
Task: {3E80F305-4537-4DE0-9E65-A809EA99BF16} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording
Task: {401E3AD9-48B7-49B4-B6EB-AEBCE883518F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4086F4A6-38B0-42A0-B680-23A66EE21DDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {44A16702-C83D-495F-A657-CB8074DDF248} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {79657ED3-9F35-4ABE-993F-BD084D048818} - System32\Tasks\{F4FF4091-BDC5-4473-8DF3-607E35367973} => pcalua.exe -a C:\PROGRA~2\TIEDUC~1\DRIVER~1\InstDrvr.exe -d C:\Windows\SysWOW64 -c /I "C:\Program Files (x86)\TI Education\Driver Files\SilvrLnk.inf" /D "C:\Program Files (x86)\TI Education\Driver Files"
Task: {7D0204E7-5C91-4C17-BF11-44F31602AD72} - System32\Tasks\{B8EA0008-2BD9-4C2A-AF05-7BB56E42694A} => pcalua.exe -a C:\Users\XjamathonX\AppData\Local\Temp\Temp1_Win7.zip\setup.exe
Task: {820334D0-AACD-40ED-9323-7486FA10A2F0} - System32\Tasks\{5D25FD96-B32E-430D-A3CA-A07FB92EF2D2} => pcalua.exe -a "D:\Program Files\Downloads\tinotefoliocreator.exe" -d "D:\Program Files\Downloads"
Task: {92EF6FAC-FEF7-4D35-8D0B-DDB16421A022} - System32\Tasks\{9FEA6AE1-8D51-4772-9537-D4299541F960} => pcalua.exe -a "H:\Woolfe - The Red Hood Diaries\Uninstall.exe"
Task: {959B2413-4579-4730-A32F-5043852043FD} - System32\Tasks\SamsungMagician => D:\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {9DFEB770-4A5C-4131-A5A0-138D46414D35} - System32\Tasks\AdobeAAMUpdater-1.0-BFNERDGASM-XjamathonX => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {AC5ACEF1-3811-44B6-90DF-FFDAF7366639} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {AE7C2C40-38A7-4F3A-8374-637AB531D1D7} - System32\Tasks\{DF1AF03C-DD62-44DB-B0DF-230F5A197890} => pcalua.exe -a C:\Users\XjamathonX\AppData\Local\Temp\Temp1_F6flpy64.zip\Setup.exe
Task: {C6F8F157-17B6-4A39-923B-3390A9D13249} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-07] (AVAST Software)
Task: {DF9CF746-6A1A-4AFC-8E24-5877D8A2BE4F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\XjamathonX\Desktop\Gamez\REVOLT.bat - Shortcut.lnk -> H:\Gauntlet\REVOLT.bat ()

==================== Loaded Modules (Whitelisted) ==============

2014-12-27 19:48 - 2016-02-09 01:41 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-28 11:42 - 2016-01-12 00:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-04-07 12:59 - 2016-04-07 12:59 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-07 12:59 - 2016-04-07 12:59 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-07 18:46 - 2016-04-07 18:46 - 02853376 _____ () C:\Program Files\AVAST Software\Avast\defs\16040702\algo.dll
2016-04-11 12:19 - 2016-04-11 12:19 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16041100\algo.dll
2016-04-07 12:59 - 2016-04-07 12:59 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-23 09:32 - 2016-01-12 00:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-10-16 10:19 - 2014-09-28 18:59 - 00019872 _____ () D:\Samsung Magician\SAMSUNG_SSD.dll
2015-12-08 12:20 - 2015-12-08 12:20 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-03-02 14:21 - 2016-03-02 14:21 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bbff8e1df92fa6a12ebd1327d202f4af\IsdiInterop.ni.dll
2011-12-09 20:05 - 2011-02-09 14:16 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-12-27 21:15 - 2012-03-28 23:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\XjamathonX\Cookies:FGxKqjqSwvV8XZIb [2110]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-12-10 20:53 - 2016-04-05 22:17 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\XjamathonX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: ufad-ws60 => 3
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: wsnm => 2
MSCONFIG\Services: wsnm_usbctrl => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk => C:\Windows\pss\GIGABYTE OC_GURU.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "D:\Program Files (x86)\Adobe Acrobat\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DBAgent => "D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: OneDrive => "C:\Users\XjamathonX\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: QuickTime Task => "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Uploader => D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\XjamathonX\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{22C38627-2ED9-435D-8C78-9689D8D3863D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A076466-4562-4ACD-8FC8-D513F15C48AC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{11D34DD5-3ED0-40E8-82E2-195D9A5D84B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4DE55261-FA67-4F25-BFAF-F1A4062910B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9912C36B-6A1E-49A6-AB6F-140523740247}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E60846C-7A8E-47C5-8E34-C1F738FA6D7D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D57C8AC-20FD-4C3A-8C0E-6498FCCC21FF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D573F862-64BE-4DF6-ABB7-3F2D1BC223CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{BA3237EC-F014-48EB-975E-5061030CDCDE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A2DF574F-2D6A-41F9-9C58-8F183120975A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{7BDC202A-2859-41C6-ABC1-5D7E73851886}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0BFF4EE9-2A5E-4900-9B76-8C6679CDFE9E}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{1121CC73-1D1F-4D8A-9E58-C29CB74C5F10}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{34D7E315-3039-4B3E-80CF-BB4578AC90E0}] => (Allow) C:\Users\XjamathonX\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3BBE84E5-3DA0-4917-87B2-0F22FADBDA32}] => (Allow) C:\Users\XjamathonX\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1DE79B52-8222-44F7-8CA9-BC1BC8574CC5}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{7D230416-1119-4CCC-A574-9E5BB0DB1BFE}D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{CEFAEB1A-F83D-46F6-99B5-3C3628037098}D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{05681A26-E97A-483D-85CC-9ABBB881A786}] => (Block) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{6DCE0312-2B88-412B-8F16-F5DE75B2237E}] => (Block) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{F050A521-CB2B-4A64-9ECD-FA1E969E2216}] => (Allow) C:\Users\XjamathonX\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0BDDEF9B-DC2E-4D39-9B7E-2392F655B720}] => (Allow) C:\Users\XjamathonX\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{FB3F90CB-4536-4218-853A-F0DAB1F9BA3E}C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe] => (Block) C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe
FirewallRules: [UDP Query User{56FA3B7D-E6C6-44CA-B0C7-8B555A95F00B}C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe] => (Block) C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe
FirewallRules: [{1061075D-CDA7-42EF-AB52-7B4AB759FC9F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1180B023-1C8B-44CD-8515-74025A9937AF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{5A7A6726-3A00-408C-8275-E35C6589991C}H:\gauntlet\binaries\gauntlet.exe] => (Block) H:\gauntlet\binaries\gauntlet.exe
FirewallRules: [UDP Query User{21D3B3E2-5058-4AC3-8EB1-7768D5204BC6}H:\gauntlet\binaries\gauntlet.exe] => (Block) H:\gauntlet\binaries\gauntlet.exe
FirewallRules: [TCP Query User{8A6C3071-52E4-4BE6-B990-B4D8DA6658A5}H:\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) H:\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{43A59881-B591-450D-A16A-7F712A7C1519}H:\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) H:\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{E1172050-CA04-4587-9CA3-A96771972251}H:\styx master of shadows\binaries\win32\styxgame.exe] => (Block) H:\styx master of shadows\binaries\win32\styxgame.exe
FirewallRules: [UDP Query User{EA6CB299-D737-4CCD-B2BD-BB537CAB658A}H:\styx master of shadows\binaries\win32\styxgame.exe] => (Block) H:\styx master of shadows\binaries\win32\styxgame.exe
FirewallRules: [{0D5BB85B-F3FC-4971-A091-73072D0C40AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FC114F38-314A-4C92-BE99-7B7D53343813}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{53CD376C-3144-4B19-A81C-2070364CD59C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FDCB9F84-7737-4CAF-90D6-60CBC7F395B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{35C143BC-064D-4531-AD5E-26527665F169}H:\outlast whistleblower\binaries\win64\olgame.exe] => (Allow) H:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{B5430199-CA3B-4CA6-8CFD-4BEAAECD0287}H:\outlast whistleblower\binaries\win64\olgame.exe] => (Allow) H:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [{42C8AC18-C0E2-4ECD-A5A1-BEDB9BF8C90C}] => (Block) H:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [{1F01B80B-F1D6-4B48-8DF8-E68DE7E90CE3}] => (Block) H:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [{7BD31964-1570-4730-90CC-103ECA3C4E3D}] => (Allow) H:\SteamLibrary\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{6A564AF7-078E-4B30-B4CE-485B6F8DB841}] => (Allow) H:\SteamLibrary\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [TCP Query User{C8D553F1-0A65-49F8-A5FB-8309F0131238}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8915F66F-D485-4AE8-9DB3-6B5360CC1C5A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{572F9CBA-15A3-4749-990A-3458010A057A}H:\games\saints row iv\saintsrowiv.exe] => (Allow) H:\games\saints row iv\saintsrowiv.exe
FirewallRules: [UDP Query User{531DDE64-2873-4A24-BAAE-28C2F26C2FA7}H:\games\saints row iv\saintsrowiv.exe] => (Allow) H:\games\saints row iv\saintsrowiv.exe
FirewallRules: [{C2B8DA45-9A73-4781-8CBD-F7981C9DA0F1}] => (Block) H:\games\saints row iv\saintsrowiv.exe
FirewallRules: [{9F00470E-B32B-406B-98A8-96B4D5A41E89}] => (Block) H:\games\saints row iv\saintsrowiv.exe
FirewallRules: [{DF5B6984-9D7D-4A97-BF5F-4AEA4FCD6DFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{83571500-279A-4B3E-8967-B616E86199C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DDD900DA-5C07-443D-8059-FBEAC3D56B08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8901F554-9672-4CD5-AB68-8117B1AD4DB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C9A8E444-A76B-4C34-8CD6-888C7CE55EBC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D657F9B8-4D7D-4D1E-A581-CB6FBB7C606C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FAABBB7-A783-4723-B0D0-83D8B042E8B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6C5FA61D-5DED-4249-A795-BDCC89FFF3B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4AE69F04-212E-434D-89B9-B106A4E3F59B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{67C2BE18-55C1-4920-83FF-63C1EC2C16A4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E064F33-FE4F-4FF4-B3FE-F5690D977B90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0FB50E7-6361-4FF0-998F-2B4D8888F3E4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3348BC4B-BFF9-4587-ACFD-4433F61B8A8A}D:\kodi\kodi.exe] => (Allow) D:\kodi\kodi.exe
FirewallRules: [UDP Query User{9320013B-5538-4B66-B410-22AFBB6A729B}D:\kodi\kodi.exe] => (Allow) D:\kodi\kodi.exe
FirewallRules: [{7A5FA18C-F225-440F-9800-D833BC0E677A}] => (Block) D:\kodi\kodi.exe
FirewallRules: [{4F73964D-8355-41E4-A4B0-4BB19ADC373B}] => (Block) D:\kodi\kodi.exe
FirewallRules: [TCP Query User{F2BBD8C6-0903-4600-A73A-5BE44018A1C9}H:\dying light\dyinglightgame.exe] => (Allow) H:\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{F5D9F98E-D78D-422F-98B0-A671DB6858F9}H:\dying light\dyinglightgame.exe] => (Allow) H:\dying light\dyinglightgame.exe
FirewallRules: [{17BFE89A-370D-4202-8430-7EC159DF3D5D}] => (Block) H:\dying light\dyinglightgame.exe
FirewallRules: [{90A5B102-0310-49A2-BDDC-507D69420955}] => (Block) H:\dying light\dyinglightgame.exe
FirewallRules: [{C313807F-5363-485E-A6FF-701419EAE623}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{A35FC56A-6A5E-44A4-86D4-B8CE4D563020}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5CD0AB76-B8BC-4D09-9846-BF2B3C34E79F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2418C6C6-CC69-45A4-9C94-EFAEAD221899}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9866C27E-BAF3-4028-B5C7-912094BD9A20}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A10866AF-E02C-4E17-B2AD-40AF5881CFAC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Restore Points =========================

05-04-2016 23:48:45 Removed TI NoteFolio Creator
05-04-2016 23:48:56 Removed TI Connect 1.5
05-04-2016 23:51:48 Removed FAX Utility
05-04-2016 23:52:31 Removed Epson Event Manager
05-04-2016 23:52:56 Removed Software Updater
05-04-2016 23:53:21 Removed VMware View Client.
07-04-2016 14:09:39 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2016 12:22:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntuitUpdateService.exe, version: 4.0.11.0, time stamp: 0x53ed099e
Faulting module name: clr.dll, version: 4.0.30319.34209, time stamp: 0x5348961e
Exception code: 0xc0000005
Fault offset: 0x005081c1
Faulting process id: 0x17e4
Faulting application start time: 0xIntuitUpdateService.exe0
Faulting application path: IntuitUpdateService.exe1
Faulting module path: IntuitUpdateService.exe2
Report Id: IntuitUpdateService.exe3

Error: (04/11/2016 12:22:52 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: IntuitUpdateService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 686D81C1 (681D0000) with exit code 80131506.

Error: (04/11/2016 12:21:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MobileService.exe, version: 3.0.32.0, time stamp: 0x52e60931
Faulting module name: clr.dll, version: 4.0.30319.34209, time stamp: 0x5348961e
Exception code: 0xc0000005
Fault offset: 0x005081c1
Faulting process id: 0xdd4
Faulting application start time: 0xMobileService.exe0
Faulting application path: MobileService.exe1
Faulting module path: MobileService.exe2
Report Id: MobileService.exe3

Error: (04/11/2016 12:21:48 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: MobileService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 6BF281C1 (6BA20000) with exit code 80131506.

Error: (04/11/2016 12:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 20 2.1.2.D.F.F.B.2.2.E.6.2.A.4.C.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR BFNerdgasm-2.local.

Error: (04/11/2016 12:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.9:5353 18 2.1.2.D.F.F.B.2.2.E.6.2.A.4.C.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR BFNerdgasm.local.

Error: (04/11/2016 12:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 20 9.0.0.10.in-addr.arpa. PTR BFNerdgasm-2.local.

Error: (04/11/2016 12:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.9:5353 18 9.0.0.10.in-addr.arpa. PTR BFNerdgasm.local.

Error: (04/11/2016 12:21:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname BFNerdgasm.local already in use; will try BFNerdgasm-2.local instead

Error: (04/11/2016 12:21:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 BFNerdgasm.local. AAAA FE80:0000:0000:0000:6C4A:26E2:2BFF:D212
 
Continued...


System errors:
=============
Error: (04/11/2016 12:22:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2016 12:21:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Seagate MobileBackup Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2016 12:20:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/11/2016 12:19:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.

Error: (04/11/2016 12:19:17 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

Error: (04/11/2016 12:18:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/11/2016 12:18:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/11/2016 12:18:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/11/2016 12:18:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (04/11/2016 12:18:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
Date: 2016-04-05 22:49:16.665
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.665
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.650
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.650
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.650
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.650
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.634
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.634
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.634
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.618
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 16365.14 MB
Available physical RAM: 12618.51 MB
Total Virtual: 32728.48 MB
Available Virtual: 29117.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:5.8 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:37.42 GB) NTFS
Drive e: (16 sep 2015) (CDROM) (Total:4.38 GB) (Free:4.24 GB) UDF
Drive g: (Seagate Backup Plus Drive) (Fixed) (Total:465.76 GB) (Free:107.21 GB) NTFS
Drive h: () (Fixed) (Total:232.88 GB) (Free:29.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C5B033F2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0C059FC0)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 704609D2)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: 4ACE94DA)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.1.2.0 [Apr 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : XjamathonX [Administrator]
Started from : C:\Users\XjamathonX\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/11/2016 21:18:58

¤¤¤ Processes : 1 ¤¤¤
[Tr.Zeus] mbamservice.exe(2952) -- D:\Malwarebytes Anti-Malware\mbamservice.exe[x] -> Found

¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 ([X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{32D1360D-2E52-4463-858F-B807B4E5D191} | DhcpNameServer : 10.0.0.1 ([X]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SH100S3120G +++++
--- User ---
[MBR] eb0a0723ca55914305469af644936f0e
[BSP] d769bcadfedd7d9efc0e7bb0b1b6f1e7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung SSD 840 EVO 250G +++++
--- User ---
[MBR] f6bdfba5834a1f56b2c6a3b6149c34c2
[BSP] 80491892883b72975ab1b1355fb7d5f3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD5000AAKX-001CA0 +++++
--- User ---
[MBR] e2669f63d73efae28c902673dc1a56ae
[BSP] 0f4f671452479f81b0e7deb93e0726a9 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Seagate Backup+ BK USB Device +++++
--- User ---
[MBR] a98d3e5ac1bd6db9b2cd5418319c3393
[BSP] 4fc42270b395b33e8e06083e801aeffd : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
This scan was the one just conducted.. I can get a log from when this problem first occurred if helpful!



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/11/2016
Scan Time: 9:22 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.11.07
Rootkit Database: v2016.04.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: XjamathonX

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387568
Time Elapsed: 5 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
# AdwCleaner v5.110 - Logfile created 11/04/2016 at 21:35:12
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : XjamathonX - BFNERDGASM
# Running from : C:\Users\XjamathonX\Desktop\adwcleaner_5.110.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [29723 bytes] - [07/04/2016 13:04:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [29522 bytes] - [07/04/2016 13:00:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [929 bytes] - [07/04/2016 13:07:44]
C:\AdwCleaner\AdwCleaner[S3].txt - [1001 bytes] - [07/04/2016 18:53:54]
C:\AdwCleaner\AdwCleaner[S4].txt - [1074 bytes] - [07/04/2016 18:57:10]
C:\AdwCleaner\AdwCleaner[S6].txt - [997 bytes] - [11/04/2016 21:35:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1069 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Professional x64
Ran by XjamathonX (Administrator) on Mon 04/11/2016 at 21:38:26.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 22

Successfully deleted: C:\Users\XjamathonX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M3HTX3G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\XjamathonX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55OCMO12 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\XjamathonX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RREEHMM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\XjamathonX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UQXW7OL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\XjamathonX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XW3EM9L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\XjamathonX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMEFSM2Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\XjamathonX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ9M6YIG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\XjamathonX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV3M8YWV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\XjamathonX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYR37CLF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\XjamathonX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEEVSVIZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\XjamathonX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRJ8955J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M3HTX3G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55OCMO12 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RREEHMM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UQXW7OL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XW3EM9L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMEFSM2Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ9M6YIG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV3M8YWV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYR37CLF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEEVSVIZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRJ8955J (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/11/2016 at 21:40:06.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 16-04-06.01 - XjamathonX 04/11/2016 21:53:17.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16365.12913 [GMT -4:00]
Running from: d:\program files\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-03-12 to 2016-04-12 )))))))))))))))))))))))))))))))
.
.
2016-04-12 01:58 . 2016-04-12 01:58 -------- d-----w- c:\users\XjamathonX\AppData\Local\temp
2016-04-12 01:58 . 2016-04-12 01:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-11 16:29 . 2016-04-11 16:29 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8708A78-80F4-4F25-A490-3C5FFCB748C9}\offreg.2452.dll
2016-04-07 18:15 . 2016-04-12 01:09 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-07 18:15 . 2016-04-07 18:15 -------- d-----w- c:\program files\RogueKiller
2016-04-07 18:15 . 2016-04-07 23:13 -------- d-----w- c:\programdata\RogueKiller
2016-04-07 17:48 . 2016-04-12 01:49 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-07 17:48 . 2016-04-07 17:48 -------- d-----w- c:\programdata\Malwarebytes
2016-04-07 17:48 . 2016-03-10 18:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-07 17:48 . 2016-03-10 18:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-07 17:48 . 2016-03-10 18:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-07 17:43 . 2016-04-07 17:43 -------- d-----w- C:\KVRT_Data
2016-04-07 17:00 . 2016-04-12 01:35 -------- d-----w- C:\AdwCleaner
2016-04-07 17:00 . 2016-04-07 16:59 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-04-07 16:59 . 2016-04-07 16:59 52184 ----a-w- c:\windows\avastSS.scr
2016-04-07 16:55 . 2016-04-11 16:24 -------- d-----w- C:\FRST
2016-04-06 03:04 . 2016-04-06 03:04 22400 ----a-r- c:\windows\SysWow64\sh4native.exe
2016-04-06 02:39 . 2016-04-06 02:39 -------- d-----w- c:\users\XjamathonX\AppData\Roaming\Enigma Software Group
2016-04-06 02:38 . 2016-04-06 02:38 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-04-06 02:03 . 2016-04-06 02:03 -------- d-----w- c:\program files (x86)\CleanUp!
2016-04-05 08:27 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8708A78-80F4-4F25-A490-3C5FFCB748C9}\mpengine.dll
2016-03-23 08:25 . 2016-04-07 16:59 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-07 22:45 . 2012-04-03 14:12 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-07 22:45 . 2011-12-09 23:26 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-07 16:59 . 2014-01-02 17:27 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-04-07 16:59 . 2014-05-05 21:32 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-04-07 16:59 . 2013-03-17 15:47 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-04-07 16:59 . 2013-03-17 15:47 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-04-07 16:59 . 2012-03-24 16:14 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-04-07 16:59 . 2011-12-09 23:37 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-04-07 16:59 . 2011-12-09 23:37 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-04-07 16:59 . 2011-12-09 23:37 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-04-05 18:54 . 2015-09-12 13:57 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-23 16:24 . 2011-12-09 23:33 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-02-09 08:39 . 2016-02-23 15:54 950328 ----a-w- c:\windows\system32\NvFBC64.dll
2016-02-09 08:39 . 2016-02-23 15:54 880576 ----a-w- c:\windows\system32\NvIFR64.dll
2016-02-09 08:39 . 2016-02-23 15:54 747064 ----a-w- c:\windows\SysWow64\NvFBC.dll
2016-02-09 08:39 . 2016-02-23 15:54 691256 ----a-w- c:\windows\SysWow64\NvIFR.dll
2016-02-09 08:39 . 2016-02-23 15:54 502080 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2016-02-09 08:39 . 2016-02-23 15:54 469144 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-02-09 08:39 . 2016-02-23 15:54 423360 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2016-02-09 08:39 . 2016-02-23 15:54 423080 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2016-02-09 08:39 . 2016-02-23 15:54 388560 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-02-09 08:39 . 2016-02-23 15:54 379448 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2016-02-09 08:39 . 2016-02-23 15:54 37616696 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2016-02-09 08:39 . 2016-02-23 15:54 3145272 ----a-w- c:\windows\system32\nvcuvid.dll
2016-02-09 08:39 . 2016-02-23 15:54 2722872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2016-02-09 08:39 . 2016-02-23 15:54 24916536 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2016-02-09 08:39 . 2016-02-23 15:54 21193032 ----a-w- c:\windows\system32\nvopencl.dll
2016-02-09 08:39 . 2016-02-23 15:54 20733832 ----a-w- c:\windows\system32\nvcuda.dll
2016-02-09 08:39 . 2016-02-23 15:54 1924152 ----a-w- c:\windows\system32\nvdispco6436191.dll
2016-02-09 08:39 . 2016-02-23 15:54 17625136 ----a-w- c:\windows\SysWow64\nvopencl.dll
2016-02-09 08:39 . 2016-02-23 15:54 175368 ----a-w- c:\windows\system32\nvinitx.dll
2016-02-09 08:39 . 2016-02-23 15:54 17218792 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-02-09 08:39 . 2016-02-23 15:54 16995576 ----a-w- c:\windows\system32\nvd3dumx.dll
2016-02-09 08:39 . 2016-02-23 15:54 1571776 ----a-w- c:\windows\system32\nvdispgenco6436191.dll
2016-02-09 08:39 . 2016-02-23 15:54 153208 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-02-09 08:39 . 2016-02-23 15:54 151368 ----a-w- c:\windows\system32\nvoglshim64.dll
2016-02-09 08:39 . 2016-02-23 15:54 128696 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2016-02-09 08:39 . 2016-02-23 15:54 12383288 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2016-02-09 08:39 . 2016-02-23 15:54 42982336 ----a-w- c:\windows\system32\nvcompiler.dll
2016-02-09 08:39 . 2015-12-29 14:44 16327896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-02-09 08:39 . 2015-11-28 02:29 18758400 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-02-09 08:39 . 2015-11-28 02:29 14016576 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-02-09 08:39 . 2015-11-28 02:29 3684072 ----a-w- c:\windows\system32\nvapi64.dll
2016-02-09 08:39 . 2015-11-28 02:29 3259688 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-02-09 08:39 . 2014-12-27 23:46 31081920 ----a-w- c:\windows\system32\nvoglv64.dll
2016-02-09 05:41 . 2014-12-27 23:48 6368824 ----a-w- c:\windows\system32\nvcpl.dll
2016-02-09 05:41 . 2014-12-27 23:48 2993720 ----a-w- c:\windows\system32\nvsvc64.dll
2016-02-09 05:41 . 2015-12-29 14:45 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-02-09 05:41 . 2015-12-29 14:45 530368 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-02-09 05:41 . 2014-12-27 23:56 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-02-09 05:41 . 2014-12-27 23:48 69568 ----a-w- c:\windows\system32\nvshext.dll
2016-02-09 05:41 . 2014-12-27 23:48 392128 ----a-w- c:\windows\system32\nvmctray.dll
2016-02-09 05:41 . 2014-12-27 23:48 1264696 ----a-w- c:\windows\system32\nvvsvc.exe
2016-02-09 05:26 . 2016-02-23 15:55 111672 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2016-02-06 10:48 . 2016-02-09 23:56 25839104 ----a-w- c:\windows\system32\mshtml.dll
2016-02-06 10:32 . 2016-02-09 23:56 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-02-06 10:24 . 2016-02-09 23:56 2887680 ----a-w- c:\windows\system32\iertutil.dll
2016-02-06 10:11 . 2016-02-09 23:56 615936 ----a-w- c:\windows\system32\ieui.dll
2016-02-06 10:10 . 2016-02-09 23:56 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-02-06 09:54 . 2016-02-09 23:56 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-02-06 09:37 . 2016-02-09 23:56 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-02-06 09:32 . 2016-02-09 23:56 14458368 ----a-w- c:\windows\system32\ieframe.dll
2016-02-06 09:09 . 2016-02-09 23:56 1547264 ----a-w- c:\windows\system32\urlmon.dll
2016-02-06 01:49 . 2014-12-27 23:48 6154909 ----a-w- c:\windows\system32\nvcoproc.bin
2016-01-22 20:31 . 2016-02-09 23:56 387784 ----a-w- c:\windows\system32\iedkcs32.dll
2016-01-22 06:56 . 2016-02-09 23:56 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-01-22 06:41 . 2016-02-09 23:56 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-01-22 06:40 . 2016-02-09 23:56 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-01-22 06:40 . 2016-02-09 23:56 417792 ----a-w- c:\windows\system32\html.iec
2016-01-22 06:40 . 2016-02-09 23:56 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-01-22 06:40 . 2016-02-09 23:56 571904 ----a-w- c:\windows\system32\vbscript.dll
2016-01-22 06:33 . 2016-02-09 23:56 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-01-22 06:32 . 2016-02-09 23:56 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-01-22 06:29 . 2016-02-09 23:56 6052352 ----a-w- c:\windows\system32\jscript9.dll
2016-01-22 06:27 . 2016-02-09 23:56 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-01-22 06:27 . 2016-02-09 23:56 817664 ----a-w- c:\windows\system32\jscript.dll
2016-01-22 06:27 . 2016-02-09 23:56 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-01-22 06:27 . 2016-02-09 23:56 5573056 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-01-22 06:27 . 2016-02-09 23:56 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-01-22 06:27 . 2016-02-09 23:56 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-01-22 06:24 . 2016-02-09 23:56 1733592 ----a-w- c:\windows\system32\ntdll.dll
2016-01-22 06:20 . 2016-02-09 23:56 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-01-22 06:20 . 2016-02-09 23:56 243712 ----a-w- c:\windows\system32\wow64.dll
2016-01-22 06:20 . 2016-02-09 23:56 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-01-22 06:20 . 2016-02-09 23:56 215040 ----a-w- c:\windows\system32\winsrv.dll
2016-01-22 06:20 . 2016-02-09 23:56 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-01-22 06:20 . 2016-02-09 23:56 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-01-22 06:20 . 2016-02-09 23:56 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-01-22 06:20 . 2016-02-09 23:56 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-01-22 06:20 . 2016-02-09 23:56 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-01-22 06:20 . 2016-02-09 23:56 503808 ----a-w- c:\windows\system32\srcore.dll
2016-01-22 06:20 . 2016-02-09 23:56 50176 ----a-w- c:\windows\system32\srclient.dll
2016-01-22 06:19 . 2016-02-09 23:56 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-01-22 06:19 . 2016-02-09 23:56 28160 ----a-w- c:\windows\system32\secur32.dll
2016-01-22 06:19 . 2016-02-09 23:56 344064 ----a-w- c:\windows\system32\schannel.dll
2016-01-22 06:19 . 2016-02-09 23:56 1214464 ----a-w- c:\windows\system32\rpcrt4.dll
2016-01-22 06:18 . 2016-02-09 23:56 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-01-22 06:18 . 2016-02-09 23:56 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-01-22 06:18 . 2016-02-09 23:56 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2016-01-22 06:17 . 2016-02-09 23:56 489984 ----a-w- c:\windows\system32\dxtmsft.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2016-02-08 . 8F84D4D9632C0B95D16C1BB5D74C793B . 25816576 . . [11.00.9600.18212] .. c:\windows\SoftwareDistribution\Download\347a67377da11fafc10c6841a958e018\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18230_none_f5b17fd83725bb7d\mshtml.dll
[-] 2016-02-06 . 810E21E7AAC4EC5F7D806E844898BD04 . 25839104 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18211_none_f5af687c3727a270\mshtml.dll
[7] 2016-01-22 . 7CBD82B1F1C56A990CC64512FBE69A99 . 25837568 . . [11.00.9600.18205] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18204_none_f5ae23da3728d5fc\mshtml.dll
[7] 2015-12-12 . 6AEBA30A9AF45D0C83385F48EC943426 . 25837568 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18163_none_f5bf0c4a371b3874\mshtml.dll
[7] 2015-11-11 . A8B4563632BAF46BB005A0127727E82D . 25837568 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18124_none_f5baf45a371eecb9\mshtml.dll
[7] 2015-10-30 . 67D3A8E2F5DECD6B6F7194BBF58696E6 . 25818624 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18097_none_f5cc81f43710cf0c\mshtml.dll
[7] 2015-09-16 . 99BA96F5AC545D857E662A9FC576D919 . 25851904 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18059_none_f5c8533c37149cf2\mshtml.dll
[7] 2015-08-15 . 2555DEF683BDF9B4947591827D6DE69A . 25190400 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18015_none_f5c4ad343717d112\mshtml.dll
[7] 2015-08-11 . E5F2BB962F84A8F8D996FEA33F4C817B . 25191936 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17963_none_f5688b04375c1ad5\mshtml.dll
[7] 2015-07-16 . E6CF1778145272A83E58C4AB66358AF3 . 25192448 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17959_none_f567020a375d9b44\mshtml.dll
[7] 2015-07-02 . D74E2BE157B8A2A9CF29BEBB052B8A42 . 25193984 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17923_none_f56489dc375fb579\mshtml.dll
[7] 2015-06-25 . 6755794418FD4C81E3372C4622956B6C . 25195008 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17914_none_f56372ca3760b5c3\mshtml.dll
[7] 2015-05-27 . A29BAFC1543F9D2234AFFFEA9BCE76C8 . 24917504 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17843_none_f5715a5c3755cc36\mshtml.dll
[7] 2015-04-21 . C31D57F7A58FACDA2671075CEBA75199 . 24971776 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17801_none_f56d86c437593398\mshtml.dll
[7] 2015-03-13 . DBC0C4554A8B2A81F68690D30F12C99E . 24980480 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17728_none_f579b7cc374ffdbc\mshtml.dll
[7] 2015-02-21 . 1193400D8E29A5A010135FB09A4EB1E8 . 25021440 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17691_none_f58c29363740dfc5\mshtml.dll
[7] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_f585f9ea37467afd\mshtml.dll
[7] 2014-11-22 . D478A4CF07FB8ADF72FB16B88E8030B8 . 25059840 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_f58df6883740dfc5\mshtml.dll
[7] 2014-11-06 . BBD6A636AAA65D874F3863280CD8373D . 25110016 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_f59addd03736dce1\mshtml.dll
[7] 2014-09-19 . 7415B29AFE2E4494A57358B8C7E78600 . 23631360 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_f5a7f85a372cd9fd\mshtml.dll
[7] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_f5b67f6437213d09\mshtml.dll
[7] 2014-07-25 . ECA387DCD57F683C52171C766CF400F0 . 23645696 . . [11.00.9600.18212] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_f5b0b0ea3726a4ff\mshtml.dll
[7] 2014-06-19 . FEC19C351EF1B2C998A85D1BFD765675 . 23464448 . . [11.00.9600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_f5addd9c372925b8\mshtml.dll
[7] 2014-05-30 . 56803B20D168C1B740D12CE0BE4588F5 . 23414784 . . [11.00.9600.17126] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_f5bac4e4371f22d4\mshtml.dll
[7] 2014-05-06 . 797E2E5C309AFF76990D5B7AF457EACA . 23544320 . . [11.00.9600.17107] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_f5b8ad88372109c7\mshtml.dll
[7] 2014-04-29 . A98DA2EC1E56CF52C682D072F77D9874 . 23547904 . . [11.00.9600.17105] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_f5b8db183720d685\mshtml.dll
[7] 2014-03-31 . C3E3EFD320D0000BE6F9CDB00CD6086F . 23134208 . . [11.00.9600.16659] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16659_none_f5876fe837454a4a\mshtml.dll
[7] 2014-03-06 . 37D0FB9E5E8EDA40B66FC3FB3D660261 . 23549440 . . [11.00.9600.17041] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_f5c8074c3714b96c\mshtml.dll
[7] 2014-03-01 . 4E0709D9BB951AD1C22E4FF519B90839 . 23133696 . . [11.00.9600.16521] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_f58ff536373f154c\mshtml.dll
[7] 2014-02-06 . D016F5092E4FFC41147E8555A71D2DDE . 23170048 . . [11.00.9600.16518] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16518_none_f58e55743740af5c\mshtml.dll
[7] 2013-11-26 . 16B0A65F52531B769B891DC251ECC6C0 . 23183360 . . [11.00.9600.16476] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16476_none_f59f54ac3732f833\mshtml.dll
[7] 2013-11-15 . D233E1A32CE6AF918C9DE1BC44AFEB2A . 23212032 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll
[7] 2010-11-21 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll
[-] 2016-02-06 . 810E21E7AAC4EC5F7D806E844898BD04 . 25839104 . . [11.00.9600.18212] .. c:\windows\system32\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-07 07:59 1587912 ----a-w- c:\users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-07 07:59 1587912 ----a-w- c:\users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-07 07:59 1587912 ----a-w- c:\users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-07 07:59 1587912 ----a-w- c:\users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-07 07:59 1587912 ----a-w- c:\users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-04-07 7390096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 Seagate Dashboard Services;Seagate Dashboard Services;d:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;d:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;d:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe;d:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys;c:\windows\SYSNATIVE\Drivers\vmwvusb.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMService;MBAMService;d:\malwarebytes anti-malware\mbamservice.exe;d:\malwarebytes anti-malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S4 MBAMScheduler;MBAMScheduler;d:\malwarebytes anti-malware\mbamscheduler.exe;d:\malwarebytes anti-malware\mbamscheduler.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MAGICIANSATAMODEREADER
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MagicianSataModeReader
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:45]
.
2016-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27 14:13]
.
2016-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27 14:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-02-25 03:39 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-02-25 03:39 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-02-25 03:39 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-07 07:59 1641672 ----a-w- c:\users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-07 07:59 1641672 ----a-w- c:\users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-07 07:59 1641672 ----a-w- c:\users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-07 07:59 1641672 ----a-w- c:\users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-07 07:59 1641672 ----a-w- c:\users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-04-07 16:59 920784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\XjamathonX\AppData\Roaming\Mozilla\Firefox\Profiles\rswjl8f6.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-11 22:00:17
ComboFix-quarantined-files.txt 2016-04-12 02:00
ComboFix2.txt 2016-04-07 17:19
ComboFix3.txt 2016-04-06 02:20
.
Pre-Run: 5,444,534,272 bytes free
Post-Run: 5,144,920,064 bytes free
.
- - End Of File - - 2FFB03CE59514945AC4FEB76D2A7D3B8
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by XjamathonX (administrator) on BFNERDGASM (11-04-2016 22:22:44)
Running from C:\Users\XjamathonX\Desktop
Loaded Profiles: XjamathonX (Available Profiles: XjamathonX)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "kernel32::GetLongPathNameW(w R8, w .R7, I 1024)I .R6" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390096 2016-04-07] (AVAST Software)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-07] (AVAST Software)
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{32D1360D-2E52-4463-858F-B807B4E5D191}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> DefaultScope {E6F7284B-8EE1-4A43-A4CA-6A5AC402DBF9} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> {E6F7284B-8EE1-4A43-A4CA-6A5AC402DBF9} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-07] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-07] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\XjamathonX\AppData\Roaming\Mozilla\Firefox\Profiles\rswjl8f6.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe Acrobat\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-28] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\XjamathonX\AppData\Roaming\Mozilla\Firefox\Profiles\rswjl8f6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-04-05] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCFirefoxExtn [2012-11-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-07]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02]
CHR Extension: (Google Drive) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-05]
CHR Extension: (YouTube) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (APK Downloader) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-10-02]
CHR Extension: (Google Search) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02]
CHR Extension: (ARC Welder) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2016-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (Avast Online Security) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-05]
CHR Extension: (APK Downloader) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR Extension: (__MSG_extName__) - D:\Program Files (x86)\ARC Chrome\Flash Fire Aerial Ops_1.0_1.apk_export_GApkc [2015-10-02]
CHR Extension: (__MSG_extName__) - D:\Program Files (x86)\ARC Chrome\Flash Fire Aerial Ops_1.0_1.apk_export_GApkc [2015-10-02]
CHR HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-07] (AVAST Software)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-06-13] () [File not signed]
R4 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Seagate Dashboard Services; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-07] (AVAST Software)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-07-15] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-07-15] (BIOSTAR Group)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-05] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-12-10] () [File not signed]
S3 TIEHDUSB; C:\Windows\System32\DRIVERS\tiehdusb.sys [128512 2012-03-07] (Texas Instruments) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-11] ()
U3 a6o487fi; C:\Windows\System32\Drivers\a6o487fi.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 22:22 - 2016-04-11 22:22 - 00022889 _____ C:\Users\XjamathonX\Desktop\FRST.txt
2016-04-11 22:00 - 2016-04-11 22:00 - 00041341 _____ C:\ComboFix.txt
2016-04-11 21:49 - 2016-04-11 21:49 - 00001066 _____ C:\Users\XjamathonX\Desktop\ComboFix.exe - Shortcut.lnk
2016-04-11 21:43 - 2016-04-11 21:48 - 00038322 _____ C:\Users\XjamathonX\Desktop\MontgomeryJ_Week98.xlsx
2016-04-11 21:40 - 2016-04-11 21:40 - 00004231 _____ C:\Users\XjamathonX\Desktop\JRT.txt
2016-04-11 21:32 - 2016-04-11 21:32 - 03465280 _____ C:\Users\XjamathonX\Desktop\adwcleaner_5.110.exe
2016-04-11 21:31 - 2016-04-11 21:31 - 00021876 _____ C:\Users\XjamathonX\Desktop\mbam2.txt
2016-04-11 21:30 - 2016-04-11 21:30 - 00021877 _____ C:\mbam 2.txt
2016-04-11 21:28 - 2016-04-11 21:28 - 00001056 _____ C:\Users\XjamathonX\Desktop\mbam.txt
2016-04-11 21:20 - 2016-04-11 21:20 - 00005540 _____ C:\Users\XjamathonX\Desktop\rkexport.txt
2016-04-11 21:07 - 2016-04-11 21:07 - 19765832 _____ C:\Users\XjamathonX\Desktop\RogueKiller.exe
2016-04-11 12:24 - 2016-04-11 12:24 - 00055642 _____ C:\Users\XjamathonX\Desktop\Addition1.txt
2016-04-11 12:23 - 2016-04-11 12:24 - 00035839 _____ C:\Users\XjamathonX\Desktop\FRST1.txt
2016-04-07 19:17 - 2016-04-07 19:17 - 00005798 _____ C:\Users\XjamathonX\Documents\cc_20160407_191721.reg
2016-04-07 19:16 - 2016-04-07 19:16 - 00184314 _____ C:\Users\XjamathonX\Documents\cc_20160407_191650.reg
2016-04-07 14:15 - 2016-04-11 21:09 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-07 14:15 - 2016-04-07 19:13 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-07 14:15 - 2016-04-07 14:15 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-04-07 14:15 - 2016-04-07 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-04-07 14:15 - 2016-04-07 14:15 - 00000000 ____D C:\Program Files\RogueKiller
2016-04-07 14:09 - 2016-04-11 21:37 - 01610352 _____ (Malwarebytes) C:\Users\XjamathonX\Desktop\JRT.exe
2016-04-07 13:56 - 2016-04-07 13:55 - 00602112 _____ (OldTimer Tools) C:\Users\XjamathonX\Desktop\OTL.exe
2016-04-07 13:48 - 2016-04-11 22:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-07 13:48 - 2016-04-07 13:48 - 00000613 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-07 13:48 - 2016-04-07 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-07 13:48 - 2016-04-07 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-07 13:48 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-07 13:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-07 13:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-07 13:46 - 2016-04-07 13:47 - 00231744 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_13.46.04_log.txt
2016-04-07 13:43 - 2016-04-07 13:43 - 00000000 ____D C:\KVRT_Data
2016-04-07 13:00 - 2016-04-11 21:35 - 00000000 ____D C:\AdwCleaner
2016-04-07 13:00 - 2016-04-07 13:00 - 03119168 _____ C:\Users\XjamathonX\Desktop\adwcleaner_5.109.exe
2016-04-07 13:00 - 2016-04-07 12:59 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-07 12:59 - 2016-04-07 12:59 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-07 12:55 - 2016-04-11 22:22 - 00000000 ____D C:\FRST
2016-04-07 12:53 - 2016-04-07 12:53 - 02374144 _____ (Farbar) C:\Users\XjamathonX\Desktop\FRST64.exe
2016-04-05 23:26 - 2016-04-05 23:54 - 00421106 _____ C:\spyhunter.fix
2016-04-05 23:26 - 2016-04-05 23:26 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-04-05 23:04 - 2016-04-05 23:04 - 00022400 ____R C:\Windows\SysWOW64\sh4native.exe
2016-04-05 22:39 - 2016-04-05 22:39 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Enigma Software Group
2016-04-05 22:39 - 2016-04-05 22:39 - 00000000 _____ C:\autoexec.bat
2016-04-05 22:38 - 2016-04-05 22:38 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-05 22:11 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-05 22:11 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-05 22:11 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-05 22:10 - 2016-04-11 22:00 - 00000000 ____D C:\Qoobox
2016-04-05 22:10 - 2016-04-05 22:18 - 00000000 ____D C:\Windows\erdnt
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2016-04-05 15:59 - 2016-04-05 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-05 15:04 - 2016-04-05 15:03 - 00380928 _____ C:\Users\XjamathonX\Desktop\tomy88gb.exe
2016-03-28 19:11 - 2016-03-28 19:11 - 00002531 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-03-28 19:11 - 2016-03-28 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-03-23 04:25 - 2016-04-07 13:06 - 00003050 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458721533
2016-03-23 04:25 - 2016-04-07 12:59 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-23 04:25 - 2016-03-23 04:25 - 00000997 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-23 04:25 - 2016-03-23 04:25 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 21:58 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-04-11 21:54 - 2012-04-03 10:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-11 21:25 - 2014-12-27 19:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-11 21:10 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-11 21:10 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-11 14:02 - 2012-06-26 20:36 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\vlc
2016-04-11 13:33 - 2016-01-25 21:39 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Kodi
2016-04-11 12:26 - 2009-07-14 01:13 - 00809218 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-11 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-11 12:19 - 2014-12-27 19:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-11 12:19 - 2014-12-27 19:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-11 12:19 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-07 18:45 - 2012-04-03 10:12 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 18:45 - 2012-04-03 10:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 18:45 - 2011-12-09 19:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 14:19 - 2011-12-10 17:38 - 00000000 ____D C:\Users\XjamathonX\AppData\Local\Apps\2.0
2016-04-07 14:07 - 2012-07-12 16:53 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\uTorrent
2016-04-07 13:57 - 2016-03-02 04:42 - 00000000 ____D C:\Users\XjamathonX\AppData\LocalLow\uTorrent
2016-04-07 13:57 - 2015-02-22 10:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-07 13:56 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2016-04-07 13:05 - 2014-12-27 19:45 - 00000000 ____D C:\Program Files\Google
2016-04-07 13:05 - 2013-02-07 18:35 - 00000000 ____D C:\Program Files (x86)\epson
2016-04-07 13:05 - 2011-12-09 19:20 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-07 13:05 - 2009-07-14 00:45 - 04986424 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-07 13:04 - 2012-03-28 23:14 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Yahoo!
2016-04-07 13:00 - 2012-07-12 00:33 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-07 12:59 - 2014-05-05 17:32 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-07 12:59 - 2014-01-02 13:27 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-07 12:59 - 2013-03-17 11:47 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-07 12:59 - 2013-03-17 11:47 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-07 12:59 - 2012-03-24 12:14 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-05 23:56 - 2011-12-09 19:20 - 00000000 ____D C:\ProgramData\Google
2016-04-05 23:53 - 2013-08-23 12:07 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\VMware
2016-04-05 23:53 - 2013-08-23 12:07 - 00000000 ____D C:\ProgramData\VMware
2016-04-05 23:53 - 2013-02-07 18:35 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-04-05 23:52 - 2011-12-09 19:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-05 23:51 - 2013-02-07 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-04-05 23:50 - 2012-01-11 21:31 - 00000000 ____D C:\ProgramData\Citrix
2016-04-05 23:50 - 2012-01-11 21:31 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-04-05 22:25 - 2012-05-10 11:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-05 22:04 - 2014-10-16 10:11 - 00000000 ____D C:\Temp
2016-04-05 21:44 - 2015-11-26 22:40 - 00000000 ____D C:\Windows\pss
2016-04-05 14:54 - 2015-09-12 09:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-05 04:31 - 2011-12-09 17:22 - 00000000 ____D C:\Users\XjamathonX
2016-03-28 19:16 - 2014-03-18 10:54 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Intuit
2016-03-28 19:12 - 2014-03-18 10:54 - 00000774 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-28 19:10 - 2014-03-18 10:53 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-03-23 04:25 - 2011-12-09 19:36 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-23 04:25 - 2011-12-09 19:36 - 00000000 ____D C:\Program Files\AVAST Software

==================== Files in the root of some directories =======

2015-09-05 20:25 - 2015-09-05 20:25 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-06-29 10:32 - 2015-11-16 17:38 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-07 20:50 - 2013-04-07 20:50 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe Targa Format CS5 Prefs
2011-12-30 18:40 - 2016-03-17 22:09 - 0001456 _____ () C:\Users\XjamathonX\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-22 10:27 - 2014-01-22 10:27 - 0007606 _____ () C:\Users\XjamathonX\AppData\Local\Resmon.ResmonCfg
2011-12-09 19:55 - 2011-12-09 19:55 - 0000000 _____ () C:\Users\XjamathonX\AppData\Local\{414AF067-011E-4897-B01B-245E88F1279E}
2012-03-28 23:12 - 2013-12-26 23:27 - 0006285 _____ () C:\ProgramData\hpzinstall.log
2014-03-18 10:54 - 2016-03-28 19:12 - 0000774 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-11 13:07

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by XjamathonX (2016-04-11 22:22:59)
Running from C:\Users\XjamathonX\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-12-09 21:22:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1048063312-2773705554-3676865481-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1048063312-2773705554-3676865481-1033 - Limited - Enabled)
Guest (S-1-5-21-1048063312-2773705554-3676865481-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1048063312-2773705554-3676865481-1036 - Limited - Enabled)
XjamathonX (S-1-5-21-1048063312-2773705554-3676865481-1000 - Administrator - Enabled) => C:\Users\XjamathonX

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apotheon (HKLM-x32\...\Apotheon_is1) (Version: - Alientrap)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Assassins Creed IV Black Flag Freedom Cry (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2260 - AVAST Software)
Awesomenauts (HKLM-x32\...\Awesomenauts) (Version: - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{473E82D7-79E2-43DF-8FA0-025407C93191}) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broforce Beta Update 7 October 2014 (HKLM-x32\...\Broforce Beta Update 7 October 2014) (Version: Update 7 October 2014 - Devolver Digital)
Brothers - A Tale of Two Sons (HKLM-x32\...\Brothers - A Tale of Two Sons_is1) (Version: - 505 Games)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Castle Crashers (HKLM-x32\...\Castle Crashers) (Version: 1.4 - Jimbo)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Dead Rising 3 v.1.0 (HKLM-x32\...\Dead Rising 3_is1) (Version: - )
Dont Starve Reign of Giants (HKLM-x32\...\Dont Starve Reign of Giants_is1) (Version: - )
Double Dragon: Neon (HKLM-x32\...\RG91YmxlRHJhZ29uTmVvbg==_is1) (Version: 1 - )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DuckTales Remastered (HKLM-x32\...\RHVja1RhbGVzUmVtYXN0ZXJlZA==_is1) (Version: 1 - )
Dying Light (HKLM-x32\...\Dying Light_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
Email Sender Deluxe (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\Email Sender Deluxe) (Version: 02.00.00.00 - Kristanix Software)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
ePub Converter (HKLM-x32\...\ePubConverter) (Version: 1.2.1 - eBook Converter)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fallout 3 Game of the Year Edition - DLCs (HKLM-x32\...\{12CFDA5C-BDB9-460D-9E0D-F7879D9E2351}}_is1) (Version: - Bethesda Softworks)
Fallout 3 Game of the Year Edition (HKLM-x32\...\{552F1CCF-1364-424C-85F7-46D4D006BB69}}_is1) (Version: - Bethesda Softworks)
FlacSquisher 1.3.4 (HKLM-x32\...\FlacSquisher) (Version: 1.3.4 - FlacSquisher)
Foul Play (HKLM-x32\...\Foul Play_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Free ePub reader 1.1 (HKLM-x32\...\{BB49A5B5-FEAE-46DB-91BC-F9F914A72DBA}_is1) (Version: 1.1 - SoftDevResource)
Gauntlet (HKLM-x32\...\Gauntlet_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Gods Will Be Watching (HKLM-x32\...\1207664883_is1) (Version: 2.0.0.1 - GOG.com)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\Grim Fandango Remastered_is1) (Version: - )
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Hatred (HKLM-x32\...\SGF0cmVk_is1) (Version: 1 - )
Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.0.0.4 - GOG.com)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\SW5qdXN0aWNlR29kc0Ftb25nVXNVbHRpbWF0ZUVkaXRpb24=_is1) (Version: 1 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1015 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Kentucky Route Zero (HKLM-x32\...\GOGPACKKENTUCKYROUTEZERO_is1) (Version: 2.1.0.3 - GOG.com)
K-Lite Codec Pack 8.7.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
Kodi (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\Kodi) (Version: - XBMC-Foundation)
Limits and Demonstrations (HKLM-x32\...\GOGPACKKRZBONUS2_is1) (Version: 2.0.0.1 - GOG.com)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moveslink2 (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\09caaf8ee8bfbd57) (Version: 1.3.31.14 - Suunto)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Mozilla Thunderbird 16.0.1 (x86 en-US) (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\Mozilla Thunderbird 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 en-US) (HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\...\Mozilla Thunderbird 38.5.0 (x86 en-US)) (Version: 38.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NexusFont 2.5 (ver 2.5.8.1582) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version: - )
Outlast: Whistleblower (HKLM-x32\...\T3V0bGFzdFdoaXN0bGVibG93ZXI=_is1) (Version: 1 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.58.411.2012 - Realtek)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung SSD 840 EVO Performance Restoration (HKLM-x32\...\{B4B18E77-4C37-46F2-BC38-9451E65C9AEC}_is1) (Version: 1.0 - Samsung Electronics)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.0.34.1 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.6.0.13 - GOG.com)
Sideway - New York (HKLM-x32\...\Sideway - New York_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
skidrow (HKLM-x32\...\Insanely Twisted Shadow Planet_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Styx: Master of Shadows (HKLM-x32\...\U3R5eE1hc3Rlcm9mU2hhZG93cw==_is1) (Version: 1 - )
The Entertainment (HKLM-x32\...\GOGPACKKRZBONUS1_is1) (Version: 2.0.0.1 - GOG.com)
The Vanishing of Ethan Carter (HKLM-x32\...\The Vanishing of Ethan Carter_is1) (Version: - )
The Walking Dead - Season 2 (HKLM-x32\...\The Walking Dead - Season 2_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
The Wolf Among Us (HKLM-x32\...\The Wolf Among Us_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
This War of Mine (HKLM-x32\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOVERCLOCKER (HKLM-x32\...\{C9CC7CE9-B185-40BE-A9A8-504303EA06F7}) (Version: - )
Trine 2 (HKLM-x32\...\Trine 2_is1) (Version: - )
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
Valiant Hearts - The Great War (HKLM-x32\...\Valiant Hearts - The Great War_is1) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\XjamathonX\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03958C7D-55C9-4328-B124-971E92791E62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0F0A667B-F75B-44AC-95B1-CE8887811421} - System32\Tasks\{96F074D1-494B-4501-88BF-473A08DC633C} => pcalua.exe -a C:\Users\XjamathonX\Desktop\Setup.exe -d C:\Users\XjamathonX\Desktop
Task: {1FF5E063-21D4-4567-9060-FA96408C3DDF} - System32\Tasks\SafeZone scheduled Autoupdate 1458721533 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {234D1BE1-BBE4-45B8-98F5-28A52DDAC8E9} - System32\Tasks\XjamathonX DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
Task: {2FF23BC6-3035-47AE-81DD-ED06B1DB8E54} - System32\Tasks\SpyHunter4Startup => D:\Torrents\SpyHunter 4.20.9.4533 Portable - AppzDam\App\SpyHunter\SpyHunter4.exe
Task: {33A9483E-360A-4D7A-BD38-A72B08BF3A14} - System32\Tasks\Seagate_Install_Launch => D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-02-10] (Seagate Technology LLC)
Task: {3E80F305-4537-4DE0-9E65-A809EA99BF16} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording
Task: {401E3AD9-48B7-49B4-B6EB-AEBCE883518F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4086F4A6-38B0-42A0-B680-23A66EE21DDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {44A16702-C83D-495F-A657-CB8074DDF248} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {79657ED3-9F35-4ABE-993F-BD084D048818} - System32\Tasks\{F4FF4091-BDC5-4473-8DF3-607E35367973} => pcalua.exe -a C:\PROGRA~2\TIEDUC~1\DRIVER~1\InstDrvr.exe -d C:\Windows\SysWOW64 -c /I "C:\Program Files (x86)\TI Education\Driver Files\SilvrLnk.inf" /D "C:\Program Files (x86)\TI Education\Driver Files"
Task: {7D0204E7-5C91-4C17-BF11-44F31602AD72} - System32\Tasks\{B8EA0008-2BD9-4C2A-AF05-7BB56E42694A} => pcalua.exe -a C:\Users\XjamathonX\AppData\Local\Temp\Temp1_Win7.zip\setup.exe
Task: {820334D0-AACD-40ED-9323-7486FA10A2F0} - System32\Tasks\{5D25FD96-B32E-430D-A3CA-A07FB92EF2D2} => pcalua.exe -a "D:\Program Files\Downloads\tinotefoliocreator.exe" -d "D:\Program Files\Downloads"
Task: {92EF6FAC-FEF7-4D35-8D0B-DDB16421A022} - System32\Tasks\{9FEA6AE1-8D51-4772-9537-D4299541F960} => pcalua.exe -a "H:\Woolfe - The Red Hood Diaries\Uninstall.exe"
Task: {959B2413-4579-4730-A32F-5043852043FD} - System32\Tasks\SamsungMagician => D:\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {9DFEB770-4A5C-4131-A5A0-138D46414D35} - System32\Tasks\AdobeAAMUpdater-1.0-BFNERDGASM-XjamathonX => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {AC5ACEF1-3811-44B6-90DF-FFDAF7366639} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {AE7C2C40-38A7-4F3A-8374-637AB531D1D7} - System32\Tasks\{DF1AF03C-DD62-44DB-B0DF-230F5A197890} => pcalua.exe -a C:\Users\XjamathonX\AppData\Local\Temp\Temp1_F6flpy64.zip\Setup.exe
Task: {C6F8F157-17B6-4A39-923B-3390A9D13249} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-07] (AVAST Software)
Task: {DF9CF746-6A1A-4AFC-8E24-5877D8A2BE4F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\XjamathonX\Desktop\Gamez\REVOLT.bat - Shortcut.lnk -> H:\Gauntlet\REVOLT.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-28 11:42 - 2016-01-12 00:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-04-07 12:59 - 2016-04-07 12:59 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-07 12:59 - 2016-04-07 12:59 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-07 12:59 - 2016-04-07 12:59 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-11 16:23 - 2016-04-11 16:23 - 02887680 _____ () C:\Program Files\AVAST Software\Avast\defs\16041102\algo.dll
2015-12-08 12:20 - 2015-12-08 12:20 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-03-02 14:21 - 2016-03-02 14:21 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bbff8e1df92fa6a12ebd1327d202f4af\IsdiInterop.ni.dll
2011-12-09 20:05 - 2011-02-09 14:16 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-12-27 21:15 - 2012-03-28 23:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-05-23 09:32 - 2016-01-12 00:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-04-07 18:45 - 2016-04-07 18:45 - 19403968 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\XjamathonX\Cookies:FGxKqjqSwvV8XZIb [2110]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-12-10 20:53 - 2016-04-05 22:17 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\XjamathonX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: ufad-ws60 => 3
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: wsnm => 2
MSCONFIG\Services: wsnm_usbctrl => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk => C:\Windows\pss\GIGABYTE OC_GURU.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "D:\Program Files (x86)\Adobe Acrobat\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DBAgent => "D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: OneDrive => "C:\Users\XjamathonX\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: QuickTime Task => "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Uploader => D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\XjamathonX\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{22C38627-2ED9-435D-8C78-9689D8D3863D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A076466-4562-4ACD-8FC8-D513F15C48AC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{11D34DD5-3ED0-40E8-82E2-195D9A5D84B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4DE55261-FA67-4F25-BFAF-F1A4062910B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9912C36B-6A1E-49A6-AB6F-140523740247}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E60846C-7A8E-47C5-8E34-C1F738FA6D7D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D57C8AC-20FD-4C3A-8C0E-6498FCCC21FF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D573F862-64BE-4DF6-ABB7-3F2D1BC223CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{BA3237EC-F014-48EB-975E-5061030CDCDE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A2DF574F-2D6A-41F9-9C58-8F183120975A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{7BDC202A-2859-41C6-ABC1-5D7E73851886}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0BFF4EE9-2A5E-4900-9B76-8C6679CDFE9E}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{1121CC73-1D1F-4D8A-9E58-C29CB74C5F10}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{34D7E315-3039-4B3E-80CF-BB4578AC90E0}] => (Allow) C:\Users\XjamathonX\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3BBE84E5-3DA0-4917-87B2-0F22FADBDA32}] => (Allow) C:\Users\XjamathonX\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1DE79B52-8222-44F7-8CA9-BC1BC8574CC5}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{7D230416-1119-4CCC-A574-9E5BB0DB1BFE}D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{CEFAEB1A-F83D-46F6-99B5-3C3628037098}D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{05681A26-E97A-483D-85CC-9ABBB881A786}] => (Block) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{6DCE0312-2B88-412B-8F16-F5DE75B2237E}] => (Block) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{F050A521-CB2B-4A64-9ECD-FA1E969E2216}] => (Allow) C:\Users\XjamathonX\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0BDDEF9B-DC2E-4D39-9B7E-2392F655B720}] => (Allow) C:\Users\XjamathonX\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{FB3F90CB-4536-4218-853A-F0DAB1F9BA3E}C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe] => (Block) C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe
FirewallRules: [UDP Query User{56FA3B7D-E6C6-44CA-B0C7-8B555A95F00B}C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe] => (Block) C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe
FirewallRules: [{1061075D-CDA7-42EF-AB52-7B4AB759FC9F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1180B023-1C8B-44CD-8515-74025A9937AF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{5A7A6726-3A00-408C-8275-E35C6589991C}H:\gauntlet\binaries\gauntlet.exe] => (Block) H:\gauntlet\binaries\gauntlet.exe
FirewallRules: [UDP Query User{21D3B3E2-5058-4AC3-8EB1-7768D5204BC6}H:\gauntlet\binaries\gauntlet.exe] => (Block) H:\gauntlet\binaries\gauntlet.exe
FirewallRules: [TCP Query User{8A6C3071-52E4-4BE6-B990-B4D8DA6658A5}H:\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) H:\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{43A59881-B591-450D-A16A-7F712A7C1519}H:\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) H:\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{E1172050-CA04-4587-9CA3-A96771972251}H:\styx master of shadows\binaries\win32\styxgame.exe] => (Block) H:\styx master of shadows\binaries\win32\styxgame.exe
FirewallRules: [UDP Query User{EA6CB299-D737-4CCD-B2BD-BB537CAB658A}H:\styx master of shadows\binaries\win32\styxgame.exe] => (Block) H:\styx master of shadows\binaries\win32\styxgame.exe
FirewallRules: [{0D5BB85B-F3FC-4971-A091-73072D0C40AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FC114F38-314A-4C92-BE99-7B7D53343813}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{53CD376C-3144-4B19-A81C-2070364CD59C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FDCB9F84-7737-4CAF-90D6-60CBC7F395B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{35C143BC-064D-4531-AD5E-26527665F169}H:\outlast whistleblower\binaries\win64\olgame.exe] => (Allow) H:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{B5430199-CA3B-4CA6-8CFD-4BEAAECD0287}H:\outlast whistleblower\binaries\win64\olgame.exe] => (Allow) H:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [{42C8AC18-C0E2-4ECD-A5A1-BEDB9BF8C90C}] => (Block) H:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [{1F01B80B-F1D6-4B48-8DF8-E68DE7E90CE3}] => (Block) H:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [{7BD31964-1570-4730-90CC-103ECA3C4E3D}] => (Allow) H:\SteamLibrary\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{6A564AF7-078E-4B30-B4CE-485B6F8DB841}] => (Allow) H:\SteamLibrary\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [TCP Query User{C8D553F1-0A65-49F8-A5FB-8309F0131238}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8915F66F-D485-4AE8-9DB3-6B5360CC1C5A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{572F9CBA-15A3-4749-990A-3458010A057A}H:\games\saints row iv\saintsrowiv.exe] => (Allow) H:\games\saints row iv\saintsrowiv.exe
FirewallRules: [UDP Query User{531DDE64-2873-4A24-BAAE-28C2F26C2FA7}H:\games\saints row iv\saintsrowiv.exe] => (Allow) H:\games\saints row iv\saintsrowiv.exe
FirewallRules: [{C2B8DA45-9A73-4781-8CBD-F7981C9DA0F1}] => (Block) H:\games\saints row iv\saintsrowiv.exe
FirewallRules: [{9F00470E-B32B-406B-98A8-96B4D5A41E89}] => (Block) H:\games\saints row iv\saintsrowiv.exe
FirewallRules: [{DF5B6984-9D7D-4A97-BF5F-4AEA4FCD6DFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{83571500-279A-4B3E-8967-B616E86199C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DDD900DA-5C07-443D-8059-FBEAC3D56B08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8901F554-9672-4CD5-AB68-8117B1AD4DB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C9A8E444-A76B-4C34-8CD6-888C7CE55EBC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D657F9B8-4D7D-4D1E-A581-CB6FBB7C606C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FAABBB7-A783-4723-B0D0-83D8B042E8B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6C5FA61D-5DED-4249-A795-BDCC89FFF3B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4AE69F04-212E-434D-89B9-B106A4E3F59B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{67C2BE18-55C1-4920-83FF-63C1EC2C16A4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E064F33-FE4F-4FF4-B3FE-F5690D977B90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0FB50E7-6361-4FF0-998F-2B4D8888F3E4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3348BC4B-BFF9-4587-ACFD-4433F61B8A8A}D:\kodi\kodi.exe] => (Allow) D:\kodi\kodi.exe
FirewallRules: [UDP Query User{9320013B-5538-4B66-B410-22AFBB6A729B}D:\kodi\kodi.exe] => (Allow) D:\kodi\kodi.exe
FirewallRules: [{7A5FA18C-F225-440F-9800-D833BC0E677A}] => (Block) D:\kodi\kodi.exe
FirewallRules: [{4F73964D-8355-41E4-A4B0-4BB19ADC373B}] => (Block) D:\kodi\kodi.exe
FirewallRules: [TCP Query User{F2BBD8C6-0903-4600-A73A-5BE44018A1C9}H:\dying light\dyinglightgame.exe] => (Allow) H:\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{F5D9F98E-D78D-422F-98B0-A671DB6858F9}H:\dying light\dyinglightgame.exe] => (Allow) H:\dying light\dyinglightgame.exe
FirewallRules: [{17BFE89A-370D-4202-8430-7EC159DF3D5D}] => (Block) H:\dying light\dyinglightgame.exe
FirewallRules: [{90A5B102-0310-49A2-BDDC-507D69420955}] => (Block) H:\dying light\dyinglightgame.exe
FirewallRules: [{C313807F-5363-485E-A6FF-701419EAE623}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{A35FC56A-6A5E-44A4-86D4-B8CE4D563020}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5CD0AB76-B8BC-4D09-9846-BF2B3C34E79F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2418C6C6-CC69-45A4-9C94-EFAEAD221899}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9866C27E-BAF3-4028-B5C7-912094BD9A20}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A10866AF-E02C-4E17-B2AD-40AF5881CFAC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Restore Points =========================

05-04-2016 23:48:45 Removed TI NoteFolio Creator
05-04-2016 23:48:56 Removed TI Connect 1.5
05-04-2016 23:51:48 Removed FAX Utility
05-04-2016 23:52:31 Removed Epson Event Manager
05-04-2016 23:52:56 Removed Software Updater
05-04-2016 23:53:21 Removed VMware View Client.
07-04-2016 14:09:39 JRT Pre-Junkware Removal
11-04-2016 21:38:26 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: TrueSight
Description: TrueSight
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TrueSight
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2016 09:52:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.1.5918, time stamp: 0x56e8b7df
Faulting module name: mozglue.dll, version: 45.0.1.5918, time stamp: 0x56e8a981
Exception code: 0x80000003
Fault offset: 0x0000f0ea
Faulting process id: 0x1740
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/11/2016 09:33:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.1.5918, time stamp: 0x56e8b7df
Faulting module name: mozglue.dll, version: 45.0.1.5918, time stamp: 0x56e8a981
Exception code: 0x80000003
Fault offset: 0x0000f0ea
Faulting process id: 0x14d0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (04/11/2016 09:08:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.1.5918, time stamp: 0x56e8b7df
Faulting module name: mozglue.dll, version: 45.0.1.5918, time stamp: 0x56e8a981
Exception code: 0x80000003
Fault offset: 0x0000f0ea
Faulting process id: 0x1a88
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/11/2016 09:05:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18155, time stamp: 0x5661aa1f
Faulting module name: mshtml.dll, version: 11.0.9600.18212, time stamp: 0x56b5ce06
Exception code: 0xc0000005
Fault offset: 0x00000000010c2584
Faulting process id: 0x13b8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (04/11/2016 02:18:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurboTax.exe, version: 2015.20.22.515, time stamp: 0x56f23ef6
Faulting module name: clr.dll, version: 4.0.30319.34209, time stamp: 0x5348961e
Exception code: 0xc0000005
Fault offset: 0x005081c1
Faulting process id: 0x19c0
Faulting application start time: 0xTurboTax.exe0
Faulting application path: TurboTax.exe1
Faulting module path: TurboTax.exe2
Report Id: TurboTax.exe3

Error: (04/11/2016 02:18:15 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: TurboTax.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 597E81C1 (592E0000) with exit code 80131506.

Error: (04/11/2016 01:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18155, time stamp: 0x5661aa1f
Faulting module name: mshtml.dll, version: 11.0.9600.18212, time stamp: 0x56b5ce06
Exception code: 0xc0000005
Fault offset: 0x00000000010c2584
Faulting process id: 0x19c8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (04/11/2016 12:48:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18155, time stamp: 0x5661aa1f
Faulting module name: mshtml.dll, version: 11.0.9600.18212, time stamp: 0x56b5ce06
Exception code: 0xc0000005
Fault offset: 0x00000000010c2584
Faulting process id: 0xd50
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (04/11/2016 12:22:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntuitUpdateService.exe, version: 4.0.11.0, time stamp: 0x53ed099e
Faulting module name: clr.dll, version: 4.0.30319.34209, time stamp: 0x5348961e
Exception code: 0xc0000005
Fault offset: 0x005081c1
Faulting process id: 0x17e4
Faulting application start time: 0xIntuitUpdateService.exe0
Faulting application path: IntuitUpdateService.exe1
Faulting module path: IntuitUpdateService.exe2
Report Id: IntuitUpdateService.exe3

Error: (04/11/2016 12:22:52 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: IntuitUpdateService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 686D81C1 (681D0000) with exit code 80131506.


System errors:
=============
Error: (04/11/2016 09:58:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/11/2016 09:56:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/11/2016 09:38:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2016 09:20:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2016 09:09:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/11/2016 04:16:12 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{c45c12f9-225e-11e1-952f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F02E9062-6F52-4274-966B-A2D2FEB27247}

Error: (04/11/2016 04:15:59 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{c45c12f9-225e-11e1-952f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9AABA932-1434-4C3C-8464-D0FCC64C5A4B}

Error: (04/11/2016 04:15:46 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{c45c12f9-225e-11e1-952f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8D37F9DF-58CB-4C78-9A4A-46D355328FC9}

Error: (04/11/2016 04:15:34 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{c45c12f9-225e-11e1-952f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C694F01B-E5FB-4806-9445-B9F6C02EAAA5}

Error: (04/11/2016 04:15:21 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{c45c12f9-225e-11e1-952f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{042220D5-515A-49DD-911F-E03AB7F97FEC}


CodeIntegrity:
===================================
Date: 2016-04-05 22:49:16.665
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.665
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.650
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.650
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.650
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.650
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.634
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.634
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.634
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-04-05 22:49:16.618
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 16365.14 MB
Available physical RAM: 12323.99 MB
Total Virtual: 32728.48 MB
Available Virtual: 28989.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:4.91 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:37.11 GB) NTFS
Drive e: (16 sep 2015) (CDROM) (Total:4.38 GB) (Free:4.24 GB) UDF
Drive g: (Seagate Backup Plus Drive) (Fixed) (Total:465.76 GB) (Free:107.21 GB) NTFS
Drive h: () (Fixed) (Total:232.88 GB) (Free:29.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C5B033F2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0C059FC0)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 704609D2)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: 4ACE94DA)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.4 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by XjamathonX (2016-04-12 14:45:12) Run:1
Running from C:\Users\XjamathonX\Desktop
Loaded Profiles: XjamathonX (Available Profiles: XjamathonX)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
CHR HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
U3 a6o487fi; C:\Windows\System32\Drivers\a6o487fi.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]
C:\Windows\System32\Drivers\a6o487fi.sys
2015-09-05 20:25 - 2015-09-05 20:25 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-06-29 10:32 - 2015-11-16 17:38 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-07 20:50 - 2013-04-07 20:50 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe Targa Format CS5 Prefs
2011-12-30 18:40 - 2016-03-17 22:09 - 0001456 _____ () C:\Users\XjamathonX\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-22 10:27 - 2014-01-22 10:27 - 0007606 _____ () C:\Users\XjamathonX\AppData\Local\Resmon.ResmonCfg
2011-12-09 19:55 - 2011-12-09 19:55 - 0000000 _____ () C:\Users\XjamathonX\AppData\Local\{414AF067-011E-4897-B01B-245E88F1279E}
2012-03-28 23:12 - 2013-12-26 23:27 - 0006285 _____ () C:\ProgramData\hpzinstall.log
2014-03-18 10:54 - 2016-03-28 19:12 - 0000774 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Task: {2FF23BC6-3035-47AE-81DD-ED06B1DB8E54} - System32\Tasks\SpyHunter4Startup => D:\Torrents\SpyHunter 4.20.9.4533 Portable - AppzDam\App\SpyHunter\SpyHunter4.exe
D:\Torrents\SpyHunter 4.20.9.4533 Portable - AppzDam\App\SpyHunter\SpyHunter4.exe
AlternateDataStreams: C:\Users\XjamathonX\Cookies:FGxKqjqSwvV8XZIb [2110]

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
a6o487fi => service removed successfully
catchme => service removed successfully
IntcAzAudAddService => service removed successfully
VMnetAdapter => service removed successfully
vmwvusb => service removed successfully
Could not move "C:\Windows\System32\Drivers\a6o487fi.sys" => Scheduled to move on reboot.
C:\Users\XjamathonX\AppData\Roaming\Adobe AIFF Format CS5 Prefs => moved successfully
C:\Users\XjamathonX\AppData\Roaming\Adobe PNG Format CS5 Prefs => moved successfully
C:\Users\XjamathonX\AppData\Roaming\Adobe Targa Format CS5 Prefs => moved successfully
C:\Users\XjamathonX\AppData\Local\Adobe Save for Web 12.0 Prefs => moved successfully
C:\Users\XjamathonX\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\XjamathonX\AppData\Local\{414AF067-011E-4897-B01B-245E88F1279E} => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FF23BC6-3035-47AE-81DD-ED06B1DB8E54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FF23BC6-3035-47AE-81DD-ED06B1DB8E54}" => key removed successfully
C:\Windows\System32\Tasks\SpyHunter4Startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"D:\Torrents\SpyHunter 4.20.9.4533 Portable - AppzDam\App\SpyHunter\SpyHunter4.exe" => not found.
"C:\Users\XjamathonX\Cookies" => ":FGxKqjqSwvV8XZIb" ADS not found.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-12 14:47:39)

C:\Windows\System32\Drivers\a6o487fi.sys => Is moved successfully

==== End of Fixlog 14:47:39 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Java 8 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 21.0.0.213
Mozilla Firefox (45.0.1)
Mozilla Thunderbird (38.0.1)
Google Chrome (49.0.2623.110)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 40% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by XjamathonX (administrator) on 12-04-2016 at 23:02:58
Running from "C:\Users\XjamathonX\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.


System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
2016-04-13 03:08:52.661 Sophos Virus Removal Tool version 2.5.5
2016-04-13 03:08:52.661 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-04-13 03:08:52.661 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-04-13 03:08:52.661 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-04-13 03:08:52.661 Checking for updates...
2016-04-13 03:08:58.636 Option all = no
2016-04-13 03:08:58.636 Option recurse = yes
2016-04-13 03:08:58.636 Option archive = no
2016-04-13 03:08:58.636 Option service = yes
2016-04-13 03:08:58.636 Option confirm = yes
2016-04-13 03:08:58.636 Option sxl = yes
2016-04-13 03:08:58.636 Option max-data-age = 35
2016-04-13 03:08:58.636 Option EnableSafeClean = yes
2016-04-13 03:08:59.696 Option vdl-logging = yes
2016-04-13 03:08:59.696 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-04-13 03:08:59.696 Machine ID: 3c74ce0def9c4f718be62f7273bc4f1f
2016-04-13 03:08:59.696 Component SVRTcli.exe version 2.5.5
2016-04-13 03:08:59.696 Component control.dll version 2.5.5
2016-04-13 03:08:59.696 Component SVRTservice.exe version 2.5.5
2016-04-13 03:08:59.696 Component engine\osdp.dll version 1.44.1.2240
2016-04-13 03:08:59.696 Component engine\veex.dll version 3.64.0.2240
2016-04-13 03:08:59.696 Component engine\savi.dll version 9.0.0.2240
2016-04-13 03:08:59.696 Component rkdisk.dll version 1.5.30.0
2016-04-13 03:08:59.696 Version info: Product version 2.5.5
2016-04-13 03:08:59.696 Version info: Detection engine 3.64.0
2016-04-13 03:08:59.696 Version info: Detection data 5.25
2016-04-13 03:08:59.696 Version info: Build date 3/8/2016
2016-04-13 03:08:59.696 Version info: Data files added 336
2016-04-13 03:08:59.696 Version info: Last successful update (not yet updated)
2016-04-13 03:09:07.559 Update progress: proxy server not available
2016-04-13 03:09:15.437 Downloading updates...
2016-04-13 03:09:15.437 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-04-13 03:09:15.437 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-04-13 03:09:15.437 Update progress: [I49502] Found supplement IDE526 LATEST
2016-04-13 03:09:15.437 Update progress: [I49502] Found supplement IDE527 LATEST
2016-04-13 03:09:15.437 Update progress: [I49502] Found supplement IDE528 LATEST
2016-04-13 03:09:15.437 Update progress: [I49502] Found supplement IDE529 LATEST
2016-04-13 03:09:15.437 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-04-13 03:09:15.437 Update progress: [I19463] Syncing product SAVIW32 68
2016-04-13 03:09:15.889 Update progress: [I19463] Syncing product IDE526 167
2016-04-13 03:09:16.108 Installing updates...
2016-04-13 03:09:16.716 Error level 1
2016-04-13 03:09:16.716 Update progress: [I19463] Syncing product IDE527 142
2016-04-13 03:09:16.716 Update progress: [I19463] Syncing product IDE528 30
2016-04-13 03:09:16.716 Update progress: [I19463] Syncing product IDE529 1
2016-04-13 03:09:21.443 Update successful
2016-04-13 03:09:27.277 Option all = no
2016-04-13 03:09:27.277 Option recurse = yes
2016-04-13 03:09:27.277 Option archive = no
2016-04-13 03:09:27.277 Option service = yes
2016-04-13 03:09:27.277 Option confirm = yes
2016-04-13 03:09:27.277 Option sxl = yes
2016-04-13 03:09:27.277 Option max-data-age = 35
2016-04-13 03:09:27.277 Option EnableSafeClean = yes
2016-04-13 03:09:27.308 Option vdl-logging = yes
2016-04-13 03:09:27.308 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-04-13 03:09:27.308 Machine ID: 3c74ce0def9c4f718be62f7273bc4f1f
2016-04-13 03:09:27.308 Component SVRTcli.exe version 2.5.5
2016-04-13 03:09:27.308 Component control.dll version 2.5.5
2016-04-13 03:09:27.308 Component SVRTservice.exe version 2.5.5
2016-04-13 03:09:27.308 Component engine\osdp.dll version 1.44.1.2240
2016-04-13 03:09:27.308 Component engine\veex.dll version 3.64.0.2240
2016-04-13 03:09:27.308 Component engine\savi.dll version 9.0.0.2240
2016-04-13 03:09:27.308 Component rkdisk.dll version 1.5.30.0
2016-04-13 03:09:27.324 Version info: Product version 2.5.5
2016-04-13 03:09:27.324 Version info: Detection engine 3.64.0
2016-04-13 03:09:27.324 Version info: Detection data 5.25
2016-04-13 03:09:27.324 Version info: Build date 3/8/2016
2016-04-13 03:09:27.324 Version info: Data files added 336
2016-04-13 03:09:27.324 Version info: Last successful update 4/12/2016 11:09:21 PM

2016-04-13 03:44:48.938 Could not open C:\hiberfil.sys
2016-04-13 03:50:05.154 Could not open C:\System Volume Information\{1231dab3-fcea-11e5-b9c7-003067e50f31}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-13 03:50:05.154 Could not open C:\System Volume Information\{18cb34f8-0001-11e6-ab24-003067e50f31}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-13 03:50:05.154 Could not open C:\System Volume Information\{18cb3625-0001-11e6-ab24-003067e50f31}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-13 03:50:05.154 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-13 03:50:05.154 Could not open C:\System Volume Information\{8875319e-fba7-11e5-989e-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-13 03:50:05.170 Could not open C:\System Volume Information\{887531a2-fba7-11e5-989e-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-13 03:50:05.170 Could not open C:\System Volume Information\{887531a8-fba7-11e5-989e-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-13 03:50:05.170 Could not open C:\System Volume Information\{887531ac-fba7-11e5-989e-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-13 03:50:05.170 Could not open C:\System Volume Information\{887531b0-fba7-11e5-989e-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-13 03:50:05.170 Could not open C:\System Volume Information\{c65b8306-00de-11e6-9e14-003067e50f31}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-13 03:52:59.548 Could not check C:\Windows\Installer\SourceHash{8937D274-C281-42E4-8CDB-A0B2DF979189} (corrupt)
2016-04-13 03:54:00.482 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-04-13 03:54:00.482 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-04-13 03:54:01.293 Could not open C:\Windows\System32\config\components
2016-04-13 03:54:01.324 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-04-13 03:54:01.324 Could not open C:\Windows\System32\config\RegBack\SAM
2016-04-13 03:54:01.324 Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-04-13 03:54:01.324 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-04-13 03:54:01.324 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-04-13 03:54:07.814 Could not open C:\Windows\System32\drivers\sptd.sys
2016-04-13 04:20:39.267 Could not open D:\pagefile.sys
2016-04-13 04:44:46.826 >>> Virus 'Mal/Generic-S' found in file H:\Assassins Creed IV Black Flag\uplay_r1.dll
2016-04-13 04:44:46.826 >>> Virus 'Mal/Generic-S' found in file H:\Assassins Creed IV Black Flag\uplay_r1.dll
2016-04-13 04:44:46.826 >>> Virus 'Mal/Generic-S' found in file H:\Assassins Creed IV Black Flag\uplay_r1.dll
2016-04-13 04:44:46.826 >>> Virus 'Mal/Generic-S' found in file H:\Assassins Creed IV Black Flag\uplay_r1.dll
2016-04-13 04:44:46.826 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:44:46.826 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:44:46.826 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:06.357 >>> Virus 'Mal/VMProtBad-A' found in file H:\Dead Rising 3\steam_api.dll
2016-04-13 04:45:06.357 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:06.357 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:06.357 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:10.491 >>> Virus 'Mal/VMProtBad-A' found in file H:\Dont Starve Reign of Giants\bin\steamclient.dll
2016-04-13 04:45:10.491 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:10.491 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:10.491 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:13.237 >>> Virus 'Mal/VMProtBad-A' found in file H:\Dont Starve Reign of Giants\bin\steam_api.dll
2016-04-13 04:45:13.237 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:13.237 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:13.237 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:49.553 >>> Virus 'Mal/Generic-S' found in file H:\Injustice Gods Among Us Ultimate Edition\DiscContentPCG\steam_api.dll
2016-04-13 04:45:49.553 >>> Virus 'Mal/Generic-S' found in file H:\Injustice Gods Among Us Ultimate Edition\DiscContentPCG\steam_api.dll
2016-04-13 04:45:49.553 >>> Virus 'Mal/Generic-S' found in file H:\Injustice Gods Among Us Ultimate Edition\DiscContentPCG\steam_api.dll
2016-04-13 04:45:49.553 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:49.553 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:45:49.553 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:46:28.912 >>> Virus 'Mal/VMProtBad-A' found in file H:\Sideway - New York\Win32\steam_api.dll
2016-04-13 04:46:28.912 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:46:28.912 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:46:28.912 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-13 04:47:16.758 The following items will be cleaned up:
2016-04-13 04:47:16.758 Mal/Generic-S
2016-04-13 04:47:16.758 Mal/VMProtBad-A
 
:)

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

===================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
781
uber_beetle
uber_beetle

Latest posts

Back