TechSpot

Name Not Available Virus but not in the way you'd think

By Nathan R
Jan 9, 2016
  1. Alright, so I have the above-mentioned infection, however, there is no unwanted audio in the background. I can't control my audio levels unless I use the control on my speakers themselves, and VLC is not able to output audio at all. Chrome/Youtube is able to run sound as well as other system sounds.
     
  2. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    I also was unable to find any application/registry history of the virus and Kaspersky and Malware Bytes have not caught the infection.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
    Ran by Nathan (administrator) on NATALIA (09-01-2016 22:07:23)
    Running from C:\Users\Nathan\Downloads
    Loaded Profiles: Nathan (Available Profiles: Nathan & DefaultAppPool)
    Platform: Windows 10 Pro (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    () C:\Windows\System32\PnkBstrA.exe
    (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Windows\System32\SndVol.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1766912 2013-08-15] (Corsair Components Inc)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
    HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE
    HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
    HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638768 2015-12-03] (Electronic Arts)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [Spotify Web Helper] => C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-04] (Spotify Ltd)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-07-10] (Microsoft Corporation)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [Spotify] => C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe [8316528 2016-01-04] (Spotify Ltd)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [7739904 2016-01-04] (Sand Studio)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [CA737A4C8A218980B307F7230906C3F73A69889A._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [807752 2016-01-07] (Google Inc.)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\MountPoints2: {4513afdb-9525-11e4-a91e-001bdc0fc54f} - "D:\VerizonSWUpgradeAssistantLauncher.exe"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-05-09]
    ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
    Startup: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound - Shortcut.lnk [2014-09-03]
    ShortcutTarget: Sound - Shortcut.lnk -> (No File)
     
  5. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{1b5afcff-5cba-45e7-86a8-14a91aa682ef}: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{2bb28eea-e84e-4cf5-9ad2-198c6d1f77d6}: [DhcpNameServer] 192.168.2.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://web-mont.mail04.mil/
    BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
    BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-30] (AO Kaspersky Lab)
    BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-09] (Oracle Corporation)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
    BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-30] (AO Kaspersky Lab)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-09] (Oracle Corporation)
    Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-30] (AO Kaspersky Lab)
    Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-30] (AO Kaspersky Lab)
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\3w1fajri.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-03] ()
    FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File]
    FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-03] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
    FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-09] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-09] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
    FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2013-12-03] (Verimatrix, Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-344140053-2034629372-3514804246-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2013-12-03] (Verimatrix, Inc.)
    FF Extension: FirefoxAdKiller - C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\3w1fajri.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2015-06-01]
    FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-02]
    FF Extension: Adblock Plus - C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\3w1fajri.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-20]
    FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
    FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-02]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.facebook.com/
    CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxps://docs.google.com/spreadsheet/ccc?key=0Aku1E7eRIiavdEp4UjBpa0I4X3NMZE9nODRPMEo3V0E&usp=drive_web#gid=2"
    CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
    CHR Extension: (Angry Birds) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-14]
    CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
    CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2014-07-22]
    CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR Extension: (Language Immersion for Chrome) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2015-12-07]
    CHR Extension: (Kaspersky Protection) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-07-22]
    CHR Extension: (Adblock Plus) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
    CHR Extension: (Adblock for Youtube™) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-10-16]
    CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Rather) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm [2015-10-17]
    CHR Extension: (Kaspersky Protection) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-30]
    CHR Extension: (Photo Zoom for Facebook) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-06]
    CHR Extension: (Google Sheets) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
    CHR Extension: (Google Docs Offline) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
    CHR Extension: (AdBlock) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-08]
    CHR Extension: (ScrewAds Plus for YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkneiphdbaaeambcmhiiildkffacbip [2014-07-22]
    CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-01-04]
    CHR Extension: (Flamite) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2016-01-03]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-12-07]
    CHR Extension: (AgarioMods Evergreen Script) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjgdbihpkphlammdaeicdemggagfbdo [2015-10-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
    CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
    CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    CHR HKU\S-1-5-21-344140053-2034629372-3514804246-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
    CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
     
  6. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-12-04] (Advanced Micro Devices) [File not signed]
    R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-11-30] (Kaspersky Lab ZAO)
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
    R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122888 2015-06-22] (Creative Technology Ltd)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-03] (Electronic Arts)
    S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1008880 2015-12-15] (Overwolf LTD)
    R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-28] ()
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-01] ()
    R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
    S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2015-12-16] (Advanced Micro Devices)
    S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
    R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-17] (Advanced Micro Devices)
    R1 BfLwf; C:\Windows\system32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
    R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
    R3 cthda; C:\Windows\system32\drivers\cthda.sys [1074472 2015-06-22] (Creative Technology Ltd)
    R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [42792 2015-06-22] (Creative Technology Ltd)
    S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader)
    R3 Ke2200; C:\Windows\System32\drivers\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
    R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
    R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
    R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
    S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
    R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-11-30] (AO Kaspersky Lab)
    R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-30] (AO Kaspersky Lab)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-02] (AO Kaspersky Lab)
    R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-30] (AO Kaspersky Lab)
    R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-11-30] (Kaspersky Lab ZAO)
    R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-09] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-07-10] (Realtek Semiconductor Corporation )
    S3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [37888 2010-05-14] (Generic)
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    U3 idsvc; no ImagePath
    S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-09 22:07 - 2016-01-09 22:07 - 00026297 _____ C:\Users\Nathan\Downloads\FRST.txt
    2016-01-09 22:06 - 2016-01-09 22:07 - 05646860 _____ (Swearware) C:\Users\Nathan\Downloads\ComboFix.exe
    2016-01-09 22:06 - 2016-01-09 22:07 - 00000000 ____D C:\FRST
    2016-01-09 22:06 - 2016-01-09 22:06 - 01749504 _____ C:\Users\Nathan\Downloads\AdwCleaner.exe
    2016-01-09 22:05 - 2016-01-09 22:06 - 02370560 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
    2016-01-09 22:05 - 2016-01-09 22:06 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Nathan\Downloads\rkill.exe
    2016-01-09 21:51 - 2016-01-09 21:51 - 00002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2016-01-09 21:51 - 2016-01-09 21:51 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-01-09 21:51 - 2016-01-09 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-01-09 21:51 - 2016-01-09 21:51 - 00000000 ____D C:\Program Files\CCleaner
    2016-01-09 21:32 - 2016-01-09 21:32 - 00016148 _____ C:\WINDOWS\system32\NATALIA_Nathan_HistoryPrediction.bin
    2016-01-09 21:25 - 2016-01-09 21:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-01-09 21:25 - 2016-01-09 21:25 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-01-09 21:25 - 2016-01-09 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-09 21:25 - 2016-01-09 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-01-09 21:25 - 2016-01-09 21:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-01-09 21:25 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-01-09 21:25 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-01-09 21:25 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-01-09 19:56 - 2016-01-09 21:03 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2016-01-09 19:55 - 2016-01-09 19:55 - 00000000 ____D C:\WINDOWS\pss
    2016-01-09 19:50 - 2016-01-09 19:50 - 00000000 ____D C:\$SysReset
    2016-01-09 10:25 - 2016-01-09 10:25 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2015-12-21 15:43 - 2016-01-09 18:39 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\dvdcss
    2015-12-18 19:07 - 2015-12-18 19:07 - 00000000 ____D C:\ProgramData\ATI
    2015-12-16 14:45 - 2015-12-16 14:45 - 10919104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
    2015-12-16 14:45 - 2015-12-16 14:45 - 09158496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
    2015-12-16 14:45 - 2015-12-16 14:45 - 09105552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
    2015-12-16 14:45 - 2015-12-16 14:45 - 08168856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
    2015-12-16 14:45 - 2015-12-16 14:45 - 00143080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
    2015-12-16 14:45 - 2015-12-16 14:45 - 00112392 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 11011560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 08426376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 01249664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00471344 _____ C:\WINDOWS\system32\amdmiracast.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00130616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
    2015-12-16 14:43 - 2015-12-16 14:43 - 00151968 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
    2015-12-16 14:43 - 2015-12-16 14:43 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
    2015-12-16 14:43 - 2015-12-16 14:43 - 00128568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
    2015-12-16 14:43 - 2015-12-16 14:43 - 00120200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00243728 _____ C:\WINDOWS\system32\clinfo.exe
    2015-12-16 14:41 - 2015-12-16 14:41 - 00232464 _____ C:\WINDOWS\system32\dgtrayicon.exe
    2015-12-16 14:41 - 2015-12-16 14:41 - 00203792 _____ C:\WINDOWS\system32\hsa-thunk64.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00183312 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00136208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00122384 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00104976 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00012816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00012816 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
    2015-12-16 14:37 - 2015-12-16 14:37 - 25848848 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
    2015-12-16 14:37 - 2015-12-16 14:37 - 00199696 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
    2015-12-16 14:37 - 2015-12-16 14:37 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
    2015-12-16 14:37 - 2015-12-16 14:37 - 00089616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
    2015-12-16 14:35 - 2015-12-16 14:35 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
    2015-12-16 14:34 - 2015-12-16 14:34 - 31385616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
    2015-12-16 14:34 - 2015-12-16 14:34 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
    2015-12-16 14:32 - 2015-12-16 14:32 - 00040464 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
    2015-12-16 14:29 - 2015-12-16 14:29 - 00561168 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
    2015-12-16 14:29 - 2015-12-16 14:29 - 00254992 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
    2015-12-16 14:29 - 2015-12-16 14:29 - 00166416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
    2015-12-16 14:29 - 2015-12-16 14:29 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
    2015-12-16 14:29 - 2015-12-16 14:29 - 00084504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
    2015-12-16 14:29 - 2015-12-16 14:29 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
    2015-12-16 14:29 - 2015-12-16 14:29 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
    2015-12-16 14:28 - 2015-12-16 14:28 - 00451088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
    2015-12-16 14:28 - 2015-12-16 14:28 - 00171032 _____ C:\WINDOWS\system32\atieah64.exe
    2015-12-16 14:28 - 2015-12-16 14:28 - 00154128 _____ C:\WINDOWS\SysWOW64\atieah32.exe
    2015-12-16 14:28 - 2015-12-16 14:28 - 00071184 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
    2015-12-16 14:28 - 2015-12-16 14:28 - 00060944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
    2015-12-16 14:27 - 2015-12-16 14:27 - 15720464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
    2015-12-16 14:27 - 2015-12-16 14:27 - 14310928 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
    2015-12-16 14:26 - 2015-12-16 14:26 - 00375824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
    2015-12-16 14:26 - 2015-12-16 14:26 - 00064528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
    2015-12-16 14:26 - 2015-12-16 14:26 - 00057872 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
    2015-12-16 14:25 - 2015-12-16 14:25 - 49992720 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
    2015-12-16 14:25 - 2015-12-16 14:25 - 01281552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
    2015-12-16 14:25 - 2015-12-16 14:25 - 00950288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
    2015-12-16 14:25 - 2015-12-16 14:25 - 00950288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
    2015-12-16 14:25 - 2015-12-16 14:25 - 00052240 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
    2015-12-16 14:22 - 2015-12-16 14:22 - 27605008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
    2015-12-16 14:21 - 2015-12-16 14:21 - 22357008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
    2015-12-16 14:20 - 2015-12-16 14:20 - 41519120 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
    2015-12-16 14:19 - 2015-12-16 14:19 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
    2015-12-16 14:19 - 2015-12-16 14:19 - 00048144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
    2015-12-16 14:17 - 2015-12-16 14:17 - 06651920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
    2015-12-16 14:16 - 2015-12-16 14:16 - 05232656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
    2015-12-16 14:15 - 2015-12-16 14:15 - 00686608 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
    2015-12-16 14:15 - 2015-12-16 14:15 - 00571408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00305392 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
    2015-12-16 14:13 - 2015-12-16 14:13 - 00213520 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00198672 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00143376 _____ C:\WINDOWS\system32\amdhdl64.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00132112 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00073744 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00068112 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
    2015-12-16 13:07 - 2015-12-16 13:07 - 10339016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
    2015-12-16 04:11 - 2015-12-16 04:11 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
    2015-12-16 04:11 - 2015-12-16 04:11 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
    2015-12-16 04:09 - 2015-12-16 04:09 - 00683968 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
    2015-12-16 04:09 - 2015-12-16 04:09 - 00683968 _____ C:\WINDOWS\system32\atiapfxx.blb
    2015-12-15 09:59 - 2015-12-15 10:00 - 00000000 ____D C:\Users\Nathan\AppData\Local\paint.net
    2015-12-15 09:59 - 2015-12-15 09:59 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
    2015-12-15 09:59 - 2015-12-15 09:59 - 00001092 _____ C:\Users\Public\Desktop\paint.net.lnk
    2015-12-15 09:59 - 2015-12-15 09:59 - 00000000 ____D C:\Program Files\paint.net
     
  7. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-09 22:06 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
    2016-01-09 22:04 - 2014-05-09 16:23 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-09 21:51 - 2015-10-03 13:00 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\TS3Client
    2016-01-09 21:51 - 2015-08-22 10:38 - 00000000 ____D C:\WINDOWS\Minidump
    2016-01-09 21:51 - 2015-08-06 19:53 - 00000000 ___DC C:\WINDOWS\Panther
    2016-01-09 21:51 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
    2016-01-09 21:51 - 2014-05-11 17:46 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-09 21:39 - 2015-08-06 15:56 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-09 21:34 - 2014-05-09 16:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-01-09 21:32 - 2015-08-06 15:55 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2016-01-09 21:32 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-09 21:32 - 2015-07-10 04:05 - 08126464 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-09 21:32 - 2014-05-09 16:23 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-09 21:32 - 2014-05-09 08:49 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2016-01-09 21:31 - 2015-08-06 16:18 - 00000000 ___RD C:\Users\Nathan\OneDrive
    2016-01-09 21:31 - 2014-12-08 18:13 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Spotify
    2016-01-09 21:12 - 2015-12-07 15:45 - 00000000 ___RD C:\Users\Nathan\Google Drive
    2016-01-09 21:12 - 2015-11-30 11:02 - 00000000 ____D C:\Users\Nathan\Documents\AirDroid
    2016-01-09 21:12 - 2014-12-08 18:14 - 00000000 ____D C:\Users\Nathan\AppData\Local\Spotify
    2016-01-09 21:12 - 2014-05-17 12:40 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Raptr
    2016-01-09 19:49 - 2015-08-06 15:56 - 00000000 ____D C:\Users\Nathan
    2016-01-09 19:39 - 2015-10-10 01:56 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\vlc
    2016-01-09 18:51 - 2015-05-29 09:42 - 00000000 ____D C:\Users\Nathan\AppData\Local\Torch
    2016-01-09 18:25 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-01-09 18:18 - 2015-09-26 06:34 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{367B0B6C-DE50-4FC3-A5D5-D66328088F5F}
    2016-01-09 18:17 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-01-09 17:38 - 2014-05-10 12:11 - 00000000 ____D C:\ProgramData\Origin
    2016-01-09 13:08 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-01-09 10:25 - 2015-12-02 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
    2016-01-09 10:25 - 2015-12-02 12:22 - 00000078 ___RH C:\WINDOWS\ctfile.rfc
    2016-01-08 21:57 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-07 14:05 - 2015-12-07 15:04 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-01-07 14:05 - 2015-12-07 15:04 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-01-07 13:37 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-04 12:18 - 2015-11-30 11:01 - 00000000 ____D C:\Program Files (x86)\AirDroid
    2016-01-04 01:00 - 2015-10-03 13:00 - 00000000 ____D C:\Program Files (x86)\Overwolf
    2016-01-03 15:20 - 2015-10-06 12:25 - 00000000 ____D C:\Users\Nathan\Documents\DolbyAxon
    2016-01-02 20:40 - 2015-10-03 09:38 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-01-02 20:40 - 2015-10-03 09:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-18 19:08 - 2015-12-05 22:36 - 00000000 ____D C:\Program Files (x86)\Raptr
    2015-12-18 19:08 - 2015-08-06 15:55 - 00000000 ____D C:\Program Files\AMD
    2015-12-18 19:08 - 2014-05-09 08:37 - 00000000 ____D C:\Program Files (x86)\AMD
    2015-12-18 19:05 - 2014-05-09 08:53 - 00000000 ____D C:\AMD
    2015-12-16 19:01 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
    2015-12-16 17:07 - 2015-12-05 22:27 - 00021288 _____ (RW-Everything) C:\WINDOWS\SysWOW64\Drivers\AxtuDrv.sys
    2015-12-16 17:06 - 2015-10-15 13:39 - 00000000 ____D C:\Program Files (x86)\SpeedFan
    2015-12-16 14:45 - 2015-07-16 01:12 - 00162784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
    2015-12-16 14:44 - 2015-07-16 01:11 - 13313544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
    2015-12-16 14:44 - 2015-07-16 01:11 - 01519232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
    2015-12-16 14:41 - 2015-11-24 02:33 - 00874000 _____ (AMD) C:\WINDOWS\system32\coinst_15.30.dll
    2015-12-16 14:31 - 2015-07-16 01:06 - 23969808 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
    2015-12-16 14:31 - 2015-07-16 00:13 - 00679952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
    2015-12-14 15:01 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
    2015-12-14 14:54 - 2014-05-09 09:52 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-12-14 14:51 - 2014-05-09 09:52 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-12-14 09:49 - 2015-08-06 16:18 - 00002366 _____ C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-12-13 12:39 - 2015-07-10 07:20 - 00228680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-12-12 18:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-12-12 18:36 - 2014-05-10 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-12-11 03:44 - 2015-02-19 12:16 - 00000000 ____D C:\Users\Nathan\AppData\Local\Steam
    2015-12-10 18:52 - 2014-05-10 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-12-10 18:51 - 2014-05-10 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-12-10 18:35 - 2015-12-03 09:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    ==================== Files in the root of some directories =======

    2014-05-09 08:41 - 2014-05-09 08:41 - 0000000 _____ () C:\Users\Nathan\AppData\Local\Driver_LOM_8161Present.flag
    2014-06-24 16:27 - 2014-06-24 16:27 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-08-06 15:55 - 2015-08-06 15:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Files to move or delete:
    ====================
    C:\Users\Nathan\AdobeAIRInstaller.exe
    C:\Users\Nathan\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
    C:\Users\Nathan\chromeinstall-8u31.exe
    C:\Users\Nathan\Firefox Setup 31.0.exe
    C:\Users\Nathan\npp.6.6.9.Installer.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-09 10:52

    ==================== End of FRST.txt ============================
     
  8. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
    Ran by Nathan (2016-01-09 22:07:52)
    Running from C:\Users\Nathan\Downloads
    Windows 10 Pro (X64) (2015-08-06 21:16:49)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-344140053-2034629372-3514804246-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-344140053-2034629372-3514804246-503 - Limited - Disabled)
    Guest (S-1-5-21-344140053-2034629372-3514804246-501 - Limited - Disabled)
    Nathan (S-1-5-21-344140053-2034629372-3514804246-1000 - Administrator - Enabled) => C:\Users\Nathan

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Kaspersky Anti-Virus (Enabled - Out of date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
    AS: Kaspersky Anti-Virus (Enabled - Out of date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    ACP Application (Version: 2015.1204.1152.59 - Advanced Micro Devices, Inc.) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
    AirDroid 3.2.1.1 (HKLM-x32\...\AirDroid) (Version: 3.2.1.1 - Sand Studio)
    Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.2.0 - )
    Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.2.0 - ) Hidden
    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
    Andy OS (HKLM-x32\...\Andy OS) (Version: 0.41 - Andy OS, Inc)
    Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
    ASRock InstantBoot v1.30 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
    Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.0.2.0 - Autodesk)
    Autodesk Pixlr (x32 Version: 1.0.2.0 - Autodesk) Hidden
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Corsair M65 Gaming Mouse Driver V1.0 (HKLM-x32\...\{62CC0366-207F-4BC3-97B1-4D4615B5BF0B}_is1) (Version: 1.00.00.11 - )
    Creative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dogecoin Core (64-bit) (HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Dogecoin Core (64-bit)) (Version: 1.7.0 - Dogecoin project)
    Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
    Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
    DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
    Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
    Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
    Free Viewer (HKLM\...\{5EF92F52-FA16-4CA6-A204-811524BEE514}_is1) (Version: 2.0.4 - Blue Labs, LLC)
    F-Stream Tuning v0.1.73.51 (HKLM-x32\...\F-Stream Tuning_is1) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.71 - Google Inc.)
    Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
    HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
    Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
    Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
    LG VZW United Drivers (HKLM-x32\...\{AAAB3333-0F97-4A5D-B725-FFD7E7450FD9}) (Version: 2.14.1 - LG Electronics)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.54.10 - Black Tree Gaming)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
    NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
    Overwolf (HKLM-x32\...\Overwolf) (Version: 0.91.145.0 - Overwolf Ltd.)
    paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
    PDG GOLD NCO - 2013 (HKLM-x32\...\com.mcmguides.pdg.NCO.2013) (Version: 5.1.49 - McMillan Study Guides, Inc.)
    PDG GOLD NCO - 2013 (x32 Version: 5.1.49 - McMillan Study Guides, Inc.) Hidden
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Python 2.7.7 (64-bit) (HKLM\...\{049CA433-77A0-4e48-AC76-180A282C4E11}) (Version: 2.7.7150 - Python Software Foundation)
    Python 3.4.2 (64-bit) (HKLM\...\{cd723946-09c1-38d3-8542-732ba931e9ef}) (Version: 3.4.2150 - Python Software Foundation)
    Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
    Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
    QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
    Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
    Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Skyrim Ultimate Killer Mod 2.01 (HKLM-x32\...\Skyrim Ultimate Killer Mod 2.01) (Version: 2.01 - Eden Gallant)
    Sound Blaster Z-Series (HKLM-x32\...\{9E61ABC7-B276-46F1-808F-A8A4EF0D57DF}) (Version: 1.01.03 - Creative Technology Limited)
    Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spotify (HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
    The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
    The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED)
    ViewRight Web PC 3.5.0.0 (HKLM-x32\...\{AE7DE91C-A5CE-45C1-AF68-B27E29912D8F}) (Version: 3.5.0.0 - Verimatrix, Inc.)
    VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0187 - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-344140053-2034629372-3514804246-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {063888EE-AA7D-4A03-9992-E3B69FC6F472} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {07D3E555-7119-44C9-9714-606558B42761} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {0BFFC4A9-5922-42D0-A4E3-FDF24749BB13} - System32\Tasks\{52F9C1B5-E261-4947-A252-2DC19B099263} => pcalua.exe -a C:\Users\Nathan\Documents\unetbootin-windows-608.exe -d C:\Users\Nathan\Documents
    Task: {15F299E7-1288-43AF-AF6C-74479381EDD0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {16B98657-AF58-4BB0-810C-1DBC18342A4B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-14] (Microsoft Corporation)
    Task: {17E03E23-AD9C-4ECD-89F3-C0BFF7BBE685} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {18787EDE-7EC8-4687-98DE-45A8903898E6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {22BCBBFB-8A38-41E7-BCAE-D84726BDD172} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {26CC1D4C-C181-42EA-9104-170496277CF2} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {2D106E7E-FE72-41B9-A6BB-268DC48516A9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {31D9C001-AA1F-4194-944E-280724753C4C} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-12-15] (Overwolf LTD)
    Task: {48B19E18-4D0E-4836-B981-DBCF4D0FD19A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {54ADD333-A674-4414-8E90-71F0AEA4ED65} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {5C473065-3F80-4095-AA7C-66D994989F0A} - System32\Tasks\{6E197811-DDB7-425C-A270-E13098BC572F} => pcalua.exe -a C:\Users\Nathan\AppData\Local\Temp\Temp2_SETUP_0.118.zip\SETUP_0.118.exe
    Task: {62E750FA-7FED-4AD2-A3F7-8818259F4A83} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {66D3556B-976C-41C1-91E6-525C0A7D88CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {6793E729-387D-4DB0-B307-74C2580BD544} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {6A84288B-841E-4D1F-8E1E-8080AF5428BB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {6C836039-17EA-4803-9482-5C2656D55D2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {6EF1B11C-3234-47D0-8E50-041667617EC4} - System32\Tasks\{C51D374A-A907-4692-A40F-FB4780BE8B8B} => pcalua.exe -a C:\Users\Nathan\AppData\Local\Temp\Temp1_InstallRoot_v3.16.1A.zip\InstallRoot_v3.16.1A.exe
    Task: {7431D199-38F7-447C-877B-8F557C039867} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)
    Task: {89601E57-BF03-4EF3-AC6F-CFE35A03B7EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
    Task: {9302C133-8558-43F8-B444-DE9108313957} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {9E7ACAB1-9C2D-4439-A0C2-F8C895BBB664} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {9F8F529C-90CB-4A36-AC99-BAD3F023D1FB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {A16C7FF8-128A-48D5-B25A-5647FBFBEE74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
    Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {A256F93C-D39A-4C85-9FA7-31D77A6BED7C} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {A281C0B9-D971-4C60-A15A-822C8EC6B2EB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {A44E1930-993D-49E8-8553-722BAD0F2EC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {A90EBAA9-A144-4E09-8343-4611E9D7DA0C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {AA5D4E44-3B21-4D47-A0D4-F04D4D6373BC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {AF5EFC28-4804-4FDC-8382-A25B8FECBB2C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {B14DF7AB-3E37-4DAC-A4E6-6BA60B8D2B9C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {B2105CC2-C1B6-459D-8E73-F7660F46661C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {B2235008-0CB3-4C0B-B073-E1B7990C62D5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {BEC2F307-7BDA-4C13-80EE-73A95B8FAFF1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {C669C590-2127-4333-AF67-4FA8C14B3F96} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {CA60F6B9-23F1-423B-98C0-E4B3DB251425} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {DE145AD7-7F36-4363-B202-74F9E10AC451} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {E414F205-94E8-4857-9504-CDFDE7CE70F4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {E41A225F-059D-4AC4-BE10-261E7BA49E01} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {E5DB472F-8E24-48B4-9C8B-1E274293E2B6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {F099F235-B038-4925-BA7B-C61594C2673A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {F348C2BF-CD56-4C49-9F26-230C6F616A33} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {F4A3F85A-91E0-4C4D-8D4B-F15188461BBE} - System32\Tasks\{A0D2DDC0-DD36-4CF2-9677-8458A4A983CE} => pcalua.exe -a C:\Users\Nathan\AppData\Local\Temp\Temp1_pbsetup.zip\pbsetup.exe
    Task: {FFCD9BA6-3A3A-484F-9B28-38C1AE02FBF7} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
  9. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-10 06:00 - 2015-07-10 06:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
    2015-08-06 19:50 - 2015-08-06 19:50 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-08-20 06:53 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
    2014-06-28 08:59 - 2014-06-28 08:59 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
    2015-10-01 04:20 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-01 04:20 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-10-01 04:19 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-12-08 15:29 - 2015-11-24 23:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-12-08 15:29 - 2015-11-24 23:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-12-08 15:29 - 2015-11-24 23:24 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2015-12-08 15:29 - 2015-11-24 23:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-10-01 04:20 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
    2016-01-07 14:05 - 2016-01-07 04:14 - 02048840 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.71\libglesv2.dll
    2016-01-07 14:05 - 2016-01-07 04:14 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.71\libegl.dll
    2015-12-08 15:29 - 2015-11-24 23:18 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
    2016-01-07 14:05 - 2016-01-07 04:14 - 29251912 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.71\PepperFlash\pepflashplayer.dll
    2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll
    2014-04-23 18:05 - 2014-04-23 18:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-04-23 18:04 - 2014-04-23 18:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
    HKLM\...\StartupApproved\Run: => "XboxStat"
    HKLM\...\StartupApproved\Run: => "StartCN"
    HKLM\...\StartupApproved\Run32: => "Corsair M65 Mouse"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "Andy"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "Raptr"
    HKLM\...\StartupApproved\Run32: => "UpdReg"
    HKLM\...\StartupApproved\Run32: => "Sound Blaster Z-Series Control Panel"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "EADM"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "AirDroid 3"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "CA737A4C8A218980B307F7230906C3F73A69889A._service_run"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "GoogleDriveSync"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{8414B452-CDBE-4804-843E-01C17F1EE5E8}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{9D0216B6-36DC-4110-8EC7-7C53AED9FFE3}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{2C5E2C25-471D-4DEF-971E-E50C1A1B66A4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{437C5059-D93B-4F10-B81A-C69AB49E1311}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{D2A8998A-1672-480B-BFEC-89B4C9AA8B6A}] => (Allow) LPort=1900
    FirewallRules: [{1E2680C3-C083-49C1-86DD-F2D11B8520E9}] => (Allow) LPort=2869
    FirewallRules: [{EC1A9F93-48E8-40B5-B280-4C7B70CEC00B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{11641CC8-8F42-45A0-A34D-23BC24C703D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
    FirewallRules: [{D0A9563C-96A4-4F09-9605-516AA9928139}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
    FirewallRules: [{922EA6DA-7A79-4598-90FD-11DC6F17B4D9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{AAEAA7D2-0EAA-4DE3-80B2-967B9AE1044E}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{F19C39ED-CAA5-4C57-B218-BF98E5B373EB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{054EEA5B-B3E4-44A1-B0F1-CD24333D0B70}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{E82A69EC-7854-40B0-8487-4CA2976DA4B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{ECFC5D7E-CAAC-4318-93C7-6BA08941F766}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{55527C68-E161-406E-87C7-22D4D2B07118}] => (Block) C:\users\nathan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{689866F8-EE27-4D87-BF22-F6669A2EDCE6}] => (Block) C:\users\nathan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{CF020C82-D5C1-456D-AC48-A227C5D8AB51}C:\users\nathan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nathan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{8E6B9F61-BAB5-4F10-831C-51381DA81EDB}C:\users\nathan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nathan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{962F406A-4DF7-4567-8C11-21D097336E3F}] => (Block) C:\program files\andy\andy.exe
    FirewallRules: [{D4361A83-6C7B-4DD0-BE4F-E361ED43CB41}] => (Block) C:\program files\andy\andy.exe
    FirewallRules: [UDP Query User{B9A1D4A3-10DB-4CDC-A903-C40174C21258}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
    FirewallRules: [TCP Query User{345D3EB9-6412-4B58-B73D-3B6F9DD524CA}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
    FirewallRules: [{F83D2E0D-A31F-4A8B-B454-F674D60D9590}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{0314DBC6-EBF1-4ECC-B102-67EC8DC3916C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{894D0C64-8821-4877-9C46-84FD787302C5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{9331F4DA-B106-448A-A49C-85A009D0BD8B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{1809D56A-F1C6-47A8-9C6D-372788D3C7AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{89867D20-DBF6-4092-9E0F-997D1CBD2590}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{1DA5096E-7632-4343-9395-2A55A99920B8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{A75002C4-ECE7-4122-A90F-CEA2B2106BF6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{C9703E19-3734-4EFA-8AE5-D3E75E08ABBB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{ED21379F-983A-428C-88AA-CA4C8815FE95}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{D679AFD4-EE7D-40B3-9434-7FED4CADC587}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{E0EEAD0C-EAE9-43AF-A8E4-681ACA2814A8}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
    FirewallRules: [UDP Query User{46FBFA11-BD16-4042-AB2E-614766833733}C:\program files\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files\dogecoin\dogecoin-qt.exe
    FirewallRules: [TCP Query User{871AEC98-2B6B-4E70-BD78-9DEA2A6D4634}C:\program files\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files\dogecoin\dogecoin-qt.exe
    FirewallRules: [UDP Query User{92B0CBA8-C44E-4FBE-B59F-FA50E18A0593}E:\litecoin\litecoin-qt.exe] => (Allow) E:\litecoin\litecoin-qt.exe
    FirewallRules: [TCP Query User{BD0B2B3D-E792-4F78-BB24-6CAA155DE8C8}E:\litecoin\litecoin-qt.exe] => (Allow) E:\litecoin\litecoin-qt.exe
    FirewallRules: [UDP Query User{F190F28E-56CE-42A6-83CA-752800084432}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
    FirewallRules: [TCP Query User{9FAADA86-0BBE-4D75-8DC2-462D934F3FCA}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
    FirewallRules: [{55B3BE9F-B3F7-4AFA-A9EA-33DD1955FE5B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{806C01F5-4547-45D4-925E-F53A6B9EDA13}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{ACBF5DD0-3839-47EF-A547-FB77650D14C0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{9D4AC43C-2196-4747-887F-126B7208CBA6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{E87F0AB4-C1B4-47F1-8A9E-CBB7F8BB6254}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A99BA7E6-36A3-40C2-AA90-5F287AF8287F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{33E17A3E-EE29-433A-AB0C-DA3D3B8AFE5D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8F83F921-ED17-404B-8AC2-A2619C493880}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{87B69963-881E-4602-9D5F-0FA66AE2F8AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
    FirewallRules: [{596016E3-0786-4889-9008-5D737A9C0D0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
    FirewallRules: [{2D477A02-02AB-4905-9CAA-7E4E4EC8C760}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{AA342E24-22DF-4CB5-8A06-05957B841F29}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{EA75D4B8-C294-4E70-AC85-0E6784E22B2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{DE93F933-4441-475D-904E-1178A85B6601}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [TCP Query User{2C8E62B1-B78B-42FC-8B04-3C5F2CCE8093}C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe
    FirewallRules: [UDP Query User{3CC355CA-16C4-4DB8-86B1-DA732B869431}C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{C0F75297-4D09-4CE2-82B2-5B2641295879}] => (Block) C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{37581AF0-4309-49C8-A632-8C88CCE21599}] => (Block) C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{2F72CC27-5AF4-4DFB-B5A8-89AB0BF706F4}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
    FirewallRules: [{24713DF2-A3E5-4E79-8C69-F317F4029C54}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
    FirewallRules: [{97077AA2-1891-4BEB-A498-99EF73CD31A3}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
    FirewallRules: [{A96299EE-D78C-4E79-AE9D-AFAACB7F395C}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
    FirewallRules: [{6310A055-8D3A-46EB-A808-8AE9ACE2155E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{EB63F9F0-FE75-4F3F-A1AF-4BD2939528A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{FDF76229-EAAF-42EB-B083-BF15800C555F}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [UDP Query User{2C389019-8336-4C72-9F33-2AF44C7E54E1}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [{92CF72C6-DD96-498B-BEA5-62B331C1118C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{408B802F-F18E-4057-B5A6-51123F8779D8}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{8971EC77-7211-4C52-BBC0-EED422E9F396}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{7BCF3DD9-CE40-40AB-BD73-B5743584E233}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [TCP Query User{00668276-4476-4427-A4C1-55CB428DA735}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [UDP Query User{B389E37F-C58F-45E7-B5F1-A1BB3CA8BA89}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [{420206CC-728E-4C14-962A-1D452D2E6E82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{CF7C4578-C79D-464B-A908-E9A88D689CFC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{810D5CFC-057C-4D05-B0F1-0F19BF2F741C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    18-12-2015 19:15:24 Windows Update
    03-01-2016 15:23:31 Windows Update
    06-01-2016 18:08:30 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: AMD High Definition Audio Device
    Description: AMD High Definition Audio Device
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Advanced Micro Devices
    Service: AtiHDAudioService
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Realtek High Definition Audio
    Description: Realtek High Definition Audio
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek
    Service: IntcAzAudAddService
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
  10. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/09/2016 09:14:07 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (4468) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (01/09/2016 09:14:07 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (4468) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/09/2016 09:13:56 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (4468) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (01/09/2016 09:13:56 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (4468) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/09/2016 09:13:46 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (4468) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (01/09/2016 09:13:46 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (4468) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/09/2016 09:13:36 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (4468) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (01/09/2016 09:13:36 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (4468) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/09/2016 09:13:25 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (4468) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (01/09/2016 09:13:25 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (4468) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).


    System errors:
    =============
    Error: (01/09/2016 09:32:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
    %%1058

    Error: (01/09/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/09/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/09/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/09/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/09/2016 09:11:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
    %%1058

    Error: (01/09/2016 09:11:26 PM) (Source: DCOM) (EventID: 10005) (User: NATALIA)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (01/09/2016 09:11:25 PM) (Source: DCOM) (EventID: 10005) (User: NATALIA)
    Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (01/09/2016 09:11:25 PM) (Source: DCOM) (EventID: 10005) (User: NATALIA)
    Description: 1084lfsvcUnavailable{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}

    Error: (01/09/2016 09:11:25 PM) (Source: DCOM) (EventID: 10005) (User: NATALIA)
    Description: 1084lfsvcUnavailable{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}


    CodeIntegrity:
    ===================================
    Date: 2015-12-15 10:01:52.342
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-15 10:01:52.140
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-15 10:01:39.920
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-15 10:01:39.607
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-09 16:29:07.497
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-09 16:29:07.274
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-09 16:29:06.688
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-09 16:29:06.141
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-07 15:35:15.262
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-07 15:35:15.093
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-8350 Eight-Core Processor
    Percentage of memory in use: 56%
    Total physical RAM: 8148.38 MB
    Available physical RAM: 3576.66 MB
    Total Virtual: 16340.38 MB
    Available Virtual: 11145.4 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:237.81 GB) (Free:70.64 GB) NTFS
    Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:904.96 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: (SCARY_MOVIE_3) (CDROM) (Total:6.85 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: 536C1E66)

    Partition: GPT.

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DE8E74E0)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  12. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    Thanks for getting on it so quick. The infection kinda ruined movie night..
     
  13. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    Rkill 2.8.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2016 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 01/09/2016 10:24:35 PM in x64 mode.
    Windows Version: Windows 10 Pro

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 01/09/2016 10:24:41 PM
    Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)
     
  14. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/9/2016
    Scan Time: 21:39
    Logfile: scan log.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.01.09.05
    Rootkit Database: v2016.01.09.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Nathan

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 413074
    Time Elapsed: 9 min, 39 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  15. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    # AdwCleaner v5.028 - Logfile created 09/01/2016 at 22:29:23
    # Updated 04/01/2016 by Xplode
    # Database : 2016-01-04.2 [Server]
    # Operating system : Windows 10 Pro (x64)
    # Username : Nathan - NATALIA
    # Running from : C:\Users\Nathan\Downloads\AdwCleaner.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage
    [-] File Deleted : C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage-journal

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\ilivid
    [-] Key Deleted : HKCU\Software\torch
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\torch

    ***** [ Web browsers ] *****

    [-] [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : babylon.com
    [-] [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.sweetim.com
    [-] [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
    [-] [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : kbfnbcaeplbcioakkpcpgfkobkghlhen

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2018 bytes] ##########
     
  16. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 10 Pro x64
    Ran by Nathan (Administrator) on Sat 01/09/2016 at 22:34:39.24
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 0




    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 01/09/2016 at 22:36:38.38
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  17. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    That would be the last of them!
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You posted rKill log instead of RogurKiller log.
     
  19. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    RogueKiller V11.0.6.0 [Jan 4 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.10240) 64 bits version
    Started in : Normal mode
    User : Nathan [Administrator]
    Started from : C:\Users\Nathan\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 01/10/2016 12:48:24

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] DismHost.exe(1432) -- C:\Windows\Temp\F346B6C7-204B-46F4-B2E7-0E948FF5941A\DismHost.exe[x] -> Killed [TermThr]

    ¤¤¤ Registry : 5 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-344140053-2034629372-3514804246-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://web-mont.mail04.mil/ -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-344140053-2034629372-3514804246-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://web-mont.mail04.mil/ -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-344140053-2034629372-3514804246-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-344140053-2034629372-3514804246-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SanDisk SDSSDHP256G SATA Disk Device +++++
    --- User ---
    [MBR] 28f5a96ad9d3b15914c22701695c7f40
    [BSP] 390a01ce2c9530213351bb5b44578b33 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
    2 - Basic data partition | Offset (sectors): 468992 | Size: 243519 MB
    3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 499195904 | Size: 450 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD10 EZEX-00UD2A0 SATA Disk Device +++++
    --- User ---
    [MBR] a739064efab825511eb79095b7411a36
    [BSP] 41ebe350a8f57d88cbac64124b587a56 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive5: Generic- MS/MS-Pro/HG USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive6: Generic- SD/MMC/MS/MSPRO USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    So far I don't see much there.

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  21. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
    Ran by Nathan (administrator) on NATALIA (10-01-2016 13:10:35)
    Running from C:\Users\Nathan\Downloads
    Loaded Profiles: Nathan (Available Profiles: Nathan & DefaultAppPool)
    Platform: Windows 10 Pro (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
    (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    () C:\Windows\System32\PnkBstrA.exe
    (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\wmi64.exe
    (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1766912 2013-08-15] (Corsair Components Inc)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
    HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE
    HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
    HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638768 2015-12-03] (Electronic Arts)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [Spotify Web Helper] => C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-04] (Spotify Ltd)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-07-10] (Microsoft Corporation)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [Spotify] => C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe [8316528 2016-01-04] (Spotify Ltd)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [7739904 2016-01-04] (Sand Studio)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [CA737A4C8A218980B307F7230906C3F73A69889A._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [807752 2016-01-07] (Google Inc.)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\MountPoints2: {4513afdb-9525-11e4-a91e-001bdc0fc54f} - "D:\VerizonSWUpgradeAssistantLauncher.exe"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-05-09]
    ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
    Startup: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound - Shortcut.lnk [2014-09-03]
    ShortcutTarget: Sound - Shortcut.lnk -> (No File)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{1b5afcff-5cba-45e7-86a8-14a91aa682ef}: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{2bb28eea-e84e-4cf5-9ad2-198c6d1f77d6}: [DhcpNameServer] 192.168.2.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://web-mont.mail04.mil/
    BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
    BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-30] (AO Kaspersky Lab)
    BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-09] (Oracle Corporation)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
    BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-30] (AO Kaspersky Lab)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-09] (Oracle Corporation)
    Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-30] (AO Kaspersky Lab)
    Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-30] (AO Kaspersky Lab)
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\3w1fajri.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-03] ()
    FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File]
    FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-03] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
    FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-09] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-09] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
    FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2013-12-03] (Verimatrix, Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-344140053-2034629372-3514804246-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2013-12-03] (Verimatrix, Inc.)
    FF Extension: FirefoxAdKiller - C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\3w1fajri.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2015-06-01]
    FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-02]
    FF Extension: Adblock Plus - C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\3w1fajri.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-20]
    FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
    FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-02]
     
  22. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.facebook.com/
    CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxps://docs.google.com/spreadsheet/ccc?key=0Aku1E7eRIiavdEp4UjBpa0I4X3NMZE9nODRPMEo3V0E&usp=drive_web#gid=2"
    CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
    CHR Extension: (Angry Birds) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-14]
    CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
    CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2014-07-22]
    CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR Extension: (Language Immersion for Chrome) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2015-12-07]
    CHR Extension: (Kaspersky Protection) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-07-22]
    CHR Extension: (Adblock Plus) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
    CHR Extension: (Adblock for Youtube™) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-10-16]
    CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Rather) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm [2015-10-17]
    CHR Extension: (Kaspersky Protection) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-30]
    CHR Extension: (Photo Zoom for Facebook) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-06]
    CHR Extension: (Google Sheets) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
    CHR Extension: (Google Docs Offline) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
    CHR Extension: (AdBlock) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-08]
    CHR Extension: (ScrewAds Plus for YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkneiphdbaaeambcmhiiildkffacbip [2014-07-22]
    CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-01-09]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-12-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
    CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
    CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    CHR HKU\S-1-5-21-344140053-2034629372-3514804246-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
    CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-12-04] (Advanced Micro Devices) [File not signed]
    R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-11-30] (Kaspersky Lab ZAO)
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
    R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122888 2015-06-22] (Creative Technology Ltd)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-03] (Electronic Arts)
    S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1008880 2015-12-15] (Overwolf LTD)
    R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-28] ()
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-01] ()
    R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
    S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2015-12-16] (Advanced Micro Devices)
    S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
    R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-17] (Advanced Micro Devices)
    R1 BfLwf; C:\Windows\system32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
    R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
    R3 cthda; C:\Windows\system32\drivers\cthda.sys [1074472 2015-06-22] (Creative Technology Ltd)
    R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [42792 2015-06-22] (Creative Technology Ltd)
    S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader)
    R3 Ke2200; C:\Windows\System32\drivers\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
    R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
    R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
    R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
    S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
    R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-11-30] (AO Kaspersky Lab)
    R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-30] (AO Kaspersky Lab)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-02] (AO Kaspersky Lab)
    R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-30] (AO Kaspersky Lab)
    R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-11-30] (Kaspersky Lab ZAO)
    R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-09] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-07-10] (Realtek Semiconductor Corporation )
    S3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [37888 2010-05-14] (Generic)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-10] ()
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    U3 idsvc; no ImagePath
    S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-10 13:07 - 2016-01-10 13:07 - 00016148 _____ C:\WINDOWS\system32\NATALIA_Nathan_HistoryPrediction.bin
    2016-01-10 12:41 - 2016-01-10 12:50 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-01-10 12:41 - 2016-01-10 12:41 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-01-10 12:39 - 2016-01-10 12:41 - 20835400 _____ C:\Users\Nathan\Downloads\RogueKiller.exe
    2016-01-09 22:36 - 2016-01-09 22:36 - 00000555 _____ C:\Users\Nathan\Desktop\JRT.txt
    2016-01-09 22:26 - 2016-01-09 22:29 - 00000000 ____D C:\AdwCleaner
    2016-01-09 22:21 - 2016-01-09 22:21 - 01600184 _____ (Malwarebytes) C:\Users\Nathan\Downloads\JRT.exe
    2016-01-09 22:20 - 2016-01-09 22:20 - 00001040 _____ C:\Users\Nathan\Desktop\scan log.txt
    2016-01-09 22:18 - 2016-01-09 22:24 - 00002310 _____ C:\Users\Nathan\Desktop\Rkill.txt
    2016-01-09 22:07 - 2016-01-10 13:10 - 00024466 _____ C:\Users\Nathan\Downloads\FRST.txt
    2016-01-09 22:07 - 2016-01-09 22:08 - 00052002 _____ C:\Users\Nathan\Downloads\Addition.txt
    2016-01-09 22:06 - 2016-01-10 13:10 - 00000000 ____D C:\FRST
    2016-01-09 22:06 - 2016-01-09 22:26 - 01749504 _____ C:\Users\Nathan\Downloads\AdwCleaner.exe
    2016-01-09 22:06 - 2016-01-09 22:07 - 05646860 _____ (Swearware) C:\Users\Nathan\Downloads\ComboFix.exe
    2016-01-09 22:05 - 2016-01-09 22:18 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Nathan\Downloads\rkill.exe
    2016-01-09 22:05 - 2016-01-09 22:06 - 02370560 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
    2016-01-09 21:51 - 2016-01-09 21:51 - 00002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2016-01-09 21:51 - 2016-01-09 21:51 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-01-09 21:51 - 2016-01-09 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-01-09 21:51 - 2016-01-09 21:51 - 00000000 ____D C:\Program Files\CCleaner
    2016-01-09 21:25 - 2016-01-09 22:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-01-09 21:25 - 2016-01-09 21:25 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-01-09 21:25 - 2016-01-09 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-09 21:25 - 2016-01-09 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-01-09 21:25 - 2016-01-09 21:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-01-09 21:25 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-01-09 21:25 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-01-09 21:25 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-01-09 19:56 - 2016-01-09 21:03 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2016-01-09 19:55 - 2016-01-09 19:55 - 00000000 ____D C:\WINDOWS\pss
    2016-01-09 19:50 - 2016-01-09 19:50 - 00000000 ____D C:\$SysReset
    2016-01-09 10:25 - 2016-01-09 10:25 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2015-12-21 15:43 - 2016-01-09 18:39 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\dvdcss
    2015-12-18 19:07 - 2015-12-18 19:07 - 00000000 ____D C:\ProgramData\ATI
    2015-12-16 14:45 - 2015-12-16 14:45 - 10919104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
    2015-12-16 14:45 - 2015-12-16 14:45 - 09158496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
    2015-12-16 14:45 - 2015-12-16 14:45 - 09105552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
    2015-12-16 14:45 - 2015-12-16 14:45 - 08168856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
    2015-12-16 14:45 - 2015-12-16 14:45 - 00143080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
    2015-12-16 14:45 - 2015-12-16 14:45 - 00112392 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 11011560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 08426376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 01249664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00471344 _____ C:\WINDOWS\system32\amdmiracast.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00130616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
    2015-12-16 14:44 - 2015-12-16 14:44 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
    2015-12-16 14:43 - 2015-12-16 14:43 - 00151968 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
    2015-12-16 14:43 - 2015-12-16 14:43 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
    2015-12-16 14:43 - 2015-12-16 14:43 - 00128568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
    2015-12-16 14:43 - 2015-12-16 14:43 - 00120200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00243728 _____ C:\WINDOWS\system32\clinfo.exe
    2015-12-16 14:41 - 2015-12-16 14:41 - 00232464 _____ C:\WINDOWS\system32\dgtrayicon.exe
    2015-12-16 14:41 - 2015-12-16 14:41 - 00203792 _____ C:\WINDOWS\system32\hsa-thunk64.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00183312 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00136208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00122384 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00104976 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00012816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
    2015-12-16 14:41 - 2015-12-16 14:41 - 00012816 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
    2015-12-16 14:37 - 2015-12-16 14:37 - 25848848 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
    2015-12-16 14:37 - 2015-12-16 14:37 - 00199696 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
    2015-12-16 14:37 - 2015-12-16 14:37 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
    2015-12-16 14:37 - 2015-12-16 14:37 - 00089616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
    2015-12-16 14:35 - 2015-12-16 14:35 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
    2015-12-16 14:34 - 2015-12-16 14:34 - 31385616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
    2015-12-16 14:34 - 2015-12-16 14:34 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
    2015-12-16 14:32 - 2015-12-16 14:32 - 00040464 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
    2015-12-16 14:29 - 2015-12-16 14:29 - 00561168 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
    2015-12-16 14:29 - 2015-12-16 14:29 - 00254992 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
    2015-12-16 14:29 - 2015-12-16 14:29 - 00166416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
    2015-12-16 14:29 - 2015-12-16 14:29 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
    2015-12-16 14:29 - 2015-12-16 14:29 - 00084504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
    2015-12-16 14:29 - 2015-12-16 14:29 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
    2015-12-16 14:29 - 2015-12-16 14:29 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
    2015-12-16 14:28 - 2015-12-16 14:28 - 00451088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
    2015-12-16 14:28 - 2015-12-16 14:28 - 00171032 _____ C:\WINDOWS\system32\atieah64.exe
    2015-12-16 14:28 - 2015-12-16 14:28 - 00154128 _____ C:\WINDOWS\SysWOW64\atieah32.exe
    2015-12-16 14:28 - 2015-12-16 14:28 - 00071184 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
    2015-12-16 14:28 - 2015-12-16 14:28 - 00060944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
    2015-12-16 14:27 - 2015-12-16 14:27 - 15720464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
    2015-12-16 14:27 - 2015-12-16 14:27 - 14310928 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
    2015-12-16 14:26 - 2015-12-16 14:26 - 00375824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
    2015-12-16 14:26 - 2015-12-16 14:26 - 00064528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
    2015-12-16 14:26 - 2015-12-16 14:26 - 00057872 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
    2015-12-16 14:25 - 2015-12-16 14:25 - 49992720 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
    2015-12-16 14:25 - 2015-12-16 14:25 - 01281552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
    2015-12-16 14:25 - 2015-12-16 14:25 - 00950288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
    2015-12-16 14:25 - 2015-12-16 14:25 - 00950288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
    2015-12-16 14:25 - 2015-12-16 14:25 - 00052240 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
    2015-12-16 14:22 - 2015-12-16 14:22 - 27605008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
    2015-12-16 14:21 - 2015-12-16 14:21 - 22357008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
    2015-12-16 14:20 - 2015-12-16 14:20 - 41519120 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
    2015-12-16 14:19 - 2015-12-16 14:19 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
    2015-12-16 14:19 - 2015-12-16 14:19 - 00048144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
    2015-12-16 14:17 - 2015-12-16 14:17 - 06651920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
    2015-12-16 14:16 - 2015-12-16 14:16 - 05232656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
    2015-12-16 14:15 - 2015-12-16 14:15 - 00686608 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
    2015-12-16 14:15 - 2015-12-16 14:15 - 00571408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00305392 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
    2015-12-16 14:13 - 2015-12-16 14:13 - 00213520 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00198672 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00143376 _____ C:\WINDOWS\system32\amdhdl64.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00132112 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00073744 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
    2015-12-16 14:13 - 2015-12-16 14:13 - 00068112 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
    2015-12-16 13:07 - 2015-12-16 13:07 - 10339016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
    2015-12-16 04:11 - 2015-12-16 04:11 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
    2015-12-16 04:11 - 2015-12-16 04:11 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
    2015-12-16 04:09 - 2015-12-16 04:09 - 00683968 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
    2015-12-16 04:09 - 2015-12-16 04:09 - 00683968 _____ C:\WINDOWS\system32\atiapfxx.blb
    2015-12-15 09:59 - 2015-12-15 10:00 - 00000000 ____D C:\Users\Nathan\AppData\Local\paint.net
    2015-12-15 09:59 - 2015-12-15 09:59 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
    2015-12-15 09:59 - 2015-12-15 09:59 - 00001092 _____ C:\Users\Public\Desktop\paint.net.lnk
    2015-12-15 09:59 - 2015-12-15 09:59 - 00000000 ____D C:\Program Files\paint.net

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-10 13:07 - 2015-08-06 15:55 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2016-01-10 13:07 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-10 13:07 - 2015-07-10 04:05 - 08126464 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-10 13:07 - 2014-05-09 16:23 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-10 13:07 - 2014-05-09 16:23 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-10 13:07 - 2014-05-09 08:49 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2016-01-10 12:44 - 2015-08-06 15:56 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-10 12:44 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
    2016-01-10 12:41 - 2015-09-26 06:34 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{367B0B6C-DE50-4FC3-A5D5-D66328088F5F}
    2016-01-10 12:40 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
    2016-01-09 23:30 - 2014-05-11 17:46 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-09 22:47 - 2015-11-30 11:02 - 00000000 ____D C:\Users\Nathan\Documents\AirDroid
    2016-01-09 22:34 - 2014-05-09 16:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-01-09 22:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-01-09 21:51 - 2015-10-03 13:00 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\TS3Client
    2016-01-09 21:51 - 2015-08-22 10:38 - 00000000 ____D C:\WINDOWS\Minidump
    2016-01-09 21:51 - 2015-08-06 19:53 - 00000000 ___DC C:\WINDOWS\Panther
    2016-01-09 21:31 - 2015-08-06 16:18 - 00000000 ___RD C:\Users\Nathan\OneDrive
    2016-01-09 21:31 - 2014-12-08 18:14 - 00000000 ____D C:\Users\Nathan\AppData\Local\Spotify
    2016-01-09 21:31 - 2014-12-08 18:13 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Spotify
    2016-01-09 21:12 - 2015-12-07 15:45 - 00000000 ___RD C:\Users\Nathan\Google Drive
    2016-01-09 21:12 - 2014-05-17 12:40 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Raptr
    2016-01-09 19:49 - 2015-08-06 15:56 - 00000000 ____D C:\Users\Nathan
    2016-01-09 19:39 - 2015-10-10 01:56 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\vlc
    2016-01-09 18:17 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-01-09 17:38 - 2014-05-10 12:11 - 00000000 ____D C:\ProgramData\Origin
    2016-01-09 13:08 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-01-09 10:25 - 2015-12-02 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
    2016-01-09 10:25 - 2015-12-02 12:22 - 00000078 ___RH C:\WINDOWS\ctfile.rfc
    2016-01-08 21:57 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-07 14:05 - 2015-12-07 15:04 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-01-07 14:05 - 2015-12-07 15:04 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-01-07 13:37 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-04 12:18 - 2015-11-30 11:01 - 00000000 ____D C:\Program Files (x86)\AirDroid
    2016-01-04 01:00 - 2015-10-03 13:00 - 00000000 ____D C:\Program Files (x86)\Overwolf
    2016-01-03 15:20 - 2015-10-06 12:25 - 00000000 ____D C:\Users\Nathan\Documents\DolbyAxon
    2016-01-02 20:40 - 2015-10-03 09:38 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-01-02 20:40 - 2015-10-03 09:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-18 19:08 - 2015-12-05 22:36 - 00000000 ____D C:\Program Files (x86)\Raptr
    2015-12-18 19:08 - 2015-08-06 15:55 - 00000000 ____D C:\Program Files\AMD
    2015-12-18 19:08 - 2014-05-09 08:37 - 00000000 ____D C:\Program Files (x86)\AMD
    2015-12-18 19:05 - 2014-05-09 08:53 - 00000000 ____D C:\AMD
    2015-12-16 19:01 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
    2015-12-16 17:07 - 2015-12-05 22:27 - 00021288 _____ (RW-Everything) C:\WINDOWS\SysWOW64\Drivers\AxtuDrv.sys
    2015-12-16 17:06 - 2015-10-15 13:39 - 00000000 ____D C:\Program Files (x86)\SpeedFan
    2015-12-16 14:45 - 2015-07-16 01:12 - 00162784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
    2015-12-16 14:44 - 2015-07-16 01:11 - 13313544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
    2015-12-16 14:44 - 2015-07-16 01:11 - 01519232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
    2015-12-16 14:41 - 2015-11-24 02:33 - 00874000 _____ (AMD) C:\WINDOWS\system32\coinst_15.30.dll
    2015-12-16 14:31 - 2015-07-16 01:06 - 23969808 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
    2015-12-16 14:31 - 2015-07-16 00:13 - 00679952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
    2015-12-14 15:01 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
    2015-12-14 14:54 - 2014-05-09 09:52 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-12-14 14:51 - 2014-05-09 09:52 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-12-14 09:49 - 2015-08-06 16:18 - 00002366 _____ C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-12-13 12:39 - 2015-07-10 07:20 - 00228680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-12-12 18:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-12-12 18:36 - 2014-05-10 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-12-12 18:36 - 2014-05-10 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-12-11 03:44 - 2015-02-19 12:16 - 00000000 ____D C:\Users\Nathan\AppData\Local\Steam
     
  23. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    ==================== Files in the root of some directories =======

    2014-05-09 08:41 - 2014-05-09 08:41 - 0000000 _____ () C:\Users\Nathan\AppData\Local\Driver_LOM_8161Present.flag
    2014-06-24 16:27 - 2014-06-24 16:27 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-08-06 15:55 - 2015-08-06 15:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Files to move or delete:
    ====================
    C:\Users\Nathan\AdobeAIRInstaller.exe
    C:\Users\Nathan\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
    C:\Users\Nathan\chromeinstall-8u31.exe
    C:\Users\Nathan\Firefox Setup 31.0.exe
    C:\Users\Nathan\npp.6.6.9.Installer.exe


    Some files in TEMP:
    ====================
    C:\Users\Nathan\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Nathan\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-09 10:52

    ==================== End of FRST.txt ============================
     
  24. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
    Ran by Nathan (2016-01-10 13:14:36)
    Running from C:\Users\Nathan\Downloads
    Windows 10 Pro (X64) (2015-08-06 21:16:49)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-344140053-2034629372-3514804246-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-344140053-2034629372-3514804246-503 - Limited - Disabled)
    Guest (S-1-5-21-344140053-2034629372-3514804246-501 - Limited - Disabled)
    Nathan (S-1-5-21-344140053-2034629372-3514804246-1000 - Administrator - Enabled) => C:\Users\Nathan

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Kaspersky Anti-Virus (Enabled - Out of date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
    AS: Kaspersky Anti-Virus (Enabled - Out of date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    ACP Application (Version: 2015.1204.1152.59 - Advanced Micro Devices, Inc.) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
    AirDroid 3.2.1.1 (HKLM-x32\...\AirDroid) (Version: 3.2.1.1 - Sand Studio)
    Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.2.0 - )
    Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.2.0 - ) Hidden
    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
    Andy OS (HKLM-x32\...\Andy OS) (Version: 0.41 - Andy OS, Inc)
    Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
    ASRock InstantBoot v1.30 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
    Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.0.2.0 - Autodesk)
    Autodesk Pixlr (x32 Version: 1.0.2.0 - Autodesk) Hidden
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Corsair M65 Gaming Mouse Driver V1.0 (HKLM-x32\...\{62CC0366-207F-4BC3-97B1-4D4615B5BF0B}_is1) (Version: 1.00.00.11 - )
    Creative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dogecoin Core (64-bit) (HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Dogecoin Core (64-bit)) (Version: 1.7.0 - Dogecoin project)
    Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
    Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
    DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
    Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
    Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
    Free Viewer (HKLM\...\{5EF92F52-FA16-4CA6-A204-811524BEE514}_is1) (Version: 2.0.4 - Blue Labs, LLC)
    F-Stream Tuning v0.1.73.51 (HKLM-x32\...\F-Stream Tuning_is1) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.71 - Google Inc.)
    Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
    HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
    Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
    Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
    LG VZW United Drivers (HKLM-x32\...\{AAAB3333-0F97-4A5D-B725-FFD7E7450FD9}) (Version: 2.14.1 - LG Electronics)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.54.10 - Black Tree Gaming)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
    NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
    Overwolf (HKLM-x32\...\Overwolf) (Version: 0.91.145.0 - Overwolf Ltd.)
    paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
    PDG GOLD NCO - 2013 (HKLM-x32\...\com.mcmguides.pdg.NCO.2013) (Version: 5.1.49 - McMillan Study Guides, Inc.)
    PDG GOLD NCO - 2013 (x32 Version: 5.1.49 - McMillan Study Guides, Inc.) Hidden
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Python 2.7.7 (64-bit) (HKLM\...\{049CA433-77A0-4e48-AC76-180A282C4E11}) (Version: 2.7.7150 - Python Software Foundation)
    Python 3.4.2 (64-bit) (HKLM\...\{cd723946-09c1-38d3-8542-732ba931e9ef}) (Version: 3.4.2150 - Python Software Foundation)
    Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
    Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
    QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
    Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
    Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Skyrim Ultimate Killer Mod 2.01 (HKLM-x32\...\Skyrim Ultimate Killer Mod 2.01) (Version: 2.01 - Eden Gallant)
    Sound Blaster Z-Series (HKLM-x32\...\{9E61ABC7-B276-46F1-808F-A8A4EF0D57DF}) (Version: 1.01.03 - Creative Technology Limited)
    Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spotify (HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
    The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
    The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED)
    ViewRight Web PC 3.5.0.0 (HKLM-x32\...\{AE7DE91C-A5CE-45C1-AF68-B27E29912D8F}) (Version: 3.5.0.0 - Verimatrix, Inc.)
    VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0187 - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-344140053-2034629372-3514804246-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {063888EE-AA7D-4A03-9992-E3B69FC6F472} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {07D3E555-7119-44C9-9714-606558B42761} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {0BFFC4A9-5922-42D0-A4E3-FDF24749BB13} - System32\Tasks\{52F9C1B5-E261-4947-A252-2DC19B099263} => pcalua.exe -a C:\Users\Nathan\Documents\unetbootin-windows-608.exe -d C:\Users\Nathan\Documents
    Task: {15F299E7-1288-43AF-AF6C-74479381EDD0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {16B98657-AF58-4BB0-810C-1DBC18342A4B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-14] (Microsoft Corporation)
    Task: {17E03E23-AD9C-4ECD-89F3-C0BFF7BBE685} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {18787EDE-7EC8-4687-98DE-45A8903898E6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {22BCBBFB-8A38-41E7-BCAE-D84726BDD172} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {26CC1D4C-C181-42EA-9104-170496277CF2} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {2D106E7E-FE72-41B9-A6BB-268DC48516A9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {31D9C001-AA1F-4194-944E-280724753C4C} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-12-15] (Overwolf LTD)
    Task: {48B19E18-4D0E-4836-B981-DBCF4D0FD19A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {54ADD333-A674-4414-8E90-71F0AEA4ED65} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {5C473065-3F80-4095-AA7C-66D994989F0A} - System32\Tasks\{6E197811-DDB7-425C-A270-E13098BC572F} => pcalua.exe -a C:\Users\Nathan\AppData\Local\Temp\Temp2_SETUP_0.118.zip\SETUP_0.118.exe
    Task: {62E750FA-7FED-4AD2-A3F7-8818259F4A83} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {66D3556B-976C-41C1-91E6-525C0A7D88CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {6793E729-387D-4DB0-B307-74C2580BD544} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {6A84288B-841E-4D1F-8E1E-8080AF5428BB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {6C836039-17EA-4803-9482-5C2656D55D2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {6EF1B11C-3234-47D0-8E50-041667617EC4} - System32\Tasks\{C51D374A-A907-4692-A40F-FB4780BE8B8B} => pcalua.exe -a C:\Users\Nathan\AppData\Local\Temp\Temp1_InstallRoot_v3.16.1A.zip\InstallRoot_v3.16.1A.exe
    Task: {7431D199-38F7-447C-877B-8F557C039867} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)
    Task: {89601E57-BF03-4EF3-AC6F-CFE35A03B7EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
    Task: {9302C133-8558-43F8-B444-DE9108313957} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {9E7ACAB1-9C2D-4439-A0C2-F8C895BBB664} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {9F8F529C-90CB-4A36-AC99-BAD3F023D1FB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {A16C7FF8-128A-48D5-B25A-5647FBFBEE74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
    Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {A256F93C-D39A-4C85-9FA7-31D77A6BED7C} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {A281C0B9-D971-4C60-A15A-822C8EC6B2EB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {A44E1930-993D-49E8-8553-722BAD0F2EC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {A90EBAA9-A144-4E09-8343-4611E9D7DA0C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {AA5D4E44-3B21-4D47-A0D4-F04D4D6373BC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {AF5EFC28-4804-4FDC-8382-A25B8FECBB2C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {B14DF7AB-3E37-4DAC-A4E6-6BA60B8D2B9C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {B2105CC2-C1B6-459D-8E73-F7660F46661C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {B2235008-0CB3-4C0B-B073-E1B7990C62D5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {BEC2F307-7BDA-4C13-80EE-73A95B8FAFF1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {C669C590-2127-4333-AF67-4FA8C14B3F96} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {CA60F6B9-23F1-423B-98C0-E4B3DB251425} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {DE145AD7-7F36-4363-B202-74F9E10AC451} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {E414F205-94E8-4857-9504-CDFDE7CE70F4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {E41A225F-059D-4AC4-BE10-261E7BA49E01} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {E5DB472F-8E24-48B4-9C8B-1E274293E2B6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {F099F235-B038-4925-BA7B-C61594C2673A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {F348C2BF-CD56-4C49-9F26-230C6F616A33} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {F4A3F85A-91E0-4C4D-8D4B-F15188461BBE} - System32\Tasks\{A0D2DDC0-DD36-4CF2-9677-8458A4A983CE} => pcalua.exe -a C:\Users\Nathan\AppData\Local\Temp\Temp1_pbsetup.zip\pbsetup.exe
    Task: {FFCD9BA6-3A3A-484F-9B28-38C1AE02FBF7} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============
     
  25. Nathan R

    Nathan R TS Rookie Topic Starter Posts: 31

    2015-07-10 06:00 - 2015-07-10 06:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
    2015-08-06 19:50 - 2015-08-06 19:50 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-08-20 06:53 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
    2014-06-28 08:59 - 2014-06-28 08:59 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
    2015-10-01 04:20 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-01 04:20 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-10-01 04:20 - 2015-09-17 00:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
    2015-12-08 15:29 - 2015-11-24 23:18 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
    2015-12-08 15:29 - 2015-11-24 23:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-12-08 15:28 - 2015-11-24 23:17 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
    2015-10-01 04:19 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-12-08 15:29 - 2015-11-24 23:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-12-08 15:29 - 2015-11-24 23:24 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2015-12-08 15:29 - 2015-11-24 23:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-10-01 04:20 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
    2015-08-06 19:50 - 2015-08-06 19:50 - 00577024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
    2015-08-06 19:50 - 2015-08-06 19:50 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
    2015-08-06 19:50 - 2015-08-06 19:50 - 00559616 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
    2015-08-06 19:50 - 2015-08-06 19:50 - 00643072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation.diagnostics\bin\NodeRT_Windows_Foundation_Diagnostics.node
    2015-07-10 06:00 - 2015-07-10 08:14 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
    2015-08-06 19:50 - 2015-08-06 19:50 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
    2015-08-06 19:50 - 2015-08-06 19:50 - 00961536 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
    2015-08-06 19:50 - 2015-08-06 19:50 - 00204288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
    2015-08-06 19:50 - 2015-08-06 19:50 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
    2015-08-06 19:50 - 2015-08-06 19:50 - 00074240 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.networking\bin\NodeRT_Windows_Networking.node
    2015-08-06 19:50 - 2015-08-06 19:50 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
    2015-08-06 19:50 - 2015-08-06 19:50 - 00124416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
    2016-01-07 14:05 - 2016-01-07 04:14 - 02048840 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.71\libglesv2.dll
    2016-01-07 14:05 - 2016-01-07 04:14 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.71\libegl.dll
    2016-01-07 14:05 - 2016-01-07 04:14 - 29251912 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.71\PepperFlash\pepflashplayer.dll
    2014-04-23 18:05 - 2014-04-23 18:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-04-23 18:04 - 2014-04-23 18:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
    HKLM\...\StartupApproved\Run: => "XboxStat"
    HKLM\...\StartupApproved\Run: => "StartCN"
    HKLM\...\StartupApproved\Run32: => "Corsair M65 Mouse"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "Andy"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "Raptr"
    HKLM\...\StartupApproved\Run32: => "UpdReg"
    HKLM\...\StartupApproved\Run32: => "Sound Blaster Z-Series Control Panel"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "EADM"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "AirDroid 3"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "CA737A4C8A218980B307F7230906C3F73A69889A._service_run"
    HKU\S-1-5-21-344140053-2034629372-3514804246-1000\...\StartupApproved\Run: => "GoogleDriveSync"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{8414B452-CDBE-4804-843E-01C17F1EE5E8}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{9D0216B6-36DC-4110-8EC7-7C53AED9FFE3}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{2C5E2C25-471D-4DEF-971E-E50C1A1B66A4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{437C5059-D93B-4F10-B81A-C69AB49E1311}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{D2A8998A-1672-480B-BFEC-89B4C9AA8B6A}] => (Allow) LPort=1900
    FirewallRules: [{1E2680C3-C083-49C1-86DD-F2D11B8520E9}] => (Allow) LPort=2869
    FirewallRules: [{EC1A9F93-48E8-40B5-B280-4C7B70CEC00B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{11641CC8-8F42-45A0-A34D-23BC24C703D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
    FirewallRules: [{D0A9563C-96A4-4F09-9605-516AA9928139}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
    FirewallRules: [{922EA6DA-7A79-4598-90FD-11DC6F17B4D9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{AAEAA7D2-0EAA-4DE3-80B2-967B9AE1044E}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{F19C39ED-CAA5-4C57-B218-BF98E5B373EB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{054EEA5B-B3E4-44A1-B0F1-CD24333D0B70}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{E82A69EC-7854-40B0-8487-4CA2976DA4B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{ECFC5D7E-CAAC-4318-93C7-6BA08941F766}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{55527C68-E161-406E-87C7-22D4D2B07118}] => (Block) C:\users\nathan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{689866F8-EE27-4D87-BF22-F6669A2EDCE6}] => (Block) C:\users\nathan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{CF020C82-D5C1-456D-AC48-A227C5D8AB51}C:\users\nathan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nathan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{8E6B9F61-BAB5-4F10-831C-51381DA81EDB}C:\users\nathan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nathan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{962F406A-4DF7-4567-8C11-21D097336E3F}] => (Block) C:\program files\andy\andy.exe
    FirewallRules: [{D4361A83-6C7B-4DD0-BE4F-E361ED43CB41}] => (Block) C:\program files\andy\andy.exe
    FirewallRules: [UDP Query User{B9A1D4A3-10DB-4CDC-A903-C40174C21258}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
    FirewallRules: [TCP Query User{345D3EB9-6412-4B58-B73D-3B6F9DD524CA}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
    FirewallRules: [{F83D2E0D-A31F-4A8B-B454-F674D60D9590}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{0314DBC6-EBF1-4ECC-B102-67EC8DC3916C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
    FirewallRules: [{894D0C64-8821-4877-9C46-84FD787302C5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{9331F4DA-B106-448A-A49C-85A009D0BD8B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
    FirewallRules: [{1809D56A-F1C6-47A8-9C6D-372788D3C7AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{89867D20-DBF6-4092-9E0F-997D1CBD2590}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{1DA5096E-7632-4343-9395-2A55A99920B8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{A75002C4-ECE7-4122-A90F-CEA2B2106BF6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{C9703E19-3734-4EFA-8AE5-D3E75E08ABBB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{ED21379F-983A-428C-88AA-CA4C8815FE95}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{D679AFD4-EE7D-40B3-9434-7FED4CADC587}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{E0EEAD0C-EAE9-43AF-A8E4-681ACA2814A8}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
    FirewallRules: [UDP Query User{46FBFA11-BD16-4042-AB2E-614766833733}C:\program files\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files\dogecoin\dogecoin-qt.exe
    FirewallRules: [TCP Query User{871AEC98-2B6B-4E70-BD78-9DEA2A6D4634}C:\program files\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files\dogecoin\dogecoin-qt.exe
    FirewallRules: [UDP Query User{92B0CBA8-C44E-4FBE-B59F-FA50E18A0593}E:\litecoin\litecoin-qt.exe] => (Allow) E:\litecoin\litecoin-qt.exe
    FirewallRules: [TCP Query User{BD0B2B3D-E792-4F78-BB24-6CAA155DE8C8}E:\litecoin\litecoin-qt.exe] => (Allow) E:\litecoin\litecoin-qt.exe
    FirewallRules: [UDP Query User{F190F28E-56CE-42A6-83CA-752800084432}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
    FirewallRules: [TCP Query User{9FAADA86-0BBE-4D75-8DC2-462D934F3FCA}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
    FirewallRules: [{55B3BE9F-B3F7-4AFA-A9EA-33DD1955FE5B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{806C01F5-4547-45D4-925E-F53A6B9EDA13}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{ACBF5DD0-3839-47EF-A547-FB77650D14C0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{9D4AC43C-2196-4747-887F-126B7208CBA6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{E87F0AB4-C1B4-47F1-8A9E-CBB7F8BB6254}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A99BA7E6-36A3-40C2-AA90-5F287AF8287F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{33E17A3E-EE29-433A-AB0C-DA3D3B8AFE5D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8F83F921-ED17-404B-8AC2-A2619C493880}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{87B69963-881E-4602-9D5F-0FA66AE2F8AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
    FirewallRules: [{596016E3-0786-4889-9008-5D737A9C0D0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
    FirewallRules: [{2D477A02-02AB-4905-9CAA-7E4E4EC8C760}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{AA342E24-22DF-4CB5-8A06-05957B841F29}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{EA75D4B8-C294-4E70-AC85-0E6784E22B2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{DE93F933-4441-475D-904E-1178A85B6601}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [TCP Query User{2C8E62B1-B78B-42FC-8B04-3C5F2CCE8093}C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe
    FirewallRules: [UDP Query User{3CC355CA-16C4-4DB8-86B1-DA732B869431}C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{C0F75297-4D09-4CE2-82B2-5B2641295879}] => (Block) C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{37581AF0-4309-49C8-A632-8C88CCE21599}] => (Block) C:\users\nathan\appdata\local\temp\i1442980061\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{2F72CC27-5AF4-4DFB-B5A8-89AB0BF706F4}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
    FirewallRules: [{24713DF2-A3E5-4E79-8C69-F317F4029C54}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
    FirewallRules: [{97077AA2-1891-4BEB-A498-99EF73CD31A3}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
    FirewallRules: [{A96299EE-D78C-4E79-AE9D-AFAACB7F395C}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
    FirewallRules: [{6310A055-8D3A-46EB-A808-8AE9ACE2155E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{EB63F9F0-FE75-4F3F-A1AF-4BD2939528A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{FDF76229-EAAF-42EB-B083-BF15800C555F}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [UDP Query User{2C389019-8336-4C72-9F33-2AF44C7E54E1}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [{92CF72C6-DD96-498B-BEA5-62B331C1118C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{408B802F-F18E-4057-B5A6-51123F8779D8}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{8971EC77-7211-4C52-BBC0-EED422E9F396}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{7BCF3DD9-CE40-40AB-BD73-B5743584E233}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [TCP Query User{00668276-4476-4427-A4C1-55CB428DA735}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [UDP Query User{B389E37F-C58F-45E7-B5F1-A1BB3CA8BA89}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [{420206CC-728E-4C14-962A-1D452D2E6E82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{CF7C4578-C79D-464B-A908-E9A88D689CFC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{810D5CFC-057C-4D05-B0F1-0F19BF2F741C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    18-12-2015 19:15:24 Windows Update
    03-01-2016 15:23:31 Windows Update
    06-01-2016 18:08:30 Windows Update
    09-01-2016 22:21:17 JRT Pre-Junkware Removal
    09-01-2016 22:34:39 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: AMD High Definition Audio Device
    Description: AMD High Definition Audio Device
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Advanced Micro Devices
    Service: AtiHDAudioService
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Realtek High Definition Audio
    Description: Realtek High Definition Audio
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek
    Service: IntcAzAudAddService
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/10/2016 01:10:03 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (6780) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (01/10/2016 01:10:03 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (6780) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/10/2016 01:09:53 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (6780) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (01/10/2016 01:09:53 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (6780) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/10/2016 01:09:43 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (6780) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (01/10/2016 01:09:43 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (6780) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/10/2016 01:09:32 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (6780) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (01/10/2016 01:09:32 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (6780) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/10/2016 01:09:22 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (6780) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (01/10/2016 01:09:22 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (6780) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).


    System errors:
    =============
    Error: (01/10/2016 01:07:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
    %%1058

    Error: (01/10/2016 01:06:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

    Error: (01/10/2016 01:05:10 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 5

    Error: (01/10/2016 01:03:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

    Error: (01/10/2016 12:50:34 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 5

    Error: (01/10/2016 12:50:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/10/2016 12:50:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/10/2016 12:50:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/10/2016 12:50:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/10/2016 12:41:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Windows\System32\drivers\TrueSight.sys


    CodeIntegrity:
    ===================================
    Date: 2015-12-15 10:01:52.342
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-15 10:01:52.140
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-15 10:01:39.920
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-15 10:01:39.607
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-09 16:29:07.497
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-09 16:29:07.274
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-09 16:29:06.688
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-09 16:29:06.141
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-07 15:35:15.262
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-12-07 15:35:15.093
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-8350 Eight-Core Processor
    Percentage of memory in use: 35%
    Total physical RAM: 8148.38 MB
    Available physical RAM: 5257.57 MB
    Total Virtual: 16340.38 MB
    Available Virtual: 12982.48 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:237.81 GB) (Free:70.48 GB) NTFS
    Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:904.96 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: (SCARY_MOVIE_3) (CDROM) (Total:6.85 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: 536C1E66)

    Partition: GPT.

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DE8E74E0)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...