TechSpot

Persistent Complex Virus

By Mason Breitzig
Apr 12, 2015
  1. Hello,

    All of the requested information is below.

    I have had an issue with this virus for about a month now. I attempted to remove it, and thought I did so successfully, but it returned or was never removed. The virus constantly attempts to trigger installations of random pups when connected to the internet without my firewall, has twice attempted to activate remote desktop applications, and has on occasion moved and prevented the normal update of AV software. I am fairly certain that either a pup named GeniusBox or SearchProtect is responsible for this virus, or is where it happens to be embedded but cannot seem to remove either. I appreciate any help you have to offer. Thank you.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
    Ran by Mason Breitzig (administrator) on PRIMARY on 12-04-2015 17:28:14
    Running from C:\Users\Mason Breitzig\Documents\Main\Programs\System Care
    Loaded Profiles: UpdatusUser & Mason Breitzig (Available profiles: UpdatusUser & Mason Breitzig)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
    () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
    () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
    (ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
    (ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
    (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oaui.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oahlp.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oasrv.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Google Inc.) C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
    (Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
    (Microsoft Corporation) C:\Users\Mason Breitzig\AppData\Local\Temp\5959D611-C73B-4528-A812-068C3C8F451E\DismHost.exe
    (Microsoft Corporation) C:\Users\Mason Breitzig\AppData\Local\Temp\0A750F98-05ED-4F1E-B4E7-B6600CA221C4\DismHost.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-12] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
    HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-25] (Realtek Semiconductor Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-04-16] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [Google Update] => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-15] (Google Inc.)
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [GUSDelayStartup] => C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe [37152 2015-01-19] (Glarysoft Ltd)
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {90cc86ee-d011-11e4-8296-54271e7a125c} - "D:\StarCraft II Setup.exe"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {90cc86f6-d011-11e4-8296-54271e7a125c} - "E:\autorun.exe"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {b7d9b23f-1794-11e4-826e-54271e7a125c} - "D:\LGAutoRun.exe"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {bb60b5c3-2a8e-11e4-8275-54271e7a125c} - "D:\LG_PC_Programs.exe"
    IFEO\b9eg190.exe: [Debugger] TaskList.exe
    IFEO\bbqleads.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
    IFEO\bbqquotes.exe: [Debugger] TaskList.exe
    IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
    IFEO\donutleads.exe: [Debugger] TaskList.exe
    IFEO\donutquotes.exe: [Debugger] TaskList.exe
    IFEO\internetenhancer.exe: [Debugger] TaskList.exe
    IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
    IFEO\pastaleads.exe: [Debugger] TaskList.exe
    IFEO\pastaquotes.exe: [Debugger] TaskList.exe
    IFEO\spyhunter.exe: [Debugger] TaskList.exe
    IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
    IFEO\wajam.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:64744;https=127.0.0.1:64744
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
    URLSearchHook: [S-1-5-21-3962362228-1037329824-2324336766-1001] ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?g...7-63FE7343E245&q={searchTerms}&D=040615&SSPV=
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 65.32.5.74 65.32.5.75

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-06] ()
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-06] ()
    FF Plugin-x32: @cambridgesoft.com/Chem3D,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\Chem3D\npChem3DPlugin.dll [2014-04-17] (CambridgeSoft Corp.)
    FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\ChemDraw\npcdp32.dll [2014-04-17] (CambridgeSoft Corp.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-07-11] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-11] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-03] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-3962362228-1037329824-2324336766-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3962362228-1037329824-2324336766-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-15] (Google Inc.)
    FF user.js: detected! => C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\user.js [2015-04-05]
    FF Extension: Mozilla Firefox Hotfixer - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\veggy@veggyAddon.com [2015-04-12]
    FF Extension: Zoom It - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{5806a2f0-0151-ad27-bf56-5d6933279e4b} [2015-04-12]
    FF Extension: AdBlock Lite - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2015-02-22]
    FF Extension: Pin It Button - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-01-02]
    FF Extension: Google Privacy - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2015-04-05]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-09]

    Chrome:
    =======
    CHR Profile: C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-06]
    CHR Extension: (Google Docs) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-06]
    CHR Extension: (Google Drive) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-01]
    CHR Extension: (YouTube) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-06]
    CHR Extension: (Google Search) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-06]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-03-31]
    CHR Extension: (Google Sheets) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-06]
    CHR Extension: (Google Wallet) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
    CHR Extension: (Gmail) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
    R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
    R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-02-12] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
    R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
    S2 qutomovi; C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\nsc3D0F.tmp [118784 2015-04-06] () [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
    R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [160208 2015-04-06] (RaMMicHaeL)
    S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
    S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    S2 wyvuzely; C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\jnsf7AE0.tmp [132096 2015-03-31] () [File not signed]
    S2 Gambali; No ImagePath

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AiChargerDT; C:\Windows\SysWow64\drivers\AiChargerDT.sys [14880 2012-10-18] (ASUSTek Computer Inc.)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
    U0 bhbie; C:\Windows\System32\drivers\aptxpqtl.sys [79064 2015-04-12] (Malwarebytes Corporation)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-12] (Microsoft Corporation)
    S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-20] (Disc Soft Ltd)
    R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-27] (Intel Corporation)
    R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20160 2015-04-06] (Glarysoft Ltd)
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2015-03-31] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [121416 2014-07-29] (MotioninJoy) [File not signed]
    R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
    R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
    R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
    R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
    R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
    R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3759320 2014-12-01] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-12 14:04 - 2015-04-12 14:04 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\aptxpqtl.sys
    2015-04-12 11:21 - 2015-04-12 11:21 - 00003792 _____ () C:\Windows\PFRO.log
    2015-04-12 11:21 - 2015-04-12 11:21 - 00000116 _____ () C:\Windows\setupact.log
    2015-04-12 11:21 - 2015-04-12 11:21 - 00000000 _____ () C:\Windows\setuperr.log
    2015-04-07 02:49 - 2015-04-12 16:46 - 01255294 _____ () C:\Windows\WindowsUpdate.log
    2015-04-06 23:25 - 2015-04-06 23:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-04-06 23:25 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2015-04-06 21:47 - 2015-04-06 21:48 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-06 21:47 - 2015-04-06 21:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-06 21:41 - 2014-12-01 19:01 - 03759320 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
    2015-04-06 21:41 - 2014-10-29 12:23 - 00450264 _____ (Realtek) C:\Windows\SwUSB.exe
    2015-04-06 21:41 - 2014-04-15 10:36 - 00036864 _____ () C:\Windows\runSW.exe
    2015-04-06 21:41 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
    2015-04-06 21:41 - 2010-12-01 09:31 - 00451072 _____ () C:\Windows\SysWOW64\ISSRemoveSP.exe
    2015-04-06 21:15 - 2015-04-06 21:15 - 00002430 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Mason_Breitzig
    2015-04-06 21:15 - 2015-04-06 21:15 - 00000312 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Mason_Breitzig.job
    2015-04-06 21:04 - 2015-04-06 21:04 - 00003812 _____ () C:\Windows\System32\Tasks\RunTool
    2015-04-06 20:59 - 2015-04-12 17:28 - 00000000 ____D () C:\FRST
    2015-04-06 20:56 - 2015-04-06 20:57 - 00010518 _____ () C:\Windows\Q-Dir.ini
    2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\Program Files (x86)\Q-Dir
    2015-04-06 20:50 - 2013-10-11 03:41 - 00062008 _____ () C:\Windows\SysWOW64\Drivers\oahlp64.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00064720 _____ () C:\Windows\SysWOW64\Drivers\OADriver.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00052360 _____ (Emsisoft) C:\Windows\SysWOW64\Drivers\OAmon.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00035368 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
    2015-04-06 20:49 - 2015-04-12 11:29 - 00000000 ____D () C:\Program Files (x86)\Online Armor
    2015-04-06 20:49 - 2015-01-14 11:28 - 03066880 _____ () C:\Windows\system32\pwNative.exe
    2015-04-06 20:49 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows\system32\pwdrvio.sys
    2015-04-06 20:49 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows\system32\pwdspio.sys
    2015-04-06 20:48 - 2015-04-06 20:49 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Free 9.0
    2015-04-06 20:46 - 2015-04-06 20:46 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUSBootStartup.sys
    2015-04-06 20:45 - 2015-04-06 20:46 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
    2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\Program Files (x86)\Bitdreamers
    2015-04-06 20:29 - 2015-04-06 20:29 - 00000000 ____D () C:\Program Files\Rainmeter
    2015-04-06 20:27 - 2015-04-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Auslogics
    2015-04-06 01:24 - 2015-04-06 01:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2015-04-06 01:23 - 2015-04-06 01:23 - 00000000 ____D () C:\Program Files (x86)\Unchecky
    2015-04-06 00:37 - 2015-04-06 00:37 - 00000085 _____ () C:\Windows\wininit.ini
    2015-03-31 22:20 - 2015-04-12 11:21 - 00001384 _____ () C:\Windows\Tasks\VJJ.job
    2015-03-31 22:20 - 2015-04-05 22:16 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
    2015-03-31 22:20 - 2015-04-05 22:16 - 00000000 ____D () C:\Program Files (x86)\9eb08200-8451-400f-a40b-8b18a34bc5a6
    2015-03-31 22:20 - 2015-03-31 22:20 - 00004406 _____ () C:\Windows\System32\Tasks\VJJ
    2015-03-31 19:46 - 2015-04-05 21:22 - 00000000 ____D () C:\SUPERDelete
    2015-03-31 19:21 - 2015-03-31 19:21 - 00000000 ____D () C:\Program Files (x86)\predm
    2015-03-31 19:19 - 2015-03-31 19:24 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
    2015-03-31 19:13 - 2015-03-31 19:13 - 00003592 _____ () C:\Windows\System32\Tasks\SXEJLZ
    2015-03-31 19:12 - 2015-03-31 19:12 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
    2015-03-31 19:11 - 2015-03-31 19:11 - 00000000 ____D () C:\Program Files (x86)\system app
    2015-03-31 19:10 - 2015-03-31 19:10 - 00000032 _____ () C:\Windows\SysWOW64\efipdihiaz.dat
    2015-03-31 19:01 - 2015-03-31 19:01 - 00004480 _____ () C:\Windows\System32\Tasks\Validate Installation
    2015-03-31 19:01 - 2015-03-31 19:01 - 00004272 _____ () C:\Windows\System32\Tasks\Check Updates
    2015-03-31 19:01 - 2015-03-31 19:01 - 00003876 _____ () C:\Windows\System32\Tasks\GeniusBox
    2015-03-31 19:01 - 2015-03-31 19:01 - 00000000 ____D () C:\Program Files (x86)\user extensions
    2015-03-26 01:42 - 2015-02-05 15:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-03-26 01:42 - 2015-02-05 15:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-03-26 01:42 - 2015-02-05 13:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-03-26 00:42 - 2015-03-26 00:46 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
    2015-03-26 00:17 - 2015-03-26 00:31 - 00000000 ____D () C:\Program Files (x86)\GOG.com
    2015-03-22 01:28 - 2015-03-22 01:28 - 00003486 _____ () C:\Windows\System32\Tasks\{0D294E33-87D6-4B69-BD39-1962FAFB80C3}
    2015-03-22 00:58 - 2015-03-22 00:58 - 00000000 ____D () C:\Windows\1C4551A64743409391E41477CD655043.TMP
    2015-03-21 00:12 - 2015-03-31 19:13 - 00000000 ____D () C:\GOG Games
    2015-03-20 19:51 - 2015-03-20 19:51 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
    2015-03-20 01:21 - 2015-04-06 00:36 - 00000000 ____D () C:\ILLUSION
    2015-03-15 20:38 - 2015-04-06 00:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-15 13:46 - 2015-03-15 14:05 - 00000000 ____D () C:\Program Files (x86)\Sid Meiers Civilization Beyond Earth
    2015-03-15 12:15 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
    2015-03-15 12:15 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
    2015-03-15 12:09 - 2015-03-15 12:09 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-12 17:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-04-12 17:11 - 2014-07-12 00:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-12 17:04 - 2014-07-08 21:48 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3962362228-1037329824-2324336766-1002
    2015-04-12 17:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-04-12 16:35 - 2014-07-08 18:57 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-12 16:33 - 2015-01-15 17:28 - 00000960 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA.job
    2015-04-12 16:33 - 2015-01-15 17:28 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core.job
    2015-04-12 16:31 - 2014-07-25 20:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-12 14:04 - 2014-04-16 18:40 - 00000000 ____D () C:\Windows\es
    2015-04-12 13:51 - 2014-08-22 11:11 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-04-12 13:35 - 2014-07-08 18:57 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-12 11:26 - 2014-04-16 18:00 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-12 11:21 - 2014-07-08 22:08 - 00000000 ____D () C:\Program Files (x86)\IObit
    2015-04-12 11:21 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-11 10:38 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2015-04-07 17:38 - 2014-07-08 21:42 - 00000000 ____D () C:\Users\Mason Breitzig
    2015-04-06 22:00 - 2014-07-09 01:16 - 00000000 ____D () C:\Program Files\CCleaner
    2015-04-06 21:48 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-04-06 21:41 - 2014-04-24 06:34 - 00000000 ____D () C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
    2015-04-06 21:41 - 2014-04-24 06:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
    2015-04-06 21:23 - 2014-04-16 18:25 - 00000000 ____D () C:\AsusVibeData
    2015-04-06 21:23 - 2014-04-16 18:21 - 00000000 ____D () C:\Program Files (x86)\ASUS
    2015-04-06 21:07 - 2014-07-25 20:21 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-06 21:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\ADFS
    2015-04-06 00:38 - 2014-07-09 00:38 - 00000000 ____D () C:\Program Files (x86)\Origin Games
    2015-04-06 00:37 - 2014-07-10 17:25 - 00000000 ____D () C:\Games
    2015-04-06 00:32 - 2014-04-16 17:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-04-05 22:16 - 2014-07-09 21:01 - 00000000 ____D () C:\Program Files (x86)\Adobe Gaming SDK 1.3
    2015-03-31 20:07 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Globalization
    2015-03-31 00:57 - 2014-07-12 00:53 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-26 01:42 - 2014-04-24 06:32 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2015-03-26 01:41 - 2014-04-24 06:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2015-03-26 00:22 - 2014-12-03 14:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-03-26 00:11 - 2014-07-09 00:43 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-03-20 03:24 - 2014-07-09 21:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-03-13 04:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache

    ==================== Files in the root of some directories =======

    2014-04-16 23:55 - 2014-04-16 23:55 - 0009130 _____ () C:\Program Files (x86)\Common Files\Samples.sln
    2015-04-08 13:35 - 2015-04-08 13:35 - 0000034 _____ () C:\Users\Mason Breitzig\AppData\Roaming\AdobeWLCMCache.dat
    2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____ () C:\Users\Mason Breitzig\AppData\Roaming\VJJ
    2015-03-31 19:01 - 2015-03-31 19:01 - 0000064 _____ () C:\Users\Mason Breitzig\AppData\Local\8146aa3d064490dcc30504f95be585fb
    2014-07-08 21:42 - 2015-04-12 11:22 - 0235027 _____ () C:\Users\Mason Breitzig\AppData\Local\BTServer.log
    2014-08-27 12:00 - 2015-04-12 15:15 - 0046089 _____ () C:\Users\Mason Breitzig\AppData\Local\CDXLExtendedShim.log
    2015-02-24 17:08 - 2015-02-24 17:08 - 0000828 _____ () C:\Users\Mason Breitzig\AppData\Local\recently-used.xbel
    2014-09-07 23:07 - 2014-09-07 23:07 - 0007602 _____ () C:\Users\Mason Breitzig\AppData\Local\resmon.resmoncfg
    2014-04-16 17:59 - 2014-04-16 17:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-03-31 19:12 - 2015-03-31 19:12 - 0000922 _____ () C:\ProgramData\JunkCleaner.lnk

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-05 21:32

    ==================== End Of Log ============================
     
  2. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
    Ran by Mason Breitzig at 2015-04-12 17:28:39
    Running from C:\Users\Mason Breitzig\Documents\Main\Programs\System Care
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
    Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.2 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
    Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.0.1 - Adobe Systems Incorporated)
    Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
    Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
    Adobe Edge Animate CC 2014 (HKLM-x32\...\{A3643DA2-AF8A-44E8-A56E-7FE001932D8B}) (Version: 4.0 - Adobe Systems Incorporated)
    Adobe Edge Code CC (HKLM-x32\...\{2033D10C-8B25-6EED-97C0-708693677BA6}) (Version: 0.98 - Adobe Systems Incorporated)
    Adobe Edge Inspect CC (HKLM-x32\...\{2532C427-E595-4768-B6E9-C20F3AB751CA}) (Version: 1.5.486 - Adobe Systems Incorporated)
    Adobe Edge Reflow CC Preview (HKLM\...\{E23FC538-5890-43E8-932D-FC1DD8B1655B}) (Version: 0.47.17127 - Adobe Systems Incorporated)
    Adobe Exchange Panel (HKLM-x32\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)
    Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
    Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)
    Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
    Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.0.1 - Adobe Systems Incorporated)
    Adobe Gaming SDK 1.3 (HKLM-x32\...\{62FFC6DD-18BB-49FC-AF65-71FB1C0B08AA}) (Version: 1.3 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
    Adobe InCopy CC 2014 (HKLM-x32\...\{B389B226-A760-1014-9ADD-DA3D4A4028DB}) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Muse CC 2014 (HKLM\...\{0A030E99-7CFB-4F35-B1A8-B495F8B36E7A}) (Version: 2014.1.1.6 - Adobe Systems, Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
    Adobe Prelude CC 2014 (HKLM-x32\...\{2A054E48-0A75-42BD-8738-EC9AB4E2207A}) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
    Adobe Scout CC (HKLM\...\{BA573BFE-83B4-11E3-93D2-D231FEB1DC81}) (Version: 1.1.3.354121 - Adobe Systems Incorporated)
    Adobe SpeedGrade CC 2014 (HKLM-x32\...\{8EFF28F0-9DFD-4208-9E04-4D49A4812CF3}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{C6B2127C-A9E0-411B-8EF1-2CE0ACDF265D}) (Version: 20.2.6362.11139 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader Driver (x32 Version: 20.2.6362.11139 - Alcor Micro Corp.) Hidden
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.12 - ASUSTeK Computer Inc.)
    ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.00.11 - ASUSTeK Computer Inc.)
    ASUS Manager - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.10 - ASUSTeK Computer Inc.)
    ASUS Manager - Family Safety (HKLM-x32\...\{016AFF97-4E18-4560-B8E5-B684BB124E32}) (Version: 2.00.03 - ASUSTeK Computer Inc.)
    ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.08 - ASUSTeK Computer Inc.)
    ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.02 - ASUSTeK Computer Inc.)
    ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.02.04 - ASUSTeK Computer Inc.)
    ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.08.00 - ASUSTeK Computer Inc.)
    Auslogics Registry Defrag (HKLM-x32\...\{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1) (Version: 8.4.0.0 - Auslogics Labs Pty Ltd)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
    CambridgeSoft ChemBioOffice 2014 (HKLM-x32\...\{9023F95E-737F-4343-BC57-B6217E3091CB}) (Version: 14.0 - CambridgeSoft Corporation)
    CambridgeSoft ChemScript 14.0 (HKLM-x32\...\{6053D436-AF21-4D67-A458-04C2B969A865}) (Version: 14.0 - CambridgeSoft Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
    Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
    ChromecastApp (HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Divinity - Original Sin (HKLM-x32\...\1207664923_is1) (Version: 2.11.0.21 - GOG.com)
    eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.07 - ASUSTeK Computer Inc.)
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    FileZilla Client 3.10.2 (HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
    Fraps (HKLM-x32\...\Fraps) (Version: - )
    Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Cleaner (x32 Version: 1.1.6.2 - Pandaje Group) Hidden
    Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
    Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)
    LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.0 - Ubisoft)
    MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
    MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
    Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
    PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1036.0 - Passmark Software)
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
    PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
    Python 3.2.2 (HKLM-x32\...\{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}) (Version: 3.2.2150 - Python Software Foundation)
    Q-Dir (HKLM-x32\...\Q-Dir) (Version: - )
    Quick Startup 5.10.1.101 (HKLM-x32\...\Quick Startup) (Version: 5.10.1.101 - Glarysoft Ltd)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )
    REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.092613 - REALTEK Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0247 - REALTEK Semiconductor Corp.)
    Registry Repair 5.0.1.67 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.67 - Glarysoft Ltd)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Search Protect (HKLM-x32\...\SearchProtect) (Version: - ) <==== ATTENTION
    Serif WebPlus X5 (HKLM-x32\...\{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}) (Version: 13.0.0.016 - Serif (Europe) Ltd)
    Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
    SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
    Skyrim Performance Monitor (HKLM-x32\...\{84AEB93A-ECBB-4568-8F59-D4516EF59079}) (Version: 3.65 - SirGarnon on Skyrim Nexus)
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    Stronghold 3 (HKLM-x32\...\Stronghold 3_is1) (Version: - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
    The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
    The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
    The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)
    TimeComX Basic (32-Bit) (HKLM-x32\...\TimeComX Basic 32-Bit) (Version: 1.3.2.7 - Bitdreamers)
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    Unchecky v0.3.7.2 (HKLM-x32\...\Unchecky) (Version: 0.3.7.2 - RaMMicHaeL)
    VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
    WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.4 - Wrye & Wrye Bash Development Team)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mason Breitzig\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    12-04-2015 17:23:01 Virus Point 1

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2015-04-12 11:21 - 00002130 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us

    There are 9 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02A24CE3-B703-4779-8310-F9CF365EC96D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
    Task: {03DEB618-EA0C-4F40-9C82-F66D90106EE8} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {03E12A45-10B0-44FD-9D46-385C2A3FFC98} - System32\Tasks\Uninstaller_SkipUac_Mason_Breitzig => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: {0419ACAE-D5C0-4D90-A12E-B5DC08E5F389} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2014-03-25] ()
    Task: {11F4EE09-DD3D-4B50-998C-70475BD43099} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
    Task: {1344D7B0-7EF1-44E1-8779-4525ADA34307} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2013-11-27] (ASUSTeK Computer Inc.)
    Task: {14837A16-38C8-4147-A7C2-78CB03E521E2} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [2014-02-20] (ASUSTeK)
    Task: {1C1E8661-206D-455D-8BD9-235C850468A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {1D8B5421-4333-43BE-BE4F-94D47F42E2C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {28E759BA-A029-4269-AF76-5EC06A95FD98} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {2CA24264-1656-4E4F-9841-208BC8E7FA56} - System32\Tasks\SXEJLZ => C:\ProgramData\568c30905acd4b6d8888a0b788131d33\568c30905acd4b6d8888a0b788131d33.exe [2015-03-31] ()
    Task: {2D5E4D6F-542B-4BF9-AC17-12FA9C8DF705} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mbreitzig@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
    Task: {4930F3FC-CA13-4EC3-9B4B-AEA4AED42C19} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Program Files (x86)\user extensions\client.exe"
    Task: {4A176280-787E-49AD-A9E3-299A99046DDB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {4A7A5ED4-2091-4DCE-9D2B-1CFB56F822DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-06] (Adobe Systems Incorporated)
    Task: {4CDA45FC-B981-4CC2-8004-80676956F709} - System32\Tasks\VJJ => C:\Users\Mason Breitzig\AppData\Roaming\VJJ.exe <==== ATTENTION
    Task: {4CFDE729-370E-4372-886C-F6A67FCBBFCB} - System32\Tasks\RunTool => C:\Users\Mason Breitzig\AppData\Local\39721968-697b-4489-821c-3c5471cb0217\install_temp.exe [2015-04-06] ()
    Task: {503111FD-33DE-42B8-9542-16B94409F931} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {5DE07668-EEE6-4362-BD84-8014D30C3251} - \avaavaxvyy No Task File <==== ATTENTION
    Task: {6E8936EC-1172-44F5-9E3D-C254A24386A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {795EBF66-3587-46AB-B6DF-5B16D1E6F4F2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
    Task: {7CEC08E6-1AC8-4F2D-9C3C-6569BDB62FC0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {8184B271-57AF-44C0-B69B-F8EED39D84D3} - System32\Tasks\{0D294E33-87D6-4B69-BD39-1962FAFB80C3} => pcalua.exe -a "C:\Users\Mason Breitzig\Documents\Main\Entertainment\Games\Files\Downloaded\Dragon Age Origins Ultimate\data\DataSetup.exe" -d "C:\Users\Mason Breitzig\Documents\Main\Entertainment\Games\Files\Downloaded\Dragon Age Origins Ultimate\data"
    Task: {848D0775-32B2-47B4-9D01-834A6233E2D0} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe [2015-03-31] ()
    Task: {849A6DAF-FDBA-404F-9A1D-3C1D5254917C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
    Task: {868CF4D0-323F-4D23-9F5C-03AE2DA57F19} - System32\Tasks\{2600FEB7-A17D-438C-B22F-31678805BE85} => pcalua.exe -a H:\_ISDel.exe -d H:\
    Task: {9A1D7FE4-DA12-4F94-AC53-48C8F72FFA63} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
    Task: {9D9620A7-7228-45A9-A993-1246FCE2D38E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {9E1DDFEF-6CCD-4E7F-B0B3-ECB0E0C056BB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
    Task: {A6DBBDDB-716B-4257-8962-78308E94CDD8} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.)
    Task: {B38A6F67-9E95-453F-B282-8F47C4732AD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-03] (Google Inc.)
    Task: {B6BBBA25-C8D3-45BC-8EA6-6931198E6C02} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2013-11-28] ()
    Task: {BB86DE67-6F47-4A24-865F-289C4A95FB9E} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2014-02-19] (ASUSTeK)
    Task: {BC1A3907-16C9-4300-8271-6E0D51F303AB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {C0C3EC5D-41F0-4584-80E7-38FAD3142BC7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {C2D670D3-26A9-45B5-B6E6-D12265C9F003} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {CE83C9FC-E4D5-4815-8EFD-EE5364ACF4B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
    Task: {CEC902DB-AAE8-4F74-BDE1-57DF0E6401D8} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe [2015-03-31] ()
    Task: {D41289EF-6F23-4E1C-849F-5F537F9C1931} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: {E128FFEC-C704-467D-A1C2-7643A4363785} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {ED0E9D5F-5C71-4B7B-BEC6-916088DAAA71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-03] (Google Inc.)
    Task: {F50C851B-8F17-42A8-A765-439C60F75FDD} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2013-11-27] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core.job => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA.job => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: C:\Windows\Tasks\Uninstaller_SkipUac_Mason_Breitzig.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: C:\Windows\Tasks\VJJ.job => C:\Users\Mason Breitzig\AppData\Roaming\VJJ.exe <==== ATTENTION
     
  3. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    ==================== Loaded Modules (whitelisted) ==============

    2014-04-24 06:32 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-04-24 06:34 - 2013-09-26 14:15 - 00059392 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
    2015-03-20 03:21 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-04-24 06:38 - 2014-03-25 21:36 - 00929936 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
    2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
    2014-04-24 06:38 - 2014-03-12 18:51 - 00907776 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandler.dll
    2014-11-15 19:35 - 2009-06-02 02:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2014-07-09 00:38 - 2011-02-28 08:39 - 00211456 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
    2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2015-03-02 10:43 - 2015-03-02 10:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2014-04-24 06:38 - 2014-03-12 18:50 - 00854016 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandlerBin.dll
    2014-04-24 06:37 - 2013-11-06 06:58 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2015-04-06 23:25 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-04-06 23:25 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-04-06 23:25 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-04-06 23:25 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-04-06 23:25 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2015-04-12 11:23 - 2015-04-12 11:23 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2014-04-24 06:37 - 2010-06-28 22:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
    2014-04-24 06:31 - 2013-09-16 16:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-03-02 16:30 - 2015-03-02 16:30 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    2015-01-22 15:34 - 2015-01-20 23:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
    2015-01-22 15:34 - 2015-01-20 23:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
    2015-01-22 15:34 - 2015-01-20 23:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mason Breitzig\AppData\Roaming\Rainmeter\Layouts\Nova\Wallpaper.bmp
    DNS Servers: 65.32.5.74 - 65.32.5.75

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run: => "BtServer"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "DriverChecker.exe"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "Advanced SystemCare 8"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3962362228-1037329824-2324336766-500 - Administrator - Disabled)
    Guest (S-1-5-21-3962362228-1037329824-2324336766-501 - Limited - Disabled)
    Mason Breitzig (S-1-5-21-3962362228-1037329824-2324336766-1002 - Administrator - Enabled) => C:\Users\Mason Breitzig
    UpdatusUser (S-1-5-21-3962362228-1037329824-2324336766-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/12/2015 02:17:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883
    Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82
    Exception code: 0x80000003
    Fault offset: 0x00001e02
    Faulting process id: 0x163c
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5

    Error: (04/12/2015 01:49:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program firefox.exe version 36.0.4.5557 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1644

    Start Time: 01d07548f088b462

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Report Id: 3ab84fe4-e13c-11e4-829d-54271e7a125c

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/12/2015 01:49:14 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883
    Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82
    Exception code: 0x80000003
    Fault offset: 0x00001e02
    Faulting process id: 0x19ec
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5

    Error: (04/12/2015 01:48:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program firefox.exe version 36.0.4.5557 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1278

    Start Time: 01d075471094981b

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Report Id: 22029b3e-e13c-11e4-829d-54271e7a125c

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/12/2015 01:48:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883
    Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82
    Exception code: 0x80000003
    Fault offset: 0x00001e02
    Faulting process id: 0x1be4
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5

    Error: (04/12/2015 11:38:39 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

    Error: (04/12/2015 11:38:19 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/12/2015 11:33:59 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/10/2015 06:16:09 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

    Error: (04/10/2015 06:15:45 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (04/12/2015 01:37:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adaptor Scanner service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/12/2015 11:21:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Gradient Router service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/12/2015 11:21:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Gambali service failed to start due to the following error:
    %%3

    Error: (04/06/2015 09:15:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Microsoft.BingFoodAndDrink.

    Error: (04/06/2015 09:02:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Gambali service failed to start due to the following error:
    %%3

    Error: (04/06/2015 00:38:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Advanced SystemCare Service 8 service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/05/2015 10:08:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Defender Network Inspection Service service failed to start due to the following error:
    %%577

    Error: (04/05/2015 10:07:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Defender Service service failed to start due to the following error:
    %%577

    Error: (04/05/2015 10:06:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (04/05/2015 10:04:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (04/12/2015 02:17:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e02163c01d0754aa0154de2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3361fac9-e140-11e4-829d-54271e7a125c

    Error: (04/12/2015 01:49:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: firefox.exe36.0.4.5557164401d07548f088b4624294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe3ab84fe4-e13c-11e4-829d-54271e7a125c

    Error: (04/12/2015 01:49:14 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e0219ec01d07548f9582d21C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3ae27dd8-e13c-11e4-829d-54271e7a125c

    Error: (04/12/2015 01:48:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: firefox.exe36.0.4.5557127801d075471094981b4294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe22029b3e-e13c-11e4-829d-54271e7a125c

    Error: (04/12/2015 01:48:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e021be401d075474bfc9965C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll27fe768c-e13c-11e4-829d-54271e7a125c

    Error: (04/12/2015 11:38:39 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

    Error: (04/12/2015 11:38:19 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

    Error: (04/12/2015 11:33:59 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

    Error: (04/10/2015 06:16:09 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

    Error: (04/10/2015 06:15:45 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1


    CodeIntegrity Errors:
    ===================================
    Date: 2015-04-05 22:08:08.175
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-05 22:07:58.676
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-30 21:45:39.395
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-30 21:45:39.247
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-30 21:45:38.936
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-30 21:45:38.528
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-19 20:25:36.636
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-19 20:25:36.261
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-12 08:03:27.415
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-12 08:03:27.336
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
    Percentage of memory in use: 41%
    Total physical RAM: 12227.25 MB
    Available physical RAM: 7197.16 MB
    Total Pagefile: 14083.25 MB
    Available Pagefile: 8541.09 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1848.07 GB) (Free:1447.77 GB) NTFS
    Drive h: (Sims4_2) (CDROM) (Total:0.48 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: 76A7E05D)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    [​IMG] Uninstall Search Protect.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    Search Protect cannot be detected on my computer by uninstall software or by manual search. I assumed it was uninstalled.

    RogueKiller V10.5.9.0 [Apr 7 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Mason Breitzig [Administrator]
    Started from : C:\Users\Mason Breitzig\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 04/12/2015 21:50:06

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 29 ¤¤¤
    [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bhbie (System32\drivers\aptxpqtl.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\qutomovi (C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\nsc3D0F.tmp) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wyvuzely (C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\jnsf7AE0.tmp) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qutomovi (C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\nsc3D0F.tmp) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wyvuzely (C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\jnsf7AE0.tmp) -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64744;https=127.0.0.1:64744 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64744;https=127.0.0.1:64744 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60456;https=127.0.0.1:60456 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60456;https=127.0.0.1:60456 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64744;https=127.0.0.1:64744 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64744;https=127.0.0.1:64744 -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com/?pc=ASJB -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com/?pc=ASJB -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 65.32.1.65 65.32.1.70 [][] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 65.32.1.65 65.32.1.70 [][] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24B58CB9-0C63-4910-8D82-EC6443D6F78E} | DhcpNameServer : 65.32.1.65 65.32.1.70 [][] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87A95339-451D-44D0-9AC5-44C3D4B19065} | DhcpNameServer : 65.32.5.74 65.32.5.75 [][] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{24B58CB9-0C63-4910-8D82-EC6443D6F78E} | DhcpNameServer : 65.32.1.65 65.32.1.70 [][] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{87A95339-451D-44D0-9AC5-44C3D4B19065} | DhcpNameServer : 65.32.5.74 65.32.5.75 [][] -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 4 ¤¤¤
    [Suspicious.Path] VJJ.job -- C:\Users\Mason Breitzig\AppData\Roaming\VJJ.exe (/infocmdline=Hs4sMBYoKolo++fdWHs8+NdVQIdszJMBD0pkr0gwLcQy1pVHvLMcm3ZLvVRMRsm+g3pZY5JSEb0My1iegY6ki8RB2RSmA4v2z+nzIOyG1aCZGxPMLTYhrKHi96e4j0sXe4mJfGHK9KB5NDyfJrRe7qkN9xhz2kdMHGJ92vTRrgUo+hEtTABlElqQALQvaGz4j/qJ/UKA9PCe04Ptrarked8it8hnGzMqX45wtJceW4l/jj6iOGqzsRwh0d2wd+Nef2FkMPOyUy7X1LxKpFCGVeiJBMKK9H8KGgO2Feq38Eh5yJUUX2XmA6NE+M6UaqU2YyyTxng2X6cniYNqU6pfKqDHM+S6G5WGnIUEOh1t74xM5JOu6wRIXdX7Gk/eJcVAEfnlEAQrYD7MCgY1hb389ye187meprxEiOcGtm/Cz4YvX4F2au7Zpd+O6eXsw/YU190i1sl4s5XMJIlEYiF8lDCtvKBOtNCqrbjK/gn9TrpCFmNRtzt2UxKEym9KondU) -> Deleted
    [Suspicious.Path] \\RunTool -- C:\Users\Mason Breitzig\AppData\Local\39721968-697b-4489-821c-3c5471cb0217\install_temp.exe -> Deleted
    [Suspicious.Path] \\SXEJLZ -- "C:\ProgramData\568c30905acd4b6d8888a0b788131d33\568c30905acd4b6d8888a0b788131d33.exe" -> Deleted
    [Suspicious.Path] \\VJJ -- C:\Users\Mason Breitzig\AppData\Roaming\VJJ.exe (/infocmdline=Hs4sMBYoKolo++fdWHs8+NdVQIdszJMBD0pkr0gwLcQy1pVHvLMcm3ZLvVRMRsm+g3pZY5JSEb0My1iegY6ki8RB2RSmA4v2z+nzIOyG1aCZGxPMLTYhrKHi96e4j0sXe4mJfGHK9KB5NDyfJrRe7qkN9xhz2kdMHGJ92vTRrgUo+hEtTABlElqQALQvaGz4j/qJ/UKA9PCe04Ptrarked8it8hnGzMqX45wtJceW4l/jj6iOGqzsRwh0d2wd+Nef2FkMPOyUy7X1LxKpFCGVeiJBMKK9H8KGgO2Feq38Eh5yJUUX2XmA6NE+M6UaqU2YyyTxng2X6cniYNqU6pfKqDHM+S6G5WGnIUEOh1t74xM5JOu6wRIXdX7Gk/eJcVAEfnlEAQrYD7MCgY1hb389ye187meprxEiOcGtm/Cz4YvX4F2au7Zpd+O6eXsw/YU190i1sl4s5XMJIlEYiF8lDCtvKBOtNCqrbjK/gn9TrpCFmNRtzt2UxKEym9KondU) -> ERROR [0]

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 39 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA DT01ACA200 +++++
    --- User ---
    [MBR] 7d080d92b81167c3ff8b3b44c8cc0480
    [BSP] d5467e85d74e92cfe45b757dec238824 : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 800 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1640448 | Size: 260 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2172928 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2435072 | Size: 1892423 MB
    4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 3878117376 | Size: 14117 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_04122015_214953.log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 4/12/2015
    Scan Time: 9:54:32 PM
    Logfile: Virus Info 2.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.04.12.02
    Rootkit Database: v2015.03.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Mason Breitzig

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 417563
    Time Elapsed: 6 min, 18 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.GeniusBox.A, HKU\S-1-5-21-3962362228-1037329824-2324336766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\geniusboxinstalled, Quarantined, [2ae9143836543006a2d9d0f2a75c50b0],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 5
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\VEGGY@VEGGYADDON.COM, Quarantined, [cb4894b89befd066c3fed3e86d96837d],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\VEGGY@VEGGYADDON.COM\chrome, Quarantined, [cb4894b89befd066c3fed3e86d96837d],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\VEGGY@VEGGYADDON.COM\chrome\content, Quarantined, [cb4894b89befd066c3fed3e86d96837d],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\VEGGY@VEGGYADDON.COM\chrome\skin, Quarantined, [cb4894b89befd066c3fed3e86d96837d],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\VEGGY@VEGGYADDON.COM\modules, Quarantined, [cb4894b89befd066c3fed3e86d96837d],

    Files: 6
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\chrome.manifest, Quarantined, [cb4894b89befd066c3fed3e86d96837d],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\install.rdf, Quarantined, [cb4894b89befd066c3fed3e86d96837d],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\chrome\content\main.js, Quarantined, [cb4894b89befd066c3fed3e86d96837d],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\chrome\content\main.xul, Quarantined, [cb4894b89befd066c3fed3e86d96837d],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\chrome\skin\icon.png, Quarantined, [cb4894b89befd066c3fed3e86d96837d],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\modules\XCipher.js, Quarantined, [cb4894b89befd066c3fed3e86d96837d],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    # AdwCleaner v3.308 - Report created 28/08/2014 at 01:47:27
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : Mason Breitzig - PRIMARY
    # Running from : C:\Users\Mason Breitzig\Desktop\Main\System Care\adwcleaner_3.308.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17239


    -\\ Google Chrome v36.0.1985.143

    [ File : C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [4611 octets] - [23/08/2014 02:26:12]
    AdwCleaner[R1].txt - [942 octets] - [28/08/2014 01:45:47]
    AdwCleaner[S0].txt - [4661 octets] - [23/08/2014 02:27:59]
    AdwCleaner[S1].txt - [864 octets] - [28/08/2014 01:47:27]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [923 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.5.3 (04.07.2015:1)
    OS: Windows 8.1 x64
    Ran by Mason Breitzig on Sun 04/12/2015 at 22:52:01.58
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Mason Breitzig\AppData\Roaming\mozilla\firefox\profiles\ufwfpifh.default\prefs.js

    user_pref("extensions.veggyAddon.veg_li1", "CQsOQFVQUFpRS04dWggWBWZQHk0ISwdJD1keSxUpVxINK0lTS0RWVU1HUl1bC1UFGwFSOAENShleCEkcHFQUBj4ATFE4TkRDS0hAAAsKQ1JTU19WS04fWggWBWZQHk0KSwV
    user_pref("extensions.veggyAddon.veg_li3", "VkJHUVFDBAgNFFUEU11UVEBLU1RBBAkJQ1BSUF1UVEBHUVZFBQ0NT1UDUwhRUkBFVwBCVAoOQ1NSX1lTVkVHBlFBBQAJQ1BXVgtWV0NHUAFFBg9cRFVVX15QVUFEUFJFBw8
    user_pref("extensions.veggyAddon.veg_li5", "QwRSUVhXUxZDVFQXA1gLRFZeVAtTBEVKUgdHBAgIR1ZSBlkBV0FHVFVKBwkNRlFSVQtVBEZFUlNGUggLQ1RTVlhSU0RHBlZKAwAOFVYCVFhRVEBBVlFGBAwIQ1dTBFxVU0x
    user_pref("extensions.veggyAddon.veg_li7", "UFRHAQgKQ1FSVllcV0dHBFRLAAAOFFMCVA1WA0ZDUlVHVAkJQwBSAl0BVhZGUFBBAQkKQ1UDU1lQWkVFUl1HBgwJR11SBFhQV0BCU1AQBFsNQ1VeUQtTB0YWVARBAQwAQ1J
    user_pref("extensions.veggyAddon.veg_li8", "VxZEUlATAwELT1MEVAxWU0ZLVAdEVg9cQwFSUlhdU0xGA1VGBQoJE1UBUllQA0AWV1JCBQsOQlRSUVhXVkJHUVFFAQ8LE1BRUgpVAEFBUgFHVQ0ORVRXA1wEV0JHUFFEAQ4
    user_pref("extensions.veggyAddon.veg_li9", "UllQAUFKVlBGCA8ARQFUVlpcURdCAVVAAQ0JFFBWUg9RA0RDUlVHUwleQwZSV1hTVxNHBFBLAQoJFFVUUlxQBEFEUgFGAwhbR1ZWAlhSV0RHAlFDAQsIQ1BfUg9QBkBHVlx
    user_pref("extensions.veggyAddon.vi.vi0", "e2htEQgXQh0XHwYTQ1wFAU0DEgkKEQsaHEcNF0hmVVVDTQZOEhcHAQcVC1JCSkxDRA0CH0EXEQEAOAgWBRFLRQRXFRQdFz0ABgFdWlEQERgLAxIJChELGhxHDRdIZlBcFwY4
    user_pref("extensions.veggyAddon.vi.vi2", "T1BeVQtQUkVKUQdBVA9eAhJWA1QMUVVFEFcBQwYIWQRAUV9WWVBQQEtTUEdUDFwET1FVVV1VAEUXUlREAAkLBEFQVFdeUVREQVIHQwcJAARHUVRWXlJURBBWVUIADFkFRlBe
    user_pref("extensions.veggyAddon.vi.vi3", "FFYDUQtWBkYTUQNGUQ1eARBWXlQNVgNDE1NRRgUIDABFUQNSD1YDRhZUA0FUCloFRVBeVwtUU0ERU1ZGAAleBURQVVVdUAZAFFdWQwcMWgBCUFVTW1AGRUJWVUJTDFoEElRf
    user_pref("extensions.veggyAddon.vi.vi6", "RlRQUwhQV0BFV1dHCAkABkFQBVJQUVVEQ1cBQgcNCQVBUAFWX1RVRRNXB0IJCAoEQFBSV19VBkURVgRHBgkLBEZQUVZeUFpBRVUERwgJDQRDUF9SW1QGRUJXB0JSDQgFR1Be



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 04/12/2015 at 22:53:48.40
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  6. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    I can no longer activate the firewall, the virus has begun to rapidly install programs again, and has bogged down my browsers. I am going to disable internet connectivity until further notice, and watch for your instructions via a different device.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  8. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
    Ran by Mason Breitzig (administrator) on PRIMARY on 13-04-2015 22:55:39
    Running from C:\Users\Mason Breitzig\Documents\Main\Programs\System Care
    Loaded Profiles: Mason Breitzig (Available profiles: UpdatusUser & Mason Breitzig)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    () C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\jnsf7AE0.tmp
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
    () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
    (ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oahlp.exe
    () C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (SoftBrain Technologies Ltd.) C:\Users\Mason Breitzig\AppData\Local\SmartWeb\SmartWebHelper.exe
    (SoftBrain Technologies Ltd.) C:\Users\Mason Breitzig\AppData\Local\SmartWeb\SmartWebApp.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    () C:\Program Files\Adobe\Adobe InDesign CC 2014\Utilities\adb.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_6.3.9600.20278_x64__8wekyb3d8bbwe\numbers.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
    (Google Inc.) C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    () C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\nsx39EC.tmp
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-12] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
    HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-25] (Realtek Semiconductor Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-04-16] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [gmsd_us_432] => C:\Program Files (x86)\gmsd_us_432\gmsd_us_432.exe [3982792 2015-04-11] ()
    HKLM-x32\...\Run: [SmartWeb] => C:\Users\Mason Breitzig\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
    HKLM-x32\...\RunOnce: [upgmsd_us_432.exe] => C:\Users\Mason Breitzig\AppData\Local\gmsd_us_432\upgmsd_us_432.exe [3306952 2015-04-11] ()
    HKLM-x32\...\RunOnce: [Update] => C:\Users\Mason Breitzig\AppData\Roaming\ASPackage\ASPackage.exe /runonce
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [Google Update] => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-15] (Google Inc.)
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [GUSDelayStartup] => C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe [37152 2015-01-19] (Glarysoft Ltd)
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {90cc86ee-d011-11e4-8296-54271e7a125c} - "D:\StarCraft II Setup.exe"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {90cc86f6-d011-11e4-8296-54271e7a125c} - "E:\autorun.exe"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {b7d9b23f-1794-11e4-826e-54271e7a125c} - "D:\LGAutoRun.exe"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {bb60b5c3-2a8e-11e4-8275-54271e7a125c} - "D:\LG_PC_Programs.exe"
    IFEO\b9eg190.exe: [Debugger] TaskList.exe
    IFEO\bbqleads.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
    IFEO\bbqquotes.exe: [Debugger] TaskList.exe
    IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
    IFEO\donutleads.exe: [Debugger] TaskList.exe
    IFEO\donutquotes.exe: [Debugger] TaskList.exe
    IFEO\internetenhancer.exe: [Debugger] TaskList.exe
    IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
    IFEO\pastaleads.exe: [Debugger] TaskList.exe
    IFEO\pastaquotes.exe: [Debugger] TaskList.exe
    IFEO\spyhunter.exe: [Debugger] TaskList.exe
    IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
    IFEO\wajam.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
    Startup: C:\Users\Mason Breitzig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
    ShortcutTarget: SmartWeb.lnk -> C:\Users\Mason Breitzig\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:64744;https=127.0.0.1:64744
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Hatchiho 1.0.0.7 -> {0569f0df-cce6-43e9-aecb-5c5cf431e3b4} -> C:\Program Files (x86)\Hatchiho\Hatchihobho.dll [2015-04-12] (Hatchiho)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 65.32.5.74 65.32.5.75

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-06] ()
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-06] ()
    FF Plugin-x32: @cambridgesoft.com/Chem3D,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\Chem3D\npChem3DPlugin.dll [2014-04-17] (CambridgeSoft Corp.)
    FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\ChemDraw\npcdp32.dll [2014-04-17] (CambridgeSoft Corp.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-07-11] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-11] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-03] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-3962362228-1037329824-2324336766-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3962362228-1037329824-2324336766-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-15] (Google Inc.)
    FF user.js: detected! => C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\user.js [2015-04-12]
    FF Extension: Mozilla Firefox Hotfixer - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\veggy@veggyAddon.com [2015-04-13]
    FF Extension: Zoom It - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{94b0d9d8-94d5-1b0a-f547-6e4821a3b143} [2015-04-13]
    FF Extension: AdBlock Lite - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2015-02-22]
    FF Extension: Pin It Button - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-01-02]
    FF Extension: Hatchiho 1.0.1 - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{6799a6a5-a100-489a-a077-e10ecb056c19}.xpi [2015-04-12]
    FF Extension: Google Privacy - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2015-04-05]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-09]

    Chrome:
    =======
    CHR Profile: C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-06]
    CHR Extension: (Google Docs) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-06]
    CHR Extension: (Google Drive) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-01]
    CHR Extension: (YouTube) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-06]
    CHR Extension: (Google Search) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-06]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-03-31]
    CHR Extension: (Google Sheets) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-06]
    CHR Extension: (Google Wallet) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
    CHR Extension: (Gmail) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
    S2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
    S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-02-12] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
    S2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
    R2 ronevulo; C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\nsx39EC.tmp [143360 2015-04-13] () [File not signed]
    S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
    S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [160208 2015-04-06] (RaMMicHaeL)
    R2 Util Hatchiho; C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe [402152 2015-04-12] ()
    S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
    S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    R2 wyvuzely; C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\jnsf7AE0.tmp [132096 2015-03-31] () [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AiChargerDT; C:\Windows\SysWow64\drivers\AiChargerDT.sys [14880 2012-10-18] (ASUSTek Computer Inc.)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-12] (Microsoft Corporation)
    S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-20] (Disc Soft Ltd)
    R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-27] (Intel Corporation)
    R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20160 2015-04-06] (Glarysoft Ltd)
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2015-03-31] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [121416 2014-07-29] (MotioninJoy) [File not signed]
    R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
    S1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
    R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
    R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
    R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
    R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3759320 2014-12-01] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-12] ()
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-12 23:12 - 2015-04-13 22:52 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\CrashDumps
    2015-04-12 23:12 - 2015-04-12 23:12 - 00000000 ____D () C:\Program Files (x86)\Hatchiho
    2015-04-12 23:11 - 2015-04-12 23:17 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\gmsd_us_432
    2015-04-12 23:11 - 2015-04-12 23:12 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\48985812-1428880319-4ED2-E565-40167E365C60
    2015-04-12 23:11 - 2015-04-12 23:11 - 00004068 _____ () C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
    2015-04-12 23:11 - 2015-04-12 23:11 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\SmartWeb
    2015-04-12 23:11 - 2015-04-12 23:11 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_432
    2015-04-12 22:53 - 2015-04-12 22:53 - 00002683 _____ () C:\Users\Mason Breitzig\Desktop\JRT.txt
    2015-04-12 22:52 - 2015-04-12 22:52 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PRIMARY-Windows-8.1-(64-bit).dat
    2015-04-12 22:52 - 2015-04-12 22:52 - 00000000 ____D () C:\RegBackup
    2015-04-12 22:13 - 2015-04-12 22:47 - 00001002 _____ () C:\Users\Mason Breitzig\Desktop\AdwCleaner.txt
    2015-04-12 22:08 - 2015-04-12 22:09 - 02217984 _____ () C:\Users\Mason Breitzig\Desktop\adwcleaner_4.201.exe
    2015-04-12 22:08 - 2015-04-12 22:08 - 02686959 _____ (Thisisu) C:\Users\Mason Breitzig\Desktop\JRT.exe
    2015-04-12 21:50 - 2015-04-12 21:50 - 00010774 _____ () C:\Users\Mason Breitzig\Desktop\RK to be pasted.txt
    2015-04-12 21:44 - 2015-04-12 21:44 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-04-12 21:44 - 2015-04-12 21:44 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-04-12 21:37 - 2015-04-12 22:05 - 00003694 _____ () C:\Users\Mason Breitzig\Desktop\Virus.txt
    2015-04-12 21:34 - 2015-04-12 21:44 - 16849496 _____ () C:\Users\Mason Breitzig\Desktop\RogueKiller.exe
    2015-04-12 17:28 - 2015-04-12 17:28 - 00053138 _____ () C:\Users\Mason Breitzig\Desktop\Addition.txt
    2015-04-12 17:28 - 2015-04-12 17:28 - 00039212 _____ () C:\Users\Mason Breitzig\Desktop\FRST.txt
    2015-04-08 13:35 - 2015-04-08 13:35 - 00000034 _____ () C:\Users\Mason Breitzig\AppData\Roaming\AdobeWLCMCache.dat
    2015-04-07 10:59 - 2015-04-07 10:59 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Rainmeter
    2015-04-06 23:26 - 2015-04-06 23:26 - 00001432 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-04-06 23:26 - 2015-04-06 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-04-06 23:25 - 2015-04-06 23:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-04-06 23:25 - 2015-04-06 23:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-04-06 23:25 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2015-04-06 21:47 - 2015-04-06 21:48 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-06 21:47 - 2015-04-06 21:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-06 21:41 - 2014-12-01 19:01 - 03759320 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
    2015-04-06 21:41 - 2014-10-29 12:23 - 00450264 _____ (Realtek) C:\Windows\SwUSB.exe
    2015-04-06 21:41 - 2014-04-15 10:36 - 00036864 _____ () C:\Windows\runSW.exe
    2015-04-06 21:41 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
    2015-04-06 21:41 - 2010-12-01 09:31 - 00451072 _____ () C:\Windows\SysWOW64\ISSRemoveSP.exe
    2015-04-06 21:15 - 2015-04-06 21:15 - 00002430 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Mason_Breitzig
    2015-04-06 21:15 - 2015-04-06 21:15 - 00000312 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Mason_Breitzig.job
    2015-04-06 21:04 - 2015-04-06 21:04 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\39721968-697b-4489-821c-3c5471cb0217
    2015-04-06 20:59 - 2015-04-13 22:55 - 00000000 ____D () C:\FRST
    2015-04-06 20:56 - 2015-04-06 20:57 - 00010518 _____ () C:\Windows\Q-Dir.ini
    2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Q-Dir
    2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q-Dir
    2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\Program Files (x86)\Q-Dir
    2015-04-06 20:50 - 2015-04-06 21:05 - 00000000 ____D () C:\ProgramData\OnlineArmor
    2015-04-06 20:50 - 2015-04-06 20:50 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\OnlineArmor
    2015-04-06 20:50 - 2015-04-06 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
    2015-04-06 20:50 - 2013-10-11 03:41 - 00062008 _____ () C:\Windows\SysWOW64\Drivers\oahlp64.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00064720 _____ () C:\Windows\SysWOW64\Drivers\OADriver.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00052360 _____ (Emsisoft) C:\Windows\SysWOW64\Drivers\OAmon.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00035368 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
    2015-04-06 20:49 - 2015-04-12 11:29 - 00000000 ____D () C:\Program Files (x86)\Online Armor
    2015-04-06 20:49 - 2015-01-14 11:28 - 03066880 _____ () C:\Windows\system32\pwNative.exe
    2015-04-06 20:49 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows\system32\pwdrvio.sys
    2015-04-06 20:49 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows\system32\pwdspio.sys
    2015-04-06 20:48 - 2015-04-06 20:49 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Free 9.0
    2015-04-06 20:48 - 2015-04-06 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
    2015-04-06 20:47 - 2015-04-06 20:47 - 00001259 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Startup.lnk
    2015-04-06 20:46 - 2015-04-06 20:46 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUSBootStartup.sys
    2015-04-06 20:46 - 2015-04-06 20:46 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\GlarySoft
    2015-04-06 20:45 - 2015-04-06 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
    2015-04-06 20:45 - 2015-04-06 20:46 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
    2015-04-06 20:45 - 2015-04-06 20:45 - 00001296 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk
    2015-04-06 20:44 - 2015-04-06 20:44 - 00001236 _____ () C:\Users\UpdatusUser\Desktop\TimeComX.lnk
    2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Bitdreamers
    2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdreamers
    2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\Program Files (x86)\Bitdreamers
    2015-04-06 20:29 - 2015-04-07 01:50 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Rainmeter
    2015-04-06 20:29 - 2015-04-06 20:29 - 00001725 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
    2015-04-06 20:29 - 2015-04-06 20:29 - 00000000 ____D () C:\Program Files\Rainmeter
    2015-04-06 20:27 - 2015-04-06 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    2015-04-06 20:27 - 2015-04-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Auslogics
    2015-04-06 16:40 - 2015-04-06 16:40 - 00000000 ____D () C:\ProgramData\Auslogics
    2015-04-06 01:24 - 2015-04-06 01:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2015-04-06 01:23 - 2015-04-06 01:23 - 00000000 ____D () C:\ProgramData\Unchecky
    2015-04-06 01:23 - 2015-04-06 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
    2015-04-06 01:23 - 2015-04-06 01:23 - 00000000 ____D () C:\Program Files (x86)\Unchecky
    2015-04-06 00:40 - 2015-04-06 00:40 - 00001328 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    2015-03-31 22:20 - 2015-04-05 22:16 - 00000000 ____D () C:\Program Files (x86)\9eb08200-8451-400f-a40b-8b18a34bc5a6
    2015-03-31 19:46 - 2015-04-05 21:22 - 00000000 ____D () C:\SUPERDelete
    2015-03-31 19:19 - 2015-04-05 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-03-31 19:19 - 2015-03-31 19:24 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
    2015-03-31 19:13 - 2015-03-31 19:13 - 00000000 ____D () C:\ProgramData\cb263d7e6e6c44dda6e4e75e073e32ba
    2015-03-31 19:13 - 2015-03-31 19:13 - 00000000 ____D () C:\ProgramData\568c30905acd4b6d8888a0b788131d33
    2015-03-31 19:12 - 2015-03-31 19:12 - 00000940 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\JunkCleaner.lnk
    2015-03-31 19:12 - 2015-03-31 19:12 - 00000922 _____ () C:\ProgramData\JunkCleaner.lnk
    2015-03-31 19:12 - 2015-03-31 19:12 - 00000000 ____D () C:\ProgramData\All copyright reserved - 2014
    2015-03-31 19:10 - 2015-03-31 19:10 - 00000032 _____ () C:\Windows\SysWOW64\efipdihiaz.dat
    2015-03-31 19:01 - 2015-03-31 19:01 - 00000064 _____ () C:\Users\Mason Breitzig\AppData\Local\8146aa3d064490dcc30504f95be585fb
    2015-03-31 19:01 - 2015-03-31 19:01 - 00000000 ____D () C:\Program Files (x86)\user extensions
    2015-03-31 19:00 - 2015-04-13 22:41 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60
    2015-03-31 18:54 - 2015-03-31 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pillars of Eternity [GOG.com]
    2015-03-30 17:07 - 2015-03-30 17:07 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Introversion
    2015-03-26 20:32 - 2015-03-26 20:32 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\RPGTycoon
    2015-03-26 18:43 - 2015-03-26 18:43 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\.mono
    2015-03-26 18:43 - 2015-03-26 18:43 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Colossal Order
    2015-03-26 18:43 - 2015-03-26 18:43 - 00000000 ____D () C:\ProgramData\.mono
    2015-03-26 15:14 - 2015-03-26 15:14 - 00004185 _____ () C:\Users\Mason Breitzig\AppData\Roaming\VJJ
    2015-03-26 01:42 - 2015-02-05 15:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-03-26 01:42 - 2015-02-05 15:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-03-26 01:42 - 2015-02-05 13:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-03-26 00:52 - 2015-03-29 22:06 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Might & Magic Heroes VI
    2015-03-26 00:52 - 2015-03-26 01:07 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Might & Magic Heroes VI
    2015-03-26 00:52 - 2015-03-26 00:52 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Ubisoft Game Launcher
    2015-03-26 00:42 - 2015-03-26 00:46 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
    2015-03-26 00:17 - 2015-03-26 00:31 - 00000000 ____D () C:\Program Files (x86)\GOG.com
    2015-03-25 16:54 - 2015-03-25 20:35 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Sierra
    2015-03-22 02:03 - 2015-03-22 02:03 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\SKIDROW
    2015-03-22 02:01 - 2015-03-22 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
    2015-03-22 01:28 - 2015-03-22 01:28 - 00003486 _____ () C:\Windows\System32\Tasks\{0D294E33-87D6-4B69-BD39-1962FAFB80C3}
    2015-03-22 01:17 - 2015-03-22 01:17 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
    2015-03-22 00:58 - 2015-03-22 00:58 - 00000000 ____D () C:\Windows\1C4551A64743409391E41477CD655043.TMP
    2015-03-22 00:31 - 2015-03-22 00:31 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\7 Days To Die
    2015-03-21 00:18 - 2015-03-21 00:19 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Larian Studios
    2015-03-21 00:18 - 2015-03-21 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity - Original Sin [GOG.com]
    2015-03-21 00:12 - 2015-03-31 19:13 - 00000000 ____D () C:\GOG Games
    2015-03-20 21:05 - 2015-03-25 01:30 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Sid Meier's Starships
    2015-03-20 21:05 - 2015-03-20 21:05 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\FiraxisLive
    2015-03-20 19:51 - 2015-03-20 19:51 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
    2015-03-20 19:46 - 2015-03-26 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    2015-03-20 01:21 - 2015-04-06 00:36 - 00000000 ____D () C:\ILLUSION
    2015-03-19 21:06 - 2015-03-20 19:41 - 00001307 _____ () C:\Users\Mason Breitzig\Desktop\Diversions.lnk
    2015-03-19 16:20 - 2015-03-22 01:49 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Battle.net
    2015-03-19 16:20 - 2015-03-22 01:42 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Battle.net
    2015-03-19 16:20 - 2015-03-19 16:20 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Blizzard Entertainment
    2015-03-19 13:04 - 2015-03-19 13:04 - 00000000 ____D () C:\ProgramData\Battle.net
    2015-03-19 12:46 - 2015-03-26 00:31 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
    2015-03-15 20:38 - 2015-04-06 00:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-15 20:12 - 2015-03-15 20:12 - 00001889 _____ () C:\Users\Mason Breitzig\Desktop\Main.lnk
    2015-03-15 14:05 - 2015-03-15 14:05 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\My Games
    2015-03-15 14:05 - 2015-03-15 14:05 - 00000000 ____D () C:\ProgramData\Steam
    2015-03-15 14:04 - 2015-03-15 14:05 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\my games
    2015-03-15 13:46 - 2015-03-15 14:05 - 00000000 ____D () C:\Program Files (x86)\Sid Meiers Civilization Beyond Earth
    2015-03-15 13:39 - 2015-03-15 13:39 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\WinRAR
    2015-03-15 13:35 - 2015-03-15 13:35 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Steam
    2015-03-15 13:35 - 2015-03-15 13:35 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\MedievalEngineers
    2015-03-15 12:15 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
    2015-03-15 12:15 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-13 22:35 - 2014-07-08 18:57 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-13 22:33 - 2015-01-15 17:28 - 00000960 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA.job
    2015-04-13 22:31 - 2014-07-25 20:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-13 22:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-04-13 16:33 - 2015-01-15 17:28 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core.job
    2015-04-13 13:35 - 2014-07-08 18:57 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-13 04:56 - 2014-07-09 08:01 - 00000000 ___DO () C:\Users\Mason Breitzig\OneDrive
    2015-04-13 02:00 - 2014-07-26 00:06 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Adobe
    2015-04-12 22:45 - 2014-04-16 18:00 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-12 22:40 - 2014-07-08 21:42 - 00239726 _____ () C:\Users\Mason Breitzig\AppData\Local\BTServer.log
    2015-04-12 22:38 - 2014-04-24 06:32 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-04-12 22:38 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-12 22:37 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2015-04-12 22:27 - 2014-08-23 02:26 - 00000000 ____D () C:\AdwCleaner
    2015-04-12 22:03 - 2014-07-12 00:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-12 22:02 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-04-12 22:01 - 2014-04-16 18:40 - 00000000 ____D () C:\Windows\es
    2015-04-12 17:48 - 2014-07-08 21:48 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3962362228-1037329824-2324336766-1002
    2015-04-12 17:33 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-04-12 15:15 - 2014-08-27 12:00 - 00046089 _____ () C:\Users\Mason Breitzig\AppData\Local\CDXLExtendedShim.log
    2015-04-12 13:53 - 2014-07-08 21:42 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Packages
    2015-04-12 13:51 - 2014-08-22 11:11 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-04-12 11:21 - 2014-07-08 22:08 - 00000000 ____D () C:\Program Files (x86)\IObit
    2015-04-08 01:12 - 2014-07-10 10:35 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\FileZilla
    2015-04-07 17:38 - 2014-07-08 21:42 - 00000000 ____D () C:\Users\Mason Breitzig
    2015-04-06 22:00 - 2014-07-09 01:16 - 00000000 ____D () C:\Program Files\CCleaner
    2015-04-06 21:41 - 2014-04-24 06:34 - 00000000 ____D () C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
    2015-04-06 21:41 - 2014-04-24 06:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
    2015-04-06 21:23 - 2014-04-16 18:25 - 00000000 ____D () C:\AsusVibeData
    2015-04-06 21:23 - 2014-04-16 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2015-04-06 21:23 - 2014-04-16 18:21 - 00000000 ____D () C:\Program Files (x86)\ASUS
    2015-04-06 21:07 - 2014-07-25 20:21 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-06 21:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\ADFS
    2015-04-06 00:45 - 2014-07-09 07:38 - 00000000 ____D () C:\ProgramData\HappyCloud
    2015-04-06 00:42 - 2014-07-08 22:08 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\IObit
    2015-04-06 00:38 - 2014-07-09 00:38 - 00000000 ____D () C:\Program Files (x86)\Origin Games
    2015-04-06 00:37 - 2014-07-10 17:25 - 00000000 ____D () C:\Games
    2015-04-06 00:32 - 2014-04-16 17:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-04-05 22:16 - 2014-07-09 21:01 - 00000000 ____D () C:\Program Files (x86)\Adobe Gaming SDK 1.3
    2015-04-02 09:10 - 2014-07-08 22:08 - 00000000 ____D () C:\ProgramData\ProductData
    2015-03-31 20:07 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Globalization
    2015-03-31 00:57 - 2014-07-12 00:53 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-26 01:42 - 2014-04-24 06:32 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
    2015-03-26 01:42 - 2014-04-24 06:32 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2015-03-26 01:41 - 2014-04-24 06:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2015-03-26 00:22 - 2014-12-03 14:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-03-26 00:11 - 2014-07-09 00:43 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-03-22 02:03 - 2014-09-06 13:09 - 00000000 ____D () C:\ProgramData\Firefly Studios
    2015-03-20 03:24 - 2014-07-09 21:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-03-19 21:00 - 2014-11-01 19:39 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Main
    2015-03-18 22:05 - 2014-07-26 15:44 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Notepad++
    2015-03-15 12:09 - 2015-03-13 20:15 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Blackboard
    2015-03-15 12:09 - 2014-09-06 13:13 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Firefly Studios
    2015-03-15 01:29 - 2014-07-09 01:40 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\PhotoScape

    ==================== Files in the root of some directories =======

    2014-04-16 23:55 - 2014-04-16 23:55 - 0009130 _____ () C:\Program Files (x86)\Common Files\Samples.sln
    2015-04-08 13:35 - 2015-04-08 13:35 - 0000034 _____ () C:\Users\Mason Breitzig\AppData\Roaming\AdobeWLCMCache.dat
    2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____ () C:\Users\Mason Breitzig\AppData\Roaming\VJJ
    2015-03-31 19:01 - 2015-03-31 19:01 - 0000064 _____ () C:\Users\Mason Breitzig\AppData\Local\8146aa3d064490dcc30504f95be585fb
    2014-07-08 21:42 - 2015-04-12 22:40 - 0239726 _____ () C:\Users\Mason Breitzig\AppData\Local\BTServer.log
    2014-08-27 12:00 - 2015-04-12 15:15 - 0046089 _____ () C:\Users\Mason Breitzig\AppData\Local\CDXLExtendedShim.log
    2015-02-24 17:08 - 2015-02-24 17:08 - 0000828 _____ () C:\Users\Mason Breitzig\AppData\Local\recently-used.xbel
    2014-09-07 23:07 - 2014-09-07 23:07 - 0007602 _____ () C:\Users\Mason Breitzig\AppData\Local\resmon.resmoncfg
    2014-04-16 17:59 - 2014-04-16 17:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-03-31 19:12 - 2015-03-31 19:12 - 0000922 _____ () C:\ProgramData\JunkCleaner.lnk

    Some content of TEMP:
    ====================
    C:\Users\Mason Breitzig\AppData\Local\Temp\Uninstall.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-05 21:32

    ==================== End Of Log ============================
     
  9. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
    Ran by Mason Breitzig at 2015-04-13 22:56:12
    Running from C:\Users\Mason Breitzig\Documents\Main\Programs\System Care
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
    Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.2 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
    Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.0.1 - Adobe Systems Incorporated)
    Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
    Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
    Adobe Edge Animate CC 2014 (HKLM-x32\...\{A3643DA2-AF8A-44E8-A56E-7FE001932D8B}) (Version: 4.0 - Adobe Systems Incorporated)
    Adobe Edge Code CC (HKLM-x32\...\{2033D10C-8B25-6EED-97C0-708693677BA6}) (Version: 0.98 - Adobe Systems Incorporated)
    Adobe Edge Inspect CC (HKLM-x32\...\{2532C427-E595-4768-B6E9-C20F3AB751CA}) (Version: 1.5.486 - Adobe Systems Incorporated)
    Adobe Edge Reflow CC Preview (HKLM\...\{E23FC538-5890-43E8-932D-FC1DD8B1655B}) (Version: 0.47.17127 - Adobe Systems Incorporated)
    Adobe Exchange Panel (HKLM-x32\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)
    Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
    Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)
    Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
    Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.0.1 - Adobe Systems Incorporated)
    Adobe Gaming SDK 1.3 (HKLM-x32\...\{62FFC6DD-18BB-49FC-AF65-71FB1C0B08AA}) (Version: 1.3 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
    Adobe InCopy CC 2014 (HKLM-x32\...\{B389B226-A760-1014-9ADD-DA3D4A4028DB}) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Muse CC 2014 (HKLM\...\{0A030E99-7CFB-4F35-B1A8-B495F8B36E7A}) (Version: 2014.1.1.6 - Adobe Systems, Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
    Adobe Prelude CC 2014 (HKLM-x32\...\{2A054E48-0A75-42BD-8738-EC9AB4E2207A}) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
    Adobe Scout CC (HKLM\...\{BA573BFE-83B4-11E3-93D2-D231FEB1DC81}) (Version: 1.1.3.354121 - Adobe Systems Incorporated)
    Adobe SpeedGrade CC 2014 (HKLM-x32\...\{8EFF28F0-9DFD-4208-9E04-4D49A4812CF3}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{C6B2127C-A9E0-411B-8EF1-2CE0ACDF265D}) (Version: 20.2.6362.11139 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader Driver (x32 Version: 20.2.6362.11139 - Alcor Micro Corp.) Hidden
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.12 - ASUSTeK Computer Inc.)
    ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.00.11 - ASUSTeK Computer Inc.)
    ASUS Manager - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.10 - ASUSTeK Computer Inc.)
    ASUS Manager - Family Safety (HKLM-x32\...\{016AFF97-4E18-4560-B8E5-B684BB124E32}) (Version: 2.00.03 - ASUSTeK Computer Inc.)
    ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.08 - ASUSTeK Computer Inc.)
    ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.02 - ASUSTeK Computer Inc.)
    ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.02.04 - ASUSTeK Computer Inc.)
    ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.08.00 - ASUSTeK Computer Inc.)
    Auslogics Registry Defrag (HKLM-x32\...\{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1) (Version: 8.4.0.0 - Auslogics Labs Pty Ltd)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
    CambridgeSoft ChemBioOffice 2014 (HKLM-x32\...\{9023F95E-737F-4343-BC57-B6217E3091CB}) (Version: 14.0 - CambridgeSoft Corporation)
    CambridgeSoft ChemScript 14.0 (HKLM-x32\...\{6053D436-AF21-4D67-A458-04C2B969A865}) (Version: 14.0 - CambridgeSoft Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
    Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
    ChromecastApp (HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Divinity - Original Sin (HKLM-x32\...\1207664923_is1) (Version: 2.11.0.21 - GOG.com)
    eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.07 - ASUSTeK Computer Inc.)
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    FileZilla Client 3.10.2 (HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
    Fraps (HKLM-x32\...\Fraps) (Version: - )
    Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    GamesDesktop 025.432 (HKLM-x32\...\gmsd_us_432_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Hatchiho (HKLM\...\Hatchiho) (Version: 2015.04.13.004830 - Hatchiho) <==== ATTENTION
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Cleaner (x32 Version: 1.1.6.2 - Pandaje Group) Hidden
    Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
    Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)
    LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.0 - Ubisoft)
    MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
    MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
    Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Offline Tariff (HKLM-x32\...\igsc) (Version: 1.0.0.0 - Offline Tariff)
    Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
    PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1036.0 - Passmark Software)
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
    PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
    Python 3.2.2 (HKLM-x32\...\{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}) (Version: 3.2.2150 - Python Software Foundation)
    Q-Dir (HKLM-x32\...\Q-Dir) (Version: - )
    Quick Startup 5.10.1.101 (HKLM-x32\...\Quick Startup) (Version: 5.10.1.101 - Glarysoft Ltd)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )
    REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.092613 - REALTEK Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0247 - REALTEK Semiconductor Corp.)
    Registry Repair 5.0.1.67 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.67 - Glarysoft Ltd)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Serif WebPlus X5 (HKLM-x32\...\{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}) (Version: 13.0.0.016 - Serif (Europe) Ltd)
    Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
    SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
    Skyrim Performance Monitor (HKLM-x32\...\{84AEB93A-ECBB-4568-8F59-D4516EF59079}) (Version: 3.65 - SirGarnon on Skyrim Nexus)
    SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    Stronghold 3 (HKLM-x32\...\Stronghold 3_is1) (Version: - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
    The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
    The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
    The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)
    TimeComX Basic (32-Bit) (HKLM-x32\...\TimeComX Basic 32-Bit) (Version: 1.3.2.7 - Bitdreamers)
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    Unchecky v0.3.7.2 (HKLM-x32\...\Unchecky) (Version: 0.3.7.2 - RaMMicHaeL)
    VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
    WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.4 - Wrye & Wrye Bash Development Team)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mason Breitzig\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    12-04-2015 17:23:01 Virus Point 1

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2015-04-12 22:50 - 00000961 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02A24CE3-B703-4779-8310-F9CF365EC96D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
    Task: {03DEB618-EA0C-4F40-9C82-F66D90106EE8} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {03E12A45-10B0-44FD-9D46-385C2A3FFC98} - System32\Tasks\Uninstaller_SkipUac_Mason_Breitzig => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: {0419ACAE-D5C0-4D90-A12E-B5DC08E5F389} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2014-03-25] ()
    Task: {11F4EE09-DD3D-4B50-998C-70475BD43099} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
    Task: {1344D7B0-7EF1-44E1-8779-4525ADA34307} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2013-11-27] (ASUSTeK Computer Inc.)
    Task: {14837A16-38C8-4147-A7C2-78CB03E521E2} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [2014-02-20] (ASUSTeK)
    Task: {1C1E8661-206D-455D-8BD9-235C850468A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {1D8B5421-4333-43BE-BE4F-94D47F42E2C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {28E759BA-A029-4269-AF76-5EC06A95FD98} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {2D5E4D6F-542B-4BF9-AC17-12FA9C8DF705} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mbreitzig@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
    Task: {4A176280-787E-49AD-A9E3-299A99046DDB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {4A7A5ED4-2091-4DCE-9D2B-1CFB56F822DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-06] (Adobe Systems Incorporated)
    Task: {503111FD-33DE-42B8-9542-16B94409F931} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {5DE07668-EEE6-4362-BD84-8014D30C3251} - \avaavaxvyy No Task File <==== ATTENTION
    Task: {6E8936EC-1172-44F5-9E3D-C254A24386A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {7ABB8E79-A5A8-457C-AF67-A2C035829461} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Mason Breitzig\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
    Task: {7CEC08E6-1AC8-4F2D-9C3C-6569BDB62FC0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {8184B271-57AF-44C0-B69B-F8EED39D84D3} - System32\Tasks\{0D294E33-87D6-4B69-BD39-1962FAFB80C3} => pcalua.exe -a "C:\Users\Mason Breitzig\Documents\Main\Entertainment\Games\Files\Downloaded\Dragon Age Origins Ultimate\data\DataSetup.exe" -d "C:\Users\Mason Breitzig\Documents\Main\Entertainment\Games\Files\Downloaded\Dragon Age Origins Ultimate\data"
    Task: {849A6DAF-FDBA-404F-9A1D-3C1D5254917C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
    Task: {868CF4D0-323F-4D23-9F5C-03AE2DA57F19} - System32\Tasks\{2600FEB7-A17D-438C-B22F-31678805BE85} => pcalua.exe -a H:\_ISDel.exe -d H:\
    Task: {9D9620A7-7228-45A9-A993-1246FCE2D38E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {9E1DDFEF-6CCD-4E7F-B0B3-ECB0E0C056BB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
    Task: {A6DBBDDB-716B-4257-8962-78308E94CDD8} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.)
    Task: {B38A6F67-9E95-453F-B282-8F47C4732AD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-03] (Google Inc.)
    Task: {B5B5B7B1-20A5-4CEE-8D7B-238ECD63DCDC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
    Task: {B6BBBA25-C8D3-45BC-8EA6-6931198E6C02} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2013-11-28] ()
    Task: {BB86DE67-6F47-4A24-865F-289C4A95FB9E} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2014-02-19] (ASUSTeK)
    Task: {BC1A3907-16C9-4300-8271-6E0D51F303AB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {C0C3EC5D-41F0-4584-80E7-38FAD3142BC7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {CE83C9FC-E4D5-4815-8EFD-EE5364ACF4B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
    Task: {D41289EF-6F23-4E1C-849F-5F537F9C1931} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: {E128FFEC-C704-467D-A1C2-7643A4363785} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {ED0E9D5F-5C71-4B7B-BEC6-916088DAAA71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-03] (Google Inc.)
    Task: {F50C851B-8F17-42A8-A765-439C60F75FDD} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2013-11-27] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core.job => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA.job => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: C:\Windows\Tasks\Uninstaller_SkipUac_Mason_Breitzig.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-03-31 19:01 - 2015-03-31 19:01 - 00132096 _____ () C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\jnsf7AE0.tmp
    2014-04-24 06:38 - 2014-03-25 21:36 - 00929936 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
    2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
    2015-03-02 10:43 - 2015-03-02 10:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2014-11-15 19:35 - 2009-06-02 02:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2014-04-24 06:38 - 2014-03-12 18:50 - 00854016 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandlerBin.dll
    2015-03-20 03:21 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-04-12 20:49 - 2015-04-12 20:49 - 00402152 _____ () C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe
    2014-04-24 06:32 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-07-17 07:50 - 2014-07-17 07:50 - 00815104 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2014\Utilities\adb.exe
    2015-04-13 22:41 - 2015-04-13 22:41 - 00143360 _____ () C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\nsx39EC.tmp
    2014-04-24 06:31 - 2013-09-16 16:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-03-02 16:30 - 2015-03-02 16:30 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    2014-11-16 04:19 - 2014-11-16 04:19 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2015-01-22 15:34 - 2015-01-20 23:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
    2015-01-22 15:34 - 2015-01-20 23:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
    2015-01-22 15:34 - 2015-01-20 23:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
    2015-02-05 19:18 - 2015-02-03 13:22 - 14964912 _____ () C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\PepperFlash\16.0.0.305\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Mason Breitzig\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mason Breitzig\AppData\Roaming\Rainmeter\Layouts\Nova\Wallpaper.bmp
    DNS Servers: 65.32.5.74 - 65.32.5.75

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run: => "BtServer"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "DriverChecker.exe"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "Advanced SystemCare 8"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3962362228-1037329824-2324336766-500 - Administrator - Disabled)
    Guest (S-1-5-21-3962362228-1037329824-2324336766-501 - Limited - Disabled)
    Mason Breitzig (S-1-5-21-3962362228-1037329824-2324336766-1002 - Administrator - Enabled) => C:\Users\Mason Breitzig
    UpdatusUser (S-1-5-21-3962362228-1037329824-2324336766-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/13/2015 07:31:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 15d4

    Start Time: 01d0759de13957dd

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: 24ab775c-e235-11e4-829f-54271e7a125c

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (04/13/2015 04:57:18 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

    Error: (04/13/2015 04:56:56 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/13/2015 01:55:36 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Prison Architect.exe, version: 0.0.0.0, time stamp: 0x547497c0
    Faulting module name: Prison Architect.exe, version: 0.0.0.0, time stamp: 0x547497c0
    Exception code: 0xc0000005
    Fault offset: 0x00240bfd
    Faulting process id: 0xfe8
    Faulting application start time: 0xPrison Architect.exe0
    Faulting application path: Prison Architect.exe1
    Faulting module path: Prison Architect.exe2
    Report Id: Prison Architect.exe3
    Faulting package full name: Prison Architect.exe4
    Faulting package-relative application ID: Prison Architect.exe5

    Error: (04/12/2015 11:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883
    Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82
    Exception code: 0x80000003
    Fault offset: 0x00001e02
    Faulting process id: 0xc84
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5


    System errors:
    =============

    Microsoft Office Sessions:
    =========================
    Error: (04/13/2015 07:31:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: LiveComm.exe17.5.9600.2068915d401d0759de13957dd4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe24ab775c-e235-11e4-829f-54271e7a125cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

    Error: (04/13/2015 04:57:18 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

    Error: (04/13/2015 04:56:56 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

    Error: (04/13/2015 01:55:36 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Prison Architect.exe0.0.0.0547497c0Prison Architect.exe0.0.0.0547497c0c000000500240bfdfe801d075ae6e0f1f0aC:\Users\Mason Breitzig\Documents\Main\Entertainment\Games\Files\Downloaded\Prison Architect Alpha 27\Prison Architect.exeC:\Users\Mason Breitzig\Documents\Main\Entertainment\Games\Files\Downloaded\Prison Architect Alpha 27\Prison Architect.exeb3f05e07-e1a1-11e4-829f-54271e7a125c

    Error: (04/12/2015 11:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e02c8401d075955386c87dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldc65ff4b-e18a-11e4-829f-54271e7a125c


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
    Percentage of memory in use: 19%
    Total physical RAM: 12227.25 MB
    Available physical RAM: 9782.22 MB
    Total Pagefile: 14083.25 MB
    Available Pagefile: 11289.46 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1848.07 GB) (Free:1447.93 GB) NTFS
    Drive h: (Sims4_2) (CDROM) (Total:0.48 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: 76A7E05D)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    OK, first off all you keep installing some unwanted stuff because most of malicious items in the newest FRST logs were not present in the very first log.
    At the very beginning I clearly stated in my rules:

    Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

    If you keep doing so we'll never finish.

    Now...

    [​IMG] Uninstall (Control Panel>Programs and Features):

    GamesDesktop
    Hatchiho
    SmartWeb


    Next...

    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  11. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    As I stated in the beginning, when my computer is connected to the internet, the virus automatically downloads and installs programs even though I attempt to cancel them. Additionally, either the virus or one of the programs you had me run has changed my firewall and prevents it from running, which was my primary defense against the virus installing these programs.

    I am not overtly trying to disobey your rules, it is obviously in my best interest to follow them.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    [​IMG]

    Go on...
     
  13. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    Disconnected the internet, and will keep it that way until the fix is complete to prevent further issues.


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015
    Ran by Mason Breitzig at 2015-04-14 00:02:55 Run:1
    Running from C:\Users\Mason Breitzig\Documents\Main\Programs\System Care
    Loaded Profiles: Mason Breitzig (Available profiles: UpdatusUser & Mason Breitzig)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    () C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\jnsf7AE0.tmp
    C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\jnsf7AE0.tmp
    () C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\nsx39EC.tmp
    C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\nsx39EC.tmp
    C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [gmsd_us_432] => C:\Program Files (x86)\gmsd_us_432\gmsd_us_432.exe [3982792 2015-04-11] ()
    HKLM-x32\...\Run: [SmartWeb] => C:\Users\Mason Breitzig\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
    HKLM-x32\...\RunOnce: [upgmsd_us_432.exe] => C:\Users\Mason Breitzig\AppData\Local\gmsd_us_432\upgmsd_us_432.exe [3306952 2015-04-11] ()
    C:\Program Files (x86)\gmsd_us_432
    C:\Users\Mason Breitzig\AppData\Local\SmartWeb
    C:\Users\Mason Breitzig\AppData\Local\gmsd_us_432
    HKLM-x32\...\RunOnce: [Update] => C:\Users\Mason Breitzig\AppData\Roaming\ASPackage\ASPackage.exe /runonce
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    C:\Users\Mason Breitzig\AppData\Roaming\ASPackage
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {90cc86ee-d011-11e4-8296-54271e7a125c} - "D:\StarCraft II Setup.exe"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {90cc86f6-d011-11e4-8296-54271e7a125c} - "E:\autorun.exe"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {b7d9b23f-1794-11e4-826e-54271e7a125c} - "D:\LGAutoRun.exe"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\MountPoints2: {bb60b5c3-2a8e-11e4-8275-54271e7a125c} - "D:\LG_PC_Programs.exe"
    IFEO\b9eg190.exe: [Debugger] TaskList.exe
    IFEO\bbqleads.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
    IFEO\bbqquotes.exe: [Debugger] TaskList.exe
    IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
    IFEO\donutleads.exe: [Debugger] TaskList.exe
    IFEO\donutquotes.exe: [Debugger] TaskList.exe
    IFEO\internetenhancer.exe: [Debugger] TaskList.exe
    IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
    IFEO\pastaleads.exe: [Debugger] TaskList.exe
    IFEO\pastaquotes.exe: [Debugger] TaskList.exe
    IFEO\spyhunter.exe: [Debugger] TaskList.exe
    IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
    IFEO\wajam.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
    Startup: C:\Users\Mason Breitzig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
    ShortcutTarget: SmartWeb.lnk -> C:\Users\Mason Breitzig\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
    C:\Users\Mason Breitzig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:64744;https=127.0.0.1:64744
    RemoveProxy:
    R2 ronevulo; C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\nsx39EC.tmp [143360 2015-04-13] () [File not signed]
    R2 wyvuzely; C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\jnsf7AE0.tmp [132096 2015-03-31] () [File not signed]
    2015-04-12 23:11 - 2015-04-12 23:17 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\gmsd_us_432
    2015-04-12 23:11 - 2015-04-12 23:12 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\48985812-1428880319-4ED2-E565-40167E365C60
    2015-04-12 23:11 - 2015-04-12 23:11 - 00004068 _____ () C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
    2015-04-12 23:11 - 2015-04-12 23:11 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\SmartWeb
    2015-04-12 23:11 - 2015-04-12 23:11 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_432
    2015-03-31 19:00 - 2015-04-13 22:41 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60
    C:\Users\Mason Breitzig\AppData\Local\Temp\Uninstall.exe
    2014-04-16 23:55 - 2014-04-16 23:55 - 0009130 _____ () C:\Program Files (x86)\Common Files\Samples.sln
    2015-04-08 13:35 - 2015-04-08 13:35 - 0000034 _____ () C:\Users\Mason Breitzig\AppData\Roaming\AdobeWLCMCache.dat
    2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____ () C:\Users\Mason Breitzig\AppData\Roaming\VJJ
    2015-03-31 19:01 - 2015-03-31 19:01 - 0000064 _____ () C:\Users\Mason Breitzig\AppData\Local\8146aa3d064490dcc30504f95be585fb
    2014-07-08 21:42 - 2015-04-12 22:40 - 0239726 _____ () C:\Users\Mason Breitzig\AppData\Local\BTServer.log
    2014-08-27 12:00 - 2015-04-12 15:15 - 0046089 _____ () C:\Users\Mason Breitzig\AppData\Local\CDXLExtendedShim.log
    2015-02-24 17:08 - 2015-02-24 17:08 - 0000828 _____ () C:\Users\Mason Breitzig\AppData\Local\recently-used.xbel
    2014-09-07 23:07 - 2014-09-07 23:07 - 0007602 _____ () C:\Users\Mason Breitzig\AppData\Local\resmon.resmoncfg
    2014-04-16 17:59 - 2014-04-16 17:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-03-31 19:12 - 2015-03-31 19:12 - 0000922 _____ () C:\ProgramData\JunkCleaner.lnk
    CustomCLSID: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mason Breitzig\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    2015-04-12 23:12 - 2015-04-12 23:12 - 00000000 ____D () C:\Program Files (x86)\Hatchiho
    R2 Util Hatchiho; C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe [402152 2015-04-12] ()
    FF Extension: Hatchiho 1.0.1 - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{6799a6a5-a100-489a-a077-e10ecb056c19}.xpi [2015-04-12]
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
    BHO-x32: Hatchiho 1.0.0.7 -> {0569f0df-cce6-43e9-aecb-5c5cf431e3b4} -> C:\Program Files (x86)\Hatchiho\Hatchihobho.dll [2015-04-12] (Hatchiho)
    () C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe
    Task: {5DE07668-EEE6-4362-BD84-8014D30C3251} - \avaavaxvyy No Task File <==== ATTENTION
    Task: {7ABB8E79-A5A8-457C-AF67-A2C035829461} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Mason Breitzig\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
    AlternateDataStreams: C:\Users\Mason Breitzig\OneDrive:ms-properties


    *****************

    [2616] C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\jnsf7AE0.tmp => Process closed successfully.
    C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\jnsf7AE0.tmp => Moved successfully.
    [200] C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\nsx39EC.tmp => Process closed successfully.
    C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60\nsx39EC.tmp => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60 => Moved successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_432 => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => Value not found.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_us_432.exe => Value not found.
    "C:\Program Files (x86)\gmsd_us_432" => File/Directory not found.
    "C:\Users\Mason Breitzig\AppData\Local\SmartWeb" => File/Directory not found.
    "C:\Users\Mason Breitzig\AppData\Local\gmsd_us_432" => File/Directory not found.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Update => value deleted successfully.
    "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
    "C:\Users\Mason Breitzig\AppData\Roaming\ASPackage" => File/Directory not found.
    "HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90cc86ee-d011-11e4-8296-54271e7a125c}" => Key deleted successfully.
    HKCR\CLSID\{90cc86ee-d011-11e4-8296-54271e7a125c} => Key not found.
    "HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90cc86f6-d011-11e4-8296-54271e7a125c}" => Key deleted successfully.
    HKCR\CLSID\{90cc86f6-d011-11e4-8296-54271e7a125c} => Key not found.
    "HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7d9b23f-1794-11e4-826e-54271e7a125c}" => Key deleted successfully.
    HKCR\CLSID\{b7d9b23f-1794-11e4-826e-54271e7a125c} => Key not found.
    "HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb60b5c3-2a8e-11e4-8275-54271e7a125c}" => Key deleted successfully.
    HKCR\CLSID\{bb60b5c3-2a8e-11e4-8275-54271e7a125c} => Key not found.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\b9eg190.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleads.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsapplication.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsservice.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqquotes.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ContentExplorer.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutleads.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutquotes.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancer.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancerservice.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaleads.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaquotes.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spyhunter.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\theanswerfinder.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajam.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancer.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerApp.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerAppservice.exe" => Key Deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancerservice.exe" => Key Deleted successfully.
    C:\Users\Mason Breitzig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk not found.
    C:\Users\Mason Breitzig\AppData\Local\SmartWeb\SmartWebHelper.exe not found.
    "C:\Users\Mason Breitzig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk" => File/Directory not found.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

    ========= RemoveProxy: =========

    HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


    ========= End of RemoveProxy: =========

    ronevulo => Service deleted successfully.
    wyvuzely => Service deleted successfully.
    "C:\Users\Mason Breitzig\AppData\Local\gmsd_us_432" => File/Directory not found.
    "C:\Users\Mason Breitzig\AppData\Local\48985812-1428880319-4ED2-E565-40167E365C60" => File/Directory not found.
    C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => Moved successfully.
    "C:\Users\Mason Breitzig\AppData\Local\SmartWeb" => File/Directory not found.
    "C:\Program Files (x86)\gmsd_us_432" => File/Directory not found.
    "C:\Users\Mason Breitzig\AppData\Roaming\48985812-1427842840-4ED2-E565-40167E365C60" => File/Directory not found.
    C:\Users\Mason Breitzig\AppData\Local\Temp\Uninstall.exe => Moved successfully.
    C:\Program Files (x86)\Common Files\Samples.sln => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Roaming\AdobeWLCMCache.dat => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Roaming\VJJ => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Local\8146aa3d064490dcc30504f95be585fb => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Local\BTServer.log => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Local\CDXLExtendedShim.log => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Local\recently-used.xbel => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Local\resmon.resmoncfg => Moved successfully.
    C:\ProgramData\DP45977C.lfl => Moved successfully.
    C:\ProgramData\JunkCleaner.lnk => Moved successfully.
    "HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.
    "C:\Program Files (x86)\Hatchiho" => File/Directory not found.
    Util Hatchiho => Service not found.
    C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{6799a6a5-a100-489a-a077-e10ecb056c19}.xpi not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0569f0df-cce6-43e9-aecb-5c5cf431e3b4} => Key not found.
    HKCR\Wow6432Node\CLSID\{0569f0df-cce6-43e9-aecb-5c5cf431e3b4} => Key not found.
    C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe => No running process found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DE07668-EEE6-4362-BD84-8014D30C3251}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DE07668-EEE6-4362-BD84-8014D30C3251}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaavaxvyy" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7ABB8E79-A5A8-457C-AF67-A2C035829461}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ABB8E79-A5A8-457C-AF67-A2C035829461}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => Key deleted successfully.
    C:\Users\Mason Breitzig\OneDrive => ":ms-properties" ADS removed successfully.


    The system needed a reboot.

    ==== End of Fixlog 00:02:56 ====
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please re-run FRST scan so I can see if there is anything malicious left.
    Make sure you checkmark Addition.txt box so both logs will be produced.
     
  15. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
    Ran by Mason Breitzig (administrator) on PRIMARY on 14-04-2015 22:47:28
    Running from C:\Users\Mason Breitzig\Documents\Main\Programs\System Care
    Loaded Profiles: UpdatusUser & Mason Breitzig (Available profiles: UpdatusUser & Mason Breitzig)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oasrv.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
    () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    () C:\ProgramData\FlashBeat\FlashBeat.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
    (ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    (ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
    (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oaui.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oahlp.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-12] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
    HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-25] (Realtek Semiconductor Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-04-16] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [gmsd_us_440] => [X]
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [Google Update] => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-15] (Google Inc.)
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [GUSDelayStartup] => C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe [37152 2015-01-19] (Glarysoft Ltd)
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
    URLSearchHook: [S-1-5-21-3962362228-1037329824-2324336766-1001] ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Winsock: Catalog9 01 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
    Winsock: Catalog9 16 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
    Winsock: Catalog9-x64 01 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
    Winsock: Catalog9-x64 02 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
    Winsock: Catalog9-x64 03 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
    Winsock: Catalog9-x64 04 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
    Winsock: Catalog9-x64 16 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 65.32.5.74 65.32.5.75

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-06] ()
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-06] ()
    FF Plugin-x32: @cambridgesoft.com/Chem3D,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\Chem3D\npChem3DPlugin.dll [2014-04-17] (CambridgeSoft Corp.)
    FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\ChemDraw\npcdp32.dll [2014-04-17] (CambridgeSoft Corp.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-07-11] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-11] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-03] (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-3962362228-1037329824-2324336766-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3962362228-1037329824-2324336766-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-15] (Google Inc.)
    FF user.js: detected! => C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\user.js [2015-04-14]
    FF Extension: Mozilla Firefox Hotfixer - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\veggy@veggyAddon.com [2015-04-13]
    FF Extension: Zoom It - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{94b0d9d8-94d5-1b0a-f547-6e4821a3b143} [2015-04-13]
    FF Extension: AdBlock Lite - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2015-02-22]
    FF Extension: Pin It Button - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-01-02]
    FF Extension: Google Privacy - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2015-04-05]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-09]

    Chrome:
    =======
    CHR Profile: C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-06]
    CHR Extension: (Google Docs) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-06]
    CHR Extension: (Google Drive) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-01]
    CHR Extension: (YouTube) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-06]
    CHR Extension: (Google Search) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-06]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-03-31]
    CHR Extension: (Google Sheets) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-06]
    CHR Extension: (Google Wallet) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
    CHR Extension: (Gmail) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
    R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
    R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-02-12] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    R2 FlashBeat; C:\ProgramData\FlashBeat\FlashBeat.exe [330752 2015-04-13] () [File not signed]
    S2 Gambali; C:\ProgramData\FlashBeat\Gambali.exe [1916456 2015-03-31] (Gambali OEM Software) [File not signed]
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
    R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
    R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [160208 2015-04-06] (RaMMicHaeL)
    S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
    S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AiChargerDT; C:\Windows\SysWow64\drivers\AiChargerDT.sys [14880 2012-10-18] (ASUSTek Computer Inc.)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-12] (Microsoft Corporation)
    S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-20] (Disc Soft Ltd)
    R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-27] (Intel Corporation)
    R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20160 2015-04-06] (Glarysoft Ltd)
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2015-03-31] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [121416 2014-07-29] (MotioninJoy) [File not signed]
    R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
    R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
    R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
    R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
    R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
    R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3759320 2014-12-01] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-12] ()
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-14 00:14 - 2015-04-14 22:46 - 00003345 _____ () C:\Users\Mason Breitzig\AppData\Local\BTServer.log
    2015-04-14 00:04 - 2015-04-14 00:04 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-04-14 00:03 - 2015-04-14 00:16 - 00000912 _____ () C:\Windows\setupact.log
    2015-04-14 00:03 - 2015-04-14 00:03 - 00000576 _____ () C:\Windows\PFRO.log
    2015-04-14 00:03 - 2015-04-14 00:03 - 00000000 _____ () C:\Windows\setuperr.log
    2015-04-13 23:53 - 2015-04-13 23:53 - 00000000 ____D () C:\Program Files (x86)\predm
    2015-04-13 23:43 - 2015-04-13 23:43 - 00613255 _____ (CMI Limited) C:\Users\Mason Breitzig\AppData\Local\nsk47FC.tmp
    2015-04-13 23:43 - 2015-04-13 23:43 - 00000000 __SHD () C:\Users\Mason Breitzig\AppData\Roaming\AnyProtectEx
    2015-04-13 23:43 - 2015-04-13 23:43 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
    2015-04-13 23:12 - 2015-04-13 23:12 - 00009040 _____ () C:\Windows\SysWOW64\GambaliOff.ini
    2015-04-13 23:12 - 2015-04-13 23:12 - 00009040 _____ () C:\Windows\system32\GambaliOff.ini
    2015-04-13 23:12 - 2015-04-13 23:12 - 00003592 _____ () C:\Windows\System32\Tasks\CMBNIUK
    2015-04-13 23:12 - 2015-04-13 23:12 - 00000000 ____D () C:\ProgramData\FlashBeat
    2015-04-13 23:12 - 2015-04-13 23:12 - 00000000 ____D () C:\ProgramData\a040bb4567e84331a76e603c9625e3a4
    2015-04-13 23:12 - 2015-04-13 23:12 - 00000000 ____D () C:\ProgramData\8e5233129da0415fbe27bfb648f69f2c
    2015-04-13 23:12 - 2015-03-31 15:18 - 00408424 _____ (Gambali OEM Software) C:\Windows\system32\Gambali64.dll
    2015-04-13 23:12 - 2015-03-31 15:18 - 00340944 _____ (Gambali OEM Software) C:\Windows\SysWOW64\Gambali.dll
    2015-04-13 23:03 - 2015-04-14 21:18 - 00169185 _____ () C:\Windows\WindowsUpdate.log
    2015-04-13 22:56 - 2015-04-13 22:56 - 00040633 _____ () C:\Users\Mason Breitzig\Desktop\Addition2.txt
    2015-04-13 22:55 - 2015-04-13 22:56 - 00048046 _____ () C:\Users\Mason Breitzig\Desktop\FRST2.txt
    2015-04-12 23:12 - 2015-04-13 22:52 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\CrashDumps
    2015-04-12 22:53 - 2015-04-12 22:53 - 00002683 _____ () C:\Users\Mason Breitzig\Desktop\JRT.txt
    2015-04-12 22:52 - 2015-04-12 22:52 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PRIMARY-Windows-8.1-(64-bit).dat
    2015-04-12 22:52 - 2015-04-12 22:52 - 00000000 ____D () C:\RegBackup
    2015-04-12 22:13 - 2015-04-12 22:47 - 00001002 _____ () C:\Users\Mason Breitzig\Desktop\AdwCleaner.txt
    2015-04-12 22:08 - 2015-04-12 22:09 - 02217984 _____ () C:\Users\Mason Breitzig\Desktop\adwcleaner_4.201.exe
    2015-04-12 22:08 - 2015-04-12 22:08 - 02686959 _____ (Thisisu) C:\Users\Mason Breitzig\Desktop\JRT.exe
    2015-04-12 21:50 - 2015-04-12 21:50 - 00010774 _____ () C:\Users\Mason Breitzig\Desktop\RK to be pasted.txt
    2015-04-12 21:44 - 2015-04-12 21:44 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-04-12 21:44 - 2015-04-12 21:44 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-04-12 21:37 - 2015-04-13 23:49 - 00000992 _____ () C:\Users\Mason Breitzig\Desktop\Virus.txt
    2015-04-12 21:34 - 2015-04-12 21:44 - 16849496 _____ () C:\Users\Mason Breitzig\Desktop\RogueKiller.exe
    2015-04-12 17:28 - 2015-04-12 17:28 - 00053138 _____ () C:\Users\Mason Breitzig\Desktop\Addition.txt
    2015-04-12 17:28 - 2015-04-12 17:28 - 00039212 _____ () C:\Users\Mason Breitzig\Desktop\FRST.txt
    2015-04-07 10:59 - 2015-04-07 10:59 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Rainmeter
    2015-04-06 23:26 - 2015-04-06 23:26 - 00001432 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-04-06 23:26 - 2015-04-06 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-04-06 23:25 - 2015-04-06 23:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-04-06 23:25 - 2015-04-06 23:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-04-06 23:25 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2015-04-06 21:47 - 2015-04-06 21:48 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-06 21:47 - 2015-04-06 21:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-06 21:41 - 2014-12-01 19:01 - 03759320 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
    2015-04-06 21:41 - 2014-10-29 12:23 - 00450264 _____ (Realtek) C:\Windows\SwUSB.exe
    2015-04-06 21:41 - 2014-04-15 10:36 - 00036864 _____ () C:\Windows\runSW.exe
    2015-04-06 21:41 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
    2015-04-06 21:41 - 2010-12-01 09:31 - 00451072 _____ () C:\Windows\SysWOW64\ISSRemoveSP.exe
    2015-04-06 21:15 - 2015-04-06 21:15 - 00002430 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Mason_Breitzig
    2015-04-06 21:15 - 2015-04-06 21:15 - 00000312 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Mason_Breitzig.job
    2015-04-06 21:04 - 2015-04-06 21:04 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\39721968-697b-4489-821c-3c5471cb0217
    2015-04-06 20:59 - 2015-04-14 22:47 - 00000000 ____D () C:\FRST
    2015-04-06 20:56 - 2015-04-06 20:57 - 00010518 _____ () C:\Windows\Q-Dir.ini
    2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Q-Dir
    2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q-Dir
    2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\Program Files (x86)\Q-Dir
    2015-04-06 20:50 - 2015-04-06 21:05 - 00000000 ____D () C:\ProgramData\OnlineArmor
    2015-04-06 20:50 - 2015-04-06 20:50 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\OnlineArmor
    2015-04-06 20:50 - 2015-04-06 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
    2015-04-06 20:50 - 2013-10-11 03:41 - 00062008 _____ () C:\Windows\SysWOW64\Drivers\oahlp64.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00064720 _____ () C:\Windows\SysWOW64\Drivers\OADriver.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00052360 _____ (Emsisoft) C:\Windows\SysWOW64\Drivers\OAmon.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00035368 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
    2015-04-06 20:49 - 2015-04-12 11:29 - 00000000 ____D () C:\Program Files (x86)\Online Armor
    2015-04-06 20:49 - 2015-01-14 11:28 - 03066880 _____ () C:\Windows\system32\pwNative.exe
    2015-04-06 20:49 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows\system32\pwdrvio.sys
    2015-04-06 20:49 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows\system32\pwdspio.sys
    2015-04-06 20:48 - 2015-04-06 20:49 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Free 9.0
    2015-04-06 20:48 - 2015-04-06 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
    2015-04-06 20:47 - 2015-04-06 20:47 - 00001259 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Startup.lnk
    2015-04-06 20:46 - 2015-04-06 20:46 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUSBootStartup.sys
    2015-04-06 20:46 - 2015-04-06 20:46 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\GlarySoft
    2015-04-06 20:45 - 2015-04-06 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
    2015-04-06 20:45 - 2015-04-06 20:46 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
    2015-04-06 20:45 - 2015-04-06 20:45 - 00001296 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk
    2015-04-06 20:44 - 2015-04-06 20:44 - 00001236 _____ () C:\Users\UpdatusUser\Desktop\TimeComX.lnk
    2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Bitdreamers
    2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdreamers
    2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\Program Files (x86)\Bitdreamers
    2015-04-06 20:29 - 2015-04-07 01:50 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Rainmeter
    2015-04-06 20:29 - 2015-04-06 20:29 - 00001725 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
    2015-04-06 20:29 - 2015-04-06 20:29 - 00000000 ____D () C:\Program Files\Rainmeter
    2015-04-06 20:27 - 2015-04-06 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    2015-04-06 20:27 - 2015-04-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Auslogics
    2015-04-06 16:40 - 2015-04-06 16:40 - 00000000 ____D () C:\ProgramData\Auslogics
    2015-04-06 01:24 - 2015-04-06 01:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2015-04-06 01:23 - 2015-04-06 01:23 - 00000000 ____D () C:\ProgramData\Unchecky
    2015-04-06 01:23 - 2015-04-06 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
    2015-04-06 01:23 - 2015-04-06 01:23 - 00000000 ____D () C:\Program Files (x86)\Unchecky
    2015-04-06 00:40 - 2015-04-06 00:40 - 00001328 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    2015-03-31 22:20 - 2015-04-05 22:16 - 00000000 ____D () C:\Program Files (x86)\9eb08200-8451-400f-a40b-8b18a34bc5a6
    2015-03-31 19:46 - 2015-04-05 21:22 - 00000000 ____D () C:\SUPERDelete
    2015-03-31 19:19 - 2015-04-05 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-03-31 19:19 - 2015-03-31 19:24 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
    2015-03-31 19:13 - 2015-03-31 19:13 - 00000000 ____D () C:\ProgramData\cb263d7e6e6c44dda6e4e75e073e32ba
    2015-03-31 19:13 - 2015-03-31 19:13 - 00000000 ____D () C:\ProgramData\568c30905acd4b6d8888a0b788131d33
    2015-03-31 19:12 - 2015-03-31 19:12 - 00000940 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\JunkCleaner.lnk
    2015-03-31 19:12 - 2015-03-31 19:12 - 00000000 ____D () C:\ProgramData\All copyright reserved - 2014
    2015-03-31 19:10 - 2015-03-31 19:10 - 00000032 _____ () C:\Windows\SysWOW64\efipdihiaz.dat
    2015-03-31 19:01 - 2015-03-31 19:01 - 00000000 ____D () C:\Program Files (x86)\user extensions
    2015-03-31 18:54 - 2015-03-31 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pillars of Eternity [GOG.com]
    2015-03-30 17:07 - 2015-03-30 17:07 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Introversion
    2015-03-26 20:32 - 2015-03-26 20:32 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\RPGTycoon
    2015-03-26 18:43 - 2015-03-26 18:43 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\.mono
    2015-03-26 18:43 - 2015-03-26 18:43 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Colossal Order
    2015-03-26 18:43 - 2015-03-26 18:43 - 00000000 ____D () C:\ProgramData\.mono
    2015-03-26 01:42 - 2015-02-05 15:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-03-26 01:42 - 2015-02-05 15:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-03-26 01:42 - 2015-02-05 13:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-03-26 00:52 - 2015-03-29 22:06 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Might & Magic Heroes VI
    2015-03-26 00:52 - 2015-03-26 01:07 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Might & Magic Heroes VI
    2015-03-26 00:52 - 2015-03-26 00:52 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Ubisoft Game Launcher
    2015-03-26 00:42 - 2015-03-26 00:46 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
    2015-03-26 00:17 - 2015-03-26 00:31 - 00000000 ____D () C:\Program Files (x86)\GOG.com
    2015-03-25 16:54 - 2015-03-25 20:35 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Sierra
    2015-03-22 02:03 - 2015-03-22 02:03 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\SKIDROW
    2015-03-22 02:01 - 2015-03-22 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
    2015-03-22 01:28 - 2015-03-22 01:28 - 00003486 _____ () C:\Windows\System32\Tasks\{0D294E33-87D6-4B69-BD39-1962FAFB80C3}
    2015-03-22 01:17 - 2015-03-22 01:17 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
    2015-03-22 00:58 - 2015-03-22 00:58 - 00000000 ____D () C:\Windows\1C4551A64743409391E41477CD655043.TMP
    2015-03-22 00:31 - 2015-03-22 00:31 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\7 Days To Die
    2015-03-21 00:18 - 2015-03-21 00:19 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Larian Studios
    2015-03-21 00:18 - 2015-03-21 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity - Original Sin [GOG.com]
    2015-03-21 00:12 - 2015-03-31 19:13 - 00000000 ____D () C:\GOG Games
    2015-03-20 21:05 - 2015-03-25 01:30 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Sid Meier's Starships
    2015-03-20 21:05 - 2015-03-20 21:05 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\FiraxisLive
    2015-03-20 19:51 - 2015-03-20 19:51 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
    2015-03-20 19:46 - 2015-03-26 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    2015-03-20 01:21 - 2015-04-06 00:36 - 00000000 ____D () C:\ILLUSION
    2015-03-19 21:06 - 2015-03-20 19:41 - 00001307 _____ () C:\Users\Mason Breitzig\Desktop\Diversions.lnk
    2015-03-19 16:20 - 2015-03-22 01:49 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Battle.net
    2015-03-19 16:20 - 2015-03-22 01:42 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Battle.net
    2015-03-19 16:20 - 2015-03-19 16:20 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Blizzard Entertainment
    2015-03-19 13:04 - 2015-03-19 13:04 - 00000000 ____D () C:\ProgramData\Battle.net
    2015-03-19 12:46 - 2015-03-26 00:31 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
    2015-03-15 20:38 - 2015-04-06 00:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-15 20:12 - 2015-03-15 20:12 - 00001889 _____ () C:\Users\Mason Breitzig\Desktop\Main.lnk
    2015-03-15 14:05 - 2015-03-15 14:05 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\My Games
    2015-03-15 14:05 - 2015-03-15 14:05 - 00000000 ____D () C:\ProgramData\Steam
    2015-03-15 14:04 - 2015-03-15 14:05 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\my games
    2015-03-15 13:46 - 2015-03-15 14:05 - 00000000 ____D () C:\Program Files (x86)\Sid Meiers Civilization Beyond Earth
    2015-03-15 13:39 - 2015-03-15 13:39 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\WinRAR
    2015-03-15 13:35 - 2015-03-15 13:35 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Steam
    2015-03-15 13:35 - 2015-03-15 13:35 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\MedievalEngineers
    2015-03-15 12:15 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
    2015-03-15 12:15 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-14 22:34 - 2015-01-15 17:28 - 00000960 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA.job
    2015-04-14 21:31 - 2014-07-25 20:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-14 21:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-04-14 20:49 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-04-14 12:36 - 2014-07-08 18:57 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-14 11:02 - 2014-07-26 00:06 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Adobe
    2015-04-14 00:20 - 2014-07-08 21:48 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3962362228-1037329824-2324336766-1002
    2015-04-14 00:20 - 2014-04-16 18:00 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-14 00:14 - 2014-07-09 08:01 - 00000000 __RDO () C:\Users\Mason Breitzig\OneDrive
    2015-04-14 00:14 - 2014-07-08 18:57 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-14 00:03 - 2015-01-15 17:28 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core.job
    2015-04-14 00:03 - 2014-04-24 06:32 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-04-14 00:03 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-14 00:03 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2015-04-14 00:02 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-04-14 00:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2015-04-12 22:27 - 2014-08-23 02:26 - 00000000 ____D () C:\AdwCleaner
    2015-04-12 22:03 - 2014-07-12 00:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-12 22:02 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-04-12 22:01 - 2014-04-16 18:40 - 00000000 ____D () C:\Windows\es
    2015-04-12 13:53 - 2014-07-08 21:42 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Packages
    2015-04-12 13:51 - 2014-08-22 11:11 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-04-12 11:21 - 2014-07-08 22:08 - 00000000 ____D () C:\Program Files (x86)\IObit
    2015-04-08 01:12 - 2014-07-10 10:35 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\FileZilla
    2015-04-07 17:38 - 2014-07-08 21:42 - 00000000 ____D () C:\Users\Mason Breitzig
    2015-04-06 22:00 - 2014-07-09 01:16 - 00000000 ____D () C:\Program Files\CCleaner
    2015-04-06 21:41 - 2014-04-24 06:34 - 00000000 ____D () C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
    2015-04-06 21:41 - 2014-04-24 06:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
    2015-04-06 21:23 - 2014-04-16 18:25 - 00000000 ____D () C:\AsusVibeData
    2015-04-06 21:23 - 2014-04-16 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2015-04-06 21:23 - 2014-04-16 18:21 - 00000000 ____D () C:\Program Files (x86)\ASUS
    2015-04-06 21:07 - 2014-07-25 20:21 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-06 21:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\ADFS
    2015-04-06 00:45 - 2014-07-09 07:38 - 00000000 ____D () C:\ProgramData\HappyCloud
    2015-04-06 00:42 - 2014-07-08 22:08 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\IObit
    2015-04-06 00:38 - 2014-07-09 00:38 - 00000000 ____D () C:\Program Files (x86)\Origin Games
    2015-04-06 00:37 - 2014-07-10 17:25 - 00000000 ____D () C:\Games
    2015-04-06 00:32 - 2014-04-16 17:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-04-05 22:16 - 2014-07-09 21:01 - 00000000 ____D () C:\Program Files (x86)\Adobe Gaming SDK 1.3
    2015-04-02 09:10 - 2014-07-08 22:08 - 00000000 ____D () C:\ProgramData\ProductData
    2015-03-31 20:07 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Globalization
    2015-03-31 00:57 - 2014-07-12 00:53 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-26 01:42 - 2014-04-24 06:32 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
    2015-03-26 01:42 - 2014-04-24 06:32 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2015-03-26 01:41 - 2014-04-24 06:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2015-03-26 00:22 - 2014-12-03 14:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-03-26 00:11 - 2014-07-09 00:43 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-03-22 02:03 - 2014-09-06 13:09 - 00000000 ____D () C:\ProgramData\Firefly Studios
    2015-03-20 03:24 - 2014-07-09 21:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-03-19 21:00 - 2014-11-01 19:39 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Main
    2015-03-18 22:05 - 2014-07-26 15:44 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Notepad++
    2015-03-15 12:09 - 2015-03-13 20:15 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Blackboard
    2015-03-15 12:09 - 2014-09-06 13:13 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Firefly Studios
    2015-03-15 01:29 - 2014-07-09 01:40 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\PhotoScape

    ==================== Files in the root of some directories =======

    2015-04-14 00:14 - 2015-04-14 22:46 - 0003345 _____ () C:\Users\Mason Breitzig\AppData\Local\BTServer.log
    2015-04-13 23:43 - 2015-04-13 23:43 - 0613255 _____ (CMI Limited) C:\Users\Mason Breitzig\AppData\Local\nsk47FC.tmp

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-14 11:28

    ==================== End Of Log ============================
     
  16. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
    Ran by Mason Breitzig at 2015-04-14 22:48:45
    Running from C:\Users\Mason Breitzig\Documents\Main\Programs\System Care
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
    Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.2 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
    Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.0.1 - Adobe Systems Incorporated)
    Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
    Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
    Adobe Edge Animate CC 2014 (HKLM-x32\...\{A3643DA2-AF8A-44E8-A56E-7FE001932D8B}) (Version: 4.0 - Adobe Systems Incorporated)
    Adobe Edge Code CC (HKLM-x32\...\{2033D10C-8B25-6EED-97C0-708693677BA6}) (Version: 0.98 - Adobe Systems Incorporated)
    Adobe Edge Inspect CC (HKLM-x32\...\{2532C427-E595-4768-B6E9-C20F3AB751CA}) (Version: 1.5.486 - Adobe Systems Incorporated)
    Adobe Edge Reflow CC Preview (HKLM\...\{E23FC538-5890-43E8-932D-FC1DD8B1655B}) (Version: 0.47.17127 - Adobe Systems Incorporated)
    Adobe Exchange Panel (HKLM-x32\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)
    Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
    Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)
    Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
    Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.0.1 - Adobe Systems Incorporated)
    Adobe Gaming SDK 1.3 (HKLM-x32\...\{62FFC6DD-18BB-49FC-AF65-71FB1C0B08AA}) (Version: 1.3 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
    Adobe InCopy CC 2014 (HKLM-x32\...\{B389B226-A760-1014-9ADD-DA3D4A4028DB}) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Muse CC 2014 (HKLM\...\{0A030E99-7CFB-4F35-B1A8-B495F8B36E7A}) (Version: 2014.1.1.6 - Adobe Systems, Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
    Adobe Prelude CC 2014 (HKLM-x32\...\{2A054E48-0A75-42BD-8738-EC9AB4E2207A}) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
    Adobe Scout CC (HKLM\...\{BA573BFE-83B4-11E3-93D2-D231FEB1DC81}) (Version: 1.1.3.354121 - Adobe Systems Incorporated)
    Adobe SpeedGrade CC 2014 (HKLM-x32\...\{8EFF28F0-9DFD-4208-9E04-4D49A4812CF3}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{C6B2127C-A9E0-411B-8EF1-2CE0ACDF265D}) (Version: 20.2.6362.11139 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader Driver (x32 Version: 20.2.6362.11139 - Alcor Micro Corp.) Hidden
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.12 - ASUSTeK Computer Inc.)
    ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.00.11 - ASUSTeK Computer Inc.)
    ASUS Manager - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.10 - ASUSTeK Computer Inc.)
    ASUS Manager - Family Safety (HKLM-x32\...\{016AFF97-4E18-4560-B8E5-B684BB124E32}) (Version: 2.00.03 - ASUSTeK Computer Inc.)
    ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.08 - ASUSTeK Computer Inc.)
    ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.02 - ASUSTeK Computer Inc.)
    ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.02.04 - ASUSTeK Computer Inc.)
    ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.08.00 - ASUSTeK Computer Inc.)
    Auslogics Registry Defrag (HKLM-x32\...\{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1) (Version: 8.4.0.0 - Auslogics Labs Pty Ltd)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
    CambridgeSoft ChemBioOffice 2014 (HKLM-x32\...\{9023F95E-737F-4343-BC57-B6217E3091CB}) (Version: 14.0 - CambridgeSoft Corporation)
    CambridgeSoft ChemScript 14.0 (HKLM-x32\...\{6053D436-AF21-4D67-A458-04C2B969A865}) (Version: 14.0 - CambridgeSoft Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
    Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
    ChromecastApp (HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Divinity - Original Sin (HKLM-x32\...\1207664923_is1) (Version: 2.11.0.21 - GOG.com)
    eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.07 - ASUSTeK Computer Inc.)
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    FileZilla Client 3.10.2 (HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
    FlashBeat (HKLM-x32\...\FlashBeat) (Version: - ) <==== ATTENTION!
    Fraps (HKLM-x32\...\Fraps) (Version: - )
    Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Cleaner (x32 Version: 1.1.6.2 - Pandaje Group) Hidden
    Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
    Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)
    LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.0 - Ubisoft)
    MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
    MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
    Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
    PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1036.0 - Passmark Software)
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
    PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
    Python 3.2.2 (HKLM-x32\...\{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}) (Version: 3.2.2150 - Python Software Foundation)
    Q-Dir (HKLM-x32\...\Q-Dir) (Version: - )
    Quick Startup 5.10.1.101 (HKLM-x32\...\Quick Startup) (Version: 5.10.1.101 - Glarysoft Ltd)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )
    REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.092613 - REALTEK Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0247 - REALTEK Semiconductor Corp.)
    Registry Repair 5.0.1.67 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.67 - Glarysoft Ltd)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Serif WebPlus X5 (HKLM-x32\...\{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}) (Version: 13.0.0.016 - Serif (Europe) Ltd)
    Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
    SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
    Skyrim Performance Monitor (HKLM-x32\...\{84AEB93A-ECBB-4568-8F59-D4516EF59079}) (Version: 3.65 - SirGarnon on Skyrim Nexus)
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    Stronghold 3 (HKLM-x32\...\Stronghold 3_is1) (Version: - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
    The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
    The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
    The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)
    TimeComX Basic (32-Bit) (HKLM-x32\...\TimeComX Basic 32-Bit) (Version: 1.3.2.7 - Bitdreamers)
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    Unchecky v0.3.7.2 (HKLM-x32\...\Unchecky) (Version: 0.3.7.2 - RaMMicHaeL)
    VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
    WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.4 - Wrye & Wrye Bash Development Team)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    12-04-2015 17:23:01 Virus Point 1
    13-04-2015 23:51:31 Revo Uninstaller's restore point - SmartWeb

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2015-04-14 00:04 - 00002130 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us

    There are 9 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02A24CE3-B703-4779-8310-F9CF365EC96D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
    Task: {03DEB618-EA0C-4F40-9C82-F66D90106EE8} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {03E12A45-10B0-44FD-9D46-385C2A3FFC98} - System32\Tasks\Uninstaller_SkipUac_Mason_Breitzig => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: {0419ACAE-D5C0-4D90-A12E-B5DC08E5F389} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2014-03-25] ()
    Task: {11F4EE09-DD3D-4B50-998C-70475BD43099} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
    Task: {1344D7B0-7EF1-44E1-8779-4525ADA34307} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2013-11-27] (ASUSTeK Computer Inc.)
    Task: {14837A16-38C8-4147-A7C2-78CB03E521E2} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [2014-02-20] (ASUSTeK)
    Task: {1C1E8661-206D-455D-8BD9-235C850468A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {1D8B5421-4333-43BE-BE4F-94D47F42E2C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {28E759BA-A029-4269-AF76-5EC06A95FD98} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {2D5E4D6F-542B-4BF9-AC17-12FA9C8DF705} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mbreitzig@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
    Task: {3B364311-190C-4E78-9ED9-93DCE7AF101A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
    Task: {4A176280-787E-49AD-A9E3-299A99046DDB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {4A1B4FEF-74B9-4D71-A0DD-CB117A7446F5} - System32\Tasks\CMBNIUK => C:\ProgramData\a040bb4567e84331a76e603c9625e3a4\a040bb4567e84331a76e603c9625e3a4.exe [2015-04-13] ()
    Task: {4A7A5ED4-2091-4DCE-9D2B-1CFB56F822DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-06] (Adobe Systems Incorporated)
    Task: {503111FD-33DE-42B8-9542-16B94409F931} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {6E8936EC-1172-44F5-9E3D-C254A24386A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {7CEC08E6-1AC8-4F2D-9C3C-6569BDB62FC0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {8184B271-57AF-44C0-B69B-F8EED39D84D3} - System32\Tasks\{0D294E33-87D6-4B69-BD39-1962FAFB80C3} => pcalua.exe -a "C:\Users\Mason Breitzig\Documents\Main\Entertainment\Games\Files\Downloaded\Dragon Age Origins Ultimate\data\DataSetup.exe" -d "C:\Users\Mason Breitzig\Documents\Main\Entertainment\Games\Files\Downloaded\Dragon Age Origins Ultimate\data"
    Task: {849A6DAF-FDBA-404F-9A1D-3C1D5254917C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
    Task: {868CF4D0-323F-4D23-9F5C-03AE2DA57F19} - System32\Tasks\{2600FEB7-A17D-438C-B22F-31678805BE85} => pcalua.exe -a H:\_ISDel.exe -d H:\
    Task: {9D9620A7-7228-45A9-A993-1246FCE2D38E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {9E1DDFEF-6CCD-4E7F-B0B3-ECB0E0C056BB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
    Task: {A6DBBDDB-716B-4257-8962-78308E94CDD8} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.)
    Task: {B38A6F67-9E95-453F-B282-8F47C4732AD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-03] (Google Inc.)
    Task: {B6BBBA25-C8D3-45BC-8EA6-6931198E6C02} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2013-11-28] ()
    Task: {BB86DE67-6F47-4A24-865F-289C4A95FB9E} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2014-02-19] (ASUSTeK)
    Task: {BC1A3907-16C9-4300-8271-6E0D51F303AB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {C0C3EC5D-41F0-4584-80E7-38FAD3142BC7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {CE83C9FC-E4D5-4815-8EFD-EE5364ACF4B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
    Task: {D41289EF-6F23-4E1C-849F-5F537F9C1931} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: {E128FFEC-C704-467D-A1C2-7643A4363785} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {ED0E9D5F-5C71-4B7B-BEC6-916088DAAA71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-03] (Google Inc.)
    Task: {F50C851B-8F17-42A8-A765-439C60F75FDD} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2013-11-27] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core.job => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA.job => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: C:\Windows\Tasks\Uninstaller_SkipUac_Mason_Breitzig.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-04-24 06:32 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-04-24 06:34 - 2013-09-26 14:15 - 00059392 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
    2015-03-20 03:21 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-04-13 23:12 - 2015-04-13 20:54 - 00330752 _____ () C:\ProgramData\FlashBeat\FlashBeat.exe
    2014-04-24 06:37 - 2013-11-06 06:58 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2014-04-24 06:38 - 2014-03-25 21:36 - 00929936 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
    2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
    2014-11-15 19:35 - 2009-06-02 02:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2015-03-02 10:43 - 2015-03-02 10:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2014-04-24 06:38 - 2014-03-12 18:50 - 00854016 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandlerBin.dll
    2015-04-06 23:25 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-04-06 23:25 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-04-06 23:25 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-04-06 23:25 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-04-06 23:25 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2015-04-14 00:06 - 2015-04-14 00:06 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2014-04-24 06:37 - 2010-06-28 22:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
    2014-04-24 06:31 - 2013-09-16 16:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-03-02 16:30 - 2015-03-02 16:30 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Mason Breitzig\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mason Breitzig\AppData\Roaming\Rainmeter\Layouts\Nova\Wallpaper.bmp
    DNS Servers: Media is not connected to internet.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run: => "BtServer"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "DriverChecker.exe"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "Advanced SystemCare 8"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3962362228-1037329824-2324336766-500 - Administrator - Disabled)
    Guest (S-1-5-21-3962362228-1037329824-2324336766-501 - Limited - Disabled)
    Mason Breitzig (S-1-5-21-3962362228-1037329824-2324336766-1002 - Administrator - Enabled) => C:\Users\Mason Breitzig
    UpdatusUser (S-1-5-21-3962362228-1037329824-2324336766-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/14/2015 09:07:49 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

    Error: (04/14/2015 09:07:47 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/14/2015 08:59:56 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

    Error: (04/14/2015 08:59:52 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/14/2015 00:40:44 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

    Error: (04/14/2015 00:40:43 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/14/2015 00:32:33 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

    Error: (04/14/2015 00:32:31 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/14/2015 11:30:03 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

    Error: (04/14/2015 11:29:38 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (04/14/2015 10:48:01 PM) (Source: DCOM) (EventID: 10010) (User: PRIMARY)
    Description: {8571AE44-354D-4446-86A2-B59B7BF672FD}

    Error: (04/14/2015 09:33:54 PM) (Source: DCOM) (EventID: 10010) (User: Primary)
    Description: {8571AE44-354D-4446-86A2-B59B7BF672FD}

    Error: (04/14/2015 09:31:54 PM) (Source: DCOM) (EventID: 10010) (User: PRIMARY)
    Description: {8571AE44-354D-4446-86A2-B59B7BF672FD}

    Error: (04/14/2015 09:29:53 PM) (Source: DCOM) (EventID: 10010) (User: PRIMARY)
    Description: {8571AE44-354D-4446-86A2-B59B7BF672FD}

    Error: (04/14/2015 09:27:53 PM) (Source: DCOM) (EventID: 10010) (User: PRIMARY)
    Description: {8571AE44-354D-4446-86A2-B59B7BF672FD}

    Error: (04/14/2015 09:25:53 PM) (Source: DCOM) (EventID: 10010) (User: PRIMARY)
    Description: {8571AE44-354D-4446-86A2-B59B7BF672FD}

    Error: (04/14/2015 09:23:52 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {DF5FA8BB-0A0A-4D8D-9D00-C690E9B8DC31}

    Error: (04/14/2015 09:21:52 PM) (Source: DCOM) (EventID: 10010) (User: PRIMARY)
    Description: {8571AE44-354D-4446-86A2-B59B7BF672FD}

    Error: (04/14/2015 09:19:52 PM) (Source: DCOM) (EventID: 10010) (User: Primary)
    Description: {8571AE44-354D-4446-86A2-B59B7BF672FD}

    Error: (04/14/2015 09:17:52 PM) (Source: DCOM) (EventID: 10010) (User: PRIMARY)
    Description: {8571AE44-354D-4446-86A2-B59B7BF672FD}


    Microsoft Office Sessions:
    =========================
    Error: (04/14/2015 09:07:49 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

    Error: (04/14/2015 09:07:47 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

    Error: (04/14/2015 08:59:56 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

    Error: (04/14/2015 08:59:52 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

    Error: (04/14/2015 00:40:44 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

    Error: (04/14/2015 00:40:43 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

    Error: (04/14/2015 00:32:33 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

    Error: (04/14/2015 00:32:31 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

    Error: (04/14/2015 11:30:03 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

    Error: (04/14/2015 11:29:38 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
    Percentage of memory in use: 10%
    Total physical RAM: 12227.25 MB
    Available physical RAM: 10936.83 MB
    Total Pagefile: 14083.25 MB
    Available Pagefile: 11780.61 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1848.07 GB) (Free:1447.79 GB) NTFS
    Drive h: (Sims4_2) (CDROM) (Total:0.48 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: 76A7E05D)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    [​IMG] Uninstall FlashBeat.

    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  18. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015
    Ran by Mason Breitzig at 2015-04-15 16:49:43 Run:2
    Running from C:\Users\Mason Breitzig\Documents\Main\Programs\System Care
    Loaded Profiles: UpdatusUser & Mason Breitzig (Available profiles: UpdatusUser & Mason Breitzig)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [gmsd_us_440] => [X]
    URLSearchHook: [S-1-5-21-3962362228-1037329824-2324336766-1001] ATTENTION ==> Default URLSearchHook is missing.
    Winsock: Catalog9 01 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
    Winsock: Catalog9 16 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
    Winsock: Catalog9-x64 01 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
    Winsock: Catalog9-x64 02 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
    Winsock: Catalog9-x64 03 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
    Winsock: Catalog9-x64 04 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
    Winsock: Catalog9-x64 16 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
    C:\Windows\SysWOW64\Gambali.dll
    () C:\ProgramData\FlashBeat\FlashBeat.exe
    C:\ProgramData\FlashBeat
    R2 FlashBeat; C:\ProgramData\FlashBeat\FlashBeat.exe [330752 2015-04-13] () [File not signed]
    S2 Gambali; C:\ProgramData\FlashBeat\Gambali.exe [1916456 2015-03-31] (Gambali OEM Software) [File not signed]
    2015-04-13 23:12 - 2015-04-13 23:12 - 00009040 _____ () C:\Windows\SysWOW64\GambaliOff.ini
    2015-04-13 23:12 - 2015-04-13 23:12 - 00009040 _____ () C:\Windows\system32\GambaliOff.ini
    2015-04-13 23:12 - 2015-04-13 23:12 - 00000000 ____D () C:\ProgramData\FlashBeat
    2015-04-13 23:12 - 2015-03-31 15:18 - 00408424 _____ (Gambali OEM Software) C:\Windows\system32\Gambali64.dll
    2015-04-13 23:12 - 2015-03-31 15:18 - 00340944 _____ (Gambali OEM Software) C:\Windows\SysWOW64\Gambali.dll
    2015-04-14 00:14 - 2015-04-14 22:46 - 0003345 _____ () C:\Users\Mason Breitzig\AppData\Local\BTServer.log
    2015-04-13 23:43 - 2015-04-13 23:43 - 0613255 _____ (CMI Limited) C:\Users\Mason Breitzig\AppData\Local\nsk47FC.tmp
    AlternateDataStreams: C:\Users\Mason Breitzig\OneDrive:ms-properties
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"


    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_440 => value deleted successfully.
    Error setting Default URLSearchHook.
    Winsock: Catalog entry 000000000001 => Deleted successfully.
    Winsock: Catalog entry 000000000002 => Deleted successfully.
    Winsock: Catalog entry 000000000003 => Deleted successfully.
    Winsock: Catalog entry 000000000004 => Deleted successfully.
    Winsock: Catalog entry 000000000016 => Deleted successfully.
    Winsock: Catalog entry 000000000001 => Deleted successfully.
    Winsock: Catalog entry 000000000002 => Deleted successfully.
    Winsock: Catalog entry 000000000003 => Deleted successfully.
    Winsock: Catalog entry 000000000004 => Deleted successfully.
    Winsock: Catalog entry 000000000016 => Deleted successfully.
    C:\Windows\SysWOW64\Gambali.dll => Moved successfully.
    C:\ProgramData\FlashBeat\FlashBeat.exe => No running process found
    C:\ProgramData\FlashBeat => Moved successfully.
    FlashBeat => Service not found.
    Gambali => Service not found.
    C:\Windows\SysWOW64\GambaliOff.ini => Moved successfully.
    C:\Windows\system32\GambaliOff.ini => Moved successfully.
    "C:\ProgramData\FlashBeat" => File/Directory not found.
    C:\Windows\system32\Gambali64.dll => Moved successfully.
    "C:\Windows\SysWOW64\Gambali.dll" => File/Directory not found.
    C:\Users\Mason Breitzig\AppData\Local\BTServer.log => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Local\nsk47FC.tmp => Moved successfully.
    "C:\Users\Mason Breitzig\OneDrive" => ":ms-properties" ADS not found.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => Key could not be deleted. Access denied.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => Key could not be deleted. Access denied.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Gambali => Key could not be deleted. Access denied.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => Key could not be deleted. Access denied.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => Key could not be deleted. Access denied.

    ==== End of Fixlog 16:49:44 ====
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  20. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    RogueKiller V10.5.9.0 [Apr 7 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Mason Breitzig [Administrator]
    Started from : C:\Users\Mason Breitzig\Documents\Main\Programs\System Care\RogueKiller.exe
    Mode : Delete -- Date : 04/15/2015 20:22:37

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 12 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com/?pc=ASJB -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com/?pc=ASJB -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 65.32.5.74 65.32.5.75 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 65.32.5.74 65.32.5.75 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24B58CB9-0C63-4910-8D82-EC6443D6F78E} | DhcpNameServer : 65.32.1.65 65.32.1.70 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87A95339-451D-44D0-9AC5-44C3D4B19065} | DhcpNameServer : 65.32.5.74 65.32.5.75 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{24B58CB9-0C63-4910-8D82-EC6443D6F78E} | DhcpNameServer : 65.32.1.65 65.32.1.70 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{87A95339-451D-44D0-9AC5-44C3D4B19065} | DhcpNameServer : 65.32.5.74 65.32.5.75 [X][X] -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \\CMBNIUK -- "C:\ProgramData\a040bb4567e84331a76e603c9625e3a4\a040bb4567e84331a76e603c9625e3a4.exe" -> Deleted

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 39 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA DT01ACA200 +++++
    --- User ---
    [MBR] 7d080d92b81167c3ff8b3b44c8cc0480
    [BSP] d5467e85d74e92cfe45b757dec238824 : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 800 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1640448 | Size: 260 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2172928 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2435072 | Size: 1892423 MB
    4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 3878117376 | Size: 14117 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_04122015_214953.log - RKreport_DEL_04122015_215006.log - RKreport_SCN_04152015_202228.log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 4/15/2015
    Scan Time: 8:24:36 PM
    Logfile: MBAM.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.04.12.02
    Rootkit Database: v2015.03.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Mason Breitzig

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 417403
    Time Elapsed: 7 min, 11 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 4
    PUP.Optional.Hatchiho.A, HKU\S-1-5-21-3962362228-1037329824-2324336766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0569F0DF-CCE6-43E9-AECB-5C5CF431E3B4}, Quarantined, [a66d6ddf55350e288b2e4bf2867ddc24],
    PUP.Optional.Flashbeat.A, HKLM\SOFTWARE\Flashbeat, Quarantined, [42d11f2de5a5a88e25cf8642c73cdf21],
    PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [898a103c93f758de60418bc823e2619f],
    PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [de35b894fa901d1984122c24da2bd22e],

    Registry Values: 1
    PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, B2ABDE99-D10F-4555-BD1F-BE7790C06A22, Quarantined, [de35b894fa901d1984122c24da2bd22e]

    Registry Data: 0
    (No malicious items detected)

    Folders: 12
    PUP.Optional.AnyProtect.A, C:\Program Files (x86)\ANYPROTECTEX, Quarantined, [4ac9c08c2664989e38a29628eb18bf41],
    PUP.Optional.AnyProtect.A, C:\Users\Mason Breitzig\AppData\Roaming\ANYPROTECTEX, Quarantined, [9e75a5a73753290d59d5516a956e0000],
    PUP.Optional.AnyProtect.A, C:\Users\Mason Breitzig\AppData\Roaming\ANYPROTECTEX\installer, Quarantined, [9e75a5a73753290d59d5516a956e0000],
    PUP.Optional.AnyProtect.A, C:\Users\Mason Breitzig\AppData\Roaming\ANYPROTECTEX\language, Quarantined, [9e75a5a73753290d59d5516a956e0000],
    PUP.Optional.AnyProtect.A, C:\Users\Mason Breitzig\AppData\Roaming\ANYPROTECTEX\logs, Quarantined, [9e75a5a73753290d59d5516a956e0000],
    PUP.Optional.AnyProtect.A, C:\Users\Mason Breitzig\AppData\Roaming\ANYPROTECTEX\scan_results, Quarantined, [9e75a5a73753290d59d5516a956e0000],
    PUP.Optional.AnyProtect.A, C:\Users\Mason Breitzig\AppData\Roaming\ANYPROTECTEX\swf, Quarantined, [9e75a5a73753290d59d5516a956e0000],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\VEGGY@VEGGYADDON.COM, Quarantined, [32e12c20b8d2c076843d1f9c986b59a7],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\VEGGY@VEGGYADDON.COM\chrome, Quarantined, [32e12c20b8d2c076843d1f9c986b59a7],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\VEGGY@VEGGYADDON.COM\chrome\content, Quarantined, [32e12c20b8d2c076843d1f9c986b59a7],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\VEGGY@VEGGYADDON.COM\chrome\skin, Quarantined, [32e12c20b8d2c076843d1f9c986b59a7],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\VEGGY@VEGGYADDON.COM\modules, Quarantined, [32e12c20b8d2c076843d1f9c986b59a7],

    Files: 14
    PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe, Quarantined, [7c971b31f199a2946dcd53e8f90d18e8],
    PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx\PRODUCT.GUID, Quarantined, [4ac9c08c2664989e38a29628eb18bf41],
    PUP.Optional.Gambali.A, C:\Windows\Temp\Gambali.log, Quarantined, [34df6ce09cee5bdb199f7a4a8d768f71],
    PUP.Optional.Gambali.A, C:\Users\Mason Breitzig\AppData\Local\Temp\Gambalir.log, Quarantined, [db38bb9194f69f9741788f3547bc0ff1],
    PUP.Optional.Gambali.A, C:\Windows\Temp\Gambalir.log, Quarantined, [2be8b498dfabb383a316e0e40ff4b14f],
    PUP.Optional.AnyProtect.A, C:\Users\Mason Breitzig\AppData\Roaming\AnyProtectEx\installer\ab.test.json, Quarantined, [9e75a5a73753290d59d5516a956e0000],
    PUP.Optional.AnyProtect.A, C:\Users\Mason Breitzig\AppData\Roaming\AnyProtectEx\installer\tempfile.t, Quarantined, [9e75a5a73753290d59d5516a956e0000],
    PUP.Optional.AnyProtect.A, C:\Users\Mason Breitzig\AppData\Roaming\AnyProtectEx\swf\mov01.swf, Quarantined, [9e75a5a73753290d59d5516a956e0000],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\chrome.manifest, Quarantined, [32e12c20b8d2c076843d1f9c986b59a7],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\install.rdf, Quarantined, [32e12c20b8d2c076843d1f9c986b59a7],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\chrome\content\main.js, Quarantined, [32e12c20b8d2c076843d1f9c986b59a7],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\chrome\content\main.xul, Quarantined, [32e12c20b8d2c076843d1f9c986b59a7],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\chrome\skin\icon.png, Quarantined, [32e12c20b8d2c076843d1f9c986b59a7],
    PUP.Optional.VeggyAddon.A, C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\extensions\veggy@veggyAddon.com\modules\XCipher.js, Quarantined, [32e12c20b8d2c076843d1f9c986b59a7],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    # AdwCleaner v3.308 - Report created 28/08/2014 at 01:47:27
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : Mason Breitzig - PRIMARY
    # Running from : C:\Users\Mason Breitzig\Desktop\Main\System Care\adwcleaner_3.308.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17239


    -\\ Google Chrome v36.0.1985.143

    [ File : C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [4611 octets] - [23/08/2014 02:26:12]
    AdwCleaner[R1].txt - [942 octets] - [28/08/2014 01:45:47]
    AdwCleaner[S0].txt - [4661 octets] - [23/08/2014 02:27:59]
    AdwCleaner[S1].txt - [864 octets] - [28/08/2014 01:47:27]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [923 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.5.3 (04.07.2015:1)
    OS: Windows 8.1 x64
    Ran by Mason Breitzig on Wed 04/15/2015 at 20:44:07.44
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\Mason Breitzig\AppData\Roaming\mozilla\firefox\profiles\ufwfpifh.default\extensions\staged
    Successfully deleted the following from C:\Users\Mason Breitzig\AppData\Roaming\mozilla\firefox\profiles\ufwfpifh.default\prefs.js

    user_pref("extensions.veggyAddon.veg_li1", "CQsOQFVQUFpRS04dWggWBWZQHk0ISwdJD1keSxUpVxINK0lTS0RWVU1HUl1bC1UFGwFSOAENShleCEkcHFQUBj4ATFE4TkRDS0hAAAsKQ1JTU19WS04fWggWBWZQHk0KSwV
    user_pref("extensions.veggyAddon.veg_li3", "VkJHUVFDBAgNFFUEU11UVEBLU1RBBAkJQ1BSUF1UVEBHUVZFBQ0NT1UDUwhRUkBFVwBCVAoOQ1NSX1lTVkVHBlFBBQAJQ1BXVgtWV0NHUAFFBg9cRFVVX15QVUFEUFJFBw8
    user_pref("extensions.veggyAddon.veg_li5", "QwRSUVhXUxZDVFQXA1gLRFZeVAtTBEVKUgdHBAgIR1ZSBlkBV0FHVFVKBwkNRlFSVQtVBEZFUlNGUggLQ1RTVlhSU0RHBlZKAwAOFVYCVFhRVEBBVlFGBAwIQ1dTBFxVU0x
    user_pref("extensions.veggyAddon.veg_li7", "UFRHAQgKQ1FSVllcV0dHBFRLAAAOFFMCVA1WA0ZDUlVHVAkJQwBSAl0BVhZGUFBBAQkKQ1UDU1lQWkVFUl1HBgwJR11SBFhQV0BCU1AQBFsNQ1VeUQtTB0YWVARBAQwAQ1J
    user_pref("extensions.veggyAddon.veg_li8", "VxZEUlATAwELT1MEVAxWU0ZLVAdEVg9cQwFSUlhdU0xGA1VGBQoJE1UBUllQA0AWV1JCBQsOQlRSUVhXVkJHUVFFAQ8LE1BRUgpVAEFBUgFHVQ0ORVRXA1wEV0JHUFFEAQ4
    user_pref("extensions.veggyAddon.veg_li9", "UllQAUFKVlBGCA8ARQFUVlpcURdCAVVAAQ0JFFBWUg9RA0RDUlVHUwleQwZSV1hTVxNHBFBLAQoJFFVUUlxQBEFEUgFGAwhbR1ZWAlhSV0RHAlFDAQsIQ1BfUg9QBkBHVlx
    user_pref("extensions.veggyAddon.vi.vi0", "e2htEQgXQh0XHwYTQ1wFAU0DEgkKEQsaHEcNF0hmVVVDTQZOEhcHAQcVC1JCSkxDRA0CH0EXEQEAOAgWBRFLRQRXFRQdFz0ABgFdWlEQERgLAxIJChELGhxHDRdIZlBcFwY4
    user_pref("extensions.veggyAddon.vi.vi2", "T1BeVQtQUkVKUQdBVA9eAhJWA1QMUVVFEFcBQwYIWQRAUV9WWVBQQEtTUEdUDFwET1FVVV1VAEUXUlREAAkLBEFQVFdeUVREQVIHQwcJAARHUVRWXlJURBBWVUIADFkFRlBe
    user_pref("extensions.veggyAddon.vi.vi3", "FFYDUQtWBkYTUQNGUQ1eARBWXlQNVgNDE1NRRgUIDABFUQNSD1YDRhZUA0FUCloFRVBeVwtUU0ERU1ZGAAleBURQVVVdUAZAFFdWQwcMWgBCUFVTW1AGRUJWVUJTDFoEElRf
    user_pref("extensions.veggyAddon.vi.vi6", "RlRQUwhQV0BFV1dHCAkABkFQBVJQUVVEQ1cBQgcNCQVBUAFWX1RVRRNXB0IJCAoEQFBSV19VBkURVgRHBgkLBEZQUVZeUFpBRVUERwgJDQRDUF9SW1QGRUJXB0JSDQgFR1Be



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 04/15/2015 at 20:46:01.03
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  22. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
    Ran by Mason Breitzig (administrator) on PRIMARY on 15-04-2015 21:29:41
    Running from C:\Users\Mason Breitzig\Documents\Main\Programs\System Care
    Loaded Profiles: Mason Breitzig (Available profiles: UpdatusUser & Mason Breitzig)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
    () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
    (ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-12] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
    HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-25] (Realtek Semiconductor Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-04-16] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [Google Update] => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-15] (Google Inc.)
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [GUSDelayStartup] => C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe [37152 2015-01-19] (Glarysoft Ltd)
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 65.32.5.74 65.32.5.75

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-06] ()
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-06] ()
    FF Plugin-x32: @cambridgesoft.com/Chem3D,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\Chem3D\npChem3DPlugin.dll [2014-04-17] (CambridgeSoft Corp.)
    FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\ChemDraw\npcdp32.dll [2014-04-17] (CambridgeSoft Corp.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-07-11] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-11] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-03] (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-3962362228-1037329824-2324336766-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3962362228-1037329824-2324336766-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-15] (Google Inc.)
    FF Extension: Zoom It - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{484bb0c7-fb8f-60cb-d5e0-4e025234e91f} [2015-04-15]
    FF Extension: Zoom It - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{94b0d9d8-94d5-1b0a-f547-6e4821a3b143} [2015-04-13]
    FF Extension: AdBlock Lite - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2015-02-22]
    FF Extension: Pin It Button - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-01-02]
    FF Extension: Google Privacy - C:\Users\Mason Breitzig\AppData\Roaming\Mozilla\Firefox\Profiles\ufwfpifh.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2015-04-05]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-09]

    Chrome:
    =======
    CHR Profile: C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-06]
    CHR Extension: (Google Docs) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-06]
    CHR Extension: (Google Drive) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-01]
    CHR Extension: (YouTube) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-06]
    CHR Extension: (Google Search) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-06]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-03-31]
    CHR Extension: (Google Sheets) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-06]
    CHR Extension: (Google Wallet) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
    CHR Extension: (Gmail) - C:\Users\Mason Breitzig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
    S2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
    S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-02-12] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
    S2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
    S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [160208 2015-04-06] (RaMMicHaeL)
    S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
    S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AiChargerDT; C:\Windows\SysWow64\drivers\AiChargerDT.sys [14880 2012-10-18] (ASUSTek Computer Inc.)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-12] (Microsoft Corporation)
    S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-20] (Disc Soft Ltd)
    R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-27] (Intel Corporation)
    R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20160 2015-04-06] (Glarysoft Ltd)
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2015-03-31] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [121416 2014-07-29] (MotioninJoy) [File not signed]
    R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
    S1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
    R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
    R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
    R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
    R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3759320 2014-12-01] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-15] ()
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-15 20:35 - 2015-04-15 20:35 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Outlook Files
    2015-04-15 20:35 - 2015-04-15 20:35 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\My Bluetooth
    2015-04-15 20:18 - 2015-04-15 20:18 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-04-15 20:18 - 2015-04-15 20:18 - 00001364 _____ () C:\Users\Mason Breitzig\Desktop\System Care - Shortcut.lnk
    2015-04-15 18:05 - 2015-04-15 20:42 - 00003925 _____ () C:\Users\Mason Breitzig\AppData\Local\BTServer.log
    2015-04-14 00:04 - 2015-04-14 00:04 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-04-14 00:03 - 2015-04-15 20:42 - 00001260 _____ () C:\Windows\setupact.log
    2015-04-14 00:03 - 2015-04-15 20:41 - 00009444 _____ () C:\Windows\PFRO.log
    2015-04-14 00:03 - 2015-04-14 00:03 - 00000000 _____ () C:\Windows\setuperr.log
    2015-04-13 23:12 - 2015-04-13 23:12 - 00000000 ____D () C:\ProgramData\a040bb4567e84331a76e603c9625e3a4
    2015-04-13 23:12 - 2015-04-13 23:12 - 00000000 ____D () C:\ProgramData\8e5233129da0415fbe27bfb648f69f2c
    2015-04-13 23:03 - 2015-04-15 21:22 - 00522238 _____ () C:\Windows\WindowsUpdate.log
    2015-04-12 23:12 - 2015-04-13 22:52 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\CrashDumps
    2015-04-12 22:52 - 2015-04-12 22:52 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PRIMARY-Windows-8.1-(64-bit).dat
    2015-04-12 22:52 - 2015-04-12 22:52 - 00000000 ____D () C:\RegBackup
    2015-04-12 21:44 - 2015-04-12 21:44 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-04-07 10:59 - 2015-04-07 10:59 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Rainmeter
    2015-04-06 23:26 - 2015-04-06 23:26 - 00001432 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-04-06 23:26 - 2015-04-06 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-04-06 23:25 - 2015-04-06 23:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-04-06 23:25 - 2015-04-06 23:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-04-06 23:25 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2015-04-06 21:47 - 2015-04-06 21:48 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-06 21:47 - 2015-04-06 21:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-06 21:41 - 2014-12-01 19:01 - 03759320 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
    2015-04-06 21:41 - 2014-10-29 12:23 - 00450264 _____ (Realtek) C:\Windows\SwUSB.exe
    2015-04-06 21:41 - 2014-04-15 10:36 - 00036864 _____ () C:\Windows\runSW.exe
    2015-04-06 21:41 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
    2015-04-06 21:41 - 2010-12-01 09:31 - 00451072 _____ () C:\Windows\SysWOW64\ISSRemoveSP.exe
    2015-04-06 21:15 - 2015-04-06 21:15 - 00002430 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Mason_Breitzig
    2015-04-06 21:15 - 2015-04-06 21:15 - 00000312 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Mason_Breitzig.job
    2015-04-06 21:04 - 2015-04-06 21:04 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\39721968-697b-4489-821c-3c5471cb0217
    2015-04-06 20:59 - 2015-04-15 21:29 - 00000000 ____D () C:\FRST
    2015-04-06 20:56 - 2015-04-06 20:57 - 00010518 _____ () C:\Windows\Q-Dir.ini
    2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Q-Dir
    2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q-Dir
    2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\Program Files (x86)\Q-Dir
    2015-04-06 20:50 - 2015-04-06 21:05 - 00000000 ____D () C:\ProgramData\OnlineArmor
    2015-04-06 20:50 - 2015-04-06 20:50 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\OnlineArmor
    2015-04-06 20:50 - 2015-04-06 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
    2015-04-06 20:50 - 2013-10-11 03:41 - 00062008 _____ () C:\Windows\SysWOW64\Drivers\oahlp64.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00064720 _____ () C:\Windows\SysWOW64\Drivers\OADriver.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00052360 _____ (Emsisoft) C:\Windows\SysWOW64\Drivers\OAmon.sys
    2015-04-06 20:50 - 2013-10-11 03:40 - 00035368 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
    2015-04-06 20:49 - 2015-04-12 11:29 - 00000000 ____D () C:\Program Files (x86)\Online Armor
    2015-04-06 20:49 - 2015-01-14 11:28 - 03066880 _____ () C:\Windows\system32\pwNative.exe
    2015-04-06 20:49 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows\system32\pwdrvio.sys
    2015-04-06 20:49 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows\system32\pwdspio.sys
    2015-04-06 20:48 - 2015-04-06 20:49 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Free 9.0
    2015-04-06 20:48 - 2015-04-06 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
    2015-04-06 20:47 - 2015-04-06 20:47 - 00001259 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Startup.lnk
    2015-04-06 20:46 - 2015-04-06 20:46 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUSBootStartup.sys
    2015-04-06 20:46 - 2015-04-06 20:46 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\GlarySoft
    2015-04-06 20:45 - 2015-04-06 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
    2015-04-06 20:45 - 2015-04-06 20:46 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
    2015-04-06 20:45 - 2015-04-06 20:45 - 00001296 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk
    2015-04-06 20:44 - 2015-04-06 20:44 - 00001236 _____ () C:\Users\UpdatusUser\Desktop\TimeComX.lnk
    2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Bitdreamers
    2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdreamers
    2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\Program Files (x86)\Bitdreamers
    2015-04-06 20:29 - 2015-04-07 01:50 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Rainmeter
    2015-04-06 20:29 - 2015-04-06 20:29 - 00001725 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
    2015-04-06 20:29 - 2015-04-06 20:29 - 00000000 ____D () C:\Program Files\Rainmeter
    2015-04-06 20:27 - 2015-04-06 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    2015-04-06 20:27 - 2015-04-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Auslogics
    2015-04-06 16:40 - 2015-04-06 16:40 - 00000000 ____D () C:\ProgramData\Auslogics
    2015-04-06 01:24 - 2015-04-06 01:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2015-04-06 01:23 - 2015-04-06 01:23 - 00000000 ____D () C:\ProgramData\Unchecky
    2015-04-06 01:23 - 2015-04-06 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
    2015-04-06 01:23 - 2015-04-06 01:23 - 00000000 ____D () C:\Program Files (x86)\Unchecky
    2015-04-06 00:40 - 2015-04-06 00:40 - 00001328 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    2015-03-31 22:20 - 2015-04-05 22:16 - 00000000 ____D () C:\Program Files (x86)\9eb08200-8451-400f-a40b-8b18a34bc5a6
    2015-03-31 19:46 - 2015-04-05 21:22 - 00000000 ____D () C:\SUPERDelete
    2015-03-31 19:19 - 2015-04-05 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-03-31 19:19 - 2015-03-31 19:24 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
    2015-03-31 19:13 - 2015-03-31 19:13 - 00000000 ____D () C:\ProgramData\cb263d7e6e6c44dda6e4e75e073e32ba
    2015-03-31 19:13 - 2015-03-31 19:13 - 00000000 ____D () C:\ProgramData\568c30905acd4b6d8888a0b788131d33
    2015-03-31 19:12 - 2015-03-31 19:12 - 00000940 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\JunkCleaner.lnk
    2015-03-31 19:12 - 2015-03-31 19:12 - 00000000 ____D () C:\ProgramData\All copyright reserved - 2014
    2015-03-31 19:10 - 2015-03-31 19:10 - 00000032 _____ () C:\Windows\SysWOW64\efipdihiaz.dat
    2015-03-31 19:01 - 2015-03-31 19:01 - 00000000 ____D () C:\Program Files (x86)\user extensions
    2015-03-31 18:54 - 2015-03-31 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pillars of Eternity [GOG.com]
    2015-03-30 17:07 - 2015-03-30 17:07 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Introversion
    2015-03-26 20:32 - 2015-03-26 20:32 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\RPGTycoon
    2015-03-26 18:43 - 2015-03-26 18:43 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\.mono
    2015-03-26 18:43 - 2015-03-26 18:43 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Colossal Order
    2015-03-26 18:43 - 2015-03-26 18:43 - 00000000 ____D () C:\ProgramData\.mono
    2015-03-26 01:42 - 2015-02-05 15:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-03-26 01:42 - 2015-02-05 15:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-03-26 01:42 - 2015-02-05 13:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-03-26 00:52 - 2015-03-29 22:06 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Might & Magic Heroes VI
    2015-03-26 00:52 - 2015-03-26 01:07 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Might & Magic Heroes VI
    2015-03-26 00:52 - 2015-03-26 00:52 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Ubisoft Game Launcher
    2015-03-26 00:42 - 2015-03-26 00:46 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
    2015-03-26 00:17 - 2015-03-26 00:31 - 00000000 ____D () C:\Program Files (x86)\GOG.com
    2015-03-25 16:54 - 2015-03-25 20:35 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Sierra
    2015-03-22 02:03 - 2015-03-22 02:03 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\SKIDROW
    2015-03-22 02:01 - 2015-03-22 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
    2015-03-22 01:28 - 2015-03-22 01:28 - 00003486 _____ () C:\Windows\System32\Tasks\{0D294E33-87D6-4B69-BD39-1962FAFB80C3}
    2015-03-22 01:17 - 2015-03-22 01:17 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
    2015-03-22 00:58 - 2015-03-22 00:58 - 00000000 ____D () C:\Windows\1C4551A64743409391E41477CD655043.TMP
    2015-03-22 00:31 - 2015-03-22 00:31 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\7 Days To Die
    2015-03-21 00:18 - 2015-03-21 00:19 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Larian Studios
    2015-03-21 00:18 - 2015-03-21 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity - Original Sin [GOG.com]
    2015-03-21 00:12 - 2015-03-31 19:13 - 00000000 ____D () C:\GOG Games
    2015-03-20 21:05 - 2015-03-25 01:30 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Sid Meier's Starships
    2015-03-20 21:05 - 2015-03-20 21:05 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\FiraxisLive
    2015-03-20 19:51 - 2015-03-20 19:51 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
    2015-03-20 19:46 - 2015-03-26 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    2015-03-20 01:21 - 2015-04-06 00:36 - 00000000 ____D () C:\ILLUSION
    2015-03-19 21:06 - 2015-03-20 19:41 - 00001307 _____ () C:\Users\Mason Breitzig\Desktop\Diversions.lnk
    2015-03-19 16:20 - 2015-03-22 01:49 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Battle.net
    2015-03-19 16:20 - 2015-03-22 01:42 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Battle.net
    2015-03-19 16:20 - 2015-03-19 16:20 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Blizzard Entertainment
    2015-03-19 13:04 - 2015-03-19 13:04 - 00000000 ____D () C:\ProgramData\Battle.net
    2015-03-19 12:46 - 2015-03-26 00:31 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-15 21:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-04-15 20:47 - 2014-04-16 18:00 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-15 20:44 - 2014-07-08 18:57 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-15 20:42 - 2014-07-09 08:01 - 00000000 __RDO () C:\Users\Mason Breitzig\OneDrive
    2015-04-15 20:42 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-15 20:41 - 2014-04-24 06:32 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-04-15 20:41 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2015-04-15 20:39 - 2014-08-23 02:26 - 00000000 ____D () C:\AdwCleaner
    2015-04-15 20:36 - 2014-07-12 00:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-15 20:35 - 2014-07-08 18:57 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-15 20:33 - 2015-01-15 17:28 - 00000960 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA.job
    2015-04-15 20:32 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppCompat
    2015-04-15 20:31 - 2014-07-25 20:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-15 16:40 - 2014-07-26 00:06 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Adobe
    2015-04-14 20:49 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-04-14 00:20 - 2014-07-08 21:48 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3962362228-1037329824-2324336766-1002
    2015-04-14 00:03 - 2015-01-15 17:28 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core.job
    2015-04-14 00:02 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-04-14 00:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2015-04-12 22:02 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-04-12 22:01 - 2014-04-16 18:40 - 00000000 ____D () C:\Windows\es
    2015-04-12 13:53 - 2014-07-08 21:42 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Local\Packages
    2015-04-12 13:51 - 2014-08-22 11:11 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-04-12 11:21 - 2014-07-08 22:08 - 00000000 ____D () C:\Program Files (x86)\IObit
    2015-04-08 01:12 - 2014-07-10 10:35 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\FileZilla
    2015-04-07 17:38 - 2014-07-08 21:42 - 00000000 ____D () C:\Users\Mason Breitzig
    2015-04-06 22:00 - 2014-07-09 01:16 - 00000000 ____D () C:\Program Files\CCleaner
    2015-04-06 21:41 - 2014-04-24 06:34 - 00000000 ____D () C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
    2015-04-06 21:41 - 2014-04-24 06:34 - 00000000 ____D () C:\Program Files (x86)\Cisco
    2015-04-06 21:23 - 2014-04-16 18:25 - 00000000 ____D () C:\AsusVibeData
    2015-04-06 21:23 - 2014-04-16 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2015-04-06 21:23 - 2014-04-16 18:21 - 00000000 ____D () C:\Program Files (x86)\ASUS
    2015-04-06 21:07 - 2014-07-25 20:21 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-06 21:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\ADFS
    2015-04-06 00:45 - 2014-07-09 07:38 - 00000000 ____D () C:\ProgramData\HappyCloud
    2015-04-06 00:44 - 2015-03-15 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-04-06 00:42 - 2014-07-08 22:08 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\IObit
    2015-04-06 00:38 - 2014-07-09 00:38 - 00000000 ____D () C:\Program Files (x86)\Origin Games
    2015-04-06 00:37 - 2014-07-10 17:25 - 00000000 ____D () C:\Games
    2015-04-06 00:32 - 2014-04-16 17:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-04-05 22:16 - 2014-07-09 21:01 - 00000000 ____D () C:\Program Files (x86)\Adobe Gaming SDK 1.3
    2015-04-02 09:10 - 2014-07-08 22:08 - 00000000 ____D () C:\ProgramData\ProductData
    2015-03-31 20:07 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Globalization
    2015-03-31 00:57 - 2014-07-12 00:53 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-26 01:42 - 2014-04-24 06:32 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
    2015-03-26 01:42 - 2014-04-24 06:32 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2015-03-26 01:41 - 2014-04-24 06:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2015-03-26 00:22 - 2014-12-03 14:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-03-26 00:11 - 2014-07-09 00:43 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-03-22 02:03 - 2014-09-06 13:09 - 00000000 ____D () C:\ProgramData\Firefly Studios
    2015-03-20 03:24 - 2014-07-09 21:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-03-19 21:00 - 2014-11-01 19:39 - 00000000 ____D () C:\Users\Mason Breitzig\Documents\Main
    2015-03-18 22:05 - 2014-07-26 15:44 - 00000000 ____D () C:\Users\Mason Breitzig\AppData\Roaming\Notepad++

    ==================== Files in the root of some directories =======

    2015-04-15 18:05 - 2015-04-15 20:42 - 0003925 _____ () C:\Users\Mason Breitzig\AppData\Local\BTServer.log

    Some content of TEMP:
    ====================
    C:\Users\Mason Breitzig\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Mason Breitzig\AppData\Local\Temp\Quarantine.exe
    C:\Users\Mason Breitzig\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-14 11:28

    ==================== End Of Log ============================
     
  23. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
    Ran by Mason Breitzig at 2015-04-15 21:30:12
    Running from C:\Users\Mason Breitzig\Documents\Main\Programs\System Care
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
    Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.2 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
    Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.0.1 - Adobe Systems Incorporated)
    Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
    Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
    Adobe Edge Animate CC 2014 (HKLM-x32\...\{A3643DA2-AF8A-44E8-A56E-7FE001932D8B}) (Version: 4.0 - Adobe Systems Incorporated)
    Adobe Edge Code CC (HKLM-x32\...\{2033D10C-8B25-6EED-97C0-708693677BA6}) (Version: 0.98 - Adobe Systems Incorporated)
    Adobe Edge Inspect CC (HKLM-x32\...\{2532C427-E595-4768-B6E9-C20F3AB751CA}) (Version: 1.5.486 - Adobe Systems Incorporated)
    Adobe Edge Reflow CC Preview (HKLM\...\{E23FC538-5890-43E8-932D-FC1DD8B1655B}) (Version: 0.47.17127 - Adobe Systems Incorporated)
    Adobe Exchange Panel (HKLM-x32\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)
    Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
    Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)
    Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
    Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.0.1 - Adobe Systems Incorporated)
    Adobe Gaming SDK 1.3 (HKLM-x32\...\{62FFC6DD-18BB-49FC-AF65-71FB1C0B08AA}) (Version: 1.3 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
    Adobe InCopy CC 2014 (HKLM-x32\...\{B389B226-A760-1014-9ADD-DA3D4A4028DB}) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Muse CC 2014 (HKLM\...\{0A030E99-7CFB-4F35-B1A8-B495F8B36E7A}) (Version: 2014.1.1.6 - Adobe Systems, Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
    Adobe Prelude CC 2014 (HKLM-x32\...\{2A054E48-0A75-42BD-8738-EC9AB4E2207A}) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
    Adobe Scout CC (HKLM\...\{BA573BFE-83B4-11E3-93D2-D231FEB1DC81}) (Version: 1.1.3.354121 - Adobe Systems Incorporated)
    Adobe SpeedGrade CC 2014 (HKLM-x32\...\{8EFF28F0-9DFD-4208-9E04-4D49A4812CF3}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{C6B2127C-A9E0-411B-8EF1-2CE0ACDF265D}) (Version: 20.2.6362.11139 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader Driver (x32 Version: 20.2.6362.11139 - Alcor Micro Corp.) Hidden
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.12 - ASUSTeK Computer Inc.)
    ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.00.11 - ASUSTeK Computer Inc.)
    ASUS Manager - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.10 - ASUSTeK Computer Inc.)
    ASUS Manager - Family Safety (HKLM-x32\...\{016AFF97-4E18-4560-B8E5-B684BB124E32}) (Version: 2.00.03 - ASUSTeK Computer Inc.)
    ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.08 - ASUSTeK Computer Inc.)
    ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.02 - ASUSTeK Computer Inc.)
    ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.02.04 - ASUSTeK Computer Inc.)
    ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.08.00 - ASUSTeK Computer Inc.)
    Auslogics Registry Defrag (HKLM-x32\...\{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1) (Version: 8.4.0.0 - Auslogics Labs Pty Ltd)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
    CambridgeSoft ChemBioOffice 2014 (HKLM-x32\...\{9023F95E-737F-4343-BC57-B6217E3091CB}) (Version: 14.0 - CambridgeSoft Corporation)
    CambridgeSoft ChemScript 14.0 (HKLM-x32\...\{6053D436-AF21-4D67-A458-04C2B969A865}) (Version: 14.0 - CambridgeSoft Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
    Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
    ChromecastApp (HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Divinity - Original Sin (HKLM-x32\...\1207664923_is1) (Version: 2.11.0.21 - GOG.com)
    eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.07 - ASUSTeK Computer Inc.)
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    FileZilla Client 3.10.2 (HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
    Fraps (HKLM-x32\...\Fraps) (Version: - )
    Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Cleaner (x32 Version: 1.1.6.2 - Pandaje Group) Hidden
    Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
    Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)
    LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.0 - Ubisoft)
    MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
    MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
    Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
    PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1036.0 - Passmark Software)
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
    PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
    Python 3.2.2 (HKLM-x32\...\{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}) (Version: 3.2.2150 - Python Software Foundation)
    Q-Dir (HKLM-x32\...\Q-Dir) (Version: - )
    Quick Startup 5.10.1.101 (HKLM-x32\...\Quick Startup) (Version: 5.10.1.101 - Glarysoft Ltd)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )
    REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.092613 - REALTEK Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0247 - REALTEK Semiconductor Corp.)
    Registry Repair 5.0.1.67 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.67 - Glarysoft Ltd)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Serif WebPlus X5 (HKLM-x32\...\{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}) (Version: 13.0.0.016 - Serif (Europe) Ltd)
    Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
    SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
    Skyrim Performance Monitor (HKLM-x32\...\{84AEB93A-ECBB-4568-8F59-D4516EF59079}) (Version: 3.65 - SirGarnon on Skyrim Nexus)
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    Stronghold 3 (HKLM-x32\...\Stronghold 3_is1) (Version: - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
    The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
    The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
    The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)
    TimeComX Basic (32-Bit) (HKLM-x32\...\TimeComX Basic 32-Bit) (Version: 1.3.2.7 - Bitdreamers)
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    Unchecky v0.3.7.2 (HKLM-x32\...\Unchecky) (Version: 0.3.7.2 - RaMMicHaeL)
    VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
    WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.4 - Wrye & Wrye Bash Development Team)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3962362228-1037329824-2324336766-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mason Breitzig\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    12-04-2015 17:23:01 Virus Point 1
    13-04-2015 23:51:31 Revo Uninstaller's restore point - SmartWeb
    15-04-2015 16:42:15 Revo Uninstaller's restore point - FlashBeat

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2015-04-15 20:43 - 00000961 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02A24CE3-B703-4779-8310-F9CF365EC96D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
    Task: {03DEB618-EA0C-4F40-9C82-F66D90106EE8} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {03E12A45-10B0-44FD-9D46-385C2A3FFC98} - System32\Tasks\Uninstaller_SkipUac_Mason_Breitzig => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: {0419ACAE-D5C0-4D90-A12E-B5DC08E5F389} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2014-03-25] ()
    Task: {11F4EE09-DD3D-4B50-998C-70475BD43099} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
    Task: {1344D7B0-7EF1-44E1-8779-4525ADA34307} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2013-11-27] (ASUSTeK Computer Inc.)
    Task: {14837A16-38C8-4147-A7C2-78CB03E521E2} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [2014-02-20] (ASUSTeK)
    Task: {1C1E8661-206D-455D-8BD9-235C850468A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {1D8B5421-4333-43BE-BE4F-94D47F42E2C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {28E759BA-A029-4269-AF76-5EC06A95FD98} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {2D5E4D6F-542B-4BF9-AC17-12FA9C8DF705} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mbreitzig@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
    Task: {3B364311-190C-4E78-9ED9-93DCE7AF101A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
    Task: {4A176280-787E-49AD-A9E3-299A99046DDB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {4A7A5ED4-2091-4DCE-9D2B-1CFB56F822DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-06] (Adobe Systems Incorporated)
    Task: {503111FD-33DE-42B8-9542-16B94409F931} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {6E8936EC-1172-44F5-9E3D-C254A24386A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {7CEC08E6-1AC8-4F2D-9C3C-6569BDB62FC0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {8184B271-57AF-44C0-B69B-F8EED39D84D3} - System32\Tasks\{0D294E33-87D6-4B69-BD39-1962FAFB80C3} => pcalua.exe -a "C:\Users\Mason Breitzig\Documents\Main\Entertainment\Games\Files\Downloaded\Dragon Age Origins Ultimate\data\DataSetup.exe" -d "C:\Users\Mason Breitzig\Documents\Main\Entertainment\Games\Files\Downloaded\Dragon Age Origins Ultimate\data"
    Task: {849A6DAF-FDBA-404F-9A1D-3C1D5254917C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
    Task: {868CF4D0-323F-4D23-9F5C-03AE2DA57F19} - System32\Tasks\{2600FEB7-A17D-438C-B22F-31678805BE85} => pcalua.exe -a H:\_ISDel.exe -d H:\
    Task: {9D9620A7-7228-45A9-A993-1246FCE2D38E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {9E1DDFEF-6CCD-4E7F-B0B3-ECB0E0C056BB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
    Task: {A6DBBDDB-716B-4257-8962-78308E94CDD8} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.)
    Task: {B38A6F67-9E95-453F-B282-8F47C4732AD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-03] (Google Inc.)
    Task: {B6BBBA25-C8D3-45BC-8EA6-6931198E6C02} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2013-11-28] ()
    Task: {BB86DE67-6F47-4A24-865F-289C4A95FB9E} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2014-02-19] (ASUSTeK)
    Task: {BC1A3907-16C9-4300-8271-6E0D51F303AB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {C0C3EC5D-41F0-4584-80E7-38FAD3142BC7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {CE83C9FC-E4D5-4815-8EFD-EE5364ACF4B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
    Task: {D41289EF-6F23-4E1C-849F-5F537F9C1931} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: {E128FFEC-C704-467D-A1C2-7643A4363785} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {ED0E9D5F-5C71-4B7B-BEC6-916088DAAA71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-03] (Google Inc.)
    Task: {F50C851B-8F17-42A8-A765-439C60F75FDD} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2013-11-27] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002Core.job => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3962362228-1037329824-2324336766-1002UA.job => C:\Users\Mason Breitzig\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Task: C:\Windows\Tasks\Uninstaller_SkipUac_Mason_Breitzig.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-04-24 06:38 - 2014-03-25 21:36 - 00929936 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
    2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
    2014-11-15 19:35 - 2009-06-02 02:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2014-04-24 06:38 - 2014-03-12 18:50 - 00854016 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandlerBin.dll
    2015-03-20 03:21 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-04-24 06:31 - 2013-09-16 16:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-04-06 23:25 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-04-06 23:25 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-04-06 23:25 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-04-06 23:25 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-04-06 23:25 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-11-16 04:19 - 2014-11-16 04:19 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Mason Breitzig\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mason Breitzig\AppData\Roaming\Rainmeter\Layouts\Nova\Wallpaper.bmp
    DNS Servers: Media is not connected to internet.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run: => "BtServer"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "DriverChecker.exe"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "Advanced SystemCare 8"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-3962362228-1037329824-2324336766-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3962362228-1037329824-2324336766-500 - Administrator - Disabled)
    Guest (S-1-5-21-3962362228-1037329824-2324336766-501 - Limited - Disabled)
    Mason Breitzig (S-1-5-21-3962362228-1037329824-2324336766-1002 - Administrator - Enabled) => C:\Users\Mason Breitzig
    UpdatusUser (S-1-5-21-3962362228-1037329824-2324336766-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
    Percentage of memory in use: 13%
    Total physical RAM: 12227.25 MB
    Available physical RAM: 10622.63 MB
    Total Pagefile: 14083.25 MB
    Available Pagefile: 12311.73 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1848.07 GB) (Free:1447.41 GB) NTFS
    Drive h: (Sims4_2) (CDROM) (Total:0.48 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: 76A7E05D)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  24. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks pretty good :)

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  25. Mason Breitzig

    Mason Breitzig TS Rookie Topic Starter Posts: 18

    Excellent.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015
    Ran by Mason Breitzig at 2015-04-15 23:27:37 Run:3
    Running from C:\Users\Mason Breitzig\Documents\Main\Programs\System Care
    Loaded Profiles: Mason Breitzig (Available profiles: UpdatusUser & Mason Breitzig)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    2015-04-15 18:05 - 2015-04-15 20:42 - 0003925 _____ () C:\Users\Mason Breitzig\AppData\Local\BTServer.log
    C:\Users\Mason Breitzig\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Mason Breitzig\AppData\Local\Temp\Quarantine.exe
    C:\Users\Mason Breitzig\AppData\Local\Temp\sqlite3.dll
    AlternateDataStreams: C:\Users\Mason Breitzig\OneDrive:ms-properties

    *****************

    C:\Users\Mason Breitzig\AppData\Local\BTServer.log => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Mason Breitzig\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "C:\Users\Mason Breitzig\OneDrive" => ":ms-properties" ADS not found.

    ==== End of Fixlog 23:27:37 ====
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...