TechSpot

Trouble installing programs and removing them

By GMorrow
Jul 10, 2016
  1. Currently been battling file control and also many programs that I have been running for awhile will crash and have to reinstalled or wont allow me to install them at all.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  3. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-07-2016
    Ran by garrett morrow (administrator) on GARRETTMORROW (10-07-2016 10:32:03)
    Running from C:\Users\garrett morrow\Downloads
    Loaded Profiles: garrett morrow (Available Profiles: garrett morrow & Mcx1-GARRETTMORROW)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    (NVIDIA Corporation) C:\ProgramData\Client\client.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
    (Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
    (Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
    (Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
    (Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-07-07] (Plays.tv, LLC)
    HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-05-23] (Raptr, Inc)
    HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientmonitor.exe" [X]
    HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\Winlogon: [Shell] explorer.exe,"C:\Users\garrett morrow\AppData\Roaming\clientmonitor.exe" <==== ATTENTION
    HKU\S-1-5-18\...\Run: [Google Update**.d<*>] => "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{c3d8a8fd-b559-9494-b5db-e2e7551e2b19}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{c3d8a8fd-b559-9494-b5db-e2e7551e2b19}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-02-19]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk [2013-03-16]
    Startup: C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-04-28]
    Startup: C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-10-10] ()
    Startup: C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Legend_of_Dragoon_The_iso_Disc1of4_SLUS_94491.lnk [2015-04-01]
    Startup: C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2013-06-16]
    Startup: C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk [2015-09-14]
    Startup: C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Open Garden.lnk [2016-03-20]
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{53AD326C-5354-4A7B-9095-63BC162FFA0D}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{5739057E-28C7-4155-9D4A-AC61277A5DAE}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{5774C0CC-2A86-4D7B-9F35-ED2F995C1BA2}: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{76C45F2B-582D-4586-8A55-B388E687A0EF}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{77940E3E-A589-4548-AE3F-49F9BE1181EB}: [DhcpNameServer] 172.20.10.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-04] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-04] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-04] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-04] (Oracle Corporation)
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

    FireFox:
    ========
    FF ProfilePath: C:\Users\garrett morrow\AppData\Roaming\Mozilla\Firefox\Profiles\dip0kjzi.default-1453319064049
    FF NewTab: about:newtab
    FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_ir_16_20&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzzyEtC0ByD0EyByCtDtA0A0DyB0DzztDtN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyB0FzyyEyB0EyEtGyDyC0E0FtGyEtDzytBtGtC0A0EtCtG0DtBtByEtB0F0E0CtB0E0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0Azz0BtCtAyEzytGzyyD0EtCtGyE0B0BtAtG0B0EyCzztG0DtAtDyE0FyCzz0FtBtByE0E2QtN0A0LzutB%26cr%3D1251487312%26a%3Dwncy_ir_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll [2013-02-02] ()
    FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-04] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-04] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll [2013-02-02] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
    FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll [2012-05-11] (ESN Social Software AB)
    FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll [2012-08-20] (ESN Social Software AB)
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-04] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-04] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-03-10] (Pando Networks)
    FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\garrett morrow\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
    FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-08-21] (RocketLife, LLP)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4182545111-3799939734-1776222819-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\garrett morrow\AppData\LocalLow\Sony Online Entertainment\npsoe.dll [2012-07-14] ()
    FF Plugin HKU\S-1-5-21-4182545111-3799939734-1776222819-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-03-10] (Pando Networks)
    FF Plugin HKU\S-1-5-21-4182545111-3799939734-1776222819-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-21] ()

    Chrome:
    =======
    CHR Profile: C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-20]
    CHR Extension: (Google Docs) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-20]
    CHR Extension: (Google Drive) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-20]
    CHR Extension: (YouTube) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-20]
    CHR Extension: (Google Search) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-20]
    CHR Extension: (Google Sheets) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-20]
    CHR Extension: (Google Docs Offline) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
    CHR Extension: (Showgoers for Netflix) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcmaninppdeakmhaonacejmfcgeempfo [2016-06-18]
    CHR Extension: (Gmail) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-20]
     
  4. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [243984 2016-03-05] (EasyAntiCheat Ltd)
    S4 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
    S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-04-29] (Echobit LLC)
    S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
    S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] () [File not signed]
    R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-07-07] (Plays.tv, LLC)
    S4 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2011-11-21] (Ralink Technology, Corp.)
    S4 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2011-11-21] (Ralink Technology, Corp.)
    S4 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7806848 2016-05-27] (Reimage®)
    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]
    S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c3d8a8fd-b559-9494-b5db-e2e7551e2b19}\ \...\‮ﯹ๛\{c3d8a8fd-b559-9494-b5db-e2e7551e2b19}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
    R4 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
    S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-29] (Symantec Corporation)
    R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-11-01] (Echobit, LLC)
    S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-01-08] ()
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-08] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
    S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-01] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
    S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
    R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-26] (SplitmediaLabs Limited)
    R1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [X]
    R1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120309.002\IDSvia64.sys [X]
    S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120309.034\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120309.034\EX64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-10 10:32 - 2016-07-10 10:32 - 00024310 _____ C:\Users\garrett morrow\Downloads\FRST.txt
    2016-07-10 10:31 - 2016-07-10 10:32 - 00000000 ____D C:\FRST
    2016-07-10 10:31 - 2016-07-10 10:31 - 02390016 _____ (Farbar) C:\Users\garrett morrow\Downloads\FRST64.exe
    2016-07-10 10:18 - 2016-07-10 10:19 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\PlaysTV
    2016-07-10 10:18 - 2016-07-10 10:18 - 00002023 _____ C:\Users\Public\Desktop\Raptr.lnk
    2016-07-10 10:18 - 2016-07-10 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
    2016-07-10 10:18 - 2016-07-10 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
    2016-07-10 10:18 - 2016-07-10 10:18 - 00000000 ____D C:\ProgramData\ATI
    2016-07-10 10:15 - 2016-07-10 10:19 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Raptr
    2016-07-10 10:15 - 2016-07-10 10:16 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
    2016-07-10 10:15 - 2016-07-10 10:16 - 00000000 ____D C:\Program Files (x86)\Raptr
    2016-07-10 10:14 - 2016-07-10 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2016-07-10 10:09 - 2016-07-10 10:10 - 00000000 ____D C:\Windows\LastGood
    2016-07-10 09:57 - 2016-07-10 09:57 - 00002970 _____ C:\Windows\System32\Tasks\{94722EA7-C91D-4616-B8D3-0998EB0EF39A}
    2016-07-10 09:51 - 2016-07-10 09:51 - 00002214 _____ C:\Users\garrett morrow\Desktop\Discord.lnk
    2016-07-10 09:50 - 2016-07-10 10:14 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\Discord
    2016-07-10 09:47 - 2016-07-10 09:58 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-07-10 09:47 - 2016-07-10 09:47 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
    2016-07-10 09:47 - 2016-07-10 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2016-07-10 09:23 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2016-07-10 09:23 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2016-07-10 08:32 - 2016-07-10 08:32 - 00000000 ____D C:\Windows\TempA9757772-B78A-8792-79E8-1758C8F6075E-Signatures
    2016-07-10 08:09 - 2016-07-10 08:09 - 00000000 ____D C:\Windows\TempC6EE1AF2-6B86-7639-27D2-3DD2C2CD18C8-Signatures
    2016-07-10 08:00 - 2016-04-09 02:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-07-10 08:00 - 2016-04-09 02:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-07-10 08:00 - 2016-04-09 02:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-07-10 08:00 - 2016-04-09 01:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-07-10 08:00 - 2016-04-09 01:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-07-10 08:00 - 2016-04-09 01:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
     
  5. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    2016-07-10 08:00 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 00:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-07-10 08:00 - 2016-04-09 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-07-10 08:00 - 2016-04-09 00:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-07-10 08:00 - 2016-04-09 00:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-07-10 08:00 - 2016-04-09 00:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-07-10 08:00 - 2016-04-09 00:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-07-10 08:00 - 2016-04-09 00:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-07-10 08:00 - 2016-04-09 00:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-07-10 08:00 - 2016-04-09 00:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-07-10 08:00 - 2016-04-09 00:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-07-10 08:00 - 2016-04-09 00:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 00:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 00:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 00:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-07-10 08:00 - 2016-03-23 17:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2016-07-10 08:00 - 2016-03-23 17:40 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2016-07-10 08:00 - 2016-01-22 01:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
    2016-07-10 08:00 - 2016-01-22 01:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
    2016-07-10 08:00 - 2016-01-22 01:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
    2016-07-10 08:00 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
    2016-07-10 08:00 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2016-07-10 08:00 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
    2016-07-10 08:00 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
    2016-07-10 07:59 - 2016-03-17 17:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-07-10 07:59 - 2016-03-17 17:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2016-07-10 07:59 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2016-07-10 07:59 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2016-07-10 07:59 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2016-07-10 07:59 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
    2016-07-10 07:58 - 2016-05-12 12:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-07-10 07:58 - 2016-05-12 12:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-07-10 07:58 - 2016-05-12 12:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-07-10 07:58 - 2016-05-12 12:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-07-10 07:58 - 2016-05-12 12:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-07-10 07:58 - 2016-05-12 12:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-07-10 07:58 - 2016-05-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-07-10 07:58 - 2016-05-12 09:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2016-07-10 07:58 - 2016-05-12 09:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2016-07-10 07:58 - 2016-05-12 09:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-07-10 07:58 - 2016-05-12 09:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2016-07-10 07:58 - 2016-05-12 09:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-07-10 07:58 - 2016-05-12 09:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-07-10 07:58 - 2016-05-12 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-07-10 07:58 - 2016-05-12 09:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-07-10 07:58 - 2016-05-12 09:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-07-10 07:58 - 2016-05-12 08:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-07-10 07:58 - 2016-05-12 08:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2016-07-10 07:58 - 2016-05-12 08:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2016-07-10 07:58 - 2016-04-14 08:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2016-07-10 07:58 - 2016-04-14 08:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2016-07-10 07:58 - 2016-03-15 19:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2016-07-10 07:58 - 2016-03-15 19:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2016-07-10 07:58 - 2016-03-15 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2016-07-10 07:58 - 2016-02-12 13:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-07-10 07:58 - 2016-02-12 13:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-07-10 07:58 - 2016-02-12 13:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-07-10 07:58 - 2016-02-12 13:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2016-07-10 07:58 - 2016-02-12 13:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2016-07-10 07:58 - 2016-02-12 13:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-07-10 07:58 - 2016-02-12 13:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-07-10 07:58 - 2016-02-12 13:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-07-10 07:58 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2016-07-10 07:58 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-07-10 07:58 - 2016-02-12 13:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2016-07-10 07:58 - 2016-02-12 13:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2016-07-10 07:58 - 2016-02-12 13:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2016-07-10 07:58 - 2016-02-12 13:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2016-07-10 07:58 - 2016-02-12 13:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2016-07-10 07:58 - 2016-02-12 13:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2016-07-10 07:58 - 2016-02-09 04:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2016-07-10 07:58 - 2016-02-09 04:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2016-07-10 07:58 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2016-07-10 07:58 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2016-07-10 07:58 - 2016-02-09 04:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2016-07-10 07:58 - 2016-02-09 04:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2016-07-10 07:58 - 2016-02-09 04:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2016-07-10 07:58 - 2016-02-09 04:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2016-07-10 07:58 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2016-07-10 07:58 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2016-07-10 07:58 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2016-07-10 07:58 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
    2016-07-10 07:58 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
    2016-07-10 07:58 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2016-07-10 07:58 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2016-07-10 07:58 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
    2016-07-10 07:58 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2016-07-10 07:58 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
    2016-07-10 07:58 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2016-07-10 07:58 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2016-07-10 07:58 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2016-07-10 07:58 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2016-07-10 07:58 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2016-07-10 07:58 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
    2016-07-10 07:58 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2016-07-10 07:58 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2016-07-10 07:58 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2016-07-10 07:58 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2016-07-10 07:58 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2016-07-10 07:58 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2016-07-10 07:58 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2016-07-10 07:57 - 2016-05-12 12:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
    2016-07-10 07:57 - 2016-05-12 12:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
    2016-07-10 07:57 - 2016-05-12 12:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
    2016-07-10 07:57 - 2016-05-12 12:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
    2016-07-10 07:57 - 2016-05-12 12:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
    2016-07-10 07:57 - 2016-05-12 12:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
    2016-07-10 07:57 - 2016-05-12 10:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
    2016-07-10 07:57 - 2016-05-12 10:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
    2016-07-10 07:57 - 2016-05-12 10:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
    2016-07-10 07:57 - 2016-05-12 10:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
    2016-07-10 07:57 - 2016-03-06 13:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2016-07-10 07:57 - 2016-03-06 13:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2016-07-10 07:57 - 2016-03-06 13:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2016-07-10 07:57 - 2016-03-06 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2016-07-10 07:57 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
    2016-07-10 07:57 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
    2016-07-10 07:57 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
    2016-07-10 07:57 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-07-10 07:57 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-07-10 07:57 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-07-10 07:57 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-07-10 07:57 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2016-07-10 07:57 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
    2016-07-10 07:57 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2016-07-10 07:57 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2016-07-10 07:57 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2016-07-10 07:57 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2016-07-10 07:57 - 2015-06-15 16:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-07-10 07:57 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-07-10 07:57 - 2015-06-15 16:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-07-10 07:57 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2016-07-10 07:57 - 2015-06-15 16:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-07-10 07:57 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2016-07-10 07:57 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-07-10 07:57 - 2015-06-15 16:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-07-10 07:57 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2016-07-10 07:57 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2016-07-10 07:57 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2016-07-10 07:57 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2016-07-10 07:56 - 2016-05-12 12:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-07-10 07:56 - 2016-05-12 10:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-07-10 07:56 - 2016-05-12 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-07-10 07:56 - 2016-04-08 23:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2016-07-10 07:56 - 2016-04-08 22:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2016-07-10 07:56 - 2016-04-06 10:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2016-07-10 07:56 - 2016-01-06 14:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2016-07-10 07:56 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2016-07-10 07:56 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
    2016-07-10 07:56 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
    2016-07-10 07:56 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
    2016-07-10 07:56 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
    2016-07-10 07:56 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
    2016-07-10 07:56 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
    2016-07-10 07:56 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2016-07-10 07:56 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2016-07-10 07:56 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2016-07-10 07:56 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
    2016-07-10 07:55 - 2016-05-18 11:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-07-10 07:55 - 2016-05-18 11:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-07-10 07:55 - 2016-05-13 17:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2016-07-10 07:55 - 2016-05-13 17:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2016-07-10 07:55 - 2016-05-13 17:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2016-07-10 07:55 - 2016-05-13 17:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2016-07-10 07:55 - 2016-05-13 17:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2016-07-10 07:55 - 2016-05-13 16:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2016-07-10 07:55 - 2016-05-13 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2016-07-10 07:55 - 2016-05-13 16:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
     
  6. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    2016-07-10 07:55 - 2016-05-13 16:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2016-07-10 07:55 - 2016-05-13 16:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2016-07-10 07:55 - 2016-05-11 12:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
    2016-07-10 07:55 - 2016-05-11 12:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2016-07-10 07:55 - 2016-05-11 12:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2016-07-10 07:55 - 2016-05-11 12:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
    2016-07-10 07:55 - 2016-05-11 10:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
    2016-07-10 07:55 - 2016-05-11 10:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2016-07-10 07:55 - 2016-05-11 10:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
    2016-07-10 07:55 - 2016-05-11 10:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
    2016-07-10 07:55 - 2016-05-11 10:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
    2016-07-10 07:55 - 2016-05-11 10:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
    2016-07-10 07:55 - 2016-05-11 09:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
    2016-07-10 07:55 - 2016-04-09 02:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2016-07-10 07:55 - 2016-04-09 02:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2016-07-10 07:55 - 2016-04-09 01:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2016-07-10 07:55 - 2016-02-09 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
    2016-07-10 07:55 - 2016-02-04 20:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
    2016-07-10 07:55 - 2016-02-04 13:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
    2016-07-10 07:55 - 2016-02-03 13:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2016-07-10 07:55 - 2016-02-03 13:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2016-07-10 07:55 - 2016-02-03 13:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2016-07-10 07:55 - 2016-02-03 13:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2016-07-10 07:55 - 2016-02-03 13:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2016-07-10 07:55 - 2016-01-07 12:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-07-10 07:55 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2016-07-10 07:55 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2016-07-10 07:55 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2016-07-10 07:55 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
    2016-07-10 07:55 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
    2016-07-10 07:55 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
    2016-07-10 07:55 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2016-07-10 07:55 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
    2016-07-10 07:55 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2016-07-10 07:55 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
    2016-07-10 07:55 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2016-07-10 07:55 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2016-07-10 07:55 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2016-07-10 07:55 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2016-07-10 07:55 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2016-07-10 07:55 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2016-07-10 07:55 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
    2016-07-10 07:55 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
    2016-07-10 07:55 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    2016-07-10 07:55 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2016-07-10 07:55 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2016-07-10 07:55 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2016-07-10 07:55 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2016-07-10 07:55 - 2015-04-24 13:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2016-07-10 07:55 - 2015-04-24 12:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2016-07-10 07:54 - 2016-07-10 07:54 - 01444992 _____ C:\Users\garrett morrow\Downloads\SteamSetup.exe
    2016-07-10 07:41 - 2016-05-23 18:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-07-10 07:41 - 2016-05-23 17:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-07-10 07:41 - 2016-05-21 12:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-07-10 07:41 - 2016-05-21 11:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-07-10 07:41 - 2016-05-20 17:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-07-10 07:41 - 2016-05-20 17:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-07-10 07:41 - 2016-05-20 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-07-10 07:41 - 2016-05-20 17:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-07-10 07:41 - 2016-05-20 17:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-07-10 07:41 - 2016-05-20 17:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-07-10 07:41 - 2016-05-20 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-07-10 07:41 - 2016-05-20 17:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-07-10 07:41 - 2016-05-20 17:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-07-10 07:41 - 2016-05-20 17:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-07-10 07:41 - 2016-05-20 17:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-07-10 07:41 - 2016-05-20 16:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-07-10 07:41 - 2016-05-20 16:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-07-10 07:41 - 2016-05-20 16:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-07-10 07:41 - 2016-05-20 16:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-07-10 07:41 - 2016-05-20 16:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-07-10 07:41 - 2016-05-20 16:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-07-10 07:41 - 2016-05-20 16:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-07-10 07:41 - 2016-05-20 16:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-07-10 07:41 - 2016-05-20 16:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-07-10 07:41 - 2016-05-20 16:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-07-10 07:41 - 2016-05-20 16:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-07-10 07:41 - 2016-05-20 16:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-07-10 07:41 - 2016-05-20 16:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-07-10 07:41 - 2016-05-20 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-07-10 07:41 - 2016-05-20 16:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-07-10 07:41 - 2016-05-20 16:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-07-10 07:41 - 2016-05-20 16:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-07-10 07:41 - 2016-05-20 16:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-07-10 07:41 - 2016-05-20 16:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-07-10 07:41 - 2016-05-20 16:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-07-10 07:41 - 2016-05-20 16:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-07-10 07:41 - 2016-05-20 16:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-07-10 07:41 - 2016-05-20 16:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-07-10 07:41 - 2016-05-20 16:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-07-10 07:41 - 2016-05-20 16:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-07-10 07:41 - 2016-05-20 16:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-07-10 07:41 - 2016-05-20 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-07-10 07:41 - 2016-05-20 16:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-07-10 07:41 - 2016-05-20 16:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-07-10 07:41 - 2016-05-20 16:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-07-10 07:41 - 2016-05-20 16:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-07-10 07:41 - 2016-05-20 16:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-07-10 07:41 - 2016-05-20 16:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-07-10 07:41 - 2016-05-20 16:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-07-10 07:41 - 2016-05-20 16:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-07-10 07:41 - 2016-05-20 16:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-07-10 07:41 - 2016-05-20 16:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-07-10 07:41 - 2016-05-20 16:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-07-10 07:41 - 2016-05-20 16:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-07-10 07:41 - 2016-05-20 16:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-07-10 07:41 - 2016-05-20 16:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-07-10 07:41 - 2016-05-20 16:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-07-10 07:41 - 2016-05-20 16:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-07-10 07:41 - 2016-05-20 16:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-07-10 07:41 - 2016-05-20 16:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-07-10 07:41 - 2016-05-20 15:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-07-10 07:41 - 2016-05-20 15:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-07-10 07:41 - 2016-05-20 15:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-07-10 07:41 - 2016-05-20 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-07-10 07:41 - 2016-05-20 15:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-07-10 07:41 - 2016-05-20 15:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-07-09 21:27 - 2016-07-09 21:28 - 00000000 ____D C:\rei
    2016-07-09 21:27 - 2016-07-09 21:27 - 00001901 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
    2016-07-09 21:27 - 2016-07-09 21:27 - 00000344 _____ C:\Windows\Tasks\ReimageUpdater.job
    2016-07-09 21:27 - 2016-07-09 21:27 - 00000000 ____D C:\ProgramData\Reimage Protector
    2016-07-09 21:27 - 2016-07-09 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2016-07-09 21:27 - 2016-07-09 21:27 - 00000000 ____D C:\Program Files\Reimage
    2016-07-09 21:23 - 2016-07-09 21:28 - 00000140 _____ C:\Windows\Reimage.ini
    2016-07-09 21:23 - 2016-07-09 21:23 - 00603920 _____ (Reimage) C:\Users\garrett morrow\Downloads\ReimageRepair.exe
    2016-07-09 21:10 - 2016-07-09 21:12 - 00000000 ____D C:\Program Files (x86)\Client
    2016-07-09 19:15 - 2016-07-09 20:18 - 00000000 ____D C:\AdwCleaner
    2016-07-09 19:15 - 2016-07-09 19:15 - 03712064 _____ C:\Users\garrett morrow\Downloads\adwcleaner_5.201.exe
    2016-07-09 18:08 - 2016-07-10 09:46 - 00000000 _____ C:\Users\garrett morrow\Downloads\DiscordSetup (4).exe
    2016-07-09 09:15 - 2016-07-09 10:03 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Wise Registry Cleaner
    2016-07-09 09:15 - 2016-07-09 09:18 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Wise Euask
    2016-07-09 09:15 - 2016-07-09 09:15 - 00001231 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
    2016-07-09 09:15 - 2016-07-09 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
    2016-07-09 09:15 - 2016-07-09 09:15 - 00000000 ____D C:\Program Files (x86)\Wise
    2016-07-09 09:14 - 2016-07-09 09:15 - 04160008 _____ (WiseCleaner.com ) C:\Users\garrett morrow\Downloads\WRCFree.exe
    2016-07-09 08:16 - 2016-07-09 08:37 - 00000000 ___RD C:\Users\garrett morrow\Desktop\THISSTEAM
    2016-07-08 17:27 - 2016-07-10 09:40 - 00003220 _____ C:\Windows\System32\Tasks\Client Monitor
    2016-07-08 17:26 - 2010-03-08 05:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
    2016-07-08 16:53 - 2016-07-09 00:32 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\FreeFixer
    2016-07-08 16:53 - 2016-07-08 17:08 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\FreeFixer
    2016-07-08 16:52 - 2016-07-08 16:52 - 02687418 _____ (Kephyr) C:\Users\garrett morrow\Downloads\freefixersetup.exe
    2016-07-08 16:52 - 2016-07-08 16:52 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
    2016-07-08 16:52 - 2016-07-08 16:52 - 00000000 ____D C:\Program Files\FreeFixer
    2016-07-08 12:48 - 2016-07-08 12:48 - 48500408 _____ (Hammer & Chisel, Inc.) C:\Users\garrett morrow\Downloads\DiscordSetup (3).exe
    2016-07-08 09:29 - 2016-07-08 09:29 - 00000622 _____ C:\Users\garrett morrow\Downloads\TakeOwnership (1).zip
    2016-07-08 08:57 - 2016-07-08 08:57 - 02317839 _____ (PowTools ) C:\Users\garrett morrow\Downloads\file_shredder_setup (1).exe
    2016-07-08 08:57 - 2016-07-08 08:57 - 00000847 _____ C:\Users\garrett morrow\Desktop\File Shredder.lnk
    2016-07-08 08:57 - 2016-07-08 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
    2016-07-08 08:57 - 2016-07-08 08:57 - 00000000 ____D C:\Program Files\File Shredder
    2016-07-08 08:27 - 2016-07-08 08:27 - 48500408 _____ (Hammer & Chisel, Inc.) C:\Users\garrett morrow\Downloads\DiscordSetup (2).exe
    2016-07-08 06:00 - 2016-07-08 11:39 - 00000000 ___HD C:\$WINDOWS.~BT
    2016-07-08 05:56 - 2016-07-08 06:00 - 00000036 _____ C:\Windows\progress.ini
    2016-07-08 05:19 - 2016-07-08 11:40 - 00000000 ____D C:\Windows10Upgrade
    2016-07-08 05:19 - 2016-07-08 11:39 - 00000000 ___HD C:\$GetCurrent
    2016-07-08 05:19 - 2016-07-08 05:19 - 05792848 _____ (Microsoft Corporation) C:\Users\garrett morrow\Downloads\Windows10Upgrade9252.exe
    2016-07-08 05:19 - 2016-07-08 05:19 - 00000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
    2016-07-08 05:19 - 2016-07-08 05:19 - 00000682 _____ C:\Users\garrett morrow\Desktop\Windows 10 Upgrade Assistant.lnk
    2016-07-08 04:25 - 2016-07-08 04:25 - 00974733 _____ C:\Users\garrett morrow\Downloads\WinDlg_v1_29.zip
    2016-07-08 04:18 - 2016-07-08 04:25 - 00000000 ____D C:\ProgramData\Avg
    2016-07-08 04:18 - 2016-07-08 04:22 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\AvgSetupLog
    2016-07-08 04:18 - 2016-07-08 04:18 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\garrett morrow\Downloads\AVG_Protection_Free_1606.exe
    2016-07-08 04:18 - 2016-07-08 04:18 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\Avg
    2016-07-08 04:12 - 2016-07-08 04:12 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-07-08 04:12 - 2016-07-08 04:12 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-07-08 03:57 - 2016-07-08 03:57 - 08607280 _____ (McAfee, Inc.) C:\Users\garrett morrow\Downloads\SecurityScan_Release.exe
    2016-07-08 03:52 - 2016-07-05 07:12 - 00861696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\clientmonitor.exe
    2016-07-07 17:35 - 2016-07-07 17:35 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\AVAST Software
    2016-07-07 17:33 - 2016-07-07 17:33 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2016-07-07 17:32 - 2016-07-07 17:30 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.146793079901502
    2016-07-07 17:30 - 2016-07-07 17:31 - 00438454 _____ C:\unp30529695991465539.mdmp
    2016-07-07 17:25 - 2016-07-07 17:25 - 06253640 _____ (AVAST Software) C:\Users\garrett morrow\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
    2016-07-07 17:25 - 2016-07-07 17:25 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-07-07 17:20 - 2016-07-09 07:56 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\63205331380
    2016-07-07 17:16 - 2016-07-07 17:20 - 48500408 _____ (Hammer & Chisel, Inc.) C:\Users\garrett morrow\Downloads\DiscordSetup (1).exe
    2016-07-07 17:10 - 2016-07-07 17:10 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel
    2016-07-05 07:25 - 2016-07-05 07:12 - 00861696 _____ (NVIDIA Corporation) C:\Users\garrett morrow\AppData\Roaming\clientmonitor.exe
    2016-07-05 07:13 - 2016-07-10 09:40 - 00001609 _____ C:\ProgramData\Client Monitor
    2016-07-05 07:12 - 2016-07-09 07:51 - 00000000 ____D C:\ProgramData\Client
    2016-07-05 07:12 - 2016-07-05 07:12 - 00861696 _____ (NVIDIA Corporation) C:\Users\garrett morrow\Downloads\RPBro.exe
    2016-07-05 07:12 - 2016-07-05 07:12 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Monitor
    2016-06-28 01:45 - 2016-06-28 01:45 - 00402696 _____ () C:\Users\garrett morrow\Downloads\setup (2).exe
    2016-06-22 13:16 - 2016-06-22 13:16 - 00001240 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
    2016-06-22 13:04 - 2016-06-28 16:47 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\Battle.net
    2016-06-22 12:49 - 2016-06-22 12:50 - 00000000 ____D C:\ProgramData\Battle.net
    2016-06-22 02:00 - 2016-06-22 02:00 - 03970746 _____ C:\Users\garrett morrow\Downloads\Battle.net-Agent-PC-Standalone.zip
    2016-06-22 01:36 - 2016-06-28 01:44 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2016-06-22 01:35 - 2016-06-22 13:07 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Battle.net
    2016-06-22 01:32 - 2016-06-22 01:32 - 03012080 _____ (Blizzard Entertainment) C:\Users\garrett morrow\Downloads\Battle.net-Setup.exe
    2016-06-15 05:13 - 2016-07-08 17:26 - 00000000 ____D C:\Program Files (x86)\Gyazo
    2016-06-15 05:13 - 2016-06-15 05:13 - 15666720 _____ (Nota Inc. ) C:\Users\garrett morrow\Downloads\Gyazo-3.2.3.exe
    2016-06-15 05:13 - 2016-06-15 05:13 - 00000986 _____ C:\Users\Public\Desktop\Gyazo.lnk
    2016-06-15 05:13 - 2016-06-15 05:13 - 00000986 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
    2016-06-15 05:13 - 2016-06-15 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-10 10:14 - 2012-03-10 23:38 - 00000000 ____D C:\Program Files\AMD
    2016-07-10 10:13 - 2012-02-25 18:42 - 00000000 ____D C:\Program Files (x86)\AMD
    2016-07-10 10:13 - 2009-07-14 00:13 - 00795668 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-07-10 10:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2016-07-10 10:09 - 2009-07-13 23:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-07-10 10:09 - 2009-07-13 23:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-07-10 10:06 - 2012-02-26 01:56 - 00000000 ____D C:\AMD
    2016-07-10 09:51 - 2016-01-08 15:07 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
    2016-07-10 09:51 - 2015-09-23 03:02 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\SquirrelTemp
    2016-07-10 09:47 - 2016-01-20 14:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-07-10 09:40 - 2016-01-20 14:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-07-10 09:37 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-07-10 09:36 - 2012-03-19 14:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-07-10 09:36 - 2012-03-19 14:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-07-10 09:36 - 2009-07-13 23:45 - 00267272 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-07-10 09:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2016-07-10 09:32 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
    2016-07-10 09:16 - 2013-08-16 00:09 - 00000000 ____D C:\Windows\system32\MRT
    2016-07-10 09:09 - 2012-02-28 17:16 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-07-10 09:05 - 2012-03-19 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-07-10 08:33 - 2012-03-20 16:27 - 00002148 _____ C:\Windows\epplauncher.mif
    2016-07-10 08:33 - 2012-03-20 16:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2016-07-10 08:21 - 2012-03-15 16:27 - 00787790 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-07-10 07:53 - 2016-05-15 18:59 - 00000000 ____D C:\Users\garrett morrow\048298C9A4D3490B9FF9AB023A9238F3.TMP
    2016-07-10 07:53 - 2016-03-18 19:57 - 00000000 ____D C:\Users\garrett morrow\Downloads\Banished v1.0.4-GOG
    2016-07-10 07:53 - 2015-09-04 18:01 - 00000000 ____D C:\Program Files (x86)\A3Launcher
    2016-07-10 07:53 - 2013-07-07 21:50 - 00000000 ____D C:\Users\garrett morrow\Desktop\Old Desktop
    2016-07-10 07:53 - 2012-03-28 18:01 - 00000000 ____D C:\Program Files (x86)\psx emulation cheater
    2016-07-10 07:53 - 2012-02-25 19:06 - 00000000 ____D C:\Program Files (x86)\Mumble
    2016-07-10 07:50 - 2013-04-05 23:54 - 00000000 ____D C:\Program Files (x86)\Terraria
    2016-07-09 21:36 - 2013-06-27 20:08 - 00000000 ____D C:\Windows\pss
    2016-07-09 20:56 - 2012-03-10 00:17 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\PMB Files
    2016-07-09 20:35 - 2013-03-29 21:05 - 00000000 ____D C:\Program Files (x86)\OBS
    2016-07-09 20:35 - 2013-03-03 20:55 - 00000000 ____D C:\Users\garrett morrow\Downloads\Donkey Kong Country
    2016-07-09 20:35 - 2012-10-01 01:03 - 00000000 ____D C:\Users\garrett morrow\Downloads\Adobe Flash CS3 Professional
    2016-07-09 20:18 - 2012-02-25 17:10 - 00001007 _____ C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-07-09 08:47 - 2016-05-16 14:35 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-07-09 08:47 - 2012-07-15 13:14 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2016-07-09 08:46 - 2015-03-12 21:11 - 00000000 ____D C:\Program Files (x86)\Glyph
    2016-07-08 17:27 - 2012-06-14 05:30 - 00000000 ____D C:\Windows\System32\Tasks\Symantec
    2016-07-08 17:26 - 2012-09-21 00:14 - 00000000 ____D C:\ProgramData\HP Photo Creations
    2016-07-08 11:54 - 2012-02-25 22:50 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\ElevatedDiagnostics
    2016-07-08 11:39 - 2012-02-29 17:09 - 00001908 _____ C:\Windows\diagwrn.xml
    2016-07-08 11:39 - 2012-02-29 17:09 - 00001908 _____ C:\Windows\diagerr.xml
    2016-07-08 11:38 - 2011-01-01 04:45 - 00000000 ____D C:\Windows\Panther
    2016-07-08 09:02 - 2012-11-05 00:51 - 00395776 ___SH C:\Users\garrett morrow\Thumbs.db
    2016-07-08 07:36 - 2012-02-25 21:07 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\Deployment
    2016-07-08 05:52 - 2013-04-08 20:53 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2016-07-08 04:09 - 2012-06-06 23:21 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\TSVNCache
    2016-07-08 03:53 - 2016-05-15 20:14 - 00001881 _____ C:\Users\Public\Desktop\Defraggler.lnk
    2016-07-08 03:27 - 2015-08-20 19:01 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2016-07-08 03:23 - 2015-04-01 02:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-07-07 22:20 - 2012-03-10 00:17 - 00000000 ____D C:\ProgramData\PMB Files
    2016-07-07 21:54 - 2012-03-08 17:59 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\CrashDumps
    2016-07-07 18:36 - 2014-04-23 03:01 - 00000000 ____D C:\Windows\TempDC49A281-EC29-A35F-DC3A-1F35D732DCD9-Signatures
    2016-07-07 17:33 - 2015-08-20 19:01 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-07-07 17:13 - 2013-04-26 22:20 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\TS3Client
    2016-07-07 17:13 - 2012-04-10 00:26 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\LogMeIn Hamachi
    2016-07-07 17:08 - 2012-02-25 22:18 - 00000000 ____D C:\Windows\Minidump
    2016-07-07 15:14 - 2012-04-01 18:29 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Skype
    2016-07-05 07:22 - 2012-02-25 17:10 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\VirtualStore
    2016-07-01 05:58 - 2016-01-27 10:37 - 00000000 ____D C:\Users\garrett morrow\Documents\ShareX
    2016-06-28 02:17 - 2016-05-03 02:59 - 00000000 ____D C:\Program Files (x86)\Overwatch
    2016-06-28 01:53 - 2012-02-25 19:10 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2016-06-22 19:08 - 2015-04-04 20:49 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
    2016-06-22 19:07 - 2012-05-15 15:44 - 00000000 ____D C:\Program Files (x86)\Diablo III
    2016-06-22 01:28 - 2012-02-29 17:51 - 00000000 ____D C:\Program Files\World of Warcraft
    2016-06-21 12:13 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2016-06-20 17:58 - 2009-07-14 00:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-06-17 17:49 - 2016-01-20 14:34 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-10 00:19 - 2014-06-04 01:29 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\7DaysToDie
     
  7. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    ==================== Files in the root of some directories =======

    2016-01-11 14:37 - 2016-01-11 14:50 - 50053120 _____ () C:\Program Files (x86)\GUT870B.tmp
    2015-02-15 17:19 - 2015-04-20 04:58 - 0000020 _____ () C:\Users\garrett morrow\AppData\Roaming\appdataFr3.bin
    2014-05-31 00:31 - 2014-06-04 23:50 - 0000281 _____ () C:\Users\garrett morrow\AppData\Roaming\BreakingPoint_Login.ini
    2014-05-30 22:08 - 2014-06-05 01:03 - 0001333 _____ () C:\Users\garrett morrow\AppData\Roaming\BreakingPoint_Options.ini
    2016-07-05 07:25 - 2016-07-05 07:12 - 0861696 _____ (NVIDIA Corporation) C:\Users\garrett morrow\AppData\Roaming\clientmonitor.exe
    2014-04-14 17:14 - 2014-04-14 17:14 - 0000047 _____ () C:\Users\garrett morrow\AppData\Roaming\mbam.context.scan
    2015-07-24 05:40 - 2015-07-24 05:40 - 0000105 _____ () C:\Users\garrett morrow\AppData\Roaming\settings.xml
    2014-03-05 04:06 - 2016-05-19 00:20 - 0000182 _____ () C:\Users\garrett morrow\AppData\Roaming\WB.CFG
    2013-04-08 21:52 - 2015-12-01 16:19 - 0013824 _____ () C:\Users\garrett morrow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-03-15 22:09 - 2012-03-15 22:09 - 0000102 _____ () C:\Users\garrett morrow\AppData\Local\fusioncache.dat
    2015-04-20 13:18 - 2015-04-20 13:18 - 0007060 _____ () C:\Users\garrett morrow\AppData\Local\recently-used.xbel
    2013-06-27 20:09 - 2015-04-21 17:52 - 0007597 _____ () C:\Users\garrett morrow\AppData\Local\resmon.resmoncfg
    2015-06-30 00:10 - 2015-06-30 00:10 - 0000000 _____ () C:\Users\garrett morrow\AppData\Local\{0471352D-A327-4189-8AA8-D93F51EDD5E7}
    2015-07-10 00:09 - 2015-07-10 00:09 - 0000000 _____ () C:\Users\garrett morrow\AppData\Local\{8BA21D1F-682D-4F74-A02D-FE600D64E468}
    2012-09-21 00:10 - 2012-09-21 00:10 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-07-05 07:13 - 2016-07-10 09:40 - 0001609 _____ () C:\ProgramData\Client Monitor
    ZeroAccess:
    C:\Program Files (x86)\Google\Desktop\Install

    Some files in TEMP:
    ====================
    C:\Users\garrett morrow\AppData\Local\Temp\libeay32.dll
    C:\Users\garrett morrow\AppData\Local\Temp\msvcr120.dll
    C:\Users\garrett morrow\AppData\Local\Temp\playstv_patch.exe
    C:\Users\garrett morrow\AppData\Local\Temp\Quarantine.exe
    C:\Users\garrett morrow\AppData\Local\Temp\raptrpatch.exe
    C:\Users\garrett morrow\AppData\Local\Temp\raptr_stub.exe
    C:\Users\garrett morrow\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\garrett morrow\AppData\Local\Temp\sqlite3.dll
    C:\Users\garrett morrow\AppData\Local\Temp\tmpBEEC.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


    LastRegBack: 2016-03-01 15:53

    ==================== End of FRST.txt ============================
     
  8. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    This is addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2016
    Ran by garrett morrow (2016-07-10 10:33:10)
    Running from C:\Users\garrett morrow\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2012-02-25 22:08:34)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4182545111-3799939734-1776222819-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-4182545111-3799939734-1776222819-1004 - Limited - Enabled)
    garrett morrow (S-1-5-21-4182545111-3799939734-1776222819-1000 - Administrator - Enabled) => C:\Users\garrett morrow
    Guest (S-1-5-21-4182545111-3799939734-1776222819-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-4182545111-3799939734-1776222819-1006 - Limited - Enabled)
    Mcx1-GARRETTMORROW (S-1-5-21-4182545111-3799939734-1776222819-1007 - Limited - Enabled) => C:\Users\Mcx1-GARRETTMORROW

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @Bios (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE)
    µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29462 - BitTorrent Inc.)
    7 Days to Die (HKLM\...\Steam App 251570) (Version: - The Fun Pimps)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.268 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.146 - Adobe Systems Incorporated)
    Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Application Profiles (x32 Version: 2.0.4331.36041 - Advanced Micro Devices, Inc.) Hidden
    ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
    Arma 3 (HKLM\...\Steam App 107410) (Version: - Bohemia Interactive)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
    AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    AV Music Morpher (HKLM-x32\...\AV Music Morpher) (Version: - )
    Bandicam (HKLM-x32\...\Bandicam) (Version: 2.2.4.811 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Bandizip (HKLM\...\Bandizip) (Version: 5.0 - Bandisoft.com)
    Banished (HKLM-x32\...\1207660783_is1) (Version: 2.3.0.7 - GOG.com)
    Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 1.132.0 - EA Digital Illusions CE AB)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
    CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
    Creativerse (HKLM\...\Steam App 280790) (Version: - Playful Corporation)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    Curse Client (HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DC Universe Online Live (HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\SOE-DC Universe Online Live) (Version: - Sony Online Entertainment)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Discord (HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.)
    Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
    Driver Detective (HKLM-x32\...\{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}) (Version: 7 - PC Drivers HeadQuarters)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    Easy Tune 6 B11.0427.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
    Easy Tune 6 B11.0427.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    EasySaver B9.1214.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
    Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
    f.lux (HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\Flux) (Version: - )
    File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
    FLV Converter 3.5 (HKLM-x32\...\{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1) (Version: - FLV Converter)
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    Free Disc Burner (HKLM-x32\...\Free Disc Burner_is1) (Version: 3.0.48.511 - Digital Wave Ltd)
    Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2 (HKLM-x32\...\Free FLV to AVI MP4 3GP WMV MP3 Converter_is1) (Version: 2.0 - www.appfree.net)
    FreeFixer (HKLM-x32\...\FreeFixer1.13) (Version: 1.13 - Kephyr)
    Game Cam 2.6.1.0 (HKLM-x32\...\Game Cam) (Version: 2.6.1.0 - Game Cam Portal, Inc.)
    GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.1242.41000 - YoYo Games Ltd.)
    GameMaker-Studio 1.4 (HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\GameMaker-Studio14) (Version: - YoYo Games Ltd.)
    Gigantic Installer (HKLM-x32\...\{fb714f96-ecf3-484b-b780-edbd9e241da7}) (Version: 1.0.0.2 - Motiga Inc.)
    Gigantic Launcher (64-bit) (Version: 1.3.0.1 - Motiga Inc.) Hidden
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
    Gyazo 3.2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
    H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version: - Daybreak Game Company)
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
    HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9452 - HP Photo Creations)
    HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
    HydraVision (x32 Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
    iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
    Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    Joystix Pro (HKLM-x32\...\{7254274D-3F70-4EDD-9BEE-EA6BAD5636B4}) (Version: 2.0.0.0 - Blue Orb, Inc.)
    League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.1.0.284 - LogMeIn, Inc.) Hidden
    LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
    Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
    NETGEAR WNDA4100 Genie (HKLM-x32\...\InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.0 - NETGEAR)
    NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.0 - NETGEAR) Hidden
    NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
    ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    Open Garden (HKLM-x32\...\OpenGarden) (Version: - )
    Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
    osu! (HKLM-x32\...\{8b2ebce3-1627-477d-93f9-aba7ba89f4d6}) (Version: latest - ppy Pty Ltd)
    Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.7.0.0 - Pando Networks Inc.)
    PdaNet+ for Android 4.18 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
    PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1053.0 - Passmark Software)
    PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.12.2-r114411-release - Plays.tv, LLC)
    Portal 2 (HKLM-x32\...\Postal 2_is1) (Version: - )
    RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com)
    Raptr (HKLM-x32\...\Raptr) (Version: 5.2.1-r113066-release - Raptr, Inc)
    Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
    Registry Repair 5.0.1.80 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.80 - Glarysoft Ltd)
    RegUtility version 4.1 (HKLM-x32\...\RegUtility_is1) (Version: 4.1 - )
    Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.3.8 - Reimage) <==== ATTENTION
    Robocraft version 0.3.290 (HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.3.290 - Freejam)
    Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix)
    ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 10.6.1 - ShareX Team)
    ShellShock Live (HKLM\...\Steam App 326460) (Version: - kChamp Games)
    Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games)
    Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
    Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
    Soundboard (HKLM-x32\...\Soundboard) (Version: 1.0.0 - UNKNOWN)
    Soundboard (x32 Version: 1.0.0 - UNKNOWN) Hidden
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Splashtop Connect IE (HKLM-x32\...\{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}) (Version: 1.1.13.1 - Splashtop Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
    TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
    The Lord of the Rings Online™ v03.05.01.8027 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.05.01.8027 - Turbine, Inc.)
    Tom Clancy's The Division Beta (HKLM-x32\...\Uplay Install 2036) (Version: - Ubisoft)
    TortoiseSVN 1.7.7.22907 (64 bit) (HKLM\...\{4371D69B-FB6A-4A61-8477-C1B919FB2311}) (Version: 1.7.22907 - TortoiseSVN)
    Trove (HKLM-x32\...\Glyph Trove) (Version: - Trion Worlds, Inc.)
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
    UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
    Unreal Development Kit: 2012-05 (HKLM\...\UDK-308f4ab7-e65e-4670-9e6a-205909a26eac) (Version: - Epic Games, Inc.)
    Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Vegas Pro 11.0 (HKLM-x32\...\{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}) (Version: 11.0.682 - Sony)
    Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
    WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
    Windows Essentials Media Codec Pack 4.7 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.7 - Media Codec)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WinX DVD Author 6.2 (HKLM-x32\...\WinX DVD Author_is1) (Version: - DigiartySoft, Inc.)
    Wise Registry Cleaner 9.22 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 9.22 - WiseCleaner.com, Inc.)
    World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
    XSplit Broadcaster (HKLM-x32\...\{6F937E75-B6D6-4C2C-B864-90AA91EFF8B2}) (Version: 1.3.1403.1202 - SplitmediaLabs)
    XSplit Gamecaster (HKLM-x32\...\{02297800-E109-4A50-8F82-AACD0844A051}) (Version: 2.5.1507.3024 - SplitmediaLabs)
     
  9. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2FD49EFD-BDD3-4BF7-9AEA-CCF43674425E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-07] (AVAST Software)
    Task: {4F5286F4-5C4A-475A-864A-A2E1340E8596} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
    Task: {5683D25B-E3F8-438A-B0D6-C1779E771A32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
    Task: {5F1060B3-86E6-4136-9EA9-E531DF7FBA35} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
    Task: {63A790D1-03FC-46CA-BF1D-23D42981DAE7} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-05-03] (Advanced Micro Devices, Inc.)
    Task: {6F0A142E-0040-416F-A191-DDA6163C68F4} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-GARRETTMORROW => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
    Task: {7737742A-C8A1-4055-AF4B-9E41CA1C7304} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
    Task: {9165398F-F529-48A8-9C51-02D6473747FE} - System32\Tasks\{76F04047-1676-4F09-ABDA-FC763D27FA1A} => pcalua.exe -a "C:\Users\garrett morrow\Downloads\pecsetup.exe" -d "C:\Users\garrett morrow\Desktop"
    Task: {AF4A525D-86AF-4D71-BAB0-5930D3F4E51A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {B8BDE466-EDCB-47F0-B55F-436E58578B41} - System32\Tasks\{94722EA7-C91D-4616-B8D3-0998EB0EF39A} => C:\Program Files (x86)\Steam\Steam.exe [2016-06-14] (Valve Corporation)
    Task: {BB6AE6EC-1262-4D51-8886-E1D37EF57B36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
    Task: {CF994412-DD0B-47DF-B427-22E550782F87} - System32\Tasks\Client Monitor => C:\ProgramData\Client\client.exe [2016-07-05] (NVIDIA Corporation) <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\garrett morrow\Desktop\Old Desktop\Random\STUFF I DONT NEED\Games (2).lnk -> hxxp://socialgames.splashtop.com/redirectGames/?oem=gbbcu01&os=Windows&p=GA-990XA-UD3&pv=1.1.13&v=1&flv=&c=1033&t=d41d8cd98f00b204e9800998ecf8427e&l=en-US (No File)
    Shortcut: C:\Users\garrett morrow\Desktop\Old Desktop\Random\STUFF I DONT NEED\Games.lnk -> hxxp://socialgames.splashtop.com/redirectGames/?oem=gbbcu01&os=Windows&p=GA-990XA-UD3&pv=1.1.13&v=1&flv=&c=1033&t=d41d8cd98f00b204e9800998ecf8427e&l=en-US (No File)
    Shortcut: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\GameExplorer\{65BCE8F2-4C15-44D2-B53C-F2EC5ABA0642}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/games/ (No File)
    Shortcut: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\GameExplorer\{65BCE8F2-4C15-44D2-B53C-F2EC5ABA0642}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.ageofempires3.com/ (No File)
    Shortcut: C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk -> hxxp://socialgames.splashtop.com/redirectGames/?oem=gbbcu01&os=Windows&p=GA-990XA-UD3&pv=1.1.13&v=1&flv=&c=1033&t=d41d8cd98f00b204e9800998ecf8427e&l=en-US (No File)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-08-04 00:25 - 2015-08-04 00:25 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
    2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
    2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
    2015-08-04 00:25 - 2015-08-04 00:25 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-05-15 13:29 - 2012-05-15 13:29 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
    2016-07-08 08:57 - 2012-04-01 00:06 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll
    2015-08-04 00:25 - 2015-08-04 00:25 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2016-06-17 17:49 - 2016-06-15 03:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
    2016-06-17 17:49 - 2016-06-15 03:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
    2015-11-24 15:43 - 2015-11-24 15:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
    2015-11-24 15:43 - 2015-11-24 15:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
    2015-11-24 15:43 - 2015-11-24 15:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
    2015-11-24 15:47 - 2015-11-24 15:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
    2015-12-07 15:57 - 2015-12-07 15:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
    2015-11-24 15:47 - 2015-11-24 15:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
    2015-11-24 15:47 - 2015-11-24 15:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
    2015-11-24 15:47 - 2015-11-24 15:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
    2015-11-24 15:48 - 2015-11-24 15:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
    2015-11-24 15:46 - 2015-11-24 15:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
    2015-11-24 15:48 - 2015-11-24 15:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
    2015-11-24 15:43 - 2015-11-24 15:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
    2015-11-24 15:46 - 2015-11-24 15:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
    2015-11-24 15:48 - 2015-11-24 15:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
    2015-11-24 15:43 - 2015-11-24 15:43 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_sqlite3.pyd
    2015-11-24 15:43 - 2015-11-24 15:43 - 00387072 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sqlite3.dll
    2015-10-21 15:29 - 2015-10-21 15:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlc.dll
    2015-10-21 15:29 - 2015-10-21 15:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlccore.dll
    2015-11-24 15:48 - 2015-11-24 15:48 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32file.pyd
    2015-11-24 15:47 - 2015-11-24 15:47 - 00216064 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKitWidgets.pyd
    2015-11-24 15:47 - 2015-11-24 15:47 - 00118784 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKit.pyd
    2015-11-24 15:47 - 2015-11-24 15:47 - 00199680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtPrintSupport.pyd
    2015-11-24 15:43 - 2015-11-24 15:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
    2015-11-24 15:48 - 2015-11-24 15:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
    2015-11-24 15:47 - 2015-11-24 15:47 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32com.shell.shell.pyd
    2015-11-24 15:43 - 2015-11-24 15:43 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\unicodedata.pyd
    2015-10-21 15:29 - 2015-10-21 15:29 - 00027667 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libdirectsound_plugin.dll
    2015-10-21 15:29 - 2015-10-21 15:29 - 00031251 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libwaveout_plugin.dll
    2015-10-21 15:29 - 2015-10-21 15:29 - 00066579 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\video_output\libdirectdraw_plugin.dll
    2016-07-07 14:46 - 2016-07-07 14:46 - 02619144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\ltc_host_ex.DLL
    2015-11-24 15:48 - 2015-11-24 15:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
    2015-11-24 15:48 - 2015-11-24 15:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
    2015-11-24 15:48 - 2015-11-24 15:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
    2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
    2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
    2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
    2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
    2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
    2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
    2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
    2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
    2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
    2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
    2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
    2015-10-21 15:29 - 2015-10-21 15:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
    2015-10-21 15:29 - 2015-10-21 15:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
    2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
    2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
    2015-06-26 18:09 - 2015-06-26 18:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
    2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
    2016-04-19 12:08 - 2016-04-19 12:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
    2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
    2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
    2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
    2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
    2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
    2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
    2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
    2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
  10. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\sony.com -> sony.com

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2016-07-08 17:26 - 00001002 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 d3oxij66pru1i3.cloudfront.net
    127.0.0.1 d3oxij66pru1i3.cloudfront.net

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMD FUEL Service => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: BBSvc => 2
    MSCONFIG\Services: BEService => 3
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: ES lite Service => 2
    MSCONFIG\Services: EvoSvc => 3
    MSCONFIG\Services: Hamachi2Svc => 2
    MSCONFIG\Services: HiPatchService => 2
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LMIGuardianSvc => 2
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: McComponentHostService => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: RalinkRegistryWriter => 2
    MSCONFIG\Services: RalinkRegistryWriter64 => 2
    MSCONFIG\Services: ReimageRealTimeProtector => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\Services: UMVPFSrv => 2
    MSCONFIG\Services: WCUService_STC_IE => 2
    MSCONFIG\Services: xates => 2
    MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{B3E6BF84-F7D8-454D-A109-C76F073CB60C}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Allow) C:\program files (x86)\pando networks\media booster\pmb.exe
    FirewallRules: [UDP Query User{B0AB9D61-02C4-47AD-94D6-635B0EF4187F}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Allow) C:\program files (x86)\pando networks\media booster\pmb.exe
    FirewallRules: [TCP Query User{226D3F56-5C07-488C-B4F9-D43C8734AC21}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [UDP Query User{FC3226F6-75EC-43A9-956F-663E0658D3EE}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [{B60C8175-C208-4600-9B91-48B2B17EC126}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1042321B-4369-4D27-9179-A04C9DEC188C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [TCP Query User{185A2A0F-7641-4A79-9E7E-A8F61D15F979}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{23603CAA-57EA-4C74-AA56-3B36B00DAC23}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{C18B6803-29AD-4DD0-811E-41A04B9F0FA5}] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{CDD6778E-AB1A-4501-B54D-188F56709583}] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{0CC936BF-B9B5-4963-97E4-07E3C006E6F6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{D1BCCC58-8EB1-4C35-BC3B-92AD9B052B52}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
    FirewallRules: [UDP Query User{5669EC91-C1BC-4C1D-AF13-B76FC6B681EF}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
    FirewallRules: [{032F361A-E34C-4DF4-AD1D-46A25668586B}] => (Block) C:\program files (x86)\gigabyte\@bios\gwflash.exe
    FirewallRules: [{9BD9ACEE-B0B7-4CE9-9F11-0F2E9A4AD80A}] => (Block) C:\program files (x86)\gigabyte\@bios\gwflash.exe
    FirewallRules: [TCP Query User{474AA30F-096A-43B8-8811-E78B8F238B85}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Allow) C:\program files (x86)\pando networks\media booster\pmb.exe
    FirewallRules: [UDP Query User{E2A12157-D8DF-4AEA-8F56-EADBAC27F443}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Allow) C:\program files (x86)\pando networks\media booster\pmb.exe
    FirewallRules: [TCP Query User{2FF55198-140C-4A92-8A26-407ECB1EFE54}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
    FirewallRules: [UDP Query User{477EAA1B-6FA3-4516-9FA2-A6DE30387F70}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
    FirewallRules: [TCP Query User{032BD8D3-30E4-4F0E-B20F-CA8D8B4B6782}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
    FirewallRules: [UDP Query User{82DE9F4C-AC1C-4A93-A74C-8597079DB610}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
    FirewallRules: [TCP Query User{EC207696-A280-487A-B0B3-41166D228568}C:\program files (x86)\gigabyte\easysaver\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\easysaver\updexe.exe
    FirewallRules: [UDP Query User{F74A8F7A-699D-408E-8E4A-1539FE94AB12}C:\program files (x86)\gigabyte\easysaver\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\easysaver\updexe.exe
    FirewallRules: [TCP Query User{AF38CE04-26B4-4986-A92D-4EFF49F9C198}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\easysaver\gbtupd.exe
    FirewallRules: [UDP Query User{C7B5F216-C252-441D-9FA0-68D7F513F640}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\easysaver\gbtupd.exe
    FirewallRules: [TCP Query User{9EA7D4CE-2DE8-4EDF-A0C3-99DB75D7F94E}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\updexe.exe
    FirewallRules: [UDP Query User{71D6A4F5-C435-4FBE-84F6-C9C32CA36969}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\updexe.exe
    FirewallRules: [TCP Query User{4D3DEAA6-A359-4729-A11A-955B6084755C}C:\program files (x86)\gigabyte\@bios\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gbtupd.exe
    FirewallRules: [UDP Query User{976CEC3E-EF8A-49C8-B10F-7E74BC757562}C:\program files (x86)\gigabyte\@bios\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gbtupd.exe
    FirewallRules: [{DBD23DF6-F540-44EE-BF70-9A351AD706D2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{ECB12792-2CB3-46F1-9ABF-B6E9EB5320EA}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{00854B2D-65EE-4592-982E-536F89EA8CC2}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{06FEC775-5D91-4805-B458-F4486EFAC122}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{443DF699-B8EC-4352-A7DC-CBE907566EA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{30292FA7-727D-46F6-8C2E-0F00551194FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{28F06E20-C53C-4FD1-B561-0165D3121A49}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{0CA02A79-CBB3-4CF5-B99F-B13906AE34BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{F46EEAFE-69EF-4709-80C9-F72383D44751}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C6850027-8A51-40C2-9CA8-1CAF4B72669A}] => (Allow) C:\Program Files (x86)\Open Garden\OpenGarden.exe
    FirewallRules: [{27E478B2-70F5-4DB1-B629-58EB06AF36BF}] => (Allow) C:\Program Files (x86)\Open Garden\OpenGarden.exe
    FirewallRules: [{E3477406-0EB7-491B-9FD8-3BE155DED6DE}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
    FirewallRules: [{5D5EA5EF-F3A1-43C8-AF3E-D6AE0618A86B}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
    FirewallRules: [{7CCE99DE-2556-472C-89B8-061DE003CC56}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{736405C3-DCF2-417A-8C28-EF13F9790EF0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
    FirewallRules: [{437B0745-B9C5-4E89-A6DA-C680294B81AE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
    FirewallRules: [{2455AE26-96CE-4408-BE79-316964C6C8B4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
    FirewallRules: [{42E119B1-8EF5-45F4-841F-3D5FB8A4C4DC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
    FirewallRules: [{9E159E58-EB35-447D-B677-8602B0169F3F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
    FirewallRules: [{31B2B1E9-791E-4568-8A75-AE10816ABF8D}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe

    ==================== Restore Points =========================

    10-07-2016 08:02:02 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: Universal Serial Bus (USB) Controller
    Description: Universal Serial Bus (USB) Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Universal Serial Bus (USB) Controller
    Description: Universal Serial Bus (USB) Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/10/2016 10:13:58 AM) (Source: MsiInstaller) (EventID: 10005) (User: garrettmorrow)
    Description: Product: CCC Help Polish -- Internal Error 2203. C:\Windows\Installer\1e4cf2.ipi, -2147287035

    Error: (07/10/2016 10:12:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Discord.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: b84

    Start Time: 01d1daba8ba98f34

    Termination Time: 2

    Application Path: C:\Users\garrett morrow\AppData\Local\Discord\app-0.0.291\Discord.exe

    Report Id: b65e8072-46b0-11e6-8f5f-50e549c82452

    Error: (07/10/2016 08:33:01 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
    Description: HRESULT:0x80070643
    Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

    Error: (07/10/2016 08:33:00 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
    Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\EppManifest.dll.

    Error: (07/10/2016 08:09:23 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
    Description: HRESULT:0x80070643
    Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

    Error: (07/10/2016 08:09:20 AM) (Source: MsiInstaller) (EventID: 11310) (User: NT AUTHORITY)
    Description: Product: Microsoft Security Client -- Error 1310. Error writing to file: c:\Program Files (x86)\Microsoft Security Client\MsMpLics.dll. System error 0. Verify that you have access to that directory.

    Error: (07/10/2016 07:49:04 AM) (Source: Steam Client Service) (EventID: 1) (User: )
    Description: Failed to find Steam.exe

    Error: (07/09/2016 09:29:56 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/09/2016 08:46:36 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0000000003290fd8
    Faulting process id: 0x6d8
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (07/09/2016 08:45:59 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


    System errors:
    =============
    Error: (07/10/2016 09:37:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (07/10/2016 09:36:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Microsoft Antimalware Service service failed to start due to the following error:
    %%2 = The system cannot find the file specified.


    Error: (07/10/2016 08:33:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).

    Error: (07/10/2016 08:17:28 AM) (Source: Tcpip) (EventID: 4199) (User: )
    Description: The system detected an address conflict for IP address 2600:100d:b128:4af1:75b4:8625:3cb6:8dac with the system
    having network hardware address 00-15-FF-BF-A7-05. Network operations on this system may
    be disrupted as a result.

    Error: (07/10/2016 08:09:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.9.218.0 (KB3140527).

    Error: (07/09/2016 09:38:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (07/09/2016 09:38:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Microsoft Antimalware Service service failed to start due to the following error:
    %%2 = The system cannot find the file specified.


    Error: (07/09/2016 09:11:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1068 = The dependency service or group failed to start.


    Error: (07/09/2016 09:10:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1068 = The dependency service or group failed to start.


    Error: (07/09/2016 09:10:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068 = The dependency service or group failed to start.



    CodeIntegrity:
    ===================================
    Date: 2016-07-07 19:05:15.425
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\EasyAntiCheat.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-07 18:37:43.009
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-07 18:36:54.774
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-07 18:36:54.649
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-07 18:36:13.231
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-07 17:33:28.593
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-10 02:30:25.349
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-10 02:29:48.429
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-08 00:05:43.400
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-07 21:44:06.401
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-4100 Quad-Core Processor
    Percentage of memory in use: 58%
    Total physical RAM: 8173.24 MB
    Available physical RAM: 3397.84 MB
    Total Virtual: 16344.67 MB
    Available Virtual: 10757.81 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1397.17 GB) (Free:788.12 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 1F13A85E)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    [​IMG] Uninstall following unwanted program:

    Reimage Repair

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  12. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    Roguekiller report.

    RogueKiller V12.3.8.0 [Jul 11 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : garrett morrow [Administrator]
    Started from : C:\Users\garrett morrow\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 07/11/2016 10:48:37

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path|Proc.Injected] client.exe(2264) -- C:\ProgramData\Client\client.exe[-] -> Killed [TermProc]

    ¤¤¤ Registry : 207 ¤¤¤
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | shell : explorer.exe,"C:\Users\garrett morrow\AppData\Roaming\clientmonitor.exe" [x] -> Not selected
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | shell : explorer.exe,"C:\Users\garrett morrow\AppData\Roaming\clientmonitor.exe" [x] -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ReimageRealTimeProtector (C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe) -> Not selected
    [Root.ZeroAccess] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\?etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c3d8a8fd-b559-9494-b5db-e2e7551e2b19}\ \...\???\{c3d8a8fd-b559-9494-b5db-e2e7551e2b19}\GoogleUpdate.exe" <) -> Deleted
    [Suspicious.Path|Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\GARRET~1\AppData\Local\Temp\aswMBR.sys) -> Not selected
    [Suspicious.Path|Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\GARRET~1\AppData\Local\Temp\aswVmm.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ReimageRealTimeProtector (C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe) -> Not selected
    [Root.ZeroAccess] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\?etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c3d8a8fd-b559-9494-b5db-e2e7551e2b19}\ \...\???\{c3d8a8fd-b559-9494-b5db-e2e7551e2b19}\GoogleUpdate.exe" <) -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\GARRET~1\AppData\Local\Temp\aswMBR.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\GARRET~1\AppData\Local\Temp\aswVmm.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ReimageRealTimeProtector (C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe) -> Not selected
    [Root.ZeroAccess] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\?etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c3d8a8fd-b559-9494-b5db-e2e7551e2b19}\ \...\???\{c3d8a8fd-b559-9494-b5db-e2e7551e2b19}\GoogleUpdate.exe" <) -> Deleted
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-bf-a7-05_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-26-5e-eb-47-30_4c-17-eb-08-ff-c9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-26-5e-eb-47-30_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2c-9e-5f-fa-a2-60_7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2c-9e-5f-fa-a2-60_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-44-01-00-7a-a9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-31-c1-1b-34-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01_e0-91-f5-cc-4a-21 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01_e4-83-99-58-59-9c -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{A39BE645-2390-4CA2-A172-8FB0432025CA} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{E71CE5FD-DC54-401B-A6C4-F247EC029BEB} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{01BD1EF6-E88A-47F7-BC85-42BF315875EC}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0D19C439-1146-4095-8240-2A2A2F2D7442}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{17FB8FF4-F9C3-4768-9A11-3E4E14F02C70}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1BB69C6F-4471-4C14-8E09-633CB8B708C5}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{208CCC77-5006-4D54-8679-75CA6B9FC57B}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2DA26BE3-9E4B-4BD4-87A0-CD528FE66903}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3466FBAC-B6D9-440C-BC64-ACD9C2408A92}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{39209842-1CD6-4606-9FEC-00DA227DDB5C}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40D65631-792B-4F37-9EB6-7BCEC70C5CA8}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4C3AF8FF-2568-457E-B6C6-9C39E0964C00}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4C3AF8FF-2568-457E-B6C6-9C39E0964C00}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5195EA14-AA86-468A-94E7-D472B8AAF5BE}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{564FA545-A5AB-408E-AE0A-C1AC16DD630D}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{68D328D5-DD5A-439E-9BE4-24E7E8A82ECB} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{841F8C91-47C2-4CE5-A452-9244E48D4C22} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{9C0802B3-C91D-4FA1-BD2A-C22EFBFFBCA7} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{A39BE645-2390-4CA2-A172-8FB0432025CA} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B}_{E71CE5FD-DC54-401B-A6C4-F247EC029BEB} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{C35791DC-C277-4BEE-823C-976947FBF49F} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{FECC4F96-E58E-4AF0-9D56-9EDB646F5FAC} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-bf-a7-05_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-26-5e-eb-47-30_4c-17-eb-08-ff-c9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-26-5e-eb-47-30_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2c-9e-5f-fa-a2-60_7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2c-9e-5f-fa-a2-60_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-44-01-00-7a-a9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-31-c1-1b-34-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01_e0-91-f5-cc-4a-21 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01_e4-83-99-58-59-9c -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{A39BE645-2390-4CA2-A172-8FB0432025CA} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{E71CE5FD-DC54-401B-A6C4-F247EC029BEB} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{01BD1EF6-E88A-47F7-BC85-42BF315875EC}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0D19C439-1146-4095-8240-2A2A2F2D7442}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{17FB8FF4-F9C3-4768-9A11-3E4E14F02C70}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1BB69C6F-4471-4C14-8E09-633CB8B708C5}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{208CCC77-5006-4D54-8679-75CA6B9FC57B}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2DA26BE3-9E4B-4BD4-87A0-CD528FE66903}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3466FBAC-B6D9-440C-BC64-ACD9C2408A92}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{39209842-1CD6-4606-9FEC-00DA227DDB5C}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40D65631-792B-4F37-9EB6-7BCEC70C5CA8}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4C3AF8FF-2568-457E-B6C6-9C39E0964C00}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4C3AF8FF-2568-457E-B6C6-9C39E0964C00}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5195EA14-AA86-468A-94E7-D472B8AAF5BE}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{564FA545-A5AB-408E-AE0A-C1AC16DD630D}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{68D328D5-DD5A-439E-9BE4-24E7E8A82ECB} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{841F8C91-47C2-4CE5-A452-9244E48D4C22} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{9C0802B3-C91D-4FA1-BD2A-C22EFBFFBCA7} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{A39BE645-2390-4CA2-A172-8FB0432025CA} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B}_{E71CE5FD-DC54-401B-A6C4-F247EC029BEB} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{C35791DC-C277-4BEE-823C-976947FBF49F} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{FECC4F96-E58E-4AF0-9D56-9EDB646F5FAC} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-44-01-00-7a-a9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{FECC4F96-E58E-4AF0-9D56-9EDB646F5FAC} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-44-01-00-7a-a9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{FECC4F96-E58E-4AF0-9D56-9EDB646F5FAC} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-be-bb-4f_02-50-f3-00-02-00_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-be-bb-4f_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-bf-a7-05_02-50-f3-00-02-00_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-bf-a7-05_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{08987F5E-B658-45CA-A023-A1BB110C0AB1}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{8C0E0A01-94C4-4E59-9F4C-CEF764447759}_{9C0802B3-C91D-4FA1-BD2A-C22EFBFFBCA7} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{9C0802B3-C91D-4FA1-BD2A-C22EFBFFBCA7} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-be-bb-4f_02-50-f3-00-02-00_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-be-bb-4f_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-bf-a7-05_02-50-f3-00-02-00_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-bf-a7-05_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{08987F5E-B658-45CA-A023-A1BB110C0AB1}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{8C0E0A01-94C4-4E59-9F4C-CEF764447759}_{9C0802B3-C91D-4FA1-BD2A-C22EFBFFBCA7} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{9C0802B3-C91D-4FA1-BD2A-C22EFBFFBCA7} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-bf-a7-05_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-26-5e-eb-47-30_4c-17-eb-08-ff-c9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-26-5e-eb-47-30_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2c-9e-5f-fa-a2-60_7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2c-9e-5f-fa-a2-60_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-44-01-00-7a-a9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-31-c1-1b-34-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01_e0-91-f5-cc-4a-21 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01_e4-83-99-58-59-9c -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{A39BE645-2390-4CA2-A172-8FB0432025CA} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{E71CE5FD-DC54-401B-A6C4-F247EC029BEB} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{01BD1EF6-E88A-47F7-BC85-42BF315875EC}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0D19C439-1146-4095-8240-2A2A2F2D7442}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{17FB8FF4-F9C3-4768-9A11-3E4E14F02C70}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1BB69C6F-4471-4C14-8E09-633CB8B708C5}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{208CCC77-5006-4D54-8679-75CA6B9FC57B}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2DA26BE3-9E4B-4BD4-87A0-CD528FE66903}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3466FBAC-B6D9-440C-BC64-ACD9C2408A92}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{39209842-1CD6-4606-9FEC-00DA227DDB5C}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40D65631-792B-4F37-9EB6-7BCEC70C5CA8}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4C3AF8FF-2568-457E-B6C6-9C39E0964C00}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4C3AF8FF-2568-457E-B6C6-9C39E0964C00}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5195EA14-AA86-468A-94E7-D472B8AAF5BE}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{564FA545-A5AB-408E-AE0A-C1AC16DD630D}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{68D328D5-DD5A-439E-9BE4-24E7E8A82ECB} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{841F8C91-47C2-4CE5-A452-9244E48D4C22} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{9C0802B3-C91D-4FA1-BD2A-C22EFBFFBCA7} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{A39BE645-2390-4CA2-A172-8FB0432025CA} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B}_{E71CE5FD-DC54-401B-A6C4-F247EC029BEB} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{C35791DC-C277-4BEE-823C-976947FBF49F} -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{FECC4F96-E58E-4AF0-9D56-9EDB646F5FAC} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-15-ff-bf-a7-05_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-26-5e-eb-47-30_4c-
     
  13. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-26-5e-eb-47-30_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2c-9e-5f-fa-a2-60_7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2c-9e-5f-fa-a2-60_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4c-17-eb-08-ff-c9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-44-01-00-7a-a9_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-31-c1-1b-32-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-31-c1-1b-34-64_7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01_e0-91-f5-cc-4a-21 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01_e4-83-99-58-59-9c -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{A39BE645-2390-4CA2-A172-8FB0432025CA} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{00F5B820-B823-4612-94DD-EFE85805E7B3}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{E71CE5FD-DC54-401B-A6C4-F247EC029BEB} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{01BD1EF6-E88A-47F7-BC85-42BF315875EC}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0D19C439-1146-4095-8240-2A2A2F2D7442}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{17FB8FF4-F9C3-4768-9A11-3E4E14F02C70}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1BB69C6F-4471-4C14-8E09-633CB8B708C5}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{208CCC77-5006-4D54-8679-75CA6B9FC57B}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2DA26BE3-9E4B-4BD4-87A0-CD528FE66903}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3466FBAC-B6D9-440C-BC64-ACD9C2408A92}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{39209842-1CD6-4606-9FEC-00DA227DDB5C}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40D65631-792B-4F37-9EB6-7BCEC70C5CA8}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4C3AF8FF-2568-457E-B6C6-9C39E0964C00}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4C3AF8FF-2568-457E-B6C6-9C39E0964C00}_{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5195EA14-AA86-468A-94E7-D472B8AAF5BE}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{564FA545-A5AB-408E-AE0A-C1AC16DD630D}_{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{68D328D5-DD5A-439E-9BE4-24E7E8A82ECB} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{841F8C91-47C2-4CE5-A452-9244E48D4C22} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{9C0802B3-C91D-4FA1-BD2A-C22EFBFFBCA7} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{A39BE645-2390-4CA2-A172-8FB0432025CA} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{B2890ADC-4344-4816-9B44-5D3ED4D98E4B}_{E71CE5FD-DC54-401B-A6C4-F247EC029BEB} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{C35791DC-C277-4BEE-823C-976947FBF49F} -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61644378-24EA-4C7C-806C-7C6D342C4FCE}_{FECC4F96-E58E-4AF0-9D56-9EDB646F5FAC} -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77940E3E-A589-4548-AE3F-49F9BE1181EB} | DhcpNameServer : 172.20.10.1 ([]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{77940E3E-A589-4548-AE3F-49F9BE1181EB} | DhcpNameServer : 172.20.10.1 ([]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{77940E3E-A589-4548-AE3F-49F9BE1181EB} | DhcpNameServer : 172.20.10.1 ([]) -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 7 ¤¤¤
    [Suspicious.Path|Suspicious.Startup][File] C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk -> Deleted
    [Suspicious.Path|Suspicious.Startup][File] C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Legend_of_Dragoon_The_iso_Disc1of4_SLUS_94491.lnk -> Deleted
    [Suspicious.Path|Suspicious.Startup][File] C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk -> Deleted
    [Suspicious.Path|Suspicious.Startup][File] C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> Deleted
    [Suspicious.Path|Suspicious.Startup][File] C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Open Garden.lnk -> Deleted
    [Suspicious.Startup][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk -> Deleted
    [Suspicious.Startup][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk -> Deleted

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] dip0kjzi.default-1453319064049 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restor...ir_16_20&os_ver=6.1&os=Windows+7+Home+Premium"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD15EARX-00PASB0 ATA Device +++++
    --- User ---
    [MBR] 6840f42b88bcd224702e550a23ba91f6
    [BSP] 2acffa60834263604959341b9a417d91 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
  14. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    # AdwCleaner v5.201 - Logfile created 11/07/2016 at 11:15:56
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-07-10.3 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : garrett morrow - GARRETTMORROW
    # Running from : C:\Users\garrett morrow\Downloads\adwcleaner_5.201 (1).exe
    # Option : Clean
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****

    [-] Service Deleted : ReimageRealTimeProtector

    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ReimageRealTimeProtector

    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [6270 bytes] - [09/07/2016 20:18:23]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1193 bytes] - [11/07/2016 11:15:56]
    C:\AdwCleaner\AdwCleaner[S1].txt - [6388 bytes] - [09/07/2016 19:15:32]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1309 bytes] - [11/07/2016 11:05:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1412 bytes] ##########
     
  15. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 7 Home Premium x64
    Ran by garrett morrow (Administrator) on Mon 07/11/2016 at 10:57:25.53
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 24

    Successfully deleted: C:\ProgramData\reimage protector (Folder)
    Successfully deleted: C:\rei (Folder)
    Successfully deleted: C:\Users\garrett morrow\AppData\Local\crashrpt (Folder)
    Successfully deleted: C:\Users\garrett morrow\AppData\Roaming\wyupdate au (Folder)
    Successfully deleted: C:\Program Files (x86)\GUT870B.tmp (File)
    Successfully deleted: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B3AK8BE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SAHRHZ4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDJJZ9CH (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GORMFQLN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J37G221T (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGW5JVBJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VII4MZ4Q (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXJZBOTA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\garrett morrow\AppData\Roaming\appdataFr3.bin (File)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B3AK8BE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SAHRHZ4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDJJZ9CH (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GORMFQLN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J37G221T (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGW5JVBJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VII4MZ4Q (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXJZBOTA (Temporary Internet Files Folder)



    Registry: 4

    Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\ReimageRealTimeProtector (Registry Key)
    Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\WCUService_STC_IE (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 07/11/2016 at 11:03:36.34
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  16. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    Also, I am having trouble installing mbam, everytime I go through the setup it says preparing to install then just freezes and does nothing. I have to close it out through task manager.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  18. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    I will still run the rKill and combofix, though my pc is now back to normal I really appreciate your help. I will continue to keep you posted on what happens next.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We need to finish cleaning process.
     
  20. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    Combo Fix Log.

    ComboFix 16-07-10.01 - garrett morrow 07/11/2016 22:22:05.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.2675 [GMT -5:00]
    Running from: c:\users\garrett morrow\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\2200.tmp
    C:\install.exe
    c:\program files (x86)\start
    c:\program files (x86)\start\Start.dat
    c:\programdata\client
    c:\users\garrett morrow\AppData\Local\._Revolution_
    c:\users\garrett morrow\AppData\Local\._Revolution_\._b6a17d800007000000005a59000000005e92903c86e5058d003af8fdf1ba6dc5_00000a2c.pid
    c:\users\garrett morrow\AppData\Local\assembly\tmp
    c:\users\garrett morrow\AppData\Roaming\clientmonitor.exe
    c:\windows\msdownld.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-06-12 to 2016-07-12 )))))))))))))))))))))))))))))))
    .
    .
    2016-07-11 17:38 . 2016-07-12 02:29 -------- d-----w- c:\users\garrett morrow\AppData\Roaming\discord
    2016-07-11 17:37 . 2016-07-12 00:29 -------- d-----w- c:\users\garrett morrow\AppData\Local\Discord
    2016-07-11 17:13 . 2016-07-11 22:59 -------- d-----w- c:\program files (x86)\Steam
    2016-07-11 14:55 . 2016-07-11 19:15 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-07-11 14:54 . 2016-07-11 14:54 -------- d-----w- c:\programdata\RogueKiller
    2016-07-11 04:41 . 2014-05-23 07:20 98304 ----a-r- c:\users\garrett morrow\AppData\Roaming\Microsoft\Windows\Templates\D\LGUTchkdl.dll
    2016-07-11 04:41 . 2014-05-23 07:20 24576 ----a-r- c:\users\garrett morrow\AppData\Roaming\Microsoft\Windows\Templates\D\LGEUSBAutorun.dll
    2016-07-10 22:10 . 2016-03-30 04:24 478392 ----a-w- c:\windows\system32\drivers\kl1.sys
    2016-07-10 22:10 . 2016-03-30 04:24 236448 ----a-w- c:\windows\system32\drivers\klhk.sys
    2016-07-10 21:56 . 2016-07-10 21:56 -------- d-----w- c:\programdata\CheckPoint
    2016-07-10 21:38 . 2016-07-10 21:38 -------- d-----w- c:\programdata\Panda Security
    2016-07-10 20:31 . 2016-07-10 20:31 -------- d-----w- c:\programdata\GridinSoft
    2016-07-10 15:31 . 2016-07-10 15:37 -------- d-----w- C:\FRST
    2016-07-10 15:18 . 2016-07-10 15:18 -------- d-----w- c:\programdata\ATI
    2016-07-10 15:15 . 2016-07-10 15:16 -------- d-----w- c:\program files (x86)\Raptr Inc
    2016-07-10 15:15 . 2016-07-11 19:07 -------- d-----w- c:\users\garrett morrow\AppData\Roaming\Raptr
    2016-07-10 15:15 . 2016-07-10 15:16 -------- d-----w- c:\program files (x86)\Raptr
    2016-07-10 14:23 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2016-07-10 14:23 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2016-07-10 13:32 . 2016-07-10 13:32 -------- d-----w- c:\windows\TempA9757772-B78A-8792-79E8-1758C8F6075E-Signatures
    2016-07-10 13:16 . 2016-06-29 17:19 12007136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD201695-3F29-4606-A4AD-17C38CCFE3FC}\mpengine.dll
    2016-07-10 13:09 . 2016-07-10 13:09 -------- d-----w- c:\windows\TempC6EE1AF2-6B86-7639-27D2-3DD2C2CD18C8-Signatures
    2016-07-10 12:59 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
    2016-07-10 12:59 . 2016-03-17 22:56 2084864 ----a-w- c:\windows\system32\ole32.dll
    2016-07-10 12:59 . 2016-03-17 22:28 1414144 ----a-w- c:\windows\SysWow64\ole32.dll
    2016-07-10 12:59 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll
    2016-07-10 12:59 . 2015-07-15 18:15 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
    2016-07-10 12:59 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll
    2016-07-10 12:59 . 2015-07-15 18:02 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
    2016-07-10 12:57 . 2016-05-12 17:14 794624 ----a-w- c:\windows\system32\gpsvc.dll
    2016-07-10 12:56 . 2016-04-06 15:27 668160 ----a-w- c:\program files\Windows Journal\MSPVWCTL.DLL
    2016-07-10 12:55 . 2015-07-15 03:19 2004992 ----a-w- c:\windows\system32\msxml6.dll
    2016-07-10 02:10 . 2016-07-10 02:12 -------- d-----w- c:\program files (x86)\Client
    2016-07-10 00:15 . 2016-07-11 16:15 -------- d-----w- C:\AdwCleaner
    2016-07-09 14:15 . 2016-07-09 15:03 -------- d-----w- c:\users\garrett morrow\AppData\Roaming\Wise Registry Cleaner
    2016-07-09 14:15 . 2016-07-09 14:18 -------- d-----w- c:\users\garrett morrow\AppData\Roaming\Wise Euask
    2016-07-09 14:15 . 2016-07-09 14:15 -------- d-----w- c:\program files (x86)\Wise
    2016-07-08 22:26 . 2010-03-08 10:10 13824 ----a-w- c:\windows\system32\ffnd.exe
    2016-07-08 21:53 . 2016-07-09 05:32 -------- d-----w- c:\users\garrett morrow\AppData\Roaming\FreeFixer
    2016-07-08 21:53 . 2016-07-08 22:08 -------- d-----w- c:\users\garrett morrow\AppData\Local\FreeFixer
    2016-07-08 21:52 . 2016-07-08 21:52 -------- d-----w- c:\program files\FreeFixer
    2016-07-08 13:57 . 2016-07-08 13:57 -------- d-----w- c:\program files\File Shredder
    2016-07-08 11:00 . 2016-07-08 16:39 -------- d-----w- C:\$WINDOWS.~BT
    2016-07-08 10:19 . 2016-07-08 16:39 -------- d-----w- C:\$GetCurrent
    2016-07-08 10:19 . 2016-07-08 16:40 -------- d-----w- C:\Windows10Upgrade
    2016-07-08 09:18 . 2016-07-08 09:25 -------- d-----w- c:\programdata\Avg
    2016-07-08 09:18 . 2016-07-08 09:18 -------- d-----w- c:\users\garrett morrow\AppData\Local\Avg
    2016-07-08 09:12 . 2016-07-08 09:12 -------- d-----w- c:\program files\McAfee Security Scan
    2016-07-08 08:52 . 2016-07-05 12:12 861696 ----a-w- c:\windows\SysWow64\clientmonitor.exe
    2016-07-07 22:35 . 2016-07-07 22:35 -------- d-----w- c:\users\garrett morrow\AppData\Roaming\AVAST Software
    2016-07-07 22:32 . 2016-07-07 22:30 473592 ----a-w- c:\windows\system32\drivers\aswsp.sys.146793079901502
    2016-07-07 22:25 . 2016-07-07 22:25 -------- d-----w- c:\programdata\AVAST Software
    2016-07-07 22:20 . 2016-07-09 12:56 -------- d-----w- c:\users\garrett morrow\AppData\Local\63205331380
    2016-07-05 12:12 . 2016-07-10 21:35 -------- d-----w- c:\users\garrett morrow\AppData\Roaming\Monitor
    2016-06-22 18:04 . 2016-07-11 22:39 -------- d-----w- c:\users\garrett morrow\AppData\Local\Battle.net
    2016-06-22 17:49 . 2016-06-22 17:50 -------- d-----w- c:\programdata\Battle.net
    2016-06-22 06:36 . 2016-07-11 22:37 -------- d-----w- c:\program files (x86)\Battle.net
    2016-06-22 06:35 . 2016-06-22 18:07 -------- d-----w- c:\users\garrett morrow\AppData\Roaming\Battle.net
    2016-06-15 10:13 . 2016-07-08 22:26 -------- d-----w- c:\program files (x86)\Gyazo
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-07-11 19:19 . 2015-04-01 07:35 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-07-10 14:09 . 2012-02-28 22:16 142482544 ----a-w- c:\windows\system32\MRT.exe
    2016-07-08 08:23 . 2015-04-01 07:35 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-07-02 09:59 . 2011-03-28 23:36 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2016-06-21 17:13 . 2010-11-21 03:27 485032 ------w- c:\windows\system32\MpSigStub.exe
    2016-05-16 21:52 . 2012-03-01 04:13 25640 ----a-w- c:\windows\gdrv.sys
    2016-05-04 08:18 . 2015-11-08 16:38 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-06-10 8810200]
    .
    c:\users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2015-10-10 0]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableCursorSuppression"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleNetIDList"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
    R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
    R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
    R3 EasyAntiCheatSys;EasyAntiCheatSys;c:\windows\system32\drivers\EasyAntiCheat.sys;c:\windows\SYSNATIVE\drivers\EasyAntiCheat.sys [x]
    R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R4 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
    R4 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
    R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
    R4 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]
    R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
    R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
    R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.334\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.334\McCHSvc.exe [x]
    R4 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe;c:\program files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [x]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120309.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120309.002\IDSvia64.sys [x]
    S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
    S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
    S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
    S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
    S3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20 19:28]
    .
    2016-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20 19:28]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: Interfaces\{5739057E-28C7-4155-9D4A-AC61277A5DAE}: DhcpNameServer = 192.168.42.129
    TCP: Interfaces\{76C45F2B-582D-4586-8A55-B388E687A0EF}: DhcpNameServer = 192.168.42.129
    FF - ProfilePath - c:\users\garrett morrow\AppData\Roaming\Mozilla\Firefox\Profiles\dip0kjzi.default-1453319064049\
    FF - prefs.js: browser.startup.homepage - about:homeabout:home
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    AddRemove-GameMaker-Studio14 - c:\users\garrett morrow\GameMaker-Studio 1.4\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\SecuROM\License information*]
    "datasecu"=hex:2f,07,ce,52,58,89,ee,c1,ea,d9,a2,a9,44,d5,1f,1c,f1,a6,cb,7a,5d,
    dc,38,6b,30,65,27,3f,2b,24,fd,b0,3c,36,52,89,ee,92,9a,b2,91,0d,b4,25,f2,1f,\
    "rkeysecu"=hex:91,74,e8,a5,d4,03,6c,c1,c6,9a,a8,4d,9e,dc,bf,b3
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2016-07-11 22:42:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2016-07-12 03:42
    .
    Pre-Run: 826,697,183,232 bytes free
    Post-Run: 827,481,526,272 bytes free
    .
    - - End Of File - - C1D5357C3A8970389B00DE7D2B142B9A
    A36C5E4F47E84449FF07ED3517B43A31
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  22. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2016 01
    Ran by garrett morrow (administrator) on GARRETTMORROW (11-07-2016 23:50:10)
    Running from C:\Users\garrett morrow\Downloads
    Loaded Profiles: garrett morrow (Available Profiles: garrett morrow & Mcx1-GARRETTMORROW)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Hammer & Chisel, Inc.) C:\Users\garrett morrow\AppData\Local\Discord\app-0.0.292\Discord.exe
    (Hammer & Chisel, Inc.) C:\Users\garrett morrow\AppData\Local\Discord\app-0.0.292\Discord.exe
    (Hammer & Chisel, Inc.) C:\Users\garrett morrow\AppData\Local\Discord\app-0.0.292\Discord.exe
    (BitTorrent Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
    HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    Startup: C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-10-10] ()
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\..\Interfaces\{53AD326C-5354-4A7B-9095-63BC162FFA0D}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{5739057E-28C7-4155-9D4A-AC61277A5DAE}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{76C45F2B-582D-4586-8A55-B388E687A0EF}: [DhcpNameServer] 192.168.42.129

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-04] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-04] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-04] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-04] (Oracle Corporation)
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

    FireFox:
    ========
    FF ProfilePath: C:\Users\garrett morrow\AppData\Roaming\Mozilla\Firefox\Profiles\dip0kjzi.default-1453319064049
    FF NewTab: about:newtab
    FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll [2013-02-02] ()
    FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-04] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-04] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll [2013-02-02] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
    FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll [2012-05-11] (ESN Social Software AB)
    FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll [2012-08-20] (ESN Social Software AB)
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-04] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-04] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-03-10] (Pando Networks)
    FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\garrett morrow\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
    FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-08-21] (RocketLife, LLP)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4182545111-3799939734-1776222819-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\garrett morrow\AppData\LocalLow\Sony Online Entertainment\npsoe.dll [2012-07-14] ()
    FF Plugin HKU\S-1-5-21-4182545111-3799939734-1776222819-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-03-10] (Pando Networks)
    FF Plugin HKU\S-1-5-21-4182545111-3799939734-1776222819-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-21] ()

    Chrome:
    =======
    CHR Profile: C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-20]
    CHR Extension: (Google Docs) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-20]
    CHR Extension: (Google Drive) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-20]
    CHR Extension: (YouTube) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-20]
    CHR Extension: (Google Search) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-20]
    CHR Extension: (Google Sheets) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-20]
    CHR Extension: (Google Docs Offline) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
    CHR Extension: (Showgoers for Netflix) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcmaninppdeakmhaonacejmfcgeempfo [2016-06-18]
    CHR Extension: (Gmail) - C:\Users\garrett morrow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-20]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [243984 2016-03-05] (EasyAntiCheat Ltd)
    S4 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
    S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-04-29] (Echobit LLC)
    S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
    S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    S4 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2011-11-21] (Ralink Technology, Corp.)
    S4 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2011-11-21] (Ralink Technology, Corp.)
    S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S4 RemoteAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
    R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-29] (Symantec Corporation)
    R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-11-01] (Echobit, LLC)
    S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-01-08] ()
    R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2016-03-29] (Kaspersky Lab ZAO)
    R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [173440 2016-03-29] (AO Kaspersky Lab)
    R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236448 2016-03-29] (AO Kaspersky Lab)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [983424 2016-03-29] (AO Kaspersky Lab)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-08] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
    S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-01] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-11] ()
    S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
    R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-26] (SplitmediaLabs Limited)
    R1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 EasyAntiCheatSys; \??\C:\Windows\system32\drivers\EasyAntiCheat.sys [X]
    R1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120309.002\IDSvia64.sys [X]
    S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120309.034\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120309.034\EX64.SYS [X]
     
  23. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-11 23:50 - 2016-07-11 23:51 - 00021833 _____ C:\Users\garrett morrow\Downloads\FRST.txt
    2016-07-11 23:49 - 2016-07-11 23:49 - 02390528 _____ (Farbar) C:\Users\garrett morrow\Downloads\FRST64.exe
    2016-07-11 23:33 - 2016-07-11 23:35 - 00000000 ____D C:\Users\garrett morrow\Downloads\World.of.Warcraft.3.3.5a.Truewow
    2016-07-11 23:33 - 2016-07-11 23:33 - 00057276 _____ C:\Users\garrett morrow\Downloads\World.Of.Warcraft.3.3.5a.Truewow.(no.Install) (2).torrent
    2016-07-11 22:42 - 2016-07-11 22:42 - 00027656 _____ C:\ComboFix.txt
    2016-07-11 22:19 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-07-11 22:19 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-07-11 22:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-07-11 22:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-07-11 22:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-07-11 22:19 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
    2016-07-11 22:19 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
    2016-07-11 22:19 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
    2016-07-11 22:17 - 2016-07-11 22:42 - 00000000 ____D C:\Qoobox
    2016-07-11 22:17 - 2016-07-11 22:39 - 00000000 ____D C:\Windows\erdnt
    2016-07-11 22:17 - 2016-07-11 22:17 - 05659622 ____R (Swearware) C:\Users\garrett morrow\Downloads\ComboFix.exe
    2016-07-11 17:52 - 2016-07-11 17:52 - 00057276 _____ C:\Users\garrett morrow\Downloads\World.Of.Warcraft.3.3.5a.Truewow.(no.Install) (1).torrent
    2016-07-11 17:24 - 2016-07-11 17:24 - 00293456 _____ C:\Windows\Minidump\071116-60824-01.dmp
    2016-07-11 17:04 - 2016-07-11 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
    2016-07-11 17:00 - 2016-07-11 17:00 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
    2016-07-11 14:35 - 2016-07-11 14:35 - 07991656 _____ (Piriform Ltd) C:\Users\garrett morrow\Downloads\ccsetup519.exe
    2016-07-11 14:25 - 2016-07-11 14:25 - 22851472 _____ (Malwarebytes ) C:\Users\garrett morrow\Downloads\mbam-setup-2.2.1.1043.exe
    2016-07-11 12:38 - 2016-07-11 21:29 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\discord
    2016-07-11 12:37 - 2016-07-11 19:29 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\Discord
    2016-07-11 12:36 - 2016-07-11 12:36 - 48500408 _____ (Hammer & Chisel, Inc.) C:\Users\garrett morrow\Downloads\DiscordSetup (5).exe
    2016-07-11 12:19 - 2016-07-11 12:19 - 00000222 _____ C:\Users\garrett morrow\Desktop\Rust.url
    2016-07-11 12:13 - 2016-07-11 17:59 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-07-11 12:13 - 2016-07-11 12:13 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
    2016-07-11 12:13 - 2016-07-11 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2016-07-11 11:20 - 2016-07-11 11:20 - 00001495 _____ C:\Users\garrett morrow\Desktop\AdwCleaner[C2].txt
    2016-07-11 11:03 - 2016-07-11 11:03 - 00004503 _____ C:\Users\garrett morrow\Desktop\JRT.txt
    2016-07-11 10:57 - 2016-07-11 10:57 - 01610560 _____ (Malwarebytes) C:\Users\garrett morrow\Downloads\JRT.exe
    2016-07-11 10:56 - 2016-07-11 10:56 - 03712064 _____ C:\Users\garrett morrow\Downloads\adwcleaner_5.201 (1).exe
    2016-07-11 09:55 - 2016-07-11 14:15 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-07-11 09:54 - 2016-07-11 09:54 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-07-11 09:52 - 2016-07-11 09:52 - 20201032 _____ C:\Users\garrett morrow\Downloads\RogueKiller.exe
    2016-07-10 20:22 - 2016-07-11 17:23 - 716614354 _____ C:\Windows\MEMORY.DMP
    2016-07-10 20:22 - 2016-07-10 20:23 - 00277032 _____ C:\Windows\Minidump\071016-75286-01.dmp
    2016-07-10 18:07 - 2016-07-10 18:07 - 00057276 _____ C:\Users\garrett morrow\Downloads\World.Of.Warcraft.3.3.5a.Truewow.(no.Install).torrent
    2016-07-10 17:14 - 2016-07-10 17:14 - 05198336 _____ (AVAST Software) C:\Users\garrett morrow\Downloads\aswMBR.exe
    2016-07-10 17:10 - 2016-03-29 23:24 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
    2016-07-10 17:10 - 2016-03-29 23:24 - 00236448 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
    2016-07-10 16:58 - 2016-07-10 16:58 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
    2016-07-10 16:56 - 2016-07-10 16:56 - 03515472 _____ (Check Point Software Technologies Ltd.) C:\Users\garrett morrow\Downloads\zafwSetupWeb_142_255_000.exe
    2016-07-10 16:56 - 2016-07-10 16:56 - 00000000 ____D C:\ProgramData\CheckPoint
    2016-07-10 16:47 - 2016-07-10 16:48 - 29003664 _____ (Adlice Software ) C:\Users\garrett morrow\Downloads\setup (3).exe
    2016-07-10 16:40 - 2016-07-10 16:42 - 67116888 _____ (Panda Security, S.L.) C:\Users\garrett morrow\Downloads\IS16.exe
    2016-07-10 16:38 - 2016-07-10 16:38 - 01871776 _____ (Panda Security, S.L.) C:\Users\garrett morrow\Downloads\PANDAIS16.exe
    2016-07-10 16:38 - 2016-07-10 16:38 - 00000000 ____D C:\ProgramData\Panda Security
    2016-07-10 15:31 - 2016-07-10 16:32 - 00003256 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
    2016-07-10 15:31 - 2016-07-10 15:31 - 00000000 ____D C:\ProgramData\GridinSoft
    2016-07-10 15:29 - 2016-07-10 15:29 - 01290704 _____ (GridinSoft LLC) C:\Users\garrett morrow\Downloads\GridinsoftAntimalwareSetup.exe
    2016-07-10 10:31 - 2016-07-11 23:50 - 00000000 ____D C:\FRST
    2016-07-10 10:18 - 2016-07-11 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
    2016-07-10 10:18 - 2016-07-10 10:18 - 00002023 _____ C:\Users\Public\Desktop\Raptr.lnk
    2016-07-10 10:18 - 2016-07-10 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
    2016-07-10 10:18 - 2016-07-10 10:18 - 00000000 ____D C:\ProgramData\ATI
    2016-07-10 10:15 - 2016-07-11 14:07 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Raptr
    2016-07-10 10:15 - 2016-07-10 10:16 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
    2016-07-10 10:15 - 2016-07-10 10:16 - 00000000 ____D C:\Program Files (x86)\Raptr
    2016-07-10 10:14 - 2016-07-10 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2016-07-10 09:57 - 2016-07-10 09:57 - 00002970 _____ C:\Windows\System32\Tasks\{94722EA7-C91D-4616-B8D3-0998EB0EF39A}
    2016-07-10 09:51 - 2016-07-11 19:30 - 00002214 _____ C:\Users\garrett morrow\Desktop\Discord.lnk
    2016-07-10 09:23 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2016-07-10 09:23 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2016-07-10 08:32 - 2016-07-10 08:32 - 00000000 ____D C:\Windows\TempA9757772-B78A-8792-79E8-1758C8F6075E-Signatures
    2016-07-10 08:09 - 2016-07-10 08:09 - 00000000 ____D C:\Windows\TempC6EE1AF2-6B86-7639-27D2-3DD2C2CD18C8-Signatures
    2016-07-10 08:00 - 2016-04-09 02:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-07-10 08:00 - 2016-04-09 02:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-07-10 08:00 - 2016-04-09 02:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-07-10 08:00 - 2016-04-09 01:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-07-10 08:00 - 2016-04-09 01:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-07-10 08:00 - 2016-04-09 01:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-07-10 08:00 - 2016-04-09 01:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 00:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-07-10 08:00 - 2016-04-09 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-07-10 08:00 - 2016-04-09 00:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-07-10 08:00 - 2016-04-09 00:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-07-10 08:00 - 2016-04-09 00:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-07-10 08:00 - 2016-04-09 00:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-07-10 08:00 - 2016-04-09 00:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-07-10 08:00 - 2016-04-09 00:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-07-10 08:00 - 2016-04-09 00:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-07-10 08:00 - 2016-04-09 00:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-07-10 08:00 - 2016-04-09 00:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 00:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 00:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-07-10 08:00 - 2016-04-09 00:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-07-10 08:00 - 2016-03-23 17:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2016-07-10 08:00 - 2016-03-23 17:40 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2016-07-10 08:00 - 2016-01-22 01:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
    2016-07-10 08:00 - 2016-01-22 01:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
    2016-07-10 08:00 - 2016-01-22 01:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
    2016-07-10 08:00 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
    2016-07-10 08:00 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2016-07-10 08:00 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
    2016-07-10 08:00 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
    2016-07-10 07:59 - 2016-03-17 17:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-07-10 07:59 - 2016-03-17 17:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2016-07-10 07:59 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2016-07-10 07:59 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2016-07-10 07:59 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2016-07-10 07:59 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
    2016-07-10 07:58 - 2016-05-12 12:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-07-10 07:58 - 2016-05-12 12:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-07-10 07:58 - 2016-05-12 12:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-07-10 07:58 - 2016-05-12 12:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-07-10 07:58 - 2016-05-12 12:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-07-10 07:58 - 2016-05-12 12:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-07-10 07:58 - 2016-05-12 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-07-10 07:58 - 2016-05-12 10:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-07-10 07:58 - 2016-05-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-07-10 07:58 - 2016-05-12 09:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2016-07-10 07:58 - 2016-05-12 09:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2016-07-10 07:58 - 2016-05-12 09:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-07-10 07:58 - 2016-05-12 09:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2016-07-10 07:58 - 2016-05-12 09:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-07-10 07:58 - 2016-05-12 09:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-07-10 07:58 - 2016-05-12 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-07-10 07:58 - 2016-05-12 09:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-07-10 07:58 - 2016-05-12 09:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-07-10 07:58 - 2016-05-12 08:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-07-10 07:58 - 2016-05-12 08:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2016-07-10 07:58 - 2016-05-12 08:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2016-07-10 07:58 - 2016-04-14 08:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2016-07-10 07:58 - 2016-04-14 08:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2016-07-10 07:58 - 2016-03-15 19:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2016-07-10 07:58 - 2016-03-15 19:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2016-07-10 07:58 - 2016-03-15 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2016-07-10 07:58 - 2016-02-12 13:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-07-10 07:58 - 2016-02-12 13:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-07-10 07:58 - 2016-02-12 13:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-07-10 07:58 - 2016-02-12 13:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2016-07-10 07:58 - 2016-02-12 13:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2016-07-10 07:58 - 2016-02-12 13:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-07-10 07:58 - 2016-02-12 13:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-07-10 07:58 - 2016-02-12 13:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-07-10 07:58 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2016-07-10 07:58 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-07-10 07:58 - 2016-02-12 13:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2016-07-10 07:58 - 2016-02-12 13:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2016-07-10 07:58 - 2016-02-12 13:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2016-07-10 07:58 - 2016-02-12 13:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2016-07-10 07:58 - 2016-02-12 13:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2016-07-10 07:58 - 2016-02-12 13:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2016-07-10 07:58 - 2016-02-09 04:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2016-07-10 07:58 - 2016-02-09 04:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2016-07-10 07:58 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2016-07-10 07:58 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2016-07-10 07:58 - 2016-02-09 04:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2016-07-10 07:58 - 2016-02-09 04:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2016-07-10 07:58 - 2016-02-09 04:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2016-07-10 07:58 - 2016-02-09 04:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2016-07-10 07:58 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2016-07-10 07:58 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2016-07-10 07:58 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2016-07-10 07:58 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
    2016-07-10 07:58 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
    2016-07-10 07:58 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
    2016-07-10 07:58 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
    2016-07-10 07:58 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
    2016-07-10 07:58 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2016-07-10 07:58 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2016-07-10 07:58 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
    2016-07-10 07:58 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
    2016-07-10 07:58 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
    2016-07-10 07:58 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2016-07-10 07:58 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
    2016-07-10 07:58 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2016-07-10 07:58 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2016-07-10 07:58 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2016-07-10 07:58 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2016-07-10 07:58 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2016-07-10 07:58 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
    2016-07-10 07:58 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2016-07-10 07:58 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2016-07-10 07:58 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2016-07-10 07:58 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2016-07-10 07:58 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2016-07-10 07:58 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2016-07-10 07:58 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2016-07-10 07:57 - 2016-05-12 12:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
    2016-07-10 07:57 - 2016-05-12 12:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
    2016-07-10 07:57 - 2016-05-12 12:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
    2016-07-10 07:57 - 2016-05-12 12:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
    2016-07-10 07:57 - 2016-05-12 12:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
    2016-07-10 07:57 - 2016-05-12 12:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
    2016-07-10 07:57 - 2016-05-12 10:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
    2016-07-10 07:57 - 2016-05-12 10:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
    2016-07-10 07:57 - 2016-05-12 10:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
    2016-07-10 07:57 - 2016-05-12 10:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
    2016-07-10 07:57 - 2016-03-06 13:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2016-07-10 07:57 - 2016-03-06 13:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2016-07-10 07:57 - 2016-03-06 13:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2016-07-10 07:57 - 2016-03-06 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2016-07-10 07:57 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
    2016-07-10 07:57 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
    2016-07-10 07:57 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
    2016-07-10 07:57 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-07-10 07:57 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
     
  24. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    2016-07-10 07:57 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-07-10 07:57 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-07-10 07:57 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2016-07-10 07:57 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
    2016-07-10 07:57 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2016-07-10 07:57 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2016-07-10 07:57 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2016-07-10 07:57 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2016-07-10 07:57 - 2015-06-15 16:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-07-10 07:57 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-07-10 07:57 - 2015-06-15 16:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-07-10 07:57 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2016-07-10 07:57 - 2015-06-15 16:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-07-10 07:57 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2016-07-10 07:57 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-07-10 07:57 - 2015-06-15 16:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-07-10 07:57 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2016-07-10 07:57 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2016-07-10 07:57 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2016-07-10 07:57 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2016-07-10 07:56 - 2016-05-12 12:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-07-10 07:56 - 2016-05-12 10:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-07-10 07:56 - 2016-05-12 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-07-10 07:56 - 2016-04-08 23:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2016-07-10 07:56 - 2016-04-08 22:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2016-07-10 07:56 - 2016-04-06 10:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2016-07-10 07:56 - 2016-01-06 14:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2016-07-10 07:56 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2016-07-10 07:56 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
    2016-07-10 07:56 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
    2016-07-10 07:56 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
    2016-07-10 07:56 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
    2016-07-10 07:56 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
    2016-07-10 07:56 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
    2016-07-10 07:56 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2016-07-10 07:56 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2016-07-10 07:56 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2016-07-10 07:56 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
    2016-07-10 07:55 - 2016-05-18 11:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-07-10 07:55 - 2016-05-18 11:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-07-10 07:55 - 2016-05-13 17:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2016-07-10 07:55 - 2016-05-13 17:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2016-07-10 07:55 - 2016-05-13 17:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2016-07-10 07:55 - 2016-05-13 17:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2016-07-10 07:55 - 2016-05-13 17:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2016-07-10 07:55 - 2016-05-13 16:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2016-07-10 07:55 - 2016-05-13 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2016-07-10 07:55 - 2016-05-13 16:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2016-07-10 07:55 - 2016-05-13 16:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2016-07-10 07:55 - 2016-05-13 16:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2016-07-10 07:55 - 2016-05-11 12:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
    2016-07-10 07:55 - 2016-05-11 12:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2016-07-10 07:55 - 2016-05-11 12:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2016-07-10 07:55 - 2016-05-11 12:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
    2016-07-10 07:55 - 2016-05-11 10:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
    2016-07-10 07:55 - 2016-05-11 10:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2016-07-10 07:55 - 2016-05-11 10:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
    2016-07-10 07:55 - 2016-05-11 10:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
    2016-07-10 07:55 - 2016-05-11 10:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
    2016-07-10 07:55 - 2016-05-11 10:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
    2016-07-10 07:55 - 2016-05-11 09:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
    2016-07-10 07:55 - 2016-04-09 02:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2016-07-10 07:55 - 2016-04-09 02:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2016-07-10 07:55 - 2016-04-09 01:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2016-07-10 07:55 - 2016-02-09 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
    2016-07-10 07:55 - 2016-02-04 20:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
    2016-07-10 07:55 - 2016-02-04 13:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
    2016-07-10 07:55 - 2016-02-03 13:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2016-07-10 07:55 - 2016-02-03 13:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2016-07-10 07:55 - 2016-02-03 13:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2016-07-10 07:55 - 2016-02-03 13:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2016-07-10 07:55 - 2016-02-03 13:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2016-07-10 07:55 - 2016-01-07 12:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-07-10 07:55 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2016-07-10 07:55 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2016-07-10 07:55 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2016-07-10 07:55 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
    2016-07-10 07:55 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
    2016-07-10 07:55 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
    2016-07-10 07:55 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2016-07-10 07:55 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
    2016-07-10 07:55 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2016-07-10 07:55 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
    2016-07-10 07:55 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2016-07-10 07:55 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2016-07-10 07:55 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2016-07-10 07:55 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2016-07-10 07:55 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2016-07-10 07:55 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2016-07-10 07:55 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
    2016-07-10 07:55 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
    2016-07-10 07:55 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    2016-07-10 07:55 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2016-07-10 07:55 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2016-07-10 07:55 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2016-07-10 07:55 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2016-07-10 07:55 - 2015-04-24 13:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2016-07-10 07:55 - 2015-04-24 12:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2016-07-10 07:54 - 2016-07-10 07:54 - 01444992 _____ C:\Users\garrett morrow\Downloads\SteamSetup.exe
    2016-07-10 07:41 - 2016-05-23 18:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-07-10 07:41 - 2016-05-23 17:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-07-10 07:41 - 2016-05-21 12:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-07-10 07:41 - 2016-05-21 11:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-07-10 07:41 - 2016-05-20 17:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-07-10 07:41 - 2016-05-20 17:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-07-10 07:41 - 2016-05-20 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-07-10 07:41 - 2016-05-20 17:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-07-10 07:41 - 2016-05-20 17:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-07-10 07:41 - 2016-05-20 17:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-07-10 07:41 - 2016-05-20 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-07-10 07:41 - 2016-05-20 17:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-07-10 07:41 - 2016-05-20 17:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-07-10 07:41 - 2016-05-20 17:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-07-10 07:41 - 2016-05-20 17:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-07-10 07:41 - 2016-05-20 16:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-07-10 07:41 - 2016-05-20 16:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-07-10 07:41 - 2016-05-20 16:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-07-10 07:41 - 2016-05-20 16:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-07-10 07:41 - 2016-05-20 16:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-07-10 07:41 - 2016-05-20 16:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-07-10 07:41 - 2016-05-20 16:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-07-10 07:41 - 2016-05-20 16:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-07-10 07:41 - 2016-05-20 16:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-07-10 07:41 - 2016-05-20 16:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-07-10 07:41 - 2016-05-20 16:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-07-10 07:41 - 2016-05-20 16:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-07-10 07:41 - 2016-05-20 16:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-07-10 07:41 - 2016-05-20 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-07-10 07:41 - 2016-05-20 16:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-07-10 07:41 - 2016-05-20 16:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-07-10 07:41 - 2016-05-20 16:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-07-10 07:41 - 2016-05-20 16:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-07-10 07:41 - 2016-05-20 16:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-07-10 07:41 - 2016-05-20 16:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-07-10 07:41 - 2016-05-20 16:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-07-10 07:41 - 2016-05-20 16:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-07-10 07:41 - 2016-05-20 16:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-07-10 07:41 - 2016-05-20 16:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-07-10 07:41 - 2016-05-20 16:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-07-10 07:41 - 2016-05-20 16:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-07-10 07:41 - 2016-05-20 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-07-10 07:41 - 2016-05-20 16:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-07-10 07:41 - 2016-05-20 16:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-07-10 07:41 - 2016-05-20 16:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-07-10 07:41 - 2016-05-20 16:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-07-10 07:41 - 2016-05-20 16:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-07-10 07:41 - 2016-05-20 16:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-07-10 07:41 - 2016-05-20 16:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-07-10 07:41 - 2016-05-20 16:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-07-10 07:41 - 2016-05-20 16:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-07-10 07:41 - 2016-05-20 16:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-07-10 07:41 - 2016-05-20 16:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-07-10 07:41 - 2016-05-20 16:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-07-10 07:41 - 2016-05-20 16:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-07-10 07:41 - 2016-05-20 16:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-07-10 07:41 - 2016-05-20 16:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-07-10 07:41 - 2016-05-20 16:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-07-10 07:41 - 2016-05-20 16:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-07-10 07:41 - 2016-05-20 16:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-07-10 07:41 - 2016-05-20 15:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-07-10 07:41 - 2016-05-20 15:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-07-10 07:41 - 2016-05-20 15:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-07-10 07:41 - 2016-05-20 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-07-10 07:41 - 2016-05-20 15:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-07-10 07:41 - 2016-05-20 15:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-07-09 21:10 - 2016-07-09 21:12 - 00000000 ____D C:\Program Files (x86)\Client
    2016-07-09 19:15 - 2016-07-11 11:15 - 00000000 ____D C:\AdwCleaner
    2016-07-09 19:15 - 2016-07-09 19:15 - 03712064 _____ C:\Users\garrett morrow\Downloads\adwcleaner_5.201.exe
    2016-07-09 18:08 - 2016-07-10 09:46 - 00000000 _____ C:\Users\garrett morrow\Downloads\DiscordSetup (4).exe
    2016-07-09 09:15 - 2016-07-09 10:03 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Wise Registry Cleaner
    2016-07-09 09:15 - 2016-07-09 09:18 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Wise Euask
    2016-07-09 09:15 - 2016-07-09 09:15 - 00001231 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
    2016-07-09 09:15 - 2016-07-09 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
    2016-07-09 09:15 - 2016-07-09 09:15 - 00000000 ____D C:\Program Files (x86)\Wise
    2016-07-09 09:14 - 2016-07-09 09:15 - 04160008 _____ (WiseCleaner.com ) C:\Users\garrett morrow\Downloads\WRCFree.exe
    2016-07-09 08:16 - 2016-07-09 08:37 - 00000000 ___RD C:\Users\garrett morrow\Desktop\THISSTEAM
    2016-07-08 17:26 - 2010-03-08 05:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
    2016-07-08 16:53 - 2016-07-09 00:32 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\FreeFixer
    2016-07-08 16:53 - 2016-07-08 17:08 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\FreeFixer
    2016-07-08 16:52 - 2016-07-08 16:52 - 02687418 _____ (Kephyr) C:\Users\garrett morrow\Downloads\freefixersetup.exe
    2016-07-08 16:52 - 2016-07-08 16:52 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
    2016-07-08 16:52 - 2016-07-08 16:52 - 00000000 ____D C:\Program Files\FreeFixer
    2016-07-08 12:48 - 2016-07-08 12:48 - 48500408 _____ (Hammer & Chisel, Inc.) C:\Users\garrett morrow\Downloads\DiscordSetup (3).exe
    2016-07-08 09:29 - 2016-07-08 09:29 - 00000622 _____ C:\Users\garrett morrow\Downloads\TakeOwnership (1).zip
    2016-07-08 08:57 - 2016-07-08 08:57 - 02317839 _____ (PowTools ) C:\Users\garrett morrow\Downloads\file_shredder_setup (1).exe
    2016-07-08 08:57 - 2016-07-08 08:57 - 00000847 _____ C:\Users\garrett morrow\Desktop\File Shredder.lnk
    2016-07-08 08:57 - 2016-07-08 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
    2016-07-08 08:57 - 2016-07-08 08:57 - 00000000 ____D C:\Program Files\File Shredder
    2016-07-08 08:27 - 2016-07-08 08:27 - 48500408 _____ (Hammer & Chisel, Inc.) C:\Users\garrett morrow\Downloads\DiscordSetup (2).exe
    2016-07-08 06:00 - 2016-07-08 11:39 - 00000000 ____D C:\$WINDOWS.~BT
    2016-07-08 05:56 - 2016-07-08 06:00 - 00000036 _____ C:\Windows\progress.ini
    2016-07-08 05:19 - 2016-07-08 11:40 - 00000000 ____D C:\Windows10Upgrade
    2016-07-08 05:19 - 2016-07-08 11:39 - 00000000 ____D C:\$GetCurrent
    2016-07-08 05:19 - 2016-07-08 05:19 - 05792848 _____ (Microsoft Corporation) C:\Users\garrett morrow\Downloads\Windows10Upgrade9252.exe
    2016-07-08 05:19 - 2016-07-08 05:19 - 00000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
    2016-07-08 05:19 - 2016-07-08 05:19 - 00000682 _____ C:\Users\garrett morrow\Desktop\Windows 10 Upgrade Assistant.lnk
    2016-07-08 04:25 - 2016-07-08 04:25 - 00974733 _____ C:\Users\garrett morrow\Downloads\WinDlg_v1_29.zip
    2016-07-08 04:18 - 2016-07-08 04:25 - 00000000 ____D C:\ProgramData\Avg
    2016-07-08 04:18 - 2016-07-08 04:22 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\AvgSetupLog
    2016-07-08 04:18 - 2016-07-08 04:18 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\garrett morrow\Downloads\AVG_Protection_Free_1606.exe
    2016-07-08 04:18 - 2016-07-08 04:18 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\Avg
    2016-07-08 04:12 - 2016-07-08 04:12 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-07-08 04:12 - 2016-07-08 04:12 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-07-08 03:57 - 2016-07-08 03:57 - 08607280 _____ (McAfee, Inc.) C:\Users\garrett morrow\Downloads\SecurityScan_Release.exe
    2016-07-08 03:52 - 2016-07-05 07:12 - 00861696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\clientmonitor.exe
    2016-07-07 17:35 - 2016-07-07 17:35 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\AVAST Software
    2016-07-07 17:33 - 2016-07-07 17:33 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2016-07-07 17:32 - 2016-07-07 17:30 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.146793079901502
    2016-07-07 17:30 - 2016-07-07 17:31 - 00438454 _____ C:\unp30529695991465539.mdmp
    2016-07-07 17:25 - 2016-07-07 17:25 - 06253640 _____ (AVAST Software) C:\Users\garrett morrow\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
    2016-07-07 17:25 - 2016-07-07 17:25 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-07-07 17:20 - 2016-07-09 07:56 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\63205331380
    2016-07-07 17:16 - 2016-07-07 17:20 - 48500408 _____ (Hammer & Chisel, Inc.) C:\Users\garrett morrow\Downloads\DiscordSetup (1).exe
    2016-07-07 17:10 - 2016-07-07 17:10 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel
    2016-07-05 07:13 - 2016-07-11 13:17 - 00001609 _____ C:\ProgramData\Client Monitor
    2016-07-05 07:12 - 2016-07-10 16:35 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Monitor
    2016-06-28 01:45 - 2016-06-28 01:45 - 00402696 _____ () C:\Users\garrett morrow\Downloads\setup (2).exe
    2016-06-22 13:16 - 2016-07-11 17:19 - 00001048 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
    2016-06-22 13:04 - 2016-07-11 17:39 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\Battle.net
    2016-06-22 12:49 - 2016-06-22 12:50 - 00000000 ____D C:\ProgramData\Battle.net
    2016-06-22 02:00 - 2016-06-22 02:00 - 03970746 _____ C:\Users\garrett morrow\Downloads\Battle.net-Agent-PC-Standalone.zip
    2016-06-22 01:36 - 2016-07-11 17:37 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2016-06-22 01:35 - 2016-06-22 13:07 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Battle.net
    2016-06-22 01:32 - 2016-06-22 01:32 - 03012080 _____ (Blizzard Entertainment) C:\Users\garrett morrow\Downloads\Battle.net-Setup.exe
    2016-06-15 05:13 - 2016-07-08 17:26 - 00000000 ____D C:\Program Files (x86)\Gyazo
    2016-06-15 05:13 - 2016-06-15 05:13 - 15666720 _____ (Nota Inc. ) C:\Users\garrett morrow\Downloads\Gyazo-3.2.3.exe
    2016-06-15 05:13 - 2016-06-15 05:13 - 00000986 _____ C:\Users\Public\Desktop\Gyazo.lnk
    2016-06-15 05:13 - 2016-06-15 05:13 - 00000986 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
    2016-06-15 05:13 - 2016-06-15 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-11 23:50 - 2012-03-15 22:43 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\uTorrent
    2016-07-11 23:47 - 2016-01-20 14:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-07-11 22:45 - 2009-07-13 23:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-07-11 22:45 - 2009-07-13 23:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-07-11 22:42 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2016-07-11 22:34 - 2016-01-20 14:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-07-11 22:34 - 2013-04-08 20:53 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2016-07-11 22:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-07-11 22:34 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
    2016-07-11 22:22 - 2012-03-10 00:17 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\PMB Files
    2016-07-11 22:22 - 2012-03-10 00:17 - 00000000 ____D C:\ProgramData\PMB Files
    2016-07-11 22:17 - 2009-07-14 00:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-07-11 19:30 - 2016-01-08 15:07 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
    2016-07-11 17:24 - 2012-02-25 22:18 - 00000000 ____D C:\Windows\Minidump
    2016-07-11 14:23 - 2013-07-07 21:50 - 00000000 ____D C:\Users\garrett morrow\Desktop\Old Desktop
    2016-07-11 14:19 - 2015-04-01 02:35 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-07-11 14:12 - 2012-03-08 17:59 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\CrashDumps
    2016-07-11 14:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2016-07-11 12:38 - 2015-09-23 03:02 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\SquirrelTemp
    2016-07-11 12:20 - 2016-05-16 14:35 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-07-10 17:08 - 2009-07-14 00:13 - 00795668 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-07-10 16:31 - 2016-04-10 16:44 - 00000000 ____D C:\Users\garrett morrow\Downloads\Sony Vegas Pro 11
    2016-07-10 16:28 - 2016-05-14 23:18 - 00000000 ____D C:\Users\garrett morrow\GameMaker-Studio 1.4
    2016-07-10 16:28 - 2016-05-14 23:18 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.4
    2016-07-10 16:28 - 2016-01-27 10:37 - 00000000 ____D C:\Program Files\ShareX
    2016-07-10 16:28 - 2013-07-11 00:42 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Cam V2
    2016-07-10 16:28 - 2013-07-11 00:42 - 00000000 ____D C:\Program Files (x86)\Game Cam V2
    2016-07-10 10:14 - 2012-03-10 23:38 - 00000000 ____D C:\Program Files\AMD
    2016-07-10 10:13 - 2012-02-25 18:42 - 00000000 ____D C:\Program Files (x86)\AMD
    2016-07-10 10:06 - 2012-02-26 01:56 - 00000000 ____D C:\AMD
    2016-07-10 09:36 - 2012-03-19 14:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-07-10 09:36 - 2012-03-19 14:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-07-10 09:36 - 2009-07-13 23:45 - 00267272 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-07-10 09:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2016-07-10 09:32 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
    2016-07-10 09:16 - 2013-08-16 00:09 - 00000000 ____D C:\Windows\system32\MRT
    2016-07-10 09:09 - 2012-02-28 17:16 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-07-10 09:05 - 2012-03-19 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-07-10 08:33 - 2012-03-20 16:27 - 00002148 _____ C:\Windows\epplauncher.mif
    2016-07-10 08:33 - 2012-03-20 16:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2016-07-10 08:21 - 2012-03-15 16:27 - 00787790 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-07-10 07:53 - 2016-05-15 18:59 - 00000000 ____D C:\Users\garrett morrow\048298C9A4D3490B9FF9AB023A9238F3.TMP
    2016-07-10 07:53 - 2016-03-18 19:57 - 00000000 ____D C:\Users\garrett morrow\Downloads\Banished v1.0.4-GOG
    2016-07-10 07:53 - 2015-09-04 18:01 - 00000000 ____D C:\Program Files (x86)\A3Launcher
    2016-07-10 07:53 - 2012-03-28 18:01 - 00000000 ____D C:\Program Files (x86)\psx emulation cheater
    2016-07-10 07:53 - 2012-02-25 19:06 - 00000000 ____D C:\Program Files (x86)\Mumble
    2016-07-10 07:50 - 2013-04-05 23:54 - 00000000 ____D C:\Program Files (x86)\Terraria
    2016-07-09 21:36 - 2013-06-27 20:08 - 00000000 ____D C:\Windows\pss
    2016-07-09 20:35 - 2013-03-29 21:05 - 00000000 ____D C:\Program Files (x86)\OBS
    2016-07-09 20:35 - 2013-03-03 20:55 - 00000000 ____D C:\Users\garrett morrow\Downloads\Donkey Kong Country
    2016-07-09 20:35 - 2012-10-01 01:03 - 00000000 ____D C:\Users\garrett morrow\Downloads\Adobe Flash CS3 Professional
    2016-07-09 20:18 - 2012-02-25 17:10 - 00001007 _____ C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-07-09 08:47 - 2012-07-15 13:14 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2016-07-09 08:46 - 2015-03-12 21:11 - 00000000 ____D C:\Program Files (x86)\Glyph
    2016-07-08 17:27 - 2012-06-14 05:30 - 00000000 ____D C:\Windows\System32\Tasks\Symantec
    2016-07-08 17:26 - 2012-09-21 00:14 - 00000000 ____D C:\ProgramData\HP Photo Creations
    2016-07-08 11:54 - 2012-02-25 22:50 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\ElevatedDiagnostics
    2016-07-08 11:39 - 2012-02-29 17:09 - 00001908 _____ C:\Windows\diagwrn.xml
    2016-07-08 11:39 - 2012-02-29 17:09 - 00001908 _____ C:\Windows\diagerr.xml
    2016-07-08 11:38 - 2011-01-01 04:45 - 00000000 ____D C:\Windows\Panther
    2016-07-08 09:02 - 2012-11-05 00:51 - 00395776 ___SH C:\Users\garrett morrow\Thumbs.db
    2016-07-08 07:36 - 2012-02-25 21:07 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\Deployment
    2016-07-08 04:09 - 2012-06-06 23:21 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\TSVNCache
    2016-07-08 03:53 - 2016-05-15 20:14 - 00001881 _____ C:\Users\Public\Desktop\Defraggler.lnk
    2016-07-08 03:27 - 2015-08-20 19:01 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2016-07-08 03:23 - 2015-04-01 02:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-07-07 18:36 - 2014-04-23 03:01 - 00000000 ____D C:\Windows\TempDC49A281-EC29-A35F-DC3A-1F35D732DCD9-Signatures
    2016-07-07 17:33 - 2015-08-20 19:01 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-07-07 17:13 - 2013-04-26 22:20 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\TS3Client
    2016-07-07 17:13 - 2012-04-10 00:26 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\LogMeIn Hamachi
    2016-07-07 15:14 - 2012-04-01 18:29 - 00000000 ____D C:\Users\garrett morrow\AppData\Roaming\Skype
    2016-07-05 07:22 - 2012-02-25 17:10 - 00000000 ____D C:\Users\garrett morrow\AppData\Local\VirtualStore
    2016-07-01 05:58 - 2016-01-27 10:37 - 00000000 ____D C:\Users\garrett morrow\Documents\ShareX
    2016-06-28 02:17 - 2016-05-03 02:59 - 00000000 ____D C:\Program Files (x86)\Overwatch
    2016-06-28 01:53 - 2012-02-25 19:10 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2016-06-22 19:08 - 2015-04-04 20:49 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
    2016-06-22 19:07 - 2012-05-15 15:44 - 00000000 ____D C:\Program Files (x86)\Diablo III
    2016-06-22 01:28 - 2012-02-29 17:51 - 00000000 ____D C:\Program Files\World of Warcraft
    2016-06-21 12:13 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2016-06-17 17:49 - 2016-01-20 14:34 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

    ==================== Files in the root of some directories =======

    2014-05-31 00:31 - 2014-06-04 23:50 - 0000281 _____ () C:\Users\garrett morrow\AppData\Roaming\BreakingPoint_Login.ini
    2014-05-30 22:08 - 2014-06-05 01:03 - 0001333 _____ () C:\Users\garrett morrow\AppData\Roaming\BreakingPoint_Options.ini
    2014-04-14 17:14 - 2014-04-14 17:14 - 0000047 _____ () C:\Users\garrett morrow\AppData\Roaming\mbam.context.scan
    2015-07-24 05:40 - 2015-07-24 05:40 - 0000105 _____ () C:\Users\garrett morrow\AppData\Roaming\settings.xml
    2014-03-05 04:06 - 2016-05-19 00:20 - 0000182 _____ () C:\Users\garrett morrow\AppData\Roaming\WB.CFG
    2013-04-08 21:52 - 2015-12-01 16:19 - 0013824 _____ () C:\Users\garrett morrow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-03-15 22:09 - 2012-03-15 22:09 - 0000102 _____ () C:\Users\garrett morrow\AppData\Local\fusioncache.dat
    2015-04-20 13:18 - 2015-04-20 13:18 - 0007060 _____ () C:\Users\garrett morrow\AppData\Local\recently-used.xbel
    2013-06-27 20:09 - 2015-04-21 17:52 - 0007597 _____ () C:\Users\garrett morrow\AppData\Local\resmon.resmoncfg
    2015-06-30 00:10 - 2015-06-30 00:10 - 0000000 _____ () C:\Users\garrett morrow\AppData\Local\{0471352D-A327-4189-8AA8-D93F51EDD5E7}
    2015-07-10 00:09 - 2015-07-10 00:09 - 0000000 _____ () C:\Users\garrett morrow\AppData\Local\{8BA21D1F-682D-4F74-A02D-FE600D64E468}
    2012-09-21 00:10 - 2012-09-21 00:10 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-07-05 07:13 - 2016-07-11 13:17 - 0001609 _____ () C:\ProgramData\Client Monitor
    ZeroAccess:
    C:\Program Files (x86)\Google\Desktop\Install

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-03-01 15:53

    ==================== End of FRST.txt ============================
     
  25. GMorrow

    GMorrow TS Rookie Topic Starter Posts: 20

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2016 01
    Ran by garrett morrow (2016-07-11 23:52:17)
    Running from C:\Users\garrett morrow\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2012-02-25 22:08:34)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4182545111-3799939734-1776222819-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-4182545111-3799939734-1776222819-1004 - Limited - Enabled)
    garrett morrow (S-1-5-21-4182545111-3799939734-1776222819-1000 - Administrator - Enabled) => C:\Users\garrett morrow
    Guest (S-1-5-21-4182545111-3799939734-1776222819-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-4182545111-3799939734-1776222819-1006 - Limited - Enabled)
    Mcx1-GARRETTMORROW (S-1-5-21-4182545111-3799939734-1776222819-1007 - Limited - Enabled) => C:\Users\Mcx1-GARRETTMORROW

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @Bios (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE)
    µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29462 - BitTorrent Inc.)
    7 Days to Die (HKLM\...\Steam App 251570) (Version: - The Fun Pimps)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.268 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.146 - Adobe Systems Incorporated)
    Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Application Profiles (x32 Version: 2.0.4331.36041 - Advanced Micro Devices, Inc.) Hidden
    ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
    Arma 3 (HKLM\...\Steam App 107410) (Version: - Bohemia Interactive)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
    AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    AV Music Morpher (HKLM-x32\...\AV Music Morpher) (Version: - )
    Bandicam (HKLM-x32\...\Bandicam) (Version: 2.2.4.811 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Bandizip (HKLM\...\Bandizip) (Version: 5.0 - Bandisoft.com)
    Banished (HKLM-x32\...\1207660783_is1) (Version: 2.3.0.7 - GOG.com)
    Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 1.132.0 - EA Digital Illusions CE AB)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
    CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
    Creativerse (HKLM\...\Steam App 280790) (Version: - Playful Corporation)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    Curse Client (HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DC Universe Online Live (HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\SOE-DC Universe Online Live) (Version: - Sony Online Entertainment)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Discord (HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\Discord) (Version: 0.0.292 - Hammer & Chisel, Inc.)
    Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
    Driver Detective (HKLM-x32\...\{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}) (Version: 7 - PC Drivers HeadQuarters)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    Easy Tune 6 B11.0427.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
    Easy Tune 6 B11.0427.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    EasySaver B9.1214.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
    Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
    f.lux (HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\Flux) (Version: - )
    File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
    FLV Converter 3.5 (HKLM-x32\...\{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1) (Version: - FLV Converter)
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    Free Disc Burner (HKLM-x32\...\Free Disc Burner_is1) (Version: 3.0.48.511 - Digital Wave Ltd)
    Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2 (HKLM-x32\...\Free FLV to AVI MP4 3GP WMV MP3 Converter_is1) (Version: 2.0 - www.appfree.net)
    FreeFixer (HKLM-x32\...\FreeFixer1.13) (Version: 1.13 - Kephyr)
    Game Cam 2.6.1.0 (HKLM-x32\...\Game Cam) (Version: 2.6.1.0 - Game Cam Portal, Inc.)
    GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.1242.41000 - YoYo Games Ltd.)
    Gigantic Installer (HKLM-x32\...\{fb714f96-ecf3-484b-b780-edbd9e241da7}) (Version: 1.0.0.2 - Motiga Inc.)
    Gigantic Launcher (64-bit) (Version: 1.3.0.1 - Motiga Inc.) Hidden
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
    Gyazo 3.2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
    H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version: - Daybreak Game Company)
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
    HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9452 - HP Photo Creations)
    HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
    HydraVision (x32 Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
    iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
    Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    Joystix Pro (HKLM-x32\...\{7254274D-3F70-4EDD-9BEE-EA6BAD5636B4}) (Version: 2.0.0.0 - Blue Orb, Inc.)
    League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.1.0.284 - LogMeIn, Inc.) Hidden
    LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
    Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
    NETGEAR WNDA4100 Genie (HKLM-x32\...\InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.0 - NETGEAR)
    NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.0 - NETGEAR) Hidden
    NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
    ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    Open Garden (HKLM-x32\...\OpenGarden) (Version: - )
    Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
    osu! (HKLM-x32\...\{8b2ebce3-1627-477d-93f9-aba7ba89f4d6}) (Version: latest - ppy Pty Ltd)
    Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.7.0.0 - Pando Networks Inc.)
    PdaNet+ for Android 4.18 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
    PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1053.0 - Passmark Software)
    Portal 2 (HKLM-x32\...\Postal 2_is1) (Version: - )
    RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com)
    Raptr (HKLM-x32\...\Raptr) (Version: 5.2.1-r113066-release - Raptr, Inc)
    Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
    Registry Repair 5.0.1.80 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.80 - Glarysoft Ltd)
    RegUtility version 4.1 (HKLM-x32\...\RegUtility_is1) (Version: 4.1 - )
    Robocraft version 0.3.290 (HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.3.290 - Freejam)
    Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix)
    Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios)
    ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 10.6.1 - ShareX Team)
    ShellShock Live (HKLM\...\Steam App 326460) (Version: - kChamp Games)
    Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games)
    Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
    Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
    Soundboard (HKLM-x32\...\Soundboard) (Version: 1.0.0 - UNKNOWN)
    Soundboard (x32 Version: 1.0.0 - UNKNOWN) Hidden
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Splashtop Connect IE (HKLM-x32\...\{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}) (Version: 1.1.13.1 - Splashtop Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
    TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
    The Lord of the Rings Online™ v03.05.01.8027 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.05.01.8027 - Turbine, Inc.)
    Tom Clancy's The Division Beta (HKLM-x32\...\Uplay Install 2036) (Version: - Ubisoft)
    TortoiseSVN 1.7.7.22907 (64 bit) (HKLM\...\{4371D69B-FB6A-4A61-8477-C1B919FB2311}) (Version: 1.7.22907 - TortoiseSVN)
    Trove (HKLM-x32\...\Glyph Trove) (Version: - Trion Worlds, Inc.)
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
    UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
    Unreal Development Kit: 2012-05 (HKLM\...\UDK-308f4ab7-e65e-4670-9e6a-205909a26eac) (Version: - Epic Games, Inc.)
    Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Vegas Pro 11.0 (HKLM-x32\...\{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}) (Version: 11.0.682 - Sony)
    Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
    WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
    Windows Essentials Media Codec Pack 4.7 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.7 - Media Codec)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WinX DVD Author 6.2 (HKLM-x32\...\WinX DVD Author_is1) (Version: - DigiartySoft, Inc.)
    Wise Registry Cleaner 9.22 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 9.22 - WiseCleaner.com, Inc.)
    World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 4.0.0.12911 - Blizzard Entertainment)
    XSplit Broadcaster (HKLM-x32\...\{6F937E75-B6D6-4C2C-B864-90AA91EFF8B2}) (Version: 1.3.1403.1202 - SplitmediaLabs)
    XSplit Gamecaster (HKLM-x32\...\{02297800-E109-4A50-8F82-AACD0844A051}) (Version: 2.5.1507.3024 - SplitmediaLabs)
    ZoneAlarm Antivirus (x32 Version: 14.2.255.000 - Check Point Software Technologies Ltd.) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2FD49EFD-BDD3-4BF7-9AEA-CCF43674425E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-07] (AVAST Software)
    Task: {4F5286F4-5C4A-475A-864A-A2E1340E8596} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
    Task: {5683D25B-E3F8-438A-B0D6-C1779E771A32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
    Task: {5F1060B3-86E6-4136-9EA9-E531DF7FBA35} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
    Task: {63A790D1-03FC-46CA-BF1D-23D42981DAE7} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-05-03] (Advanced Micro Devices, Inc.)
    Task: {6F0A142E-0040-416F-A191-DDA6163C68F4} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-GARRETTMORROW => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
    Task: {7737742A-C8A1-4055-AF4B-9E41CA1C7304} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
    Task: {9165398F-F529-48A8-9C51-02D6473747FE} - System32\Tasks\{76F04047-1676-4F09-ABDA-FC763D27FA1A} => pcalua.exe -a "C:\Users\garrett morrow\Downloads\pecsetup.exe" -d "C:\Users\garrett morrow\Desktop"
    Task: {AF4A525D-86AF-4D71-BAB0-5930D3F4E51A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {B8BDE466-EDCB-47F0-B55F-436E58578B41} - System32\Tasks\{94722EA7-C91D-4616-B8D3-0998EB0EF39A} => C:\Program Files (x86)\Steam\Steam.exe [2016-07-08] (Valve Corporation)
    Task: {BB6AE6EC-1262-4D51-8886-E1D37EF57B36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
    Task: {CF994412-DD0B-47DF-B427-22E550782F87} - \Client Monitor -> No File <==== ATTENTION
    Task: {EDF97A23-D7EB-4999-89C8-8088559C5362} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\garrett morrow\Desktop\Old Desktop\Random\STUFF I DONT NEED\Games (2).lnk -> hxxp://socialgames.splashtop.com/redirectGames/?oem=gbbcu01&os=Windows&p=GA-990XA-UD3&pv=1.1.13&v=1&flv=&c=1033&t=d41d8cd98f00b204e9800998ecf8427e&l=en-US (No File)
    Shortcut: C:\Users\garrett morrow\Desktop\Old Desktop\Random\STUFF I DONT NEED\Games.lnk -> hxxp://socialgames.splashtop.com/redirectGames/?oem=gbbcu01&os=Windows&p=GA-990XA-UD3&pv=1.1.13&v=1&flv=&c=1033&t=d41d8cd98f00b204e9800998ecf8427e&l=en-US (No File)
    Shortcut: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\GameExplorer\{65BCE8F2-4C15-44D2-B53C-F2EC5ABA0642}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/games/ (No File)
    Shortcut: C:\Users\garrett morrow\AppData\Local\Microsoft\Windows\GameExplorer\{65BCE8F2-4C15-44D2-B53C-F2EC5ABA0642}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.ageofempires3.com/ (No File)
    Shortcut: C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk -> hxxp://socialgames.splashtop.com/redirectGames/?oem=gbbcu01&os=Windows&p=GA-990XA-UD3&pv=1.1.13&v=1&flv=&c=1033&t=d41d8cd98f00b204e9800998ecf8427e&l=en-US (No File)

    ==================== Loaded Modules (Whitelisted) ==============

    2012-05-15 13:29 - 2012-05-15 13:29 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
    2016-06-17 17:49 - 2016-06-15 03:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
    2016-06-17 17:49 - 2016-06-15 03:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
    2016-06-17 17:49 - 2016-06-15 03:26 - 31519384 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll
    2016-07-11 19:29 - 2016-07-08 19:02 - 01746104 _____ () C:\Users\garrett morrow\AppData\Local\Discord\app-0.0.292\ffmpeg.dll
    2016-07-11 21:28 - 2016-07-11 21:28 - 00315064 _____ () \\?\C:\Users\garrett morrow\AppData\Roaming\discord\0.0.292\modules\discord_voice\discord_voice.node
    2016-07-11 21:28 - 2016-07-11 21:28 - 02611896 _____ () \\?\C:\Users\garrett morrow\AppData\Roaming\discord\0.0.292\modules\discord_voice\libdiscord.dll
    2016-07-11 21:28 - 2016-07-11 21:28 - 00193208 _____ () \\?\C:\Users\garrett morrow\AppData\Roaming\discord\0.0.292\modules\discord_utils\discord_utils.node
    2014-01-03 19:03 - 2014-01-03 19:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
    2014-01-03 19:03 - 2014-01-03 19:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
    2014-01-03 19:03 - 2014-01-03 19:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
    2014-01-03 19:03 - 2014-01-03 19:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
    2014-01-03 19:03 - 2014-01-03 19:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
    2016-07-11 19:29 - 2016-07-08 19:02 - 01843896 _____ () C:\Users\garrett morrow\AppData\Local\Discord\app-0.0.292\libglesv2.dll
    2016-07-11 19:29 - 2016-07-08 19:02 - 00020664 _____ () C:\Users\garrett morrow\AppData\Local\Discord\app-0.0.292\libegl.dll
    2016-07-11 22:47 - 2016-07-11 22:47 - 00140800 _____ () \\?\C:\Users\garrett morrow\AppData\Local\Temp\D74B.tmp.node
    2012-05-15 12:54 - 2012-05-15 12:54 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\...\sony.com -> sony.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2016-07-11 22:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4182545111-3799939734-1776222819-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\garrett morrow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMD FUEL Service => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: BBSvc => 2
    MSCONFIG\Services: BEService => 3
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: ES lite Service => 2
    MSCONFIG\Services: EvoSvc => 3
    MSCONFIG\Services: Hamachi2Svc => 2
    MSCONFIG\Services: HiPatchService => 2
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LMIGuardianSvc => 2
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: McComponentHostService => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: RalinkRegistryWriter => 2
    MSCONFIG\Services: RalinkRegistryWriter64 => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\Services: UMVPFSrv => 2
    MSCONFIG\Services: WCUService_STC_IE => 2
    MSCONFIG\Services: xates => 2
    MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
    MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{B3E6BF84-F7D8-454D-A109-C76F073CB60C}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Allow) C:\program files (x86)\pando networks\media booster\pmb.exe
    FirewallRules: [UDP Query User{B0AB9D61-02C4-47AD-94D6-635B0EF4187F}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Allow) C:\program files (x86)\pando networks\media booster\pmb.exe
    FirewallRules: [TCP Query User{226D3F56-5C07-488C-B4F9-D43C8734AC21}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [UDP Query User{FC3226F6-75EC-43A9-956F-663E0658D3EE}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [{B60C8175-C208-4600-9B91-48B2B17EC126}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1042321B-4369-4D27-9179-A04C9DEC188C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [TCP Query User{185A2A0F-7641-4A79-9E7E-A8F61D15F979}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{23603CAA-57EA-4C74-AA56-3B36B00DAC23}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{C18B6803-29AD-4DD0-811E-41A04B9F0FA5}] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{CDD6778E-AB1A-4501-B54D-188F56709583}] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{0CC936BF-B9B5-4963-97E4-07E3C006E6F6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{D1BCCC58-8EB1-4C35-BC3B-92AD9B052B52}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
    FirewallRules: [UDP Query User{5669EC91-C1BC-4C1D-AF13-B76FC6B681EF}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
    FirewallRules: [{032F361A-E34C-4DF4-AD1D-46A25668586B}] => (Block) C:\program files (x86)\gigabyte\@bios\gwflash.exe
    FirewallRules: [{9BD9ACEE-B0B7-4CE9-9F11-0F2E9A4AD80A}] => (Block) C:\program files (x86)\gigabyte\@bios\gwflash.exe
    FirewallRules: [TCP Query User{474AA30F-096A-43B8-8811-E78B8F238B85}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Allow) C:\program files (x86)\pando networks\media booster\pmb.exe
    FirewallRules: [UDP Query User{E2A12157-D8DF-4AEA-8F56-EADBAC27F443}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Allow) C:\program files (x86)\pando networks\media booster\pmb.exe
    FirewallRules: [TCP Query User{2FF55198-140C-4A92-8A26-407ECB1EFE54}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
    FirewallRules: [UDP Query User{477EAA1B-6FA3-4516-9FA2-A6DE30387F70}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
    FirewallRules: [TCP Query User{032BD8D3-30E4-4F0E-B20F-CA8D8B4B6782}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
    FirewallRules: [UDP Query User{82DE9F4C-AC1C-4A93-A74C-8597079DB610}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
    FirewallRules: [TCP Query User{EC207696-A280-487A-B0B3-41166D228568}C:\program files (x86)\gigabyte\easysaver\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\easysaver\updexe.exe
    FirewallRules: [UDP Query User{F74A8F7A-699D-408E-8E4A-1539FE94AB12}C:\program files (x86)\gigabyte\easysaver\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\easysaver\updexe.exe
    FirewallRules: [TCP Query User{AF38CE04-26B4-4986-A92D-4EFF49F9C198}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\easysaver\gbtupd.exe
    FirewallRules: [UDP Query User{C7B5F216-C252-441D-9FA0-68D7F513F640}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\easysaver\gbtupd.exe
    FirewallRules: [TCP Query User{9EA7D4CE-2DE8-4EDF-A0C3-99DB75D7F94E}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\updexe.exe
    FirewallRules: [UDP Query User{71D6A4F5-C435-4FBE-84F6-C9C32CA36969}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\updexe.exe
    FirewallRules: [TCP Query User{4D3DEAA6-A359-4729-A11A-955B6084755C}C:\program files (x86)\gigabyte\@bios\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gbtupd.exe
    FirewallRules: [UDP Query User{976CEC3E-EF8A-49C8-B10F-7E74BC757562}C:\program files (x86)\gigabyte\@bios\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gbtupd.exe
    FirewallRules: [{DBD23DF6-F540-44EE-BF70-9A351AD706D2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{ECB12792-2CB3-46F1-9ABF-B6E9EB5320EA}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{00854B2D-65EE-4592-982E-536F89EA8CC2}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{06FEC775-5D91-4805-B458-F4486EFAC122}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{443DF699-B8EC-4352-A7DC-CBE907566EA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{30292FA7-727D-46F6-8C2E-0F00551194FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{28F06E20-C53C-4FD1-B561-0165D3121A49}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{0CA02A79-CBB3-4CF5-B99F-B13906AE34BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{F46EEAFE-69EF-4709-80C9-F72383D44751}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C6850027-8A51-40C2-9CA8-1CAF4B72669A}] => (Allow) C:\Program Files (x86)\Open Garden\OpenGarden.exe
    FirewallRules: [{27E478B2-70F5-4DB1-B629-58EB06AF36BF}] => (Allow) C:\Program Files (x86)\Open Garden\OpenGarden.exe
    FirewallRules: [{E3477406-0EB7-491B-9FD8-3BE155DED6DE}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
    FirewallRules: [{5D5EA5EF-F3A1-43C8-AF3E-D6AE0618A86B}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
    FirewallRules: [{7CCE99DE-2556-472C-89B8-061DE003CC56}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{736405C3-DCF2-417A-8C28-EF13F9790EF0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
    FirewallRules: [{437B0745-B9C5-4E89-A6DA-C680294B81AE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
    FirewallRules: [{2455AE26-96CE-4408-BE79-316964C6C8B4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
    FirewallRules: [{42E119B1-8EF5-45F4-841F-3D5FB8A4C4DC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
    FirewallRules: [{9C347E02-731D-43AE-897A-0812820F6C0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
    FirewallRules: [{10E34CA6-67EF-486A-A015-1027D7BC9C85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
    FirewallRules: [{1E3A183E-FD31-42E2-8922-527C9412BCEC}] => (Allow) C:\Users\garrett morrow\Downloads\World.of.Warcraft.3.3.5a.Truewow\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
    FirewallRules: [{B7EF8F10-72CF-4A75-918A-1CADE2A2B521}] => (Allow) C:\Users\garrett morrow\Downloads\World.of.Warcraft.3.3.5a.Truewow\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
    FirewallRules: [{7C379C11-3B7B-4518-9C6E-8CF8251CB259}] => (Allow) C:\Users\garrett morrow\Downloads\World.of.Warcraft.3.3.5a.Truewow\Launcher.exe
    FirewallRules: [{4FEFDE14-C243-4B0F-A936-0E41E960BCC2}] => (Allow) C:\Users\garrett morrow\Downloads\World.of.Warcraft.3.3.5a.Truewow\Launcher.exe
    FirewallRules: [{E90F08B3-A326-44DF-87B4-CDF9CAA7C245}] => (Allow) C:\Users\garrett morrow\Downloads\World.of.Warcraft.3.3.5a.Truewow\Launcher.patch.exe
    FirewallRules: [{CA4C43E3-C180-4941-8899-9595D91FAE61}] => (Allow) C:\Users\garrett morrow\Downloads\World.of.Warcraft.3.3.5a.Truewow\Launcher.patch.exe
    FirewallRules: [TCP Query User{C1BBB4DF-5E43-48C5-88CA-4697FF2E583C}C:\users\garrett morrow\downloads\world.of.warcraft.3.3.5a.truewow\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\users\garrett morrow\downloads\world.of.warcraft.3.3.5a.truewow\temp\wow-4.3-5.0.15890-enus-downloader.exe
    FirewallRules: [UDP Query User{E632F89B-9BD0-4074-83D9-E836B279585B}C:\users\garrett morrow\downloads\world.of.warcraft.3.3.5a.truewow\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\users\garrett morrow\downloads\world.of.warcraft.3.3.5a.truewow\temp\wow-4.3-5.0.15890-enus-downloader.exe

    ==================== Restore Points =========================

    10-07-2016 08:02:02 Windows Update
    11-07-2016 10:57:32 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: Universal Serial Bus (USB) Controller
    Description: Universal Serial Bus (USB) Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Universal Serial Bus (USB) Controller
    Description: Universal Serial Bus (USB) Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/11/2016 03:30:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program chrome.exe version 51.0.2704.103 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 74c

    Start Time: 01d1dbae28950b5d

    Termination Time: 3

    Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    Report Id: 433796b1-47a6-11e6-8bee-50e549c82452

    Error: (07/11/2016 02:27:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000055b0fd8
    Faulting process id: 0x660
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (07/11/2016 02:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Install.exe_ZoneAlarm, version: 14.2.255.0, time stamp: 0x5761ee39
    Faulting module name: vsinit.dll_unloaded, version: 0.0.0.0, time stamp: 0x5761d47e
    Exception code: 0xc0000005
    Fault offset: 0x730eb434
    Faulting process id: 0xec0
    Faulting application start time: 0xInstall.exe_ZoneAlarm0
    Faulting application path: Install.exe_ZoneAlarm1
    Faulting module path: Install.exe_ZoneAlarm2
    Report Id: Install.exe_ZoneAlarm3

    Error: (07/11/2016 02:12:24 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Install.exe_ZoneAlarm, version: 14.2.255.0, time stamp: 0x5761ee39
    Faulting module name: vsinit.dll_unloaded, version: 0.0.0.0, time stamp: 0x5761d47e
    Exception code: 0xc0000005
    Fault offset: 0x7311b05b
    Faulting process id: 0xec0
    Faulting application start time: 0xInstall.exe_ZoneAlarm0
    Faulting application path: Install.exe_ZoneAlarm1
    Faulting module path: Install.exe_ZoneAlarm2
    Report Id: Install.exe_ZoneAlarm3

    Error: (07/11/2016 02:11:03 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: garrettmorrow)
    Description: Application or service 'ZoneAlarm Privacy Service' could not be shut down.

    Error: (07/11/2016 02:11:03 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: garrettmorrow)
    Description: Application or service 'ZoneAlarm Privacy Service' could not be shut down.

    Error: (07/11/2016 02:10:11 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: garrettmorrow)
    Description: Application or service 'ZoneAlarm' could not be shut down.

    Error: (07/11/2016 02:00:23 PM) (Source: Winlogon) (EventID: 4004) (User: )
    Description: The Windows logon process has failed to terminate the currently logged on user's processes.

    Error: (07/11/2016 12:12:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: client.exe, version: 2.11.3.5, time stamp: 0x577ba247
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
    Exception code: 0xe053534f
    Fault offset: 0x0000c54f
    Faulting process id: 0x%9
    Faulting application start time: 0xclient.exe0
    Faulting application path: client.exe1
    Faulting module path: client.exe2
    Report Id: client.exe3

    Error: (07/11/2016 12:11:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: client.exe, version: 2.11.3.5, time stamp: 0x577ba247
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
    Exception code: 0xe053534f
    Fault offset: 0x0000c54f
    Faulting process id: 0x%9
    Faulting application start time: 0xclient.exe0
    Faulting application path: client.exe1
    Faulting module path: client.exe2
    Report Id: client.exe3


    System errors:
    =============
    Error: (07/11/2016 10:39:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (07/11/2016 10:34:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (07/11/2016 10:33:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Microsoft Antimalware Service service failed to start due to the following error:
    %%2 = The system cannot find the file specified.


    Error: (07/11/2016 10:32:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (07/11/2016 10:31:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (07/11/2016 10:27:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (07/11/2016 10:22:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
    %%1056 = An instance of the service is already running.


    Error: (07/11/2016 10:19:45 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
    %%1056 = An instance of the service is already running.


    Error: (07/11/2016 10:19:45 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:
    %%1056 = An instance of the service is already running.


    Error: (07/11/2016 10:17:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2016-07-11 22:31:52.433
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-07-11 22:31:52.371
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-07-07 19:05:15.425
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\EasyAntiCheat.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-07 18:37:43.009
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-07 18:36:54.774
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-07 18:36:54.649
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-07 18:36:13.231
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-07 17:33:28.593
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-10 02:30:25.349
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-10 02:29:48.429
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-4100 Quad-Core Processor
    Percentage of memory in use: 50%
    Total physical RAM: 8173.24 MB
    Available physical RAM: 4013.62 MB
    Total Virtual: 16344.67 MB
    Available Virtual: 11215.92 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1397.17 GB) (Free:753.22 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 1F13A85E)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...