WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

User crash and 127.0.0.1:8080 proxy issue [Closed]

Started by dwmcneil , Jun 21 2015 08:00 PM

This topic is locked

7 replies to this topic

#1 dwmcneil

New Member

New Member
3 posts

Posted 21 June 2015 - 08:00 PM

My son's user cannot function for more than a minute before BSOD
As well, the machine seems to have a proxy set - even without the proxy settings being checked - ie. there is no proxy set in the LAN settings of Internet Options - but all browsers (IE and Chrome) claim they cannot access the proxy 127.0.0.1:8080
I have IE working with a hack of file://localhost/proxy.pac in the "Use Automatic configuration script" and unchecking "Automatically detect settings", but Chrome still claims there's a proxy setup

Thanks much for your time!
Peace,

Dan

Here are the logs:

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-06-21 21:24:58
-----------------------------
21:24:58.236    OS Version: Windows x64 6.2.9200
21:24:58.236    Number of processors: 8 586 0x3C03
21:24:58.236    ComputerName: ICEDNETHOME8700 UserName: dan
21:25:00.283    Initialize success
21:25:00.393    VM: initialized successfully
21:25:00.393    VM: Intel CPU supported
21:25:05.929    VM: disk I/O iaStorA.sys
21:25:56.991    The log file has been saved successfully to "C:\Users\dan\Desktop\aswMBR.txt"
21:26:02.331    AVAST engine defs: 15062001
21:26:10.925    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
21:26:10.925    Disk 0 Vendor: ST1000DM003-1CH162 CC47 Size: 953869MB BusType: 11
21:26:11.112    Disk 0 MBR read successfully
21:26:11.112    Disk 0 MBR scan
21:26:11.128    Disk 0 unknown MBR code
21:26:11.143    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
21:26:11.222    Disk 0 scanning C:\WINDOWS\system32\drivers
21:26:26.316    Service scanning
21:26:54.582    Modules scanning
21:26:54.582    Disk 0 trace - called modules:
21:26:54.629    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
21:26:54.629    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00022fb1060]
21:26:54.644    3 CLASSPNP.SYS[fffff8008ce48170] -> nt!IofCallDriver -> [0xffffe00021f7e990]
21:26:54.644    5 ACPI.sys[fffff8008c6e2c21] -> nt!IofCallDriver -> [0xffffe00020053cd0]
21:26:54.660    7 ACPI.sys[fffff8008c6e2c21] -> nt!IofCallDriver -> \Device\00000032[0xffffe00020053470]
21:26:56.113    AVAST engine scan C:\WINDOWS
21:26:57.332    File: C:\WINDOWS\memupdate.exe **INFECTED** Win32:Malware-gen
21:26:58.629    File: C:\WINDOWS\wuappl.exe **INFECTED** Win32:Malware-gen
21:27:00.145    AVAST engine scan C:\WINDOWS\system32
21:30:14.374    AVAST engine scan C:\WINDOWS\system32\drivers
21:30:33.286    AVAST engine scan C:\Users\dan
21:30:53.583    File: C:\Users\dan\AppData\Local\Microsoft\Windows\INetCache\IE\0N3DLW1W\Setup[1].exe **INFECTED** Win32:Malware-gen
21:33:20.534    File: C:\Users\dan\AppData\Local\Temp\nsh858E.tmp **INFECTED** Win32:Malware-gen
21:34:24.473    AVAST engine scan C:\ProgramData
21:37:48.416    Disk 0 statistics 4006534/0/0 @ 5.03 MB/s
21:37:48.431    Scan finished successfully
21:42:31.372    Disk 0 MBR has been saved successfully to "C:\Users\dan\Downloads\MBR.dat"
21:42:31.372    The log file has been saved successfully to "C:\Users\dan\Downloads\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by dan (administrator) on ICEDNETHOME8700 on 21-06-2015 21:32:16
Running from C:\Users\dan\Downloads
Loaded Profiles: dan (Available Profiles: dan & danieliv & davidmmc & alexjmc)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Sysinternals - www.sysinternals.com) C:\Users\dan\Downloads\Desktops.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(AVAST Software) C:\Users\dan\Downloads\aswMBR.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] (Qualcomm Atheros Commnucations)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-17950624-3732629699-127579038-1001\...\Run: [Sysinternals Desktops] => C:\Users\dan\Downloads\Desktops.exe [116824 2013-11-10] (Sysinternals - www.sysinternals.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-02-14]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-17950624-3732629699-127579038-1006\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-17950624-3732629699-127579038-1005\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-17950624-3732629699-127579038-1004\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-17950624-3732629699-127579038-1001\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-17950624-3732629699-127579038-1001] => file://localhost/proxy.pac
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-17950624-3732629699-127579038-1001 -> {3A21EE92-79BA-45D6-9CAE-0F608E97621B} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-17950624-3732629699-127579038-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-21] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-17950624-3732629699-127579038-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-26] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-21]
CHR Extension: (Google Drive) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-21]
CHR Extension: (YouTube) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-21]
CHR Extension: (Google Search) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-21]
CHR Extension: (Gmail) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-21]
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eeafbffkmccheohnooflcnppngmobeoe] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ellbonkjdmgdghkojcjmomekmjpdffde] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fllgpcmelbfhcligbphaaplminjpbiad] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpjocjloojeicikiokfiekcdpojgfefc] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jmnkgjdfgnjhmnopgmkcpigenfhgajdj] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfbhfniohjdklgcmbmemnpaimpdaikea] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oaobejgaaiojgggjojlcpbembaoajbmc] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eeafbffkmccheohnooflcnppngmobeoe] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ellbonkjdmgdghkojcjmomekmjpdffde] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fllgpcmelbfhcligbphaaplminjpbiad] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hpjocjloojeicikiokfiekcdpojgfefc] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmnkgjdfgnjhmnopgmkcpigenfhgajdj] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfbhfniohjdklgcmbmemnpaimpdaikea] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oaobejgaaiojgggjojlcpbembaoajbmc] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1526936 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-05] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-10] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]
S2 WinGraph; C:\WINDOWS\wnavga.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67552 2015-04-14] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [285152 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [55128 2015-06-06] (Intel Corporation)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
U3 aswMBR; \??\C:\Users\dan\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\dan\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-21 21:32 - 2015-06-21 21:32 - 00018900 _____ C:\Users\dan\Downloads\FRST.txt
2015-06-21 21:31 - 2015-06-21 21:32 - 00000000 ____D C:\FRST
2015-06-21 21:30 - 2015-06-21 21:30 - 02109952 _____ (Farbar) C:\Users\dan\Downloads\FRST64.exe
2015-06-21 21:25 - 2015-06-21 21:25 - 00000551 _____ C:\Users\dan\Desktop\aswMBR.txt
2015-06-21 21:23 - 2015-06-21 21:24 - 05198336 _____ (AVAST Software) C:\Users\dan\Downloads\aswMBR.exe
2015-06-21 21:10 - 2015-06-21 21:10 - 00000000 ___RD C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-06-21 21:09 - 2015-06-21 21:09 - 00000000 ____D C:\ProgramData\ATI
2015-06-21 21:07 - 2015-06-21 21:07 - 00060601 _____ C:\WINDOWS\SysWOW64\CCCInstall_201506212107496441.log
2015-06-21 21:07 - 2015-06-21 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-06-21 21:03 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-06-21 21:03 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-06-21 21:02 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-06-21 21:02 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-06-21 21:02 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-06-21 21:02 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-06-21 20:49 - 2015-06-21 20:49 - 00002273 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-21 20:49 - 2015-06-21 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-21 20:47 - 2015-06-21 21:10 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-21 20:47 - 2015-06-21 21:04 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-21 20:47 - 2015-06-21 20:47 - 00000000 ____D C:\Users\dan\AppData\Local\Deployment
2015-06-21 20:38 - 2015-06-21 20:38 - 00000000 ____D C:\Users\dan\AppData\Local\GWX
2015-06-21 20:34 - 2015-06-21 20:35 - 00280480 _____ C:\WINDOWS\Minidump\062115-42593-01.dmp
2015-06-21 20:30 - 2015-06-21 20:30 - 00280480 _____ C:\WINDOWS\Minidump\062115-44859-01.dmp
2015-06-21 20:27 - 2015-06-21 20:28 - 00280480 _____ C:\WINDOWS\Minidump\062115-47484-01.dmp
2015-06-21 20:25 - 2015-06-21 20:25 - 00000000 ____D C:\Users\dan\Documents\My Games
2015-06-21 20:22 - 2015-06-21 20:22 - 00000000 ____D C:\Users\dan\AppData\Local\openvr
2015-06-21 19:17 - 2015-06-21 19:18 - 00280424 _____ C:\WINDOWS\Minidump\062115-49140-01.dmp
2015-06-21 18:41 - 2015-06-21 18:41 - 00000000 ____D C:\Users\dan\AppData\Local\Steam
2015-06-21 18:37 - 2015-06-21 21:09 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-21 18:37 - 2015-06-21 18:37 - 00001112 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-21 18:37 - 2015-06-21 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-21 18:37 - 2015-06-21 18:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-21 18:37 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-21 18:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-21 18:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-21 18:36 - 2015-06-21 18:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\dan\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-21 18:35 - 2015-06-21 18:35 - 00280480 _____ C:\WINDOWS\Minidump\062115-39359-01.dmp
2015-06-21 18:29 - 2015-06-21 18:29 - 00000000 ___RD C:\Users\danieliv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-06-21 18:28 - 2015-06-21 18:28 - 00280480 _____ C:\WINDOWS\Minidump\062115-39953-01.dmp
2015-06-21 18:19 - 2015-06-21 18:19 - 00280480 _____ C:\WINDOWS\Minidump\062115-56984-01.dmp
2015-06-21 17:56 - 2015-06-21 20:58 - 00003910 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-21 17:56 - 2015-06-21 20:58 - 00003674 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-21 17:41 - 2015-06-21 19:50 - 00000000 ____D C:\AdwCleaner
2015-06-21 17:36 - 2015-06-21 17:36 - 02244096 _____ C:\Users\dan\Downloads\adwcleaner_4.207.exe
2015-06-21 17:31 - 2015-06-21 17:31 - 00000000 ____D C:\Users\dan\AppData\Roaming\java
2015-06-21 17:27 - 2015-06-21 17:27 - 00280480 _____ C:\WINDOWS\Minidump\062115-47312-01.dmp
2015-06-21 17:24 - 2015-06-21 17:24 - 00280480 _____ C:\WINDOWS\Minidump\062115-46375-01.dmp
2015-06-21 17:21 - 2015-06-21 17:21 - 00280480 _____ C:\WINDOWS\Minidump\062115-50812-01.dmp
2015-06-21 17:18 - 2015-06-21 17:18 - 00000000 ____D C:\Users\danieliv\AppData\Roaming\AVG2015
2015-06-21 17:18 - 2015-06-21 17:18 - 00000000 ____D C:\Users\danieliv\AppData\Local\Avg2015
2015-06-21 17:08 - 2015-06-21 17:08 - 00000000 ____D C:\Users\dan\AppData\Local\VS Revo Group
2015-06-21 17:08 - 2015-06-21 17:08 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-06-21 17:08 - 2015-06-21 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-06-21 17:08 - 2015-06-21 17:08 - 00000000 ____D C:\Program Files\VS Revo Group
2015-06-21 17:08 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-06-21 17:07 - 2015-06-21 17:08 - 10801480 _____ (VS Revo Group ) C:\Users\dan\Downloads\RevoUninProSetup.exe
2015-06-21 17:06 - 2015-06-21 17:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\dan\Downloads\revosetup.exe
2015-06-21 16:31 - 2015-06-21 16:54 - 00000000 ____D C:\WINDOWS\pss
2015-06-21 16:29 - 2015-06-21 16:29 - 00000000 ____D C:\ProgramData\Avg_Update_0215pit
2015-06-21 15:09 - 2015-06-21 15:09 - 00000000 ____D C:\Users\dan\AppData\Roaming\AVG2015
2015-06-21 15:09 - 2015-06-21 15:09 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-21 15:08 - 2015-06-21 15:08 - 00000983 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-21 15:08 - 2015-06-21 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-21 15:07 - 2015-06-21 15:10 - 00000000 ____D C:\ProgramData\AVG2015
2015-06-21 15:07 - 2015-06-21 15:07 - 00000000 ___HD C:\$AVG
2015-06-21 15:06 - 2015-06-21 15:06 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-21 14:57 - 2015-06-21 14:57 - 00232054 _____ C:\Users\dan\Downloads\F71C.tmp
2015-06-21 14:56 - 2015-06-21 21:30 - 00000000 ____D C:\ProgramData\MFAData
2015-06-21 14:56 - 2015-06-21 15:11 - 00000000 ____D C:\Users\dan\AppData\Local\Avg2015
2015-06-21 14:56 - 2015-06-21 14:56 - 00000000 ____D C:\Users\dan\AppData\Local\MFAData
2015-06-21 14:37 - 2015-06-21 14:37 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6640CB12-1B66-4D59-A236-2313D7913D50}
2015-06-21 14:33 - 2015-06-21 14:33 - 00000000 ____D C:\Users\dan\.android
2015-06-21 14:27 - 2015-06-21 19:17 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-21 14:27 - 2015-06-21 14:27 - 00280536 _____ C:\WINDOWS\Minidump\062115-68218-01.dmp
2015-06-21 14:26 - 2015-06-21 20:34 - 566424865 _____ C:\WINDOWS\MEMORY.DMP
2015-06-20 19:06 - 2015-06-20 19:06 - 00000000 ____D C:\Users\dan\AppData\Local\CrashRpt
2015-06-20 18:54 - 2015-06-21 14:33 - 00003458 _____ C:\WINDOWS\System32\Tasks\Oircifaahoca
2015-06-20 18:54 - 2015-06-20 18:54 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-06-20 18:54 - 2015-06-20 18:54 - 00000000 ____D C:\WINDOWS\Lists
2015-06-20 18:54 - 2015-05-28 09:15 - 00131002 _____ C:\WINDOWS\wuappl.exe
2015-06-20 18:54 - 2015-05-28 09:15 - 00131002 _____ C:\WINDOWS\memupdate.exe
2015-06-20 18:54 - 2015-05-14 03:13 - 00018557 _____ C:\WINDOWS\default.cfg
2015-06-20 18:54 - 2015-04-25 05:18 - 00295424 _____ (Groom-A-Zebu ™ ) C:\WINDOWS\system32\ysxja.exe
2015-06-20 18:54 - 2015-04-25 05:18 - 00295424 _____ (Groom-A-Zebu ™ ) C:\WINDOWS\cygavb.exe
2015-06-20 18:54 - 2015-04-25 05:18 - 00053248 _____ C:\WINDOWS\zlib.dll
2015-06-20 18:54 - 2013-12-05 07:36 - 00003542 _____ C:\WINDOWS\mstdcvtr.bat
2015-06-20 18:54 - 2013-06-05 08:38 - 00004122 _____ C:\WINDOWS\plofgye
2015-06-20 18:54 - 2013-06-05 08:37 - 00004194 _____ C:\WINDOWS\soxe
2015-06-20 18:54 - 2013-06-05 08:36 - 00000038 _____ C:\WINDOWS\initcvtr.bat
2015-06-20 18:54 - 2013-01-06 07:43 - 00000074 _____ C:\WINDOWS\system32\Drivers\healusb.sys
2015-06-20 18:54 - 2013-01-06 07:43 - 00000074 _____ C:\WINDOWS\system32\cygwin.sys
2015-06-20 18:54 - 2012-07-09 11:02 - 00279552 _____ (Eric Lawrence) C:\WINDOWS\FiddlerCore4.dll
2015-06-20 18:51 - 2015-06-21 15:33 - 00000000 ____D C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
2015-06-20 18:51 - 2015-06-20 18:51 - 00003564 _____ C:\WINDOWS\System32\Tasks\DFOZSNJILP
2015-06-20 18:51 - 2015-06-20 18:51 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-20 18:42 - 2015-06-20 18:42 - 00000000 ____D C:\Program Files (x86)\setup
2015-06-20 18:40 - 2013-08-22 09:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-06-20 18:39 - 2015-06-21 15:30 - 00000000 ____D C:\Program Files (x86)\MaxComputerCleaner_v7.792
2015-06-20 18:39 - 2015-06-20 18:39 - 00000000 ____D C:\Users\dan\AppData\Roaming\GetNowUpdaterRecovery
2015-06-20 18:38 - 2015-06-20 18:38 - 00000000 ____D C:\Users\dan\AppData\Roaming\download
2015-06-15 16:18 - 2015-06-15 16:18 - 00032074 _____ C:\Users\danieliv\Downloads\Gimme_Choclate.JPEG
2015-06-10 17:18 - 2015-06-10 17:18 - 00000000 ___RD C:\Users\danieliv\Downloads\NWOnlineTechnologiesLLC.ExtractorRT_vwnpg93c4tpwg!App
2015-06-10 17:15 - 2015-06-10 17:15 - 508035693 _____ C:\Users\danieliv\Desktop\YanSimJune3rd (1).rar
2015-06-10 17:12 - 2015-06-10 17:12 - 02264064 _____ C:\Users\danieliv\Downloads\rartozip_setup.msi
2015-06-10 16:59 - 2015-06-10 17:01 - 508035693 ____C C:\Users\danieliv\Downloads\YanSimJune3rd.rar
2015-06-09 18:12 - 2015-04-08 18:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 18:12 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 18:12 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 18:12 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 18:12 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 18:12 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 18:12 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 18:11 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 18:11 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 18:11 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 18:11 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 18:11 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 18:11 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 18:11 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 18:11 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 18:11 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 18:11 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 18:11 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 18:11 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 18:11 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 18:11 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 18:11 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 18:11 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 18:11 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 18:11 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 18:11 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 18:11 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 18:11 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 18:11 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 18:11 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 18:11 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 18:11 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 18:11 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 18:11 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 18:11 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 18:11 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 18:11 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 18:11 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 18:11 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 18:11 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 18:11 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 18:11 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 18:11 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 18:11 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 18:11 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 18:11 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 18:11 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 18:11 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 18:11 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 18:11 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-09 18:11 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 18:11 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 18:11 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 18:11 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 18:11 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 18:11 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 18:11 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 18:11 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 18:11 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 18:11 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 18:11 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 18:11 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 18:11 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 18:11 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 18:11 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 18:11 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 18:11 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 18:11 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 18:11 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 18:11 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 18:11 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 18:11 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 18:11 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-06 05:16 - 2015-06-06 05:16 - 01804680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-06-06 05:16 - 2015-06-06 05:16 - 00055128 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\XtuAcpiDriver.sys
2015-06-05 21:27 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-05 21:27 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-05 21:27 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-05 21:27 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-05 21:27 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-05 21:27 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-05 21:27 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-05 21:27 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-04 20:11 - 2015-06-04 20:11 - 00000000 ____D C:\Users\danieliv\AppData\Local\GWX
2015-05-25 14:26 - 2015-05-25 14:26 - 00000000 ____D C:\Users\danieliv\AppData\Roaming\TuneUp Software
2015-05-25 14:26 - 2015-05-25 14:26 - 00000000 ____D C:\Users\danieliv\AppData\Local\TuneUp Software
2015-05-25 14:21 - 2015-06-21 15:08 - 00000000 ____D C:\Users\dan\AppData\Roaming\TuneUp Software
2015-05-25 14:21 - 2015-05-25 14:21 - 00000000 ____D C:\Users\dan\AppData\Local\TuneUp Software
2015-05-25 14:19 - 2015-05-25 14:21 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-05-25 14:19 - 2015-05-25 14:19 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-05-25 14:19 - 2015-05-25 14:19 - 00000000 ____D C:\Users\dan\Documents\My Cheat Tables
2015-05-25 14:18 - 2015-05-25 14:18 - 09056784 _____ (Cheat Engine ) C:\Users\danieliv\Downloads\CheatEngine64.exe
2015-05-22 20:53 - 2015-05-23 15:45 - 00000000 ____D C:\Users\danieliv\AppData\Local\Skyrim
2015-05-22 20:50 - 2015-05-22 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-05-22 20:50 - 2015-05-22 20:50 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-05-22 20:49 - 2015-06-21 18:03 - 00002160 _____ C:\Users\dan\Desktop\Skyrim (SKSE).lnk
2015-05-22 20:49 - 2015-06-20 18:59 - 00002337 _____ C:\Users\davidmmc\Desktop\Skyrim (SKSE).lnk
2015-05-22 20:49 - 2015-06-20 18:59 - 00002337 _____ C:\Users\alexjmc\Desktop\Skyrim (SKSE).lnk
2015-05-22 20:49 - 2015-06-20 18:59 - 00001759 _____ C:\Users\danieliv\Desktop\Skyrim (SKSE).lnk
2015-05-22 20:48 - 2015-05-22 20:48 - 00313875 _____ C:\Users\danieliv\Downloads\skse_1_07_01_installer.exe
2015-05-22 18:39 - 2015-05-22 18:39 - 00000000 ____D C:\Users\danieliv\AppData\Local\BANDAI NAMCO Games
2015-05-22 18:13 - 2015-05-24 12:04 - 00000000 ____D C:\Users\danieliv\Desktop\Skyrim
2015-05-22 18:12 - 2015-05-22 18:12 - 00000222 _____ C:\Users\danieliv\Desktop\DRAGON BALL XENOVERSE.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-21 21:26 - 2013-11-05 21:50 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-17950624-3732629699-127579038-1001
2015-06-21 21:26 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-21 21:21 - 2015-02-08 00:18 - 01904805 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-21 21:13 - 2014-11-21 04:44 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-21 21:09 - 2013-08-22 10:46 - 00419884 _____ C:\WINDOWS\setupact.log
2015-06-21 21:09 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-21 21:08 - 2014-11-21 04:34 - 00049120 _____ C:\WINDOWS\PFRO.log
2015-06-21 21:08 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-21 21:07 - 2015-02-08 00:11 - 00000000 ____D C:\Users\dan
2015-06-21 21:07 - 2014-12-05 12:10 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-06-21 21:07 - 2014-05-19 21:08 - 00000000 ____D C:\Program Files\ATI Technologies
2015-06-21 21:07 - 2013-11-05 21:45 - 00000000 ____D C:\Users\dan\Documents\Bluetooth Folder
2015-06-21 21:07 - 2013-08-22 10:46 - 00000692 _____ C:\WINDOWS\setuperr.log
2015-06-21 21:04 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-21 21:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-21 20:49 - 2013-11-05 22:41 - 00000000 ____D C:\Users\dan\AppData\Local\Google
2015-06-21 20:49 - 2013-11-05 22:41 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-21 20:26 - 2013-11-20 22:58 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-21 19:42 - 2014-05-09 16:36 - 00000000 ____D C:\ProgramData\Origin
2015-06-21 19:42 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-21 19:17 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PLA
2015-06-21 19:15 - 2014-12-05 20:39 - 00000000 ____D C:\Users\dan\AppData\Roaming\Origin
2015-06-21 19:13 - 2015-01-01 21:36 - 00000000 ____D C:\Program Files (x86)\fd4a705e-8d33-4a42-ad0e-24f1445a1c0a
2015-06-21 19:13 - 2013-10-15 18:23 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-06-21 18:40 - 2015-02-08 00:11 - 00000000 ____D C:\Users\davidmmc
2015-06-21 18:40 - 2015-02-08 00:11 - 00000000 ____D C:\Users\danieliv
2015-06-21 18:40 - 2015-02-08 00:11 - 00000000 ____D C:\Users\alexjmc
2015-06-21 18:18 - 2013-11-06 08:49 - 00000000 ____D C:\Users\danieliv\AppData\Roaming\.minecraft
2015-06-21 17:58 - 2013-11-09 14:37 - 00000600 _____ C:\Users\dan\AppData\Local\PUTTY.RND
2015-06-21 17:51 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-21 17:50 - 2013-11-05 22:44 - 00000000 ____D C:\Users\dan\AppData\Roaming\.minecraft
2015-06-21 17:43 - 2015-02-08 14:02 - 00000999 _____ C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-21 16:40 - 2015-02-22 15:05 - 00000000 ____D C:\Program Files\OBS
2015-06-21 16:40 - 2015-02-22 15:05 - 00000000 ____D C:\Program Files (x86)\OBS
2015-06-21 16:27 - 2013-10-15 18:51 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-06-21 15:10 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-21 15:10 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-21 15:08 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-06-21 15:02 - 2012-07-26 01:26 - 00000226 _____ C:\WINDOWS\win.ini
2015-06-21 14:42 - 2013-11-05 21:43 - 00000000 ____D C:\Users\dan\AppData\Local\Packages
2015-06-21 14:27 - 2015-02-08 14:02 - 00000854 __RSH C:\Users\dan\ntuser.pol
2015-06-21 14:17 - 2013-11-06 08:53 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-17950624-3732629699-127579038-1004
2015-06-21 14:16 - 2015-02-20 19:23 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ACF43B25-8CDD-453A-A251-D372DB2909CC}
2015-06-21 14:13 - 2015-02-09 08:38 - 00001440 _____ C:\Users\danieliv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-20 20:04 - 2014-11-01 10:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-20 19:01 - 2015-02-20 19:23 - 00000000 __SHD C:\Users\danieliv\AppData\Local\EmieUserList
2015-06-20 19:01 - 2015-02-20 19:23 - 00000000 __SHD C:\Users\danieliv\AppData\Local\EmieSiteList
2015-06-20 19:01 - 2015-02-20 19:23 - 00000000 __SHD C:\Users\danieliv\AppData\Local\EmieBrowserModeList
2015-06-20 18:59 - 2015-04-16 21:19 - 00002001 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-06-20 18:59 - 2015-02-14 14:50 - 00001140 _____ C:\Users\dan\Desktop\GoPro Studio.lnk
2015-06-20 18:59 - 2015-02-08 14:14 - 00002028 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2015-06-20 18:59 - 2015-02-08 10:18 - 00001434 _____ C:\Users\alexjmc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-20 18:59 - 2015-02-08 00:11 - 00000477 _____ C:\Users\davidmmc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-20 18:59 - 2015-02-08 00:11 - 00000477 _____ C:\Users\danieliv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-20 18:59 - 2015-02-08 00:11 - 00000477 _____ C:\Users\alexjmc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-20 18:59 - 2015-02-08 00:11 - 00000475 _____ C:\Users\davidmmc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-20 18:59 - 2015-02-08 00:11 - 00000475 _____ C:\Users\danieliv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-20 18:59 - 2015-02-08 00:11 - 00000475 _____ C:\Users\alexjmc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-20 18:59 - 2015-02-08 00:11 - 00000463 _____ C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-20 18:59 - 2015-02-08 00:11 - 00000461 _____ C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-20 18:59 - 2015-01-25 18:47 - 00001256 _____ C:\Users\danieliv\Desktop\Debut Video Capture Software.lnk
2015-06-20 18:59 - 2014-12-28 22:29 - 00001651 _____ C:\Users\Public\Desktop\Mixamo Fuse.lnk
2015-06-20 18:59 - 2014-12-20 15:32 - 00003151 _____ C:\Users\danieliv\Desktop\The Sims 4 - Shortcut.lnk
2015-06-20 18:59 - 2014-12-11 19:33 - 00000741 _____ C:\Users\Public\Desktop\Elsword.lnk
2015-06-20 18:59 - 2014-12-05 23:41 - 00001023 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-06-20 18:59 - 2014-11-21 04:52 - 00000477 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-20 18:59 - 2014-11-21 04:52 - 00000477 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-20 18:59 - 2014-11-21 04:52 - 00000475 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-20 18:59 - 2014-11-21 04:52 - 00000475 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-20 18:59 - 2014-09-02 16:00 - 00001286 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2015-06-20 18:59 - 2014-08-24 21:34 - 00001288 _____ C:\Users\Public\Desktop\SimCity™.lnk
2015-06-20 18:59 - 2014-08-01 16:47 - 00000136 _____ C:\Users\danieliv\Desktop\SPORE™ Galactic Adventures - Shortcut.lnk
2015-06-20 18:59 - 2014-07-17 12:48 - 00001262 _____ C:\Users\danieliv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2015-06-20 18:59 - 2014-07-17 12:46 - 00001232 _____ C:\Users\danieliv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2015-06-20 18:59 - 2014-07-17 12:46 - 00001226 _____ C:\Users\danieliv\Desktop\VideoPad Video Editor.lnk
2015-06-20 18:59 - 2014-06-08 08:47 - 00001136 _____ C:\Users\Public\Desktop\Unity.lnk
2015-06-20 18:59 - 2014-05-09 16:39 - 00001291 _____ C:\Users\Public\Desktop\Plants vs. Zombies.lnk
2015-06-20 18:59 - 2014-05-09 16:36 - 00000995 _____ C:\Users\Public\Desktop\Origin.lnk
2015-06-20 18:59 - 2014-04-09 20:48 - 00001145 _____ C:\Users\danieliv\Desktop\Steam - Shortcut.lnk
2015-06-20 18:59 - 2014-03-02 17:07 - 00001109 _____ C:\Users\Public\Desktop\LEGO MINDSTORMS NXT 2.0.lnk
2015-06-20 18:59 - 2014-01-04 13:12 - 00000384 _____ C:\Users\alexjmc\Desktop\Wi-Fi - Shortcut.lnk
2015-06-20 18:59 - 2014-01-03 22:38 - 00000384 _____ C:\Users\danieliv\Desktop\Wi-Fi - Shortcut.lnk
2015-06-20 18:59 - 2013-11-27 10:35 - 00001057 _____ C:\Users\Public\Desktop\Cube World.lnk
2015-06-20 18:59 - 2013-11-20 22:58 - 00000993 _____ C:\Users\Public\Desktop\Steam.lnk
2015-06-20 18:59 - 2013-11-10 08:27 - 00000935 _____ C:\Users\alexjmc\Desktop\Downloads.lnk
2015-06-20 18:59 - 2013-11-05 22:42 - 00001192 _____ C:\Users\dan\Desktop\Downloads - Shortcut.lnk
2015-06-20 18:54 - 2015-02-09 08:38 - 00000864 __RSH C:\Users\danieliv\ntuser.pol
2015-06-20 18:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-06-20 18:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-20 06:31 - 2014-11-01 10:47 - 00000000 ____D C:\Users\danieliv\AppData\Local\Adobe
2015-06-17 10:52 - 2013-11-06 08:48 - 00000000 ____D C:\Users\danieliv\Documents\Bluetooth Folder
2015-06-10 17:19 - 2014-05-09 16:36 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-10 17:18 - 2013-11-06 08:47 - 00000000 ____D C:\Users\danieliv\AppData\Local\Packages
2015-06-10 13:47 - 2013-08-22 10:44 - 00346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 13:29 - 2015-04-16 20:57 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-10 13:29 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-10 13:29 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 12:54 - 2013-11-05 22:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 12:49 - 2013-11-05 22:07 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-03 12:18 - 2014-11-21 12:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 12:18 - 2014-11-21 12:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-22 21:11 - 2015-04-03 20:59 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-22 21:11 - 2015-04-03 20:59 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-22 20:46 - 2013-11-20 23:03 - 00000000 ____D C:\Users\danieliv\Desktop\appcache
2015-05-22 20:43 - 2013-10-15 18:54 - 00081645 _____ C:\WINDOWS\DirectX.log
2015-05-22 20:42 - 2013-11-21 20:38 - 00000000 ____D C:\Users\danieliv\Documents\My Games
2015-05-22 18:12 - 2013-11-21 20:35 - 00000000 ____D C:\Users\danieliv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories =======

2013-11-09 14:37 - 2015-06-21 17:58 - 0000600 _____ () C:\Users\dan\AppData\Local\PUTTY.RND
2014-01-16 18:54 - 2013-11-17 18:54 - 0000032 ____R () C:\ProgramData\hash.dat
2015-01-02 14:39 - 2015-01-02 14:39 - 0000032 _____ () C:\ProgramData\Temp.log
2013-10-15 18:51 - 2013-10-15 18:51 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-15 18:48 - 2013-10-15 18:49 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-15 18:49 - 2013-10-15 18:50 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-10-15 18:48 - 2013-10-15 18:48 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-15 18:50 - 2013-10-15 18:51 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Files to move or delete:
====================
C:\ProgramData\hash.dat

Some files in TEMP:
====================
C:\Users\dan\AppData\Local\Temp\CloudBackup2053.exe
C:\Users\dan\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\dan\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\dan\AppData\Local\Temp\F0908873-585C-62EC-1BD7-C0B9D8C815F4.dll
C:\Users\dan\AppData\Local\Temp\IeSearchProvider2918323423592841754.exe
C:\Users\dan\AppData\Local\Temp\InstallGenieo.exe
C:\Users\dan\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\dan\AppData\Local\Temp\Quarantine.exe
C:\Users\dan\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\dan\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\dan\AppData\Local\Temp\setup.exe
C:\Users\dan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\dan\AppData\Local\Temp\sqlite3.dll
C:\Users\dan\AppData\Local\Temp\Uninstall.exe
C:\Users\danieliv\AppData\Local\Temp\drm_dyndata_7370014.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-21 18:13

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by dan at 2015-06-21 21:32:54
Running from C:\Users\dan\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-17950624-3732629699-127579038-500 - Administrator - Disabled)
alexjmc (S-1-5-21-17950624-3732629699-127579038-1006 - Limited - Enabled) => C:\Users\alexjmc
dan (S-1-5-21-17950624-3732629699-127579038-1001 - Administrator - Enabled) => C:\Users\dan
danieliv (S-1-5-21-17950624-3732629699-127579038-1004 - Limited - Enabled) => C:\Users\danieliv
davidmmc (S-1-5-21-17950624-3732629699-127579038-1005 - Limited - Enabled) => C:\Users\davidmmc
Guest (S-1-5-21-17950624-3732629699-127579038-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
8BitMMO (HKLM-x32\...\Steam App 250420) (Version: - Archive Entertainment)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version: - Jagex Limited)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.1 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6030 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6030 - AVG Technologies) Hidden
Axis Game Factory (HKLM-x32\...\Steam App 253370) (Version: - Axis Game Factory)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DRAGON BALL XENOVERSE (HKLM-x32\...\Steam App 323470) (Version: - DIMPS)
DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
Elsword version v4.1203.5.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v4.1203.5.1 - KOGGAMES)
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoPro Studio 2.5.4 (HKLM-x32\...\GoPro Studio) (Version: 2.5.4 - GoPro, Inc.)
Guns and Robots (HKLM-x32\...\Steam App 293540) (Version: - Masthead Studios Ltd)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kerbal Space Program Demo (HKLM-x32\...\Steam App 231410) (Version: - Squad)
LEGO MINDSTORMS NXT - English Language Pack (HKLM-x32\...\{D70FB770-BE91-4A1C-942B-F2F7C3BFB2C7}) (Version: 2.0.100.0 - The LEGO Group)
LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{74E85F31-573F-45BF-8939-4D2BCDCC2083}) (Version: 1.17.770 - LEGO)
LEGO MINDSTORMS NXT Migration Package (HKLM-x32\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO)
LEGO MINDSTORMS NXT Software v2.0 (HKLM-x32\...\{5B7EDCF8-E6AD-4E99-972C-34BF1F07B349}) (Version: 2.0.114.0 - LEGO)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mixamo Fuse version 1.3.0 (HKLM-x32\...\{CF744422-9FA0-44E9-86E4-B4FCF1A0D56A}_is1) (Version: 1.3.0 - Mixamo)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6261.27 - PC-Doctor, Inc.)
NEO Scavenger Demo (HKLM-x32\...\Steam App 270680) (Version: - Blue Bottle Games)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - Three Rings)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.04.0000 - Electronic Arts)
SPORE™ Galactic Adventures (HKLM-x32\...\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}) (Version: 1.00.0000 - Electronic Arts)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version: - Beam Team Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.5.139.1020 - Electronic Arts Inc.)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Unity (HKLM-x32\...\Unity) (Version: 4.5.0f6 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-17950624-3732629699-127579038-1001\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

25-05-2015 14:26:07 Removed Microsoft Visual C++ 2005 Redistributable
08-06-2015 16:49:28 Windows Update
08-06-2015 16:51:19 Windows Modules Installer
21-06-2015 15:04:10 Installed AVG 2015
21-06-2015 15:06:39 Installed AVG 2015
21-06-2015 17:09:44 Revo Uninstaller Pro's restore point - MaintenanceService 1.0.0
21-06-2015 17:38:00 Revo Uninstaller Pro's restore point - RinoReader

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04E96058-930A-4C16-9767-B3E9EFFD6317} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {084092F6-535F-4AAF-8F6F-4FEE4A6E7B20} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {12A9D34A-4F63-40E2-83B8-D14EC3A3CF14} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {1D80D112-7709-4387-A935-E8FF104006F1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-06-06] (PC-Doctor, Inc.)
Task: {21F51F35-FA2F-490E-9355-8035E958F438} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-21] (Google Inc.)
Task: {267F2524-35A4-4506-B165-34C26D287BC6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {2FC69C10-0C59-4AFC-B7D1-81F622AE3458} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4AF50DC5-90F1-4336-8EB0-01ACD6F2DCD5} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {4D38A03D-8F36-4A3F-A24E-313BED01D514} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {53D8CED1-BBD0-4B69-92E1-5FB9DA1C83B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-21] (Google Inc.)
Task: {66A2EA3E-6DC6-441A-B5C3-C9142736FD9C} - \Installer_geforce No Task File <==== ATTENTION
Task: {6E31692A-B867-4AD2-908A-C7A86A867CE3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {81F533AB-036C-44C5-8E0A-A68035C04140} - \SMWUpd No Task File <==== ATTENTION
Task: {82BCE40C-67DD-4144-B3E5-B75612770446} - System32\Tasks\DFOZSNJILP => C:\ProgramData\0f3b5471928b4fd3834dad205fba7597\0f3b5471928b4fd3834dad205fba7597.exe <==== ATTENTION
Task: {84665A44-3681-4410-933D-85A2DD1BE8AA} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {9AFFBD57-C078-4FFC-831B-4C2B6A4354C3} - System32\Tasks\AdobeAAMUpdater-1.0-icednethome8700-danieliv => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {A1E9B970-3F6A-447E-AE54-D46D3750C70C} - System32\Tasks\Oircifaahoca => C:\ProgramData\Oircifaahoca\1.0.1.0\omunfrue.exe
Task: {A2F5ED16-C9E2-4D79-8C86-83C8A0B419C5} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {B315FB4F-42F8-42ED-BD4B-D103F98E6B1D} - \Installer_shopperpro No Task File <==== ATTENTION
Task: {B5CB89EB-82F6-4B32-B9FD-052C3F4ADBAB} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)
Task: {D26A7EAE-5B1D-4CC1-AF7E-05C6F79DF83D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-06-06] (PC-Doctor, Inc.)
Task: {D5F2D87D-1BB3-451C-B670-BE9403CF1B79} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E7A62958-AA4E-44C7-8CFA-DC7D8D1B1259} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-10-15 18:53 - 2013-04-19 18:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-10-15 18:53 - 2013-04-19 18:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2013-10-15 18:53 - 2013-04-19 18:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-10-15 18:53 - 2013-04-19 18:51 - 00034080 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2012-12-28 16:39 - 2012-12-28 16:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 16:36 - 2012-12-28 16:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-12-08 06:10 - 2014-12-08 06:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-12-28 16:41 - 2012-12-28 16:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2012-12-28 16:42 - 2012-12-28 16:42 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-17950624-3732629699-127579038-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img4.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: hunubecu => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: UpdateCheck => 2
MSCONFIG\Services: ZAtheros Wlan Agent => 2
HKLM\...\StartupApproved\StartupFolder: => "GoPro Importer.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-17950624-3732629699-127579038-1001\...\StartupApproved\StartupFolder: => "StormWatch.lnk"
HKU\S-1-5-21-17950624-3732629699-127579038-1001\...\StartupApproved\StartupFolder: => "StormWatchApp.lnk"
HKU\S-1-5-21-17950624-3732629699-127579038-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
HKU\S-1-5-21-17950624-3732629699-127579038-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-17950624-3732629699-127579038-1001\...\StartupApproved\StartupFolder: => "RapidMediaConverterApp.lnk"
HKU\S-1-5-21-17950624-3732629699-127579038-1001\...\StartupApproved\StartupFolder: => "SmartWeb.lnk"
HKU\S-1-5-21-17950624-3732629699-127579038-1001\...\StartupApproved\Run: => "Gameo"
HKU\S-1-5-21-17950624-3732629699-127579038-1001\...\StartupApproved\Run: => "DesktopSearch"
HKU\S-1-5-21-17950624-3732629699-127579038-1001\...\StartupApproved\Run: => "Super Optimizer"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C283A410-3E0A-4A16-966D-2CC47C260880}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{295D4BD9-8CD1-4520-8101-51E828DCF500}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{80710B1F-107E-45EF-A40F-F8718AA043EC}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{F3EFF045-0FA1-41A1-A19C-B894C5DF974F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{2C3022BD-9E3E-4B6F-92C5-EE59308B8331}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{016D3A7F-135A-447B-9BD3-B0B9CF3FB4E7}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{6FE6DECD-4C7F-405E-9196-EDA1961F6304}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4BECD205-5378-4E61-9E7F-39C5923A914B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{416CDE1F-8639-476C-BFCE-10DE30E428B3}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{3FF2D178-ED5E-42D0-BDED-DA9DA3C53D6F}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{72817A9E-70F9-4DB4-A36A-EE48F461205F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{70C9934C-9CD2-4D01-B193-EF730DA42A36}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A3C5A671-C9EA-41CE-80EC-2EF476D8EC87}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B1B504B1-2EE2-4BC1-AAB8-6A6EE356CADD}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{931090C2-8800-4F80-88CD-B9C4D2F8AC68}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{CFD29CAA-231B-439A-B079-0552476C00C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{0082CD25-3233-4C76-8B3B-05942292F4B6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{9DF72C93-54F6-4474-9CF8-AE0147B35D79}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{30CA0E50-9FA3-4620-B55D-9D7FF9DA46C2}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{3C08F6C8-641E-4496-95D6-84767CCABFA8}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{CE85BFCE-2BDE-4397-91EA-99D8AD07B054}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GAR\GAR.exe
FirewallRules: [{C06D9F3D-CCCA-42CC-A3F1-2417613B4C6C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GAR\GAR.exe
FirewallRules: [{F6F7DF1A-05E7-40BF-86B5-24B99C38699E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NEO Scavenger Demo\NEOScavenger_demo.exe
FirewallRules: [{FD52A1FE-6552-4DC7-9379-9CEF86FF65DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NEO Scavenger Demo\NEOScavenger_demo.exe
FirewallRules: [{7C81AC77-3418-4471-B405-2BDD2B6B5F82}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A0F9A309-D685-4312-BBD3-DECDF0E95533}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CD73B909-010F-42A4-B1E5-1A3D909C661A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{8A706A18-CAB0-4A39-AA64-1EB78EBA0DB0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{87039518-17FC-471F-8C73-AF2E16D7D395}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{41474C68-9C90-4D83-A79B-95D2D9DCEA16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B5FC9339-4E20-42C9-A800-CE7F23C97244}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program Demo\KSP.exe
FirewallRules: [{13A88890-0C23-4A2D-B9D6-3AA437FF8C62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program Demo\KSP.exe
FirewallRules: [{D06239F3-D4D6-4A28-8B1B-3B3D69C01584}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{D20DE17D-85A6-4DFF-95C0-7A373A351BDB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{27FAF5D6-45F7-45F4-ADB9-FD1C5BBA605E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\aceofspades\aos.exe
FirewallRules: [{C3975F9C-4D23-4783-8E53-B34F98F2CBC8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\aceofspades\aos.exe
FirewallRules: [{5B688DCF-AD99-4DB1-8C27-142E640A1565}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Axis Game Factory\Axis Game Factory.exe
FirewallRules: [{3209F0A0-2EE0-4A4B-956F-C2E60AF90D13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Axis Game Factory\Axis Game Factory.exe
FirewallRules: [{13A727DF-097A-4795-B5E6-74EE5C427FFA}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{7F0CFFB8-4B19-4651-A158-867885FB5D91}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{F1C9A094-C36B-4EFE-9760-146281C78554}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\8BitMMO\jre\bin\javaw.exe
FirewallRules: [{B2062A08-4772-492D-A9B3-FCFBB456E34C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\8BitMMO\jre\bin\javaw.exe
FirewallRules: [{2D212F8B-72FF-403F-842F-33DABD3BEF9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7F83931E-AA82-483B-BAE8-8F5B7F0D022A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AE7970BF-65DB-471C-887E-3C240DFD30BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5AF36CC0-877E-4344-9582-09E92F1048E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{374DA83C-6AA1-4827-B399-D21525D2EF13}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8640D96A-3DCC-4FE1-8167-E21ADA72430F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FCEDCA64-A258-4FAA-B69D-3A8F683ED022}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{1434E075-8E4D-4036-A578-4B1F29723A82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{2F326ED7-F53F-4883-BE64-F5B853081783}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2253ACE7-ADD0-43BC-A231-33B2010D962F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{1D23FA17-4775-4259-A431-9FE0657E7C8B}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{1CC2C5DE-C564-402B-8101-E8609E6DE1EF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{6CD48F1E-DBBD-4B64-9FF4-C5190DCD394E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F68543B0-CF93-4D11-872B-91E163E5F21D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{025C32B8-5F0B-43CF-9C38-6A8E88D34D3C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7741C628-A139-48F8-97BD-708EFC34B6E6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2DF6CBE2-F296-4F23-A59D-FC0B744D0B41}] => (Allow) LPort=1900
FirewallRules: [{035FCBD6-B74B-42FD-A088-796ED9261D0A}] => (Allow) LPort=2869
FirewallRules: [{EFE84CB7-E9C6-4D06-A871-6C1E03C5448A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B5535215-728B-4C11-A13C-65542D09458E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{B4A3E8C2-7897-49E2-9CB2-4ADDDAB7BB0C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{914F055E-B49C-44EC-A195-F6801AAC28F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{0C1B7D1A-0D86-4C6D-B06D-638CF2749E6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [TCP Query User{0EB1A3B2-90B2-42A3-A880-2951535E6B38}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{68D712C8-7C75-44C5-AE21-EBD6364742BD}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{23C1804B-BB68-4C11-BAFD-EB93794DD438}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{7699EE5C-7CFE-40AE-BECE-B33B2F772267}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{BAD66383-FA58-4C04-81ED-B53C1BBC6AB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{AC056A26-734E-4B61-9921-D7614F59691C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{1DEBDD80-51EC-435A-ACE4-85346E577EF0}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{22D65E27-CA12-4B00-82ED-62E7F1F421B5}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{94D70A81-DB84-486F-B033-DEF70F29BADD}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8D277FFB-5BBF-4757-8135-FF563BAA90E5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{27663B1B-932A-4FBF-9563-BEC17D380DEC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DB Xenoverse\DBXV.exe
FirewallRules: [{D6874F5A-E1AF-42AF-96BA-AEC9255A8E95}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DB Xenoverse\DBXV.exe
FirewallRules: [{CF92F717-CD9C-4E42-B384-7EADF7A1556F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{229F90E5-4E92-44CB-A918-85AFD1AD4E10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{385906BA-229C-4D46-8D52-08F00102236F}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{8A2B28F3-9F90-406E-9712-A8E9D7FCB086}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{FE13245D-8C53-4B69-8838-EBE2023FECC2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{0E0ED162-5ECA-4661-9107-805DFE9CA6CA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6AAED276-3B8B-48E3-BDD8-7EB30BBF44D7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{02E3B8D4-BA70-497E-BA05-95B15235EF01}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D9C167FA-78DB-4321-B27F-B7178EBD79AA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{AA06309B-BCFE-43CE-BCF3-CE2784DE3976}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{90C4BCAC-46B9-4BC8-9FAA-531E0E2A755D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{5CFF6DB6-ED08-48B5-B5BD-FFA8707DF244}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2015 09:07:34 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (06/21/2015 09:07:34 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to kill already running streamer. [6]

Error: (06/21/2015 09:07:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 1.7.306.0, time stamp: 0x52dd3a57
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x1594
Faulting application start time: 0xnvstreamsvc.exe0
Faulting application path: nvstreamsvc.exe1
Faulting module path: nvstreamsvc.exe2
Report Id: nvstreamsvc.exe3
Faulting package full name: nvstreamsvc.exe4
Faulting package-relative application ID: nvstreamsvc.exe5

Error: (06/21/2015 09:07:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 1.7.306.0, time stamp: 0x52dd3a57
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x1764
Faulting application start time: 0xnvstreamsvc.exe0
Faulting application path: nvstreamsvc.exe1
Faulting module path: nvstreamsvc.exe2
Report Id: nvstreamsvc.exe3
Faulting package full name: nvstreamsvc.exe4
Faulting package-relative application ID: nvstreamsvc.exe5

Error: (06/21/2015 09:07:33 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to kill already running streamer. [6]

Error: (06/21/2015 09:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 1.7.306.0, time stamp: 0x52dd3a57
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x2004
Faulting application start time: 0xnvstreamsvc.exe0
Faulting application path: nvstreamsvc.exe1
Faulting module path: nvstreamsvc.exe2
Report Id: nvstreamsvc.exe3
Faulting package full name: nvstreamsvc.exe4
Faulting package-relative application ID: nvstreamsvc.exe5

Error: (06/21/2015 08:22:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: icednethome8700)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/21/2015 08:22:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: icednethome8700)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/21/2015 06:01:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (06/21/2015 05:59:11 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

System errors:
=============
Error: (06/21/2015 09:09:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Graphics Accelerator service failed to start due to the following error:
%%2

Error: (06/21/2015 09:09:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Graphics Accelerator service failed to start due to the following error:
%%2

Error: (06/21/2015 09:07:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (06/21/2015 09:07:19 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/21/2015 08:37:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Graphics Accelerator service failed to start due to the following error:
%%2

Error: (06/21/2015 08:37:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Graphics Accelerator service failed to start due to the following error:
%%2

Error: (06/21/2015 08:36:44 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/21/2015 07:53:48 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer UBUNTU-SERVER
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C1109CBC-A1E0-4845-8F20-A469E06BE8CA}.
The master browser is stopping or an election is being forced.

Error: (06/21/2015 07:52:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Graphics Accelerator service failed to start due to the following error:
%%2

Error: (06/21/2015 07:52:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Graphics Accelerator service failed to start due to the following error:
%%2

Microsoft Office:
=========================
Error: (06/21/2015 09:07:34 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (06/21/2015 09:07:34 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to kill already running streamer. [6]

Error: (06/21/2015 09:07:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe1.7.306.052dd3a57KERNELBASE.dll6.3.9600.17736550f4336c000014200000000000ec180159401d0ac87d236fbd4C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll0ffb5f3e-187b-11e5-bee9-3c77e67dc256

Error: (06/21/2015 09:07:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe1.7.306.052dd3a57KERNELBASE.dll6.3.9600.17736550f4336c000014200000000000ec180176401d0ac87d20e73c4C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll0fd53984-187b-11e5-bee9-3c77e67dc256

Error: (06/21/2015 09:07:33 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to kill already running streamer. [6]

Error: (06/21/2015 09:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe1.7.306.052dd3a57KERNELBASE.dll6.3.9600.17736550f4336c000014200000000000ec180200401d0ac87d15700b3C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll0f5e03ab-187b-11e5-bee9-3c77e67dc256

Error: (06/21/2015 08:22:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: icednethome8700)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (06/21/2015 08:22:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: icednethome8700)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927148

Error: (06/21/2015 06:01:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)

CodeIntegrity Errors:
===================================
Date: 2015-06-20 20:29:46.553
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-20 18:53:07.993
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-20 18:53:07.922
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-20 18:52:21.058
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-20 18:52:21.010
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 18:35:28.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 18:35:24.087
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 18:35:21.639
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 18:35:10.698
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 18:35:01.830
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8127.79 MB
Available physical RAM: 5488.47 MB
Total Pagefile: 16319.79 MB
Available Pagefile: 13252.17 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.37 GB) (Free:691.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 304F9AE8)

Partition: GPT Partition Type.

==================== End of log ============================

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 21 June 2015 - 08:25 PM

:welcome:

Lets do a few things

Your running FRST64 from your downloads folder, our tools and scanners work more efficiently when run from the Desktop in lieu of being buried in some folder, so go to your Downloads folder and look for FRST64, right click on it and select CUT, then come back to your Desktop and right click on a blank space and select PASTE, then we will have FRST64 exactly where we want it to be.

Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.

Please copy the entire contents Inside of the code box below beginning with START and ending with END

(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).

Name the file Fixlist, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . Then open up FRST/FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please

Start
CloseProcesses:
CreateRestorePoint: 
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-17950624-3732629699-127579038-1006\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-17950624-3732629699-127579038-1005\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-17950624-3732629699-127579038-1004\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-17950624-3732629699-127579038-1001\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-17950624-3732629699-127579038-1001] => file://localhost/proxy.pac
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eeafbffkmccheohnooflcnppngmobeoe] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ellbonkjdmgdghkojcjmomekmjpdffde] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fllgpcmelbfhcligbphaaplminjpbiad] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpjocjloojeicikiokfiekcdpojgfefc] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jmnkgjdfgnjhmnopgmkcpigenfhgajdj] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfbhfniohjdklgcmbmemnpaimpdaikea] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-17950624-3732629699-127579038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oaobejgaaiojgggjojlcpbembaoajbmc] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eeafbffkmccheohnooflcnppngmobeoe] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ellbonkjdmgdghkojcjmomekmjpdffde] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fllgpcmelbfhcligbphaaplminjpbiad] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hpjocjloojeicikiokfiekcdpojgfefc] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmnkgjdfgnjhmnopgmkcpigenfhgajdj] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfbhfniohjdklgcmbmemnpaimpdaikea] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oaobejgaaiojgggjojlcpbembaoajbmc] - https://clients2.goo...ice/update2/crx
Task: {66A2EA3E-6DC6-441A-B5C3-C9142736FD9C} - \Installer_geforce No Task File <==== ATTENTION
Task: {81F533AB-036C-44C5-8E0A-A68035C04140} - \SMWUpd No Task File <==== ATTENTION
Task: {82BCE40C-67DD-4144-B3E5-B75612770446} - System32\Tasks\DFOZSNJILP => C:\ProgramData\0f3b5471928b4fd3834dad205fba7597\0f3b5471928b4fd3834dad205fba7597.exe <==== ATTENTION
Task: {84665A44-3681-4410-933D-85A2DD1BE8AA} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {A1E9B970-3F6A-447E-AE54-D46D3750C70C} - System32\Tasks\Oircifaahoca => C:\ProgramData\Oircifaahoca\1.0.1.0\omunfrue.exe
Task: {B315FB4F-42F8-42ED-BD4B-D103F98E6B1D} - \Installer_shopperpro No Task File <==== ATTENTION
CMD: ipconfig /flushdns
RemoveProxy:
Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

=====================================================================================

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner To your Desktop

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

After the scan is complete click on "Clean"

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

===============================================================================

Download Malwarebytes' Anti-Malware to your desktop. <---------

Windows XP : Double click on the icon to run it.

Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 dwmcneil

New Member

New Member
3 posts

Posted 25 June 2015 - 09:44 AM

Thanks again for your time!
I had a chance to speak with my son when he got home from camp, and it turned out that it wasn't a long-standing issue, so I cheated and restored to a fairly recent point, and it fixed all of the issues.
He confessed to downloading a "cheat/exploit" for his games, and I'm fairly certain that was the issue.

Again, thanks for your time.

Peace,

Dan

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 25 June 2015 - 10:04 AM

Thats good Dan, but it would be to your benefit to open up FRST, checkmark Additions , run a new scan and post the logs, sometimes restoring does not get it all, there still could be bad stuff lurking on your system, if you feel your ok and dont want to continue please let me know so I can close this thread

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 dwmcneil

New Member

New Member
3 posts

Posted 25 June 2015 - 07:13 PM

I'm traveling until the weekend, but I will do as you ask, better safe than sorry!
Thanks again.

Peace,
Dan

#6 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 25 June 2015 - 08:12 PM

Great, I will hold this thread open for you until you return

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#7 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 02 July 2015 - 06:54 PM

Still with me, let me know or else this thread will be closed

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 03 July 2015 - 07:48 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.htmland start a new topic

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme

User crash and 127.0.0.1:8080 proxy issue [Closed]

#1 dwmcneil

Advertisements

Register to Remove

#2 ken545

#3 dwmcneil

#4 ken545

#5 dwmcneil

#6 ken545

#7 ken545

#8 ken545

Related Topics

1 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

User crash and 127.0.0.1:8080 proxy issue [Closed]

#1 dwmcneil

Advertisements Register to Remove

#2 ken545

#3 dwmcneil

#4 ken545

#5 dwmcneil

#6 ken545

#7 ken545

#8 ken545

Related Topics

1 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove