Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast keeps blocking threat/ Process: svchost.exe Infection URL:Mal [C

Started by EN1GM4 , Dec 18 2015 02:54 PM
Infection svchost.exe redirector.gvt1.com/......

  • This topic is locked This topic is locked

#1
EN1GM4
Posted 18 December 2015 - 02:54 PM

EN1GM4

    Member

  • Member
  • PipPip
  • 10 posts

Hi, my computer has been acting weird recently(internet being sketchy,emails not working correctly, computer shutting down randomly) and I just started getting constant threat alerts from avast(screenshot attached).

 

Avast can't find the virus. I was wondering if anyone could help me find the cause of the problem and eliminate it from my system. Thanks you for your time :)

 

My Computer Operating System: Windows 7 Home Premium 64-bit

 

Screenshot desktop.png

 

Here are my FRST results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-12-2015
Ran by Pete Jr (administrator) on FRED-PC (18-12-2015 13:14:12)
Running from C:\Users\Pete Jr\Desktop
Loaded Profiles: Pete Jr (Available Profiles: Pete Jr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\Pete Jr\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Akamai Technologies, Inc.) C:\Users\Pete Jr\AppData\Local\Akamai\netsession_win.exe
(MY.COM B.V.) C:\Users\Pete Jr\AppData\Local\MyComGames\MyComGames.exe
(Dell) C:\Users\Pete Jr\AppData\Local\Apps\2.0\EPX3GYE3.RLH\DWVAJPHC.RRG\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe
(Spotify Ltd) C:\Users\Pete Jr\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Autodesk Inc.) C:\Users\Pete Jr\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-10] (AVAST Software)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [842336 2015-12-15] (Webroot)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [522784 2015-11-16] (Autodesk Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Pete Jr\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\Run: [HLBackupScheduler] => "C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe"
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\Run: [MyComGames] => C:\Users\Pete Jr\AppData\Local\MyComGames\MyComGames.exe [4688840 2015-12-10] (MY.COM B.V.)
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\Run: [Spotify Web Helper] => C:\Users\Pete Jr\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-15] (Spotify Ltd)
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\Run: [DellSystemDetect] => C:\Users\Pete Jr\AppData\Local\Apps\2.0\EPX3GYE3.RLH\DWVAJPHC.RRG\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe [264488 2014-10-04] (Dell)
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\MountPoints2: D - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\MountPoints2: {19913443-87cd-11e5-a287-ac9e17f0a381} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\MountPoints2: {3664f53c-f4c4-11e3-9143-806e6f6e6963} - D:\TT.exe
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\MountPoints2: {ff474543-3f64-11e5-bb05-ac9e17f0a381} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-10] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{693676A8-D778-46B4-914A-267A4C5BC198}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B3543188-A1E0-412B-B3D7-B78E1E3B4C45}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C1696219-7B41-47DD-80EE-73005D263B7C}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-27] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-27] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-18] (Oracle Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3584736083-2098224852-1505809598-1000: @my.com/Games -> C:\Users\Pete Jr\AppData\Local\MyComGames\NPMyComDetector.dll [2015-11-14] (My.com, Inc)
FF Plugin HKU\S-1-5-21-3584736083-2098224852-1505809598-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={AEFD5C85-A099-11E2-B315-F04DA2F43285}","hxxp://mysearch.avg.com/?cid={A6D6AA9E-B788-4A53-B885-6D9A19B30D4D}&mid=126bfcf210dc4b53b50b963e64ce75e2-fb3046064c70e5658a27af15fca3ba10a709061c&lang=en&ds=hk018&pr=sa&d=2013-09-12 10:54:22&v=15.4.0.5&pid=safeguard&sg=0&sap=hp","hxxp://search.conduit.com/?ctid=CT3316068&SearchSource=48&CUI=UN37358370722181882&UM=2&sspv=CHNT7","hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C"
CHR Profile: C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Duolingo on the Web) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-09-15]
CHR Extension: (BetterTTV) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-12-10]
CHR Extension: (Google Docs) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (3D Graffiti) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabfebkdmghefegjmochekfnmiikkko [2014-06-17]
CHR Extension: (Google Search) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05]
CHR Extension: (Avast Online Security) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-31]
CHR Extension: (Google Docs) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-31]
CHR Extension: (Google Drive) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]
CHR Extension: (Speedial) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2015-03-31]
CHR Extension: (YouTube) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-31]
CHR Extension: (Google Search) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-31]
CHR Extension: (Google Sheets) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-31]
CHR Extension: (Avast Online Security) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-31]
CHR Extension: (Google Wallet) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-31]
CHR Extension: (Webroot Password Manager) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-03-31]
CHR Extension: (Gmail) - C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1139744 2015-11-16] (Autodesk Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-12-01] (Adobe Systems) [File not signed]
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-10] (AVAST Software)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-06-12] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-14] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-03] (Electronic Arts)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-05] (Wacom Technology, Corp.)
S4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-10] (AVAST Software)
S3 dfg; C:\Windows\SysWOW64\drivers\dfg.sys [23552 2014-03-25] (defrag Development Team) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 kc02us_bus; C:\Windows\System32\DRIVERS\kc02us_bus64.sys [51608 2012-09-28] (Kyocera Corporation)
S3 kc02us_serd; C:\Windows\System32\DRIVERS\kc02us_serd64.sys [66968 2012-09-28] (Kyocera Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-31] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 mr97310c; C:\Windows\System32\DRIVERS\mr97310c.sys [143872 2008-03-27] (Mars Semiconductor Corp.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-18 13:14 - 2015-12-18 13:14 - 00039477 _____ C:\Users\Pete Jr\Desktop\FRST.txt
2015-12-18 13:11 - 2015-12-18 13:11 - 02370048 _____ (Farbar) C:\Users\Pete Jr\Downloads\FRST64 (1).exe
2015-12-18 13:10 - 2015-12-18 13:14 - 00000000 ____D C:\FRST
2015-12-18 13:10 - 2015-12-18 13:10 - 02370048 _____ (Farbar) C:\Users\Pete Jr\Desktop\FRST64.exe
2015-12-18 12:51 - 2015-12-18 12:51 - 00004292 _____ C:\Users\Pete Jr\AppData\Local\recently-used.xbel
2015-12-18 12:02 - 2015-12-18 12:02 - 00234712 _____ (Spotify Ltd) C:\Users\Pete Jr\Downloads\SpotifySetup (1).exe
2015-12-18 11:59 - 2015-12-18 11:59 - 00234712 _____ (Spotify Ltd) C:\Users\Pete Jr\Downloads\SpotifySetup.exe
2015-12-18 11:32 - 2015-12-18 11:32 - 00000000 ____D C:\Users\Pete Jr\AppData\Roaming\Sun
2015-12-18 11:32 - 2015-12-18 11:32 - 00000000 ____D C:\Users\Pete Jr\.oracle_jre_usage
2015-12-18 11:31 - 2015-12-18 11:31 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-12-18 11:30 - 2015-12-18 11:30 - 00000000 ____D C:\Users\Pete Jr\AppData\Local\lptmp1498367896
2015-12-14 12:54 - 2015-12-14 12:54 - 10115550 _____ C:\Users\Pete Jr\Downloads\tuts.mov
2015-12-10 11:14 - 2015-12-10 11:14 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-10 11:14 - 2015-12-10 11:14 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-08 13:36 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-08 13:36 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-08 13:35 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 13:35 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 13:35 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 13:35 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 13:35 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 13:35 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 13:35 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 13:35 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 13:35 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 13:35 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 13:35 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 13:35 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 13:35 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 13:35 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 13:35 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 13:35 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 13:35 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 13:35 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 13:35 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 13:35 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 13:35 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 13:35 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 13:35 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 13:35 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 13:35 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 13:35 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 13:35 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 13:35 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 13:35 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 13:35 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 13:35 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 13:35 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 13:35 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 13:35 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 13:35 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 13:35 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 13:35 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 13:35 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 13:35 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 13:35 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 13:35 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 13:35 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 13:35 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 13:35 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 13:35 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 13:35 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 13:35 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 13:35 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 13:35 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 13:35 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 13:35 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 13:35 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 13:35 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 13:35 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 13:35 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 13:35 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 13:35 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 13:35 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 13:35 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 13:35 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 13:35 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 13:35 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 13:35 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 13:35 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 13:35 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 13:35 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 13:35 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 13:35 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 13:35 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 13:35 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 13:35 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 13:35 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 13:35 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 13:35 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 13:35 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 13:35 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 13:35 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 13:35 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 13:35 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 13:35 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 13:35 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 13:35 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 13:35 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 13:35 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 13:35 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 13:35 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 13:35 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 13:35 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 13:35 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 13:35 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 13:35 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 13:35 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 13:35 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 13:35 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 13:35 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 13:35 - 2015-10-08 15:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-08 13:35 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 13:35 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 13:35 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 13:35 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 13:35 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 13:35 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 13:35 - 2015-10-08 15:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-08 13:35 - 2015-10-08 11:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 13:35 - 2015-10-08 10:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-08 13:34 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 13:34 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-05 06:41 - 2015-12-05 06:41 - 00000000 __SHD C:\found.001
2015-12-03 16:52 - 2015-12-03 17:56 - 00000000 ____D C:\Users\Pete Jr\Documents\FIFA 16 Demo
2015-12-03 16:32 - 2015-12-03 16:32 - 00001213 _____ C:\Users\Public\Desktop\FIFA 16 Demo.lnk
2015-12-03 16:32 - 2015-12-03 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16 Demo
2015-12-03 15:18 - 2015-12-03 15:18 - 01307728 _____ (RealNetworks, Inc.) C:\Users\Pete Jr\Downloads\RealTimes-RealPlayer (1).exe
2015-12-03 15:18 - 2015-12-03 15:18 - 00000000 ____D C:\ProgramData\Real
2015-12-03 15:17 - 2015-12-03 15:18 - 01307728 _____ (RealNetworks, Inc.) C:\Users\Pete Jr\Downloads\RealTimes-RealPlayer.exe
2015-12-03 08:08 - 2015-12-03 08:08 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 08:08 - 2015-12-03 08:08 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-01 17:04 - 2015-12-01 17:04 - 00119864 _____ C:\Users\Pete Jr\Downloads\ADAMCGPRO - SHRENIK.zip
2015-12-01 17:02 - 2015-12-01 17:02 - 00000000 ____D C:\New Fonts
2015-12-01 15:57 - 2015-12-01 15:58 - 11991361 _____ C:\Users\Pete Jr\Downloads\Summit.zip
2015-12-01 15:56 - 2015-12-01 15:56 - 00015749 _____ C:\Users\Pete Jr\Downloads\Building Typeface by Leonardo Gubbioni.zip
2015-12-01 15:55 - 2015-12-01 15:55 - 00081157 _____ C:\Users\Pete Jr\Downloads\AnsonFont-1.01.zip
2015-12-01 15:52 - 2015-12-01 15:52 - 00054379 _____ C:\Users\Pete Jr\Downloads\Hallo-Sans.zip
2015-11-28 09:54 - 2015-11-28 09:54 - 01117882 _____ C:\Users\Pete Jr\Downloads\44482_Fruits.zip
2015-11-28 09:24 - 2015-11-28 09:24 - 03512084 _____ C:\Users\Pete Jr\Downloads\12341_Tin_Can.zip
2015-11-27 21:31 - 2015-11-27 21:31 - 08248420 _____ C:\Users\Pete Jr\Downloads\Calculus Early Transcendentals 10th Edition Solution Manual (1).PDF
2015-11-27 21:29 - 2015-11-27 21:29 - 04214468 _____ C:\Users\Pete Jr\Downloads\Calculus_Early_Transcendentals_10th_Edition.zip
2015-11-27 21:22 - 2015-11-27 21:22 - 08248420 _____ C:\Users\Pete Jr\Downloads\Calculus Early Transcendentals 10th Edition Solution Manual.PDF
2015-11-27 21:20 - 2015-11-27 21:24 - 18289461 _____ C:\Users\Pete Jr\Downloads\Wiley.Calculus.Early.Transcendentals.10th.edition.0470647698.rar
2015-11-24 11:18 - 2015-11-24 11:18 - 00253157 _____ C:\Users\Pete Jr\Downloads\Glove-Sizing-Guide-wScale.pdf
2015-11-22 15:04 - 2015-11-22 15:04 - 00001676 _____ C:\Users\Public\Desktop\Uninstall OMC ModPack 0.9.12.lnk
2015-11-22 13:38 - 2015-11-22 15:04 - 00001131 _____ C:\Users\Public\Desktop\OMC ModPack Update- ReConfigure.lnk
2015-11-22 13:38 - 2015-11-22 13:38 - 02231520 _____ (Odem Mortis ) C:\Users\Pete Jr\Downloads\OMC_ModPack_Installer (3).exe
2015-11-22 13:31 - 2015-11-22 13:31 - 02231520 _____ (Odem Mortis ) C:\Users\Pete Jr\Downloads\OMC_ModPack_Installer (2).exe
2015-11-22 13:03 - 2015-11-22 13:03 - 02231520 _____ (Odem Mortis ) C:\Users\Pete Jr\Downloads\OMC_ModPack_Installer (1).exe
2015-11-22 12:15 - 2015-11-22 12:16 - 00000000 ____D C:\Users\Pete Jr\Downloads\ZoomX
2015-11-22 12:14 - 2015-11-22 12:14 - 00038249 _____ C:\Users\Pete Jr\Downloads\ZoomX-Arastan.rar
2015-11-21 15:45 - 2015-11-21 15:45 - 00265802 _____ C:\Users\Pete Jr\Downloads\AIO.rar
2015-11-21 15:44 - 2015-11-21 15:45 - 00119197 _____ C:\Users\Pete Jr\Downloads\Zoom.rar
2015-11-21 12:47 - 2015-11-21 12:47 - 00119546 _____ C:\Users\Pete Jr\Downloads\30x_10lvl_Smooth_Scope_Zoom_0910_by_Artasan.zip
2015-11-21 12:46 - 2015-11-21 12:47 - 10674517 _____ C:\Users\Pete Jr\Downloads\J1mB0_s_XVM_Config_v6.1.6.zip
2015-11-21 12:46 - 2015-11-21 12:47 - 02079481 _____ C:\Users\Pete Jr\Downloads\J1mB0_s_Crosshair_Mod_v1.53.zip
2015-11-20 23:21 - 2015-11-20 23:21 - 03361674 _____ C:\Users\Pete Jr\Downloads\39201_Plastic_disposable_water_bottle.zip
2015-11-20 17:37 - 2015-11-20 17:37 - 26921148 _____ C:\Users\Pete Jr\Downloads\BlenderGuru_Lighting_StarterScene.blend
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-18 13:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-18 13:03 - 2009-07-13 20:45 - 00032528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-18 13:03 - 2009-07-13 20:45 - 00032528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-18 13:00 - 2014-06-16 09:34 - 00000000 ____D C:\Users\Pete Jr\.gimp-2.8
2015-12-18 12:51 - 2014-06-16 09:41 - 00000000 ____D C:\Users\Pete Jr\AppData\Local\gtk-2.0
2015-12-18 12:47 - 2014-06-15 12:38 - 00000000 ____D C:\ProgramData\WRData
2015-12-18 12:43 - 2015-08-28 11:41 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-18 12:42 - 2015-11-14 09:38 - 00000000 ____D C:\Users\Pete Jr\AppData\Local\MyComGames
2015-12-18 12:42 - 2014-06-15 12:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-18 12:41 - 2014-08-22 08:05 - 00000362 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-12-18 12:40 - 2014-08-20 13:36 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-18 12:40 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-18 12:35 - 2014-06-17 10:00 - 00000000 ____D C:\Users\Pete Jr\AppData\Local\Akamai
2015-12-18 12:29 - 2015-02-27 13:05 - 00000000 ____D C:\Users\Pete Jr\AppData\Local\CrashDumps
2015-12-18 12:17 - 2014-06-15 12:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-18 12:06 - 2014-06-16 15:04 - 00000000 ____D C:\Users\Pete Jr\AppData\Roaming\Spotify
2015-12-18 12:02 - 2014-06-16 15:04 - 00000000 ____D C:\Users\Pete Jr\AppData\Local\Spotify
2015-12-18 11:32 - 2014-10-27 08:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-18 11:32 - 2014-10-20 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-18 11:32 - 2014-10-20 13:15 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-18 11:32 - 2014-06-17 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-12-18 11:32 - 2014-06-15 11:48 - 00000000 ____D C:\Users\Pete Jr
2015-12-18 10:40 - 2014-08-22 11:08 - 00000000 ____D C:\Users\Pete Jr\AppData\Local\Adobe
2015-12-18 10:27 - 2014-07-11 09:18 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-18 08:04 - 2014-10-20 12:31 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-12-18 08:04 - 2014-10-20 12:31 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-12-17 22:16 - 2015-04-04 22:10 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-17 22:16 - 2015-04-04 22:10 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-17 22:14 - 2014-06-16 08:40 - 00000000 ____D C:\Users\Pete Jr\AppData\Roaming\SoftGrid Client
2015-12-17 10:18 - 2014-06-15 12:15 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-17 08:22 - 2014-10-20 12:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-11 15:00 - 2009-07-13 21:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-10 18:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-12-10 16:32 - 2014-08-04 14:25 - 00000000 ____D C:\Users\Pete Jr\AppData\Roaming\OBS
2015-12-10 16:07 - 2014-08-04 14:24 - 00000000 ____D C:\Program Files (x86)\OBS
2015-12-10 11:14 - 2014-10-20 12:31 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-10 11:14 - 2014-10-20 12:31 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-10 11:14 - 2014-10-20 12:31 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-10 11:14 - 2014-10-20 12:31 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-10 11:14 - 2014-10-20 12:31 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-10 11:14 - 2014-10-20 12:31 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-09 17:12 - 2009-07-13 20:45 - 00378440 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 17:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-08 21:51 - 2014-07-13 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 21:50 - 2014-07-13 19:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-08 21:50 - 2014-07-13 19:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-08 21:48 - 2014-08-22 08:19 - 00000000 ____D C:\Windows\system32\MRT
2015-12-08 21:43 - 2014-08-22 08:19 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-04 20:17 - 2014-09-18 06:59 - 00000000 ____D C:\ProgramData\Origin
2015-12-03 23:32 - 2015-10-23 08:36 - 00000000 ____D C:\Caculus Credit
2015-12-03 18:12 - 2014-06-15 12:14 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 18:11 - 2014-06-15 12:14 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 16:52 - 2014-06-15 12:13 - 00098656 _____ C:\Users\Pete Jr\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-03 16:32 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-03 16:01 - 2014-09-18 07:02 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-12-03 16:00 - 2014-09-18 06:59 - 00000000 ____D C:\Program Files (x86)\Origin
2015-12-02 13:18 - 2010-11-20 19:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-27 13:57 - 2009-07-13 21:13 - 00782720 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-22 15:04 - 2014-09-25 09:23 - 00000000 ____D C:\Users\Pete Jr\AppData\Roaming\Microsoft\Windows\Start Menu\OMC ModPack
2015-11-22 13:41 - 2014-09-25 08:26 - 00000000 ____D C:\Users\Pete Jr\Documents\OMC ModPack
2015-11-22 13:38 - 2014-09-25 08:26 - 00000000 ____D C:\Users\Pete Jr\AppData\Roaming\Microsoft\Windows\Start Menu\OMC ModPack Client
2015-11-22 13:38 - 2014-09-25 08:26 - 00000000 ____D C:\Program Files (x86)\OMC ModPack Client
 
==================== Files in the root of some directories =======
 
2014-06-15 12:39 - 2014-06-15 12:39 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-12-18 12:51 - 2015-12-18 12:51 - 0004292 _____ () C:\Users\Pete Jr\AppData\Local\recently-used.xbel
2014-10-21 08:42 - 2015-03-23 08:28 - 0007594 _____ () C:\Users\Pete Jr\AppData\Local\Resmon.ResmonCfg
2014-08-04 14:01 - 2014-09-18 15:51 - 0000734 _____ () C:\Users\Pete Jr\AppData\Local\TwitchModCfg.txt
2015-07-23 13:37 - 2015-07-23 13:37 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some files in TEMP:
====================
C:\Users\Pete Jr\AppData\Local\Temp\AAMHelper.exe
C:\Users\Pete Jr\AppData\Local\Temp\AcDeltree.exe
C:\Users\Pete Jr\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Pete Jr\AppData\Local\Temp\cct.dll
C:\Users\Pete Jr\AppData\Local\Temp\comver.dll
C:\Users\Pete Jr\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Pete Jr\AppData\Local\Temp\JavaIC.dll
C:\Users\Pete Jr\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Pete Jr\AppData\Local\Temp\lowproc.exe
C:\Users\Pete Jr\AppData\Local\Temp\msscct32.dll
C:\Users\Pete Jr\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Pete Jr\AppData\Local\Temp\nvStInst.exe
C:\Users\Pete Jr\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Pete Jr\AppData\Local\Temp\stubhelper.dll
C:\Users\Pete Jr\AppData\Local\Temp\tmp-drivermax5774129.exe
C:\Users\Pete Jr\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Pete Jr\AppData\Local\Temp\YSearchUtil.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-10 09:55
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-12-2015
Ran by Pete Jr (2015-12-18 13:14:38)
Running from C:\Users\Pete Jr\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-06-15 19:48:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3584736083-2098224852-1505809598-500 - Administrator - Disabled)
Guest (S-1-5-21-3584736083-2098224852-1505809598-501 - Limited - Disabled)
Pete Jr (S-1-5-21-3584736083-2098224852-1505809598-1000 - Administrator - Enabled) => C:\Users\Pete Jr
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.12 (HKLM-x32\...\{23170F69-40C1-2701-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
AdExDbManager (HKLM\...\{41266321-E469-44A1-A115-CAA7184BBE30}) (Version: 0.0.5.0 - Autodesk)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Armored Warfare MyCom Beta (HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\Armored Warfare MyCom Beta) (Version: 1.53 - My.com B.V.)
ArtRage Studio (HKLM-x32\...\{DAE9A7CF-8619-482A-82CA-6D7F5D400239}) (Version: 3.5.5 - Ambient Design)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 (HKLM\...\Autodesk 3ds Max 2016) (Version: 18.0.873.0 - Autodesk)
Autodesk 3ds Max 2016 (Version: 18.0.873.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 Populate Data (HKLM\...\{57E92DED-DC7C-41E5-B9E1-76D83BD2EABE}) (Version: 18.0.0.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.9 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk Backburner 2016 (HKLM-x32\...\{8C5F38D2-9EFE-49A4-B3F5-BF3210FED168}) (Version: 16.0.0.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Civil View for 3ds Max 2016 64-bit (HKLM\...\{1C4FFAF0-6DBB-4F7A-A386-46747D060826}) (Version: 18.0.0.0 - Autodesk)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{C897D9EC-13C6-4A22-ABF7-33F2126A7DB6}) (Version: 3.0.8.0 - Autodesk, Inc.)
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Fusion 360 (HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.1407 - Autodesk, Inc.)
Autodesk Inventor Server Engine for 3ds Max 2016 (HKLM\...\{9167CA34-4E58-49E3-8892-3C439739D2D3}) (Version: 18.0 - Autodesk)
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.19 - Autodesk)
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max  (HKLM\...\Autodesk Revit Interoperability for 3ds Max ) (Version: 16.0.394.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max  (Version: 16.0.394.0 - Autodesk) Hidden
Autodesk SketchBook (HKLM\...\{BF0D3BC0-288E-452F-AC08-762E327EEF05}) (Version: 7.05.0000 - Autodesk)
Autodesk SketchBook Express 6.2 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.2.0000 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Batla (HKLM-x32\...\Steam App 338180) (Version:  - )
BattleLine (HKLM-x32\...\BattleLine) (Version:  - )
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BestRubiksCube (HKLM-x32\...\BestRubiksCube) (Version:  - ROSSPROGRAMMPRODUCT)
Blender (HKLM\...\{EA3C8A99-1565-44FF-89FC-926CEEB623B5}) (Version: 2.75.1 - Blender Foundation)
Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.21) (Version: 1.1.0.21 - DAZ 3D)
Dell System Detect (HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\73f463568823ebbe) (Version: 5.11.0.3 - Dell)
Dropbox (HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
eKnowledge (HKLM-x32\...\com.app.eKnowledge.37BB4A51AA57BBBCCE9D5AE66A70970990347557.1) (Version: version7.0 - eKnowledge LLC)
eKnowledge (x32 Version: 7.0 - eKnowledge LLC) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Epson Event Manager (HKLM-x32\...\{089EC7B5-6480-4478-ACF0-DEFD4047343C}) (Version: 2.40.0004 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 840 Series Printer Uninstall (HKLM\...\EPSON WorkForce 840 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FIFA 16 Demo (HKLM-x32\...\{D09AD1AE-6AAC-45EB-B9F6-C1F223DD8481}) (Version: 1.0.0.0 - Electronic Arts)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
focus booster version 2.0.0 (HKLM-x32\...\{4A8CD634-78D6-4A35-9D1E-98CCBD11910B}_is1) (Version: 2.0.0 - focus booster)
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 2.5.0 - Blue Labs, LLC)
Galcon 2 (HKLM-x32\...\Steam App 294160) (Version:  - Hassey Enterprises, Inc.)
GameSalad Creator (HKLM-x32\...\{54398F55-5123-4FAA-9753-76E94AA77C20}) (Version: 0.10.5 - GameSalad)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
KYOCERA USB Modem KC02US Driver (HKLM\...\{E2C3C89F-23CC-4C39-A900-6139F65B1557}) (Version: 2.07.0000 - KYOCERA Corporation)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{8057481C-0CFC-43BB-8EEC-C6A0E1C82E19}) (Version: 13.0.1.0 - mental ray)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.7122.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mixxx 1.12.0-beta1 (64-bit) (HKLM-x32\...\Mixxx (1.12.0-beta1)) (Version: 1.12.0-beta1 - The Mixxx Development Team)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MY CAMERA (HKLM-x32\...\{388887F6-0661-4C80-B272-A6A23EFC7A31}) (Version: 1.00.0000 - MY CAMERA)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
My.com Game Center (HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\MyComGames) (Version: 3.156 - My.com B.V.)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OMC ModPack Client version 1.4.1.0 (HKLM-x32\...\{E2F3187C-2B94-486F-8914-E69211487FB6}_is1) (Version: 1.4.1.0 - Odem Mortis)
Open 3D Model Viewer (HKLM-x32\...\{EBDFEC36-5277-454F-875B-F0AA2CDC3C92}) (Version: 1.10.0000 - Alexander Gessler)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Pepakura Designer 3 (HKLM-x32\...\pepakura_designer3en) (Version:  - TamaSoftware)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
RC Desk Pilot 0.1.3 (HKLM\...\{DFFD7D4F-6C61-402D-8D16-72B8AC33FE5A}_is1) (Version:  - rcdeskpilot.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Snagit 12 (HKLM-x32\...\{e8720e7e-08a2-4a30-9bce-70aa27c2a3dc}) (Version: 12.2.2.2107 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.2.2 - TechSmith Corporation) Hidden
SpeedZooka (HKLM-x32\...\SpeedZooka) (Version: 4.55.14 - ZookaWare)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Star Conflict (HKLM-x32\...\Steam App 212070) (Version:  - Star Gem Inc.)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold Kingdoms (HKLM-x32\...\{D1D632A2-E249-466D-A094-B1B934D37645}_is1) (Version: 1.17 - Firefly Studios)
Supernova (HKLM-x32\...\{4EB7D388-3846-4671-B64E-9039718133BC}) (Version: 1.00.0000 - BANDAI NAMCO Entertainment America)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.1 - Synthesia LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TI Connect™ CE (HKLM-x32\...\{99F8299E-EFDF-4B45-91B4-F3AC8AEE5929}) (Version: 5.1.0.68 - Texas Instruments Inc.)
Transformers Universe (HKLM-x32\...\{EAB5ACD3-43C0-4B3E-931A-CA61520934AD}) (Version: 1.0.0.0 - Jagex Ltd)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Upgrade Tool Monitor (HKLM-x32\...\{2FFA75A8-1E64-43F6-9F88-F0618701DBF7}) (Version: 1.0.61 - Kyocera)
UpgradeTool (HKLM-x32\...\{F83B3870-09F4-4A02-A2F2-595FE62919D9}) (Version: 1.0.55 - Kyocera)
Verizon Tool Launcher (HKLM-x32\...\{94D37911-ACE9-447B-9580-8737EE1E91F1}) (Version: 1.0.36 - Kyocera)
Victory Command (HKLM-x32\...\PGVictory) (Version:  - CDRV Media)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6-3 - Wacom Technology Corp.)
War Thunder Launcher 1.0.1.420 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version:  - Wargaming.net)
World of Warships (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814NA}_is1) (Version:  - Wargaming.net)
WoT Twitch Mod version 0.5.18 (HKLM-x32\...\WoT Twitch Mod_is1) (Version: 0.5.18 - )
Zumas Revenge (HKLM-x32\...\{0B153CAB-792B-4CA2-B2A5-AB0BBAF2FFA9}) (Version: 1.0.5.600 - PopCap Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\Pete Jr\AppData\Local\Autodesk\webdeploy\production\b7d57353f30ad672ea7a5640d1a3aa28791c30f3\NPreview10.dll ()
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pete Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pete Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pete Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pete Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
07-08-2015 09:47:23 avast! antivirus system restore point
07-08-2015 10:10:31 Windows Update
11-08-2015 06:54:01 Windows Update
12-08-2015 12:59:06 Windows Update
16-08-2015 12:00:25 Windows Update
18-08-2015 21:04:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
18-08-2015 21:05:25 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
19-08-2015 02:00:24 Windows Update
22-08-2015 08:54:01 Windows Update
26-08-2015 15:34:12 Windows Update
28-08-2015 11:37:58 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
28-08-2015 11:39:16 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
30-08-2015 07:43:17 Windows Update
02-09-2015 11:12:02 Windows Update
05-09-2015 17:03:08 Windows Update
09-09-2015 15:49:27 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
09-09-2015 16:08:10 Windows Update
09-09-2015 20:22:13 Windows Update
15-09-2015 10:13:59 Windows Update
22-09-2015 09:36:54 Windows Update
29-09-2015 11:10:48 Windows Update
06-10-2015 11:30:56 Scheduled Checkpoint
06-10-2015 12:37:55 Windows Update
07-10-2015 20:16:33 Windows Update
09-10-2015 08:08:31 avast! antivirus system restore point
11-10-2015 18:05:52 Windows Update
13-10-2015 13:56:16 Installed TI Connect™ CE
15-10-2015 02:01:01 Windows Update
15-10-2015 20:45:55 Windows Update
20-10-2015 12:07:41 Windows Update
20-10-2015 20:41:53 Windows Update
27-10-2015 07:12:37 Windows Update
03-11-2015 11:13:07 Windows Update
10-11-2015 13:44:18 Scheduled Checkpoint
10-11-2015 14:31:47 Windows Update
11-11-2015 03:00:23 Windows Update
12-11-2015 21:52:49 Windows Update
17-11-2015 12:19:09 Windows Update
24-11-2015 09:53:43 Windows Update
27-11-2015 12:43:52 Windows Update
01-12-2015 09:30:16 Windows Update
03-12-2015 16:31:44 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
04-12-2015 09:46:55 Windows Update
08-12-2015 13:33:06 Windows Update
08-12-2015 21:42:06 Windows Update
15-12-2015 08:06:20 Windows Update
17-12-2015 22:16:08 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1BDAA0BC-1614-4BE8-BC4D-F48C38AA1F77} - System32\Tasks\{CDFD598D-08F2-4D8C-955F-9825B6E70EDA} => pcalua.exe -a "C:\Users\Pete Jr\Downloads\win64_152822.exe" -d "C:\Users\Pete Jr\Downloads"
Task: {239D5D11-874A-41D2-AE44-EBB70DBA6D84} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2EB3806F-0419-4533-B65A-69D58E37DE09} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {36C73E06-257B-43AC-AD9A-85DDA26DDD39} - System32\Tasks\{AE82104B-6490-4E6E-B207-3539051468FA} => pcalua.exe -a C:\Users\PETEJR~1\AppData\Local\Temp\jre-8u51-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {3B60FB80-A22A-4D1E-9D68-13BD8E8D3593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {67D2FCF1-6DF3-4EC7-BBBE-83832944D735} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
Task: {7AC357C2-3DB7-4589-8B8C-487899235852} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9466FEBA-A8EC-490B-93AF-DA4CE85FB7D5} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {94E24EA9-9D01-4D6F-ACB8-2CEF123887C4} - System32\Tasks\AdobeAAMUpdater-1.0-Fred-PC-Pete Jr => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {A706A73D-288B-4F03-9B9D-78964652DCB9} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: {BFC1DC00-DFDE-4E76-A527-249E135A53E0} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {CB94503C-0874-4EC1-8965-D28E152E923D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-10] (AVAST Software)
Task: {CCD8FC3A-5332-44CE-86CA-F776560B9276} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [2014-08-30] ()
Task: {DE0E184E-459C-445C-A087-63E3DFE8EBFE} - System32\Tasks\avastBCLRestartS-1-5-21-3584736083-2098224852-1505809598-1000 => Chrome.exe 
Task: {ED69A18B-763C-4142-80DC-7FB23D0C2957} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {FC4949EA-D762-4766-964E-221E7D84F7A1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-08-20 13:33 - 2015-01-09 15:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-16 06:16 - 2011-05-05 12:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2014-06-16 06:16 - 2011-05-05 12:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2014-06-16 06:16 - 2011-05-05 12:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2014-06-16 06:16 - 2011-05-05 12:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2014-06-16 06:16 - 2011-05-05 12:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2014-08-28 12:38 - 2011-12-14 16:53 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2014-08-30 10:07 - 2014-08-30 10:07 - 00400384 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2014-08-30 10:07 - 2014-08-30 10:07 - 00195584 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2014-06-22 10:17 - 2013-06-05 18:09 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-07-22 00:02 - 2015-07-22 00:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-05-12 01:49 - 2014-05-12 01:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-08-30 10:07 - 2014-08-30 10:07 - 00026112 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2014-08-30 10:07 - 2014-08-30 10:07 - 00088576 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2015-01-27 20:23 - 2015-01-27 20:23 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2015-01-27 20:23 - 2015-01-27 20:23 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2015-01-27 20:23 - 2015-01-27 20:23 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2015-01-27 20:23 - 2015-01-27 20:23 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-07-22 00:02 - 2015-07-22 00:02 - 31535264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-12-10 11:14 - 2015-12-10 11:14 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-10 11:14 - 2015-12-10 11:14 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-14 12:48 - 2015-12-14 12:48 - 02803712 _____ () C:\Program Files\AVAST Software\Avast\defs\15121407\algo.dll
2015-12-10 11:14 - 2015-12-10 11:14 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-07-23 13:59 - 2015-11-16 18:33 - 00055328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-07-23 13:59 - 2015-11-16 18:33 - 00103968 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-08-28 12:38 - 2011-12-14 09:22 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2014-08-30 10:07 - 2014-08-30 10:07 - 00056832 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2014-08-30 10:07 - 2014-08-30 10:07 - 00324608 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2014-08-30 10:07 - 2014-08-30 10:07 - 00071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2014-08-30 10:07 - 2014-08-30 10:07 - 00354816 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2015-07-29 17:42 - 2015-07-23 20:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-11-14 09:38 - 2015-11-14 09:38 - 00144896 _____ () C:\Users\Pete Jr\AppData\Local\MyComGames\zlib1.dll
2015-11-14 09:38 - 2015-11-14 09:38 - 00062464 _____ () C:\Users\Pete Jr\AppData\Local\MyComGames\pxd.dll
2015-11-14 09:38 - 2015-11-14 09:38 - 00179144 _____ () C:\Users\Pete Jr\AppData\Local\MyComGames\LightUpdate.dll
2015-11-14 09:38 - 2015-11-14 09:38 - 02340296 _____ () C:\Users\Pete Jr\AppData\Local\MyComGames\BigUp2.dll
2015-08-26 01:18 - 2015-08-26 01:18 - 50425344 _____ () C:\Users\Pete Jr\AppData\Local\MyComGames\Chrome\3.2454.1317\libcef.dll
2015-12-10 11:14 - 2015-12-10 11:14 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-22 14:32 - 2015-07-22 14:32 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-12-18 12:43 - 2015-11-16 18:33 - 00103968 _____ () C:\Users\Pete Jr\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2015-12-17 10:18 - 2015-12-10 19:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 10:18 - 2015-12-10 19:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-10 11:14 - 2015-12-10 11:14 - 00984576 _____ () C:\Program Files\AVAST Software\Avast\ffmpegsumo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33179284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33179284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\...\dell.com -> dell.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pete Jr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install Webroot FF RunOnce.lnk => C:\Windows\pss\Install Webroot FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install Webroot IE RunOnce.lnk => C:\Windows\pss\Install Webroot IE RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100v2 Genie.lnk => C:\Windows\pss\NETGEAR WNDA3100v2 Genie.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Pete Jr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: ADSK DLMSession => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPSONB87864 (WorkForce 840) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S8471.tmp" /EF "HKCU"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: Spotify => "C:\Users\Pete Jr\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{597CB31A-C9A5-4ED1-AA2B-F66EC678C567}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{6B82CA71-99F4-44C2-B2D1-D5543487C984}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{70BD0AD5-9EDD-427C-993C-ABF8A620C0D8}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{E2F560C2-A70F-4AA7-8739-620045286DAC}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{DEF78189-F3BE-4B51-96CA-B613032027C8}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{1E1CE33F-1D00-428F-B41E-590C80C92ECD}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{38575533-E752-4291-A13E-92A8C8EB6A49}C:\users\pete jr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pete jr\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{01AA3B79-400E-4D02-8055-159C75B1D46C}C:\users\pete jr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pete jr\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{30DEFD1E-ECDA-4FE3-8372-D35D0A4477B6}C:\users\pete jr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pete jr\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E9D62BF1-5549-4B35-AA2F-E1BE7D43E715}C:\users\pete jr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pete jr\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4D4F0AFF-91E4-4B33-ADB8-39A840EF7BFC}C:\users\pete jr\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\pete jr\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{DED96A32-F0FD-4F85-B95C-8BC9D2B8D131}C:\users\pete jr\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\pete jr\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0B17FCCA-8B08-4391-86F3-E8E5B9C78292}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{190828F7-D273-4264-B690-D0E62F951788}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{2B445DCD-3FFC-4676-A3A0-79BFB6B9C34C}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{ADD0C978-2349-4554-A7F5-A8B69C67991A}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{06433DE1-1461-43ED-928F-C692FFB5072B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B7507269-FA2C-402F-9B05-1A666D034371}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{29C21BEB-DCF9-4A1B-9299-0101CAF0C274}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [UDP Query User{03ED349C-4AA2-432D-BC59-99BDB1834D1C}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [TCP Query User{4A0186B3-B209-4923-BB8D-B46B7B478605}C:\users\pete jr\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\pete jr\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{9C694738-926F-4DD9-A92C-43BAF3194913}C:\users\pete jr\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\pete jr\appdata\local\akamai\netsession_win.exe
FirewallRules: [{8C16F8FF-B2DC-4856-A857-52B4E1C41EE9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B3377435-EECC-4EAC-927C-046C9F03AD72}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E7513A96-7FFE-4208-929C-28DBCFD53F44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{0C505373-F90E-4F61-9738-A545D3DA4B5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{461289B7-8D3D-487E-B35D-994E8FC0A2CD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{06B2526D-9AB9-4796-A030-1794EA6923BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{168EF50E-4063-4D79-BBDC-0216FA148B08}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E7BC780A-1B18-4F47-9571-5D6CD1286E1A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{285F5A3D-363D-4A9A-9BE3-AFF4F56397B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\star conflict\game.exe
FirewallRules: [{31198154-72A5-4674-9797-CDEE2FD2C67A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\star conflict\game.exe
FirewallRules: [{8E5AC6E1-5B31-4B20-AC34-74B10E39B96C}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{0D42457F-42DB-4DD2-B367-2A020289FD51}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{B42E83FD-756A-41BE-8B0E-2CE09E054418}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{F1AEB4E9-BF28-475B-89B1-E38D849F6DA8}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{081B4802-BAF8-4176-80C4-5ACF50C4EBB2}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{EB29BC23-94A9-40B2-BE60-6BE7C8B62E7E}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{A9E850E1-7FF7-478F-8FFF-BF27DFE6E663}] => (Allow) C:\Users\Pete Jr\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{8AC8B042-573E-40FB-9E91-9144FD80DBDB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{786EFF75-3156-473F-92B6-A36C42AFBC11}] => (Allow) LPort=2869
FirewallRules: [{E3BB69A5-5E86-4C07-8C67-B4E575FBA597}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{F090D9DA-61CC-470E-B26F-66B93817DE5E}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{50D1E3F7-3C17-449F-A31D-7B8B4E9F826A}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{1B5E44CB-3D70-4BE1-95B5-89FC95E48434}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{4C9132C2-892C-456D-A161-21D79802F332}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{5F9FC372-6001-49C6-B07F-B3053BCE55CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Galcon 2\galcon2.exe
FirewallRules: [{21D16C0B-65E2-4FD0-A1C9-1CD0558D7B1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Galcon 2\galcon2.exe
FirewallRules: [{706A8C19-B23F-4A84-B671-E20244EA888E}] => (Allow) C:\BANDAI NAMCO Games America\BattleLine\BattleLine.exe
FirewallRules: [{81083B39-78AD-4A79-AAA7-7E144FBAA4F1}] => (Allow) C:\BANDAI NAMCO Games America\BattleLine\BattleLine.exe
FirewallRules: [TCP Query User{36DC36D0-BC67-445B-A18D-A3AEA4165EF1}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{40DC3E6D-68BF-4164-93EB-BFB297EBBDE6}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{C33C3D9D-CF34-4ED5-B18A-62A32D8B4093}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5B897BDB-B57A-4B5F-A8CD-016850910F29}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{6CCC276E-CDAB-436F-9A1E-DB07179B5C6F}C:\games\wows weekend\wowslauncher.exe] => (Allow) C:\games\wows weekend\wowslauncher.exe
FirewallRules: [UDP Query User{F7DCD0B5-5DC9-45AB-9C29-65F4B11FB2BE}C:\games\wows weekend\wowslauncher.exe] => (Allow) C:\games\wows weekend\wowslauncher.exe
FirewallRules: [{2899F506-FE69-46C3-BB2F-A226B0EAA2C4}] => (Allow) LPort=8298
FirewallRules: [{C75E43CF-FB7A-4067-9A2B-D7814BA422FA}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [{A7A01DBC-20D3-4960-9FC6-A2AB369810DE}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [{ED999832-0E75-4E36-A2B5-6A0F1C3A0E71}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batla\Batla.exe
FirewallRules: [{F7845571-A63A-497F-B390-CF47FEE8D92F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batla\Batla.exe
FirewallRules: [{CFA345D1-F39A-4294-807E-303CD9B9BD93}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{DE265E0C-BC3C-4DDE-B059-5884B334F8EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{869BD5FD-7F9B-4942-988A-E34AE31C5437}] => (Allow) LPort=50248
FirewallRules: [{D5EEAAD5-07B0-4D97-BBC2-FA8540F91044}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{9F1FA823-AC22-476E-94AE-338DB10B9A8B}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{7097376F-395C-4FB6-AC4D-3512A1BDB952}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{09B0D4D7-91E6-4101-A262-C227CE1741DC}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{8F49C30D-3B7E-4659-A4D2-6B4BEF89F146}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6E1C0169-5126-4B81-BB6F-D68955230E08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1980F98F-DE3E-477D-8FE8-5DC10133BBE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{955598A7-488C-4191-9379-8CFC32E16D73}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{481F2991-14B3-43D3-912D-E6AE16411CB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{60D710AC-16FB-477A-9952-7CBD6E580B10}C:\users\pete jr\desktop\dirt 3\dirt3_game.exe] => (Allow) C:\users\pete jr\desktop\dirt 3\dirt3_game.exe
FirewallRules: [UDP Query User{3EAA8B19-2501-4AB6-97B2-3AB002E7F7BD}C:\users\pete jr\desktop\dirt 3\dirt3_game.exe] => (Allow) C:\users\pete jr\desktop\dirt 3\dirt3_game.exe
FirewallRules: [{73556668-657F-4E83-A969-50004134B5DB}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{BE18F85E-3062-4BBE-802B-2245E2B3CA3D}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{44EF7044-CD65-4FAD-84C7-CE1B450C2831}] => (Allow) C:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [{9A8133E3-6588-427E-AA56-0A6DF3BB80C4}] => (Allow) C:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [TCP Query User{D9E9A317-BEFC-4ACF-A26B-709824AB06D8}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [UDP Query User{9904D4E4-5DE8-4778-8E74-280C4375A8A3}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [TCP Query User{4206CD49-3C8E-4B1C-BEA7-9DC1587742F1}C:\program files\verizon cloud\verizon cloud service.exe] => (Block) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [UDP Query User{C07F889B-268D-49DC-9D15-208963F1E657}C:\program files\verizon cloud\verizon cloud service.exe] => (Block) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [TCP Query User{35DDA77A-B8B2-44F3-8FF5-D9F16AF13FA0}C:\users\pete jr\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\pete jr\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{00FBE58C-0AD7-4016-B930-05AD348D14EC}C:\users\pete jr\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\pete jr\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{8109814C-5CCC-4005-B0D1-B8761C11DB74}C:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe] => (Allow) C:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe
FirewallRules: [UDP Query User{7152A8B4-4B6C-402C-BBB1-35385AE15D69}C:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe] => (Allow) C:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe
FirewallRules: [{8E621CC1-F465-47B8-BF9C-CF41F5DC2DB5}] => (Allow) C:\Program Files (x86)\OMC ModPack Client\OMC ModPack Client.exe
FirewallRules: [TCP Query User{D4DB4544-5449-4D96-9D46-A0F17F62FAA6}C:\users\pete jr\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\pete jr\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{FDFF82EF-9A08-4F3C-B345-94148F9CF5BF}C:\users\pete jr\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\pete jr\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{D991CEAD-B4F7-49ED-816C-95A3307EB396}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{3A76FDA5-864F-418A-B10A-A9413C2D4781}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{0DC64F10-4C8B-4A3B-B335-A29E1EF47924}C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [UDP Query User{BA00880D-E26F-4285-84D3-CD2D9BFE0CD9}C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{C211A7CE-9C5F-41A9-A599-05759A01864A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/18/2015 12:41:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/18/2015 12:35:25 PM) (Source: MsiInstaller) (EventID: 11310) (User: Fred-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Pete Jr\AppData\Local\Akamai\uninstall.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (12/18/2015 12:35:05 PM) (Source: MsiInstaller) (EventID: 11310) (User: Fred-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Pete Jr\AppData\Local\Akamai\uninstall.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (12/18/2015 12:29:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WRSA.exe, version: 9.0.7.42, time stamp: 0x566ef195
Faulting module name: WRSA.exe, version: 9.0.7.42, time stamp: 0x566ef195
Exception code: 0xc0000005
Fault offset: 0x000e8b39
Faulting process id: 0xcdc
Faulting application start time: 0xWRSA.exe0
Faulting application path: WRSA.exe1
Faulting module path: WRSA.exe2
Report Id: WRSA.exe3
 
Error: (12/18/2015 11:31:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Fred-PC)
Description: Application or service 'Windows Explorer' could not be shut down.
 
Error: (12/18/2015 10:31:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/18/2015 08:02:22 AM) (Source: MsiInstaller) (EventID: 11310) (User: Fred-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Pete Jr\AppData\Local\Akamai\uninstall.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (12/18/2015 08:01:15 AM) (Source: MsiInstaller) (EventID: 11310) (User: Fred-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Pete Jr\AppData\Local\Akamai\uninstall.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (12/18/2015 07:58:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2015 08:38:53 PM) (Source: MsiInstaller) (EventID: 11310) (User: Fred-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Pete Jr\AppData\Local\Akamai\uninstall.exe.  System error 0.  Verify that you have access to that directory.
 
 
System errors:
=============
Error: (12/18/2015 12:42:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/18/2015 12:40:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:38:27 PM on ‎12/‎18/‎2015 was unexpected.
 
Error: (12/18/2015 10:33:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/18/2015 10:33:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (12/18/2015 10:19:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (12/18/2015 10:19:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (12/18/2015 09:06:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (12/18/2015 07:58:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/17/2015 01:28:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/17/2015 01:27:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:21:24 PM on ‎12/‎17/‎2015 was unexpected.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 38%
Total physical RAM: 8174.12 MB
Available physical RAM: 5054.22 MB
Total Virtual: 14289.32 MB
Available Virtual: 10680.92 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:188.17 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 609C756F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by EN1GM4, 18 December 2015 - 03:25 PM.

  • 0

Advertisements

#2
Essexboy
Posted 18 December 2015 - 04:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={AEFD5C85-A099-11E2-B315-F04DA2F43285}","hxxp://mysearch.avg.com/?cid={A6D6AA9E-B788-4A53-B885-6D9A19B30D4D}&mid=126bfcf210dc4b53b50b963e64ce75e2-fb3046064c70e5658a27af15fca3ba10a709061c&lang=en&ds=hk018&pr=sa&d=2013-09-12 10:54:22&v=15.4.0.5&pid=safeguard&sg=0&sap=hp","hxxp://search.conduit.com/?ctid=CT3316068&SearchSource=48&CUI=UN37358370722181882&UM=2&sspv=CHNT7","hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C"
2015-12-18 11:30 - 2015-12-18 11:30 - 00000000 ____D C:\Users\Pete Jr\AppData\Local\lptmp1498367896
Task: {1BDAA0BC-1614-4BE8-BC4D-F48C38AA1F77} - System32\Tasks\{CDFD598D-08F2-4D8C-955F-9825B6E70EDA} => pcalua.exe -a "C:\Users\Pete Jr\Downloads\win64_152822.exe" -d "C:\Users\Pete Jr\Downloads"
Task: {36C73E06-257B-43AC-AD9A-85DDA26DDD39} - System32\Tasks\{AE82104B-6490-4E6E-B207-3539051468FA} => pcalua.exe -a C:\Users\PETEJR~1\AppData\Local\Temp\jre-8u51-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
EN1GM4
Posted 18 December 2015 - 04:55 PM

EN1GM4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here is the fix log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-12-2015
Ran by Pete Jr (2015-12-18 14:39:05) Run:1
Running from C:\Users\Pete Jr\Desktop
Loaded Profiles: Pete Jr (Available Profiles: Pete Jr)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3584736083-2098224852-1505809598-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%34%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C&q={searchTerms}
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={AEFD5C85-A099-11E2-B315-F04DA2F43285}","hxxp://mysearch.avg.com/?cid={A6D6AA9E-B788-4A53-B885-6D9A19B30D4D}&mid=126bfcf210dc4b53b50b963e64ce75e2-fb3046064c70e5658a27af15fca3ba10a709061c&lang=en&ds=hk018&pr=sa&d=2013-09-12 10:54:22&v=15.4.0.5&pid=safeguard&sg=0&sap=hp","hxxp://search.conduit.com/?ctid=CT3316068&SearchSource=48&CUI=UN37358370722181882&UM=2&sspv=CHNT7","hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C"
2015-12-18 11:30 - 2015-12-18 11:30 - 00000000 ____D C:\Users\Pete Jr\AppData\Local\lptmp1498367896
Task: {1BDAA0BC-1614-4BE8-BC4D-F48C38AA1F77} - System32\Tasks\{CDFD598D-08F2-4D8C-955F-9825B6E70EDA} => pcalua.exe -a "C:\Users\Pete Jr\Downloads\win64_152822.exe" -d "C:\Users\Pete Jr\Downloads"
Task: {36C73E06-257B-43AC-AD9A-85DDA26DDD39} - System32\Tasks\{AE82104B-6490-4E6E-B207-3539051468FA} => pcalua.exe -a C:\Users\PETEJR~1\AppData\Local\Temp\jre-8u51-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
Chrome StartupUrls => removed successfully
C:\Users\Pete Jr\AppData\Local\lptmp1498367896 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BDAA0BC-1614-4BE8-BC4D-F48C38AA1F77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BDAA0BC-1614-4BE8-BC4D-F48C38AA1F77}" => key removed successfully
C:\Windows\System32\Tasks\{CDFD598D-08F2-4D8C-955F-9825B6E70EDA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CDFD598D-08F2-4D8C-955F-9825B6E70EDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36C73E06-257B-43AC-AD9A-85DDA26DDD39}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36C73E06-257B-43AC-AD9A-85DDA26DDD39}" => key removed successfully
C:\Windows\System32\Tasks\{AE82104B-6490-4E6E-B207-3539051468FA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AE82104B-6490-4E6E-B207-3539051468FA}" => key removed successfully
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3584736083-2098224852-1505809598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {3EB572A9-8121-459F-85C5-1137961BEEC7}.
{D7047F21-2B8B-4D0B-9C9F-EE0077D4DCDF} canceled.
{A1C04BAA-9D8D-4BD8-8A79-E80432367878} canceled.
{3A6114BA-DD79-4615-B6E2-AF16C2F4C811} canceled.
{2A5DC68E-500F-4AFA-A990-29A6139AA95F} canceled.
{F45F533F-A30D-49D3-A7D7-3302CF2CE150} canceled.
{B942B338-476C-4362-8D39-BEB600CC9BA9} canceled.
{0D745002-3989-4504-9477-3BFFAB6C886F} canceled.
{FE55CC86-6FDE-4A75-B65D-9D16347A2E03} canceled.
{6AE2924B-BCB9-4686-9CF3-C1F98EC025D0} canceled.
{EA0F9FC4-6572-4217-BDCD-D555AF974788} canceled.
{BDBBAFDE-C19C-46F2-872C-B941E05748FC} canceled.
{78B7720D-879C-496B-8EC6-4D14E0EEB478} canceled.
{622D66EC-960A-47D2-996F-EA5912D22DF7} canceled.
{FF351B70-8CC2-457E-9150-C7C8B1C5FD5F} canceled.
{9C886616-94C8-4B65-A958-14FA434F98EA} canceled.
{83A068F9-9042-40BD-B98B-5CE83ED846B6} canceled.
{E2A43DDD-9CB4-44F4-ABA0-0D1A07EFE547} canceled.
{E5B9E916-06B0-4FE9-BDD2-E29D37217779} canceled.
{1E0B53EA-5383-4C3B-A694-DA3BCE8BACD9} canceled.
{5E83354C-7909-4E33-B671-307D9A74BE03} canceled.
{B6BAA3B7-ACB2-43EB-B253-482CC2679BFB} canceled.
{41CEB374-4F07-4D07-A596-128CB3931396} canceled.
{DFC52538-25B9-4E8B-B41C-B3C9877E0569} canceled.
{03438BAD-E97B-4C04-80A8-29E21A4ECF04} canceled.
{94702234-4BFF-4C00-ADFB-F70277DF59C1} canceled.
{5BB533CA-F22A-4FE9-A2F8-680E98D15F72} canceled.
{27621E09-B216-4251-AD6D-944EFEAD4971} canceled.
{58F49D8D-6656-46CB-A7DE-BBE9A7487137} canceled.
{2758C2B7-2CE4-433E-B3A7-2B4218BC8B51} canceled.
{06ED3DEB-F0D1-4DE3-A1C0-5F493C0361D8} canceled.
{8B767F0A-8223-4FDB-AEB2-57525B31B580} canceled.
{15C628E9-A87B-4FC8-B8C3-0C62CC7CD77F} canceled.
32 out of 33 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 15.2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 14:42:33 ====

  • 0

#4
EN1GM4
Posted 18 December 2015 - 04:56 PM

EN1GM4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

So far I haven't had any alerts. Seems to have fixed the problem. I'll run the adwcleaner now.


  • 0

#5
EN1GM4
Posted 18 December 2015 - 05:12 PM

EN1GM4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here is the Adwcleaner log:

 

# AdwCleaner v5.025 - Logfile created 18/12/2015 at 15:01:14
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Pete Jr - FRED-PC
# Running from : C:\Users\Pete Jr\Desktop\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\ProgramData\TweakBit
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
[-] Folder Deleted : C:\Users\Pete Jr\AppData\Local\DriverTuner
[-] Folder Deleted : C:\Users\Pete Jr\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\Pete Jr\AppData\Local\Innovative Solutions
[-] Folder Deleted : C:\Users\Pete Jr\AppData\Roaming\Innovative Solutions
[-] Folder Deleted : C:\Users\Pete Jr\AppData\Roaming\Easeware
[-] Folder Deleted : C:\Users\Pete Jr\Documents\Updater
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : DriverNavigator Scheduled Scan
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\DriverTuner_Init
[-] Key Deleted : HKCU\Software\DriverTuner
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : nortonsafe.search.ask.com
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-search.com
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com_
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : microsoft-office-2013.en.softonic.com
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Speedial.com
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netflix.com
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.conduit.com/?ctid=CT3316068&SearchSource=48&CUI=UN37358370722181882&UM=2&sspv=CHNT7
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/?hspart=ironsource&hsimp=yhs-fullyhosted_003&type=spd_wnzp01_14_25_ch_ag90_uv&param1=yhsBeacon&param2=%63%64%3D%32%58%7A%75%79%45%74%4E%32%59%31%4C%31%51%7A%75%30%45%74%44%79%45%79%43%7A%79%30%41%74%44%74%44%7A%79%30%44%30%44%79%44%79%42%7A%79%7A%79%30%42%74%4E%30%44%30%54%7A%75%30%53%7A%7A%7A%79%7A%79%74%4E%31%4C%32%58%7A%75%74%42%74%46%74%42%74%43%74%46%79%44%74%46%74%43%74%4E%31%4C%31%43%7A%75%74%43%79%45%74%42%7A%79%74%44%79%44%31%56%31%4F%74%4E%31%4C%31%47%31%42%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%74%44%74%42%30%46%7A%79%74%43%7A%79%30%42%74%47%30%45%7A%79%30%43%74%41%74%47%74%41%74%41%30%45%30%42%74%47%74%42%74%44%7A%79%30%42%74%47%74%41%30%44%30%46%30%42%79%43%30%41%74%42%7A%79%30%46%74%41%30%45%30%43%32%51%74%4E%31%4D%31%46%31%42%32%5A%31%56%31%4E%32%59%31%4C%31%51%7A%75%32%53%74%44%79%45%30%42%30%41%74%41%74%44%74%43%30%43%74%47%74%44%74%42%30%42%74%41%74%47%74%42%74%42%79%44%74%44%74%47%30%42%7A%79%30%44%74%42%74%47%74%42%79%44%30%42%74%42%74%41%74%41%74%43%30%41%74%43%30%46%79%44%7A%79%32%51%74%4E%31%42%31%4C%31%48%31%45%7A%75%31%4F%32%55%31%4D%31%42%26%63%72%3D%31%39%33%33%30%30%31%33%33%38%26%69%72%3D%26%61%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%26%66%3D%31%26%73%74%79%70%65%3D%73%70%64%5F%77%6E%7A%70%30%31%5F%31%34%5F%32%35%5F%63%68%5F%61%67%39%30%5F%75%76%26%70%3D%73%70%65%65%64%69%61%6C
[-] [C:\Users\Pete Jr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bakijjialdiiboeaknfpmflphhmljfkd
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4570 bytes] ##########

  • 0

#6
Essexboy
Posted 19 December 2015 - 05:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any further problems at the moment ?
  • 0

#7
EN1GM4
Posted 19 December 2015 - 11:54 AM

EN1GM4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I don't have the alerts anymore, so I think that might have fixed it. What do you suppose was causing the problem?


  • 0

#8
Essexboy
Posted 19 December 2015 - 12:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Your home page had been hijacked and was set to reset itself if you deleted it

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
EN1GM4
Posted 20 December 2015 - 11:58 AM

EN1GM4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I have been on my computer for about a day now and I still haven't had an alert. The only thing that I am a little worried about is my email. When I try and open and email or spam folder there is a notice that says I don't have an internet signal and sometimes the thing I'm trying to open wont open. The problem is I do have and internet signal and everything else is working fine. Any idea what that could be? Everyone else in my household doesn't have the problem.


  • 0

#10
Essexboy
Posted 20 December 2015 - 12:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

What e-mail client do you use


  • 0

Advertisements

#11
EN1GM4
Posted 20 December 2015 - 03:13 PM

EN1GM4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here is the Delfix log:

 

# DelFix v1.010 - Logfile created 20/12/2015 at 09:50:49
# Updated 26/04/2015 by Xplode
# Username : Pete Jr - FRED-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Pete Jr\Desktop\Addition.txt
Deleted : C:\Users\Pete Jr\Desktop\AdwCleaner (1).exe
Deleted : C:\Users\Pete Jr\Desktop\Fixlog.txt
Deleted : C:\Users\Pete Jr\Desktop\FRST.txt
Deleted : C:\Users\Pete Jr\Desktop\FRST64.exe
Deleted : C:\Users\Pete Jr\Desktop\tdsskiller.exe
Deleted : C:\Users\Pete Jr\Downloads\FRST64 (1).exe
Deleted : C:\Users\Pete Jr\Downloads\RogueKillerX64.exe
Deleted : C:\Users\Pete Jr\Downloads\tdsskiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #204 [avast! antivirus system restore point | 08/07/2015 17:47:23]
Deleted : RP #205 [Windows Update | 08/07/2015 18:10:31]
Deleted : RP #206 [Windows Update | 08/11/2015 14:54:01]
Deleted : RP #207 [Windows Update | 08/12/2015 20:59:06]
Deleted : RP #208 [Windows Update | 08/16/2015 20:00:25]
Deleted : RP #209 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 | 08/19/2015 05:04:55]
Deleted : RP #210 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 | 08/19/2015 05:05:25]
Deleted : RP #211 [Windows Update | 08/19/2015 10:00:24]
Deleted : RP #212 [Windows Update | 08/22/2015 16:54:01]
Deleted : RP #213 [Windows Update | 08/26/2015 23:34:12]
Deleted : RP #214 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 | 08/28/2015 19:37:58]
Deleted : RP #215 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 | 08/28/2015 19:39:16]
Deleted : RP #216 [Windows Update | 08/30/2015 15:43:17]
Deleted : RP #217 [Windows Update | 09/02/2015 19:12:02]
Deleted : RP #218 [Windows Update | 09/06/2015 01:03:08]
Deleted : RP #219 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 | 09/09/2015 23:49:27]
Deleted : RP #220 [Windows Update | 09/10/2015 00:08:10]
Deleted : RP #221 [Windows Update | 09/10/2015 04:22:13]
Deleted : RP #222 [Windows Update | 09/15/2015 18:13:59]
Deleted : RP #223 [Windows Update | 09/22/2015 17:36:54]
Deleted : RP #224 [Windows Update | 09/29/2015 19:10:48]
Deleted : RP #225 [Scheduled Checkpoint | 10/06/2015 19:30:56]
Deleted : RP #226 [Windows Update | 10/06/2015 20:37:55]
Deleted : RP #227 [Windows Update | 10/08/2015 04:16:33]
Deleted : RP #228 [avast! antivirus system restore point | 10/09/2015 16:08:31]
Deleted : RP #229 [Windows Update | 10/12/2015 02:05:52]
Deleted : RP #230 [Installed TI Connect™ CE | 10/13/2015 21:56:16]
Deleted : RP #231 [Windows Update | 10/15/2015 10:01:01]
Deleted : RP #232 [Windows Update | 10/16/2015 04:45:55]
Deleted : RP #233 [Windows Update | 10/20/2015 20:07:41]
Deleted : RP #234 [Windows Update | 10/21/2015 04:41:53]
Deleted : RP #235 [Windows Update | 10/27/2015 15:12:37]
Deleted : RP #236 [Windows Update | 11/03/2015 19:13:07]
Deleted : RP #237 [Scheduled Checkpoint | 11/10/2015 21:44:18]
Deleted : RP #238 [Windows Update | 11/10/2015 22:31:47]
Deleted : RP #239 [Windows Update | 11/11/2015 11:00:23]
Deleted : RP #240 [Windows Update | 11/13/2015 05:52:49]
Deleted : RP #241 [Windows Update | 11/17/2015 20:19:09]
Deleted : RP #242 [Windows Update | 11/24/2015 17:53:43]
Deleted : RP #243 [Windows Update | 11/27/2015 20:43:52]
Deleted : RP #244 [Windows Update | 12/01/2015 17:30:16]
Deleted : RP #245 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 | 12/04/2015 00:31:44]
Deleted : RP #246 [Windows Update | 12/04/2015 17:46:55]
Deleted : RP #247 [Windows Update | 12/08/2015 21:33:06]
Deleted : RP #248 [Windows Update | 12/09/2015 05:42:06]
Deleted : RP #249 [Windows Update | 12/15/2015 16:06:20]
Deleted : RP #250 [Windows Update | 12/18/2015 06:16:08]
Deleted : RP #252 [Restore Point Created by FRST | 12/18/2015 22:39:53]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#12
EN1GM4
Posted 20 December 2015 - 03:14 PM

EN1GM4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I use Yahoo mail


  • 0

#13
EN1GM4
Posted 20 December 2015 - 03:33 PM

EN1GM4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I've downloaded all those security programs and they are up and running.


  • 0

#14
Essexboy
Posted 20 December 2015 - 03:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Open Avast and click the cog (settings) at the top right

Select Active protection

Move the secure DNS slider to off

Try your mail again

Capture.JPG


  • 0

#15
EN1GM4
Posted 20 December 2015 - 04:10 PM

EN1GM4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I don't have the full version so I don't have the Secure DNS option.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Infection, svchost.exe, redirector.gvt1.com/......

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP