Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Memory Being Eaten


  • This topic is locked This topic is locked
11 replies to this topic

#1 urdadinatoaster

urdadinatoaster

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 17 May 2015 - 03:34 PM

Hello. Over the past few weeks my PC seems to be suffering from unexplainably high memory usage.  The PC starts fine and, for the most part, remains fine while in use, but allowing it to sit for long periods of time with no activity will cause memory to be eaten and unable to be released. I've found some very interesting information over the course of my investigations. After running RAMMAP I've found that conhost.exe and powercfg.exe are running as thousands of zombie processes. I've monitored Task Manager and, sure enough, have noticed both programs will appear and disappear immediately, although it doesn't seem like they actually disappear. It will eventually get to the point where enough memory is being used that my video driver doesn't have enough to work with and my display cannot show. Fortunately the issue is temporarily resolved if the PC is restarted.

 

Broni has been helping me troubleshoot the issue. As a result I have downloaded many programs and posted the various logs here: http://www.bleepingcomputer.com/forums/t/573586/system-memory-being-eaten/

 

Fresh FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) 
 
(x64) Version: 09-05-2015
Ran by Will (administrator) on DERPADOO on 11-05-
 
2015 19:32:22
Running from C:\Users\Will\Downloads
Loaded Profiles: Will (Available profiles: Will & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS 
 
Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: 
 
 
tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) 
 
=================
 
(If an entry is included in the fixlist, the process will be 
 
closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD
 
\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple
 
\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour
 
\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype
 
\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype
 
\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios
 
\HiPatchService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through
 
\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS
 
\GameScannerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices
 
\Razer Surround\Driver
 
\RzSurroundVADStreamingService.exe
(TeamViewer GmbH) C:\Program Files 
 
(x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Belkin
 
\F7D4101\V1\wlansrv.exe
(Microsoft Corporation) C:\Program Files\Common 
 
Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common 
 
Files\Microsoft Shared\Windows Live
 
\WLIDSVCM.EXE
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI 
 
UASP Utility\usb3Monitor.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse
 
\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common 
 
Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files 
 
(x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD
 
\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows
 
\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam
 
\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin
 
\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin
 
\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin
 
\steamwebhelper.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows
 
\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) 
 
==================
 
(If an entry is included in the fixlist, the registry item will 
 
be restored to default or removed. The file will not be 
 
moved.)
 
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA 
 
XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files 
 
(x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe 
 
[767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program 
 
Files (x86)\Razer\Synapse\RzSynapse.exe [590144 
 
2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:
 
\Program Files (x86)\Common Files\Java\Java Update
 
\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1193129655-1466855322-3122330668-
 
1000\...\MountPoints2: {5eee9c99-f0df-11e3-bc67-
 
806e6f6e6963} - E:\install.EXE id= ver=1.0.0.0
 
==================== Internet (Whitelisted) 
 
====================
 
(If an item is included in the fixlist, if it is a registry item 
 
it will be removed or restored to default.)
 
HKU\S-1-5-21-1193129655-1466855322-3122330668-
 
1000\Software\Microsoft\Internet Explorer\Main,Start 
 
HKU\S-1-5-21-1193129655-1466855322-3122330668-
 
1000\Software\Microsoft\Internet Explorer\Main,Start 
 
Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope 
 
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope 
 
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope 
 
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-
 
4E3D-8FC4-E6A520C3D928} -> C:\Program Files
 
\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] 
 
(Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-
 
D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program 
 
Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle 
 
Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-
 
4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files
 
\Common Files\Microsoft Shared\Windows Live
 
\WindowsLiveLogin.dll [2009-08-18] (Microsoft 
 
Corporation)
BHO: Skype Click to Call for Internet Explorer -> 
 
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:
 
\Program Files (x86)\Skype\Toolbars\Internet Explorer 
 
x64\skypeieplugin.dll [2014-07-14] (Microsoft 
 
Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-
 
A445-435b-BC74-9C25C1C588A9} -> C:\Program Files
 
\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle 
 
Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-
 
655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files 
 
(x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] 
 
(Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> 
 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:
 
\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-
 
05-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> 
 
{9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:
 
\Program Files (x86)\Common Files\Microsoft Shared
 
\Windows Live\WindowsLiveLogin.dll [2009-08-18] 
 
(Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> 
 
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:
 
\Program Files (x86)\Skype\Toolbars\Internet Explorer
 
\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> 
 
{DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:
 
\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll 
 
[2015-05-06] (Oracle Corporation)
DPF: HKLM-x32 {99CAAA27-FA0C-4FA4-B88A-
 
4AB1CC7A17FE} 
 
 
ab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-
 
444553540000} 
 
 
/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-
 
9458-1830C7DD7F5D} - C:\Program Files 
 
(x86)\Common Files\Skype\Skype4COM.dll [2014-05-
 
02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-
 
07617B9B86A8} - C:\Program Files (x86)\Skype
 
\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014
 
-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-
 
07617B9B86A8} - C:\Program Files (x86)\Skype
 
\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07
 
-14] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-
 
C65810F9E489} - C:\Program Files\AMD\SteadyVideo
 
\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro 
 
Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-
 
C65810F9E489} - C:\Program Files (x86)\amd
 
\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] 
 
(Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-
 
C65810F9E489} - C:\Program Files\AMD\SteadyVideo
 
\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro 
 
Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-
 
C65810F9E489} - C:\Program Files (x86)\amd
 
\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] 
 
(Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1E14E7DC-6973-457B-BCC1-
 
19EA63FD92EB}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Will\AppData\Roaming
 
\Mozilla\Firefox\Profiles\b4v2k21z.default
FF Homepage: hxxp://www.bing.com/?
 
pc=U154&form=U154HP
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows
 
\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll 
 
[2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:
 
\Program Files\Java\jre1.8.0_45\bin\dtplugin
 
\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:
 
\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll 
 
[2015-05-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No 
 
File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:
 
\Program Files\Microsoft Silverlight
 
\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft 
 
Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows
 
\SysWOW64\Macromed\Flash
 
\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:
 
\Windows\SysWOW64\Adobe\Director
 
\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, 
 
Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:
 
\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll 
 
[2014-10-30] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:
 
\Program Files (x86)\Battlelog Web Plugins
 
\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:
 
\Program Files (x86)\Battlelog Web Plugins
 
\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:
 
\Program Files (x86)\Battlelog Web Plugins
 
\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions 
 
CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> 
 
C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin
 
\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 
 
-> C:\Program Files (x86)\Java\jre1.8.0_45\bin
 
\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled 
 
No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> 
 
c:\Program Files (x86)\Microsoft Silverlight
 
\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft 
 
Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:
 
\ProgramData\NexonUS\NGM\npNxGameUS.dll No 
 
File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin 
 
-> C:\Program Files (x86)\Pando Networks\Media 
 
Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:
 
\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04
 
-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:
 
\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04
 
-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files 
 
(x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014
 
-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: 
 
@onlive.com/OnLiveGameClientDetector,version=1.0.0 
 
-> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No 
 
File
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: @tools.google.com/Google 
 
Update;version=3 -> C:\Users\Will\AppData\Local
 
\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02
 
-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: @tools.google.com/Google 
 
Update;version=9 -> C:\Users\Will\AppData\Local
 
\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02
 
-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: 
 
@unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Will
 
\AppData\LocalLow\Unity\WebPlayer\loader
 
\npUnity3D32.dll [2014-03-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: 
 
thehappycloud.com/HappyCloudPlugin -> C:
 
\ProgramData\HappyCloud\Application
 
\npHappyCloudPlugin.dll [2013-01-03] (The Happy 
 
Cloud)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: ubisoft.com/uplaypc -> C:\Program 
 
Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll 
 
[2014-05-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\NPMFireLauncher.dll 
 
[2009-11-09] (MGame)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] 
 
(Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-27] 
 
(Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-27] 
 
(Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-27] 
 
(Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-27] 
 
(Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-27] 
 
(Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] 
 
(Nullsoft, Inc.)
FF Extension: Reddit Enhancement Suite - C:\Users
 
\Will\AppData\Roaming\Mozilla\Firefox\Profiles
 
\b4v2k21z.default\Extensions\jid1-
 
xUfzOsOFlzSOXg@jetpack [2013-02-15]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Will
 
\AppData\Roaming\Mozilla\Firefox\Profiles
 
\b4v2k21z.default\Extensions\{1BC9BA34-1EED-
 
42ca-A505-6D2F1A935BBB} [2014-05-19]
FF Extension: IE Tab - C:\Users\Will\AppData\Roaming
 
\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions
 
\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-21]
FF Extension: Reddit Enhancement Suite - C:\Users
 
\Will\AppData\Roaming\Mozilla\Firefox\Profiles
 
\b4v2k21z.default\Extensions\jid1-
 
xUfzOsOFlzSOXg@jetpack.xpi [2013-02-15]
FF Extension: Web Developer - C:\Users\Will\AppData
 
\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default
 
\Extensions\{c45c406e-ab73-11d8-be73-
 
000a95be3b12}.xpi [2012-12-12]
FF Extension: Adblock Plus - C:\Users\Will\AppData
 
\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default
 
\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-
 
2b9879e08c5d}.xpi [2012-12-11]
FF Extension: Skype Click to Call - C:\Program Files 
 
(x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-
 
6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Will\AppData\Local\Google
 
\Chrome\User Data\Default
CHR Extension: (Reverse Youtube Playlist) - C:\Users
 
\Will\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\ajhonbaagcobjdmbocblbebcmbmmbfmi 
 
[2014-08-07]
CHR Extension: (Angry Birds) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\aknpkdffaafgjchaibgeefbgmgeghloj [2012-05-19]
CHR Extension: (Language Immersion for Chrome) - 
 
C:\Users\Will\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions
 
\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-12-25]
CHR Extension: (WiBit) - C:\Users\Will\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\bejaaogemoligmkbmeafkhnaegkggihf [2012-05-19]
CHR Extension: (YouTube) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-19]
CHR Extension: (Honey) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-05-05]
CHR Extension: (Razer II The New Form) - C:\Users
 
\Will\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\cabeahcoigimgpgcjakhbbmpjcmhgapf [2013
 
-10-15]
CHR Extension: (Google Search) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-
 
19]
CHR Extension: (Google+) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\dlppkpafhbajpcmmoheippocdidnckmm [2012-05-19]
CHR Extension: (Google Calendar) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-
 
05-19]
CHR Extension: (Tonematrix) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\enpfehkomaakbncdddjkoffacajcglha [2012-08-13]
CHR Extension: (Full Screen Weather) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2012-
 
05-19]
CHR Extension: (AdBlock) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\gighmmpiobklfepjocnamgkkbiglidom [2012-05-19]
CHR Extension: (No Name) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\gkojfkhlekighikafcpjkiklfbnlmeio [2015-05-05]
CHR Extension: (Bookmark Manager) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-
 
03]
CHR Extension: (TinEye Reverse Image Search) - C:
 
\Users\Will\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl 
 
[2013-12-31]
CHR Extension: (Gun Blood) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\ifphbghhodpimajnjejgjlfcjmnnkhci [2012-08-13]
CHR Extension: (Dropbox) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\ioekoebejdcmnlefjiknokhhafglcjdl [2012-05-19]
CHR Extension: (Reddit Enhancement Suite) - C:
 
\Users\Will\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb 
 
[2012-05-20]
CHR Extension: (Little Alchemy) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-02-
 
02]
CHR Extension: (Chrome Hotword Shared Module) - 
 
C:\Users\Will\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions
 
\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\nmmhkkegccagdldgiimedpiccmgmieda 
 
[2013-08-23]
CHR Extension: (Outlook.com) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2012-
 
05-19]
CHR Extension: (Gmail) - C:\Users\Will\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-19]
CHR HKLM-x32\...\Chrome\Extension: 
 
[lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files 
 
(x86)\Skype\Toolbars\ChromeExtension
 
\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome - C:\Users\Will
 
\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) 
 
=================
 
(If an entry is included in the fixlist, the service will be 
 
removed from the registry. The file will not be moved 
 
unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD
 
\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] 
 
(Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files
 
\Common Files\Apple\Mobile Device Support
 
\AppleMobileDeviceService.exe [77128 2015-01-20] 
 
(Apple Inc.)
S3 BRSptSvc; C:\ProgramData\BitRaider
 
\BRSptSvc.exe [476936 2013-09-09] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype
 
\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe 
 
[1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars
 
\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] 
 
(Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows
 
\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] 
 
(EasyAntiCheat Ltd)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez 
 
Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez 
 
Studios) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des 
 
[4702744 2012-05-14] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin
 
\OriginClientService.exe [1931632 2015-04-19] 
 
(Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC
 
\Internet Pass-Through\PassThruSvr.exe [166912 2013
 
-10-17] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe 
 
[76888 2014-05-24] ()
R2 Razer Game Scanner Service; C:\Program Files 
 
(x86)\Razer\Razer Services\GSS
 
\GameScannerService.exe [187072 2015-02-04] ()
R2 RzSurroundVADStreamingService; C:\ProgramData
 
\Razer\Synapse\Devices\Razer Surround\Driver
 
\RzSurroundVADStreamingService.exe [4250624 2015-
 
02-03] (A-Volute) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender
 
\mpsvc.dll [1011712 2013-05-27] (Microsoft 
 
Corporation)
R2 WLANBelkinService; C:\Program Files 
 
(x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-
 
28] () [File not signed]
 
==================== Drivers (Whitelisted) 
 
====================
 
(If an entry is included in the fixlist, the service will be 
 
removed from the registry. The file will not be moved 
 
unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE
 
\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] 
 
(Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS
 
\dtsoftbus01.sys [283064 2014-02-09] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows
 
\System32\DRIVERS\evolve.sys [21656 2015-02-25] 
 
(Echobit, LLC)
S3 hidkmdf; C:\Windows\System32\DRIVERS
 
\hidkmdf.sys [8704 2014-10-30] (Windows ® Win 7 
 
DDK provider) [File not signed]
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS
 
\HtcUsbMdmV64.sys [121800 2010-03-08] 
 
(QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS
 
\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM 
 
Incorporated)
S3 MotioninJoyXFilter; C:\Windows
 
\System32\DRIVERS\MijXfilt.sys [115272 2011-11-10] 
 
(MotioninJoy) [File not signed]
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys 
 
[129088 2013-09-14] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS
 
\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows
 
\System32\drivers\RzMaelstromVAD.sys [32768 2014-
 
05-23] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys 
 
[37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys 
 
[129600 2014-10-23] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows
 
\System32\drivers\RzSurroundVAD.sys [40640 2015-02
 
-09] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\DRIVERS
 
\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush 
 
Productions)
S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys 
 
[38912 2014-10-30] (SteelSeries ApS) [File not signed]
S3 tapSF0901; C:\Windows\System32\DRIVERS
 
\tapSF0901.sys [39104 2013-05-28] (Spotflux, Inc.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS
 
\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, 
 
Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS
 
\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, 
 
Inc.)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI 
 
Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider
 
\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers
 
\EagleX64.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 KBFiltr; System32\Drivers\KBFiltr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer
 
\Razer Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) 
 
===================
 
(If an item is included in the fixlist, it will be removed 
 
from the registry. Any associated file could be listed 
 
separately to be moved.)
 
 
==================== One Month Created Files 
 
and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be 
 
moved.)
 
2015-05-11 16:57 - 2015-05-11 16:57 - 00008755 _____ () 
 
C:\Users\Will\Desktop\Procexp.txt
2015-05-06 21:41 - 2015-03-09 14:48 - 02508440 _____ 
 
(Sysinternals - www.sysinternals.com) C:\Users\Will
 
\Desktop\procexp.exe
2015-05-06 21:41 - 2014-06-28 16:47 - 00002028 _____ 
 
() C:\Users\Will\Desktop\Eula.txt
2015-05-06 21:41 - 2012-10-15 06:23 - 00072154 _____ 
 
() C:\Users\Will\Desktop\procexp.chm
2015-05-06 21:40 - 2015-05-06 21:40 - 01190415 _____ 
 
() C:\Users\Will\Downloads\ProcessExplorer (1).zip
2015-05-06 19:56 - 2015-05-06 19:56 - 00000000 _____ 
 
() C:\Windows\SysWOW64\RENC6A9.tmp
2015-05-06 19:53 - 2015-05-06 19:52 - 00110688 _____ 
 
(Oracle Corporation) C:\Windows
 
\system32\WindowsAccessBridge-64.dll
2015-05-06 19:52 - 2015-05-06 19:53 - 37328992 _____ 
 
(Oracle Corporation) C:\Users\Will\Downloads\jre-8u45
 
-windows-i586.exe
2015-05-06 19:47 - 2015-05-06 19:49 - 43189344 _____ 
 
(Oracle Corporation) C:\Users\Will\Downloads\jre-8u45
 
-windows-x64.exe
2015-05-06 19:47 - 2015-05-06 19:47 - 00000000 ____D 
 
() C:\Program Files (x86)\Mozilla Firefox
2015-05-05 00:19 - 2015-05-05 00:19 - 00000000 ____D 
 
() C:\ProgramData\Sophos
2015-05-05 00:17 - 2015-05-05 00:17 - 00002759 _____ 
 
() C:\Users\Public\Desktop\Sophos Virus Removal 
 
Tool.lnk
2015-05-05 00:17 - 2015-05-05 00:17 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\Sophos
2015-05-05 00:17 - 2015-05-05 00:17 - 00000000 ____D 
 
() C:\Program Files (x86)\Sophos
2015-05-05 00:16 - 2015-05-05 00:16 - 119275136 _____ 
 
(Sophos Limited) C:\Users\Will\Downloads\Sophos Virus 
 
Removal Tool.exe
2015-05-05 00:15 - 2015-05-05 00:15 - 00002593 _____ 
 
() C:\Users\Will\Desktop\AdwCleaner[S1].txt
2015-05-05 00:14 - 2015-05-05 00:14 - 00001639 _____ 
 
() C:\Users\Will\Desktop\JRT.txt
2015-05-05 00:12 - 2015-05-05 00:12 - 00000207 _____ 
 
() C:\Windows\tweaking.com-regbackup-
 
DERPADOO-Windows-7-Ultimate-(64-bit).dat
2015-05-05 00:11 - 2015-05-05 00:11 - 02716306 _____ 
 
(Thisisu) C:\Users\Will\Downloads\JRT.exe
2015-05-05 00:11 - 2015-05-05 00:11 - 00000000 ____D 
 
() C:\RegBackup
2015-05-05 00:00 - 2015-05-05 00:01 - 02204160 _____ 
 
() C:\Users\Will\Downloads\adwcleaner_4.203.exe
2015-05-04 23:54 - 2015-05-04 23:54 - 00448512 _____ 
 
(OldTimer Tools) C:\Users\Will\Downloads\TFC.exe
2015-05-04 23:18 - 2015-05-04 23:18 - 00002444 _____ 
 
() C:\Users\Will\Desktop\The Great War 1918.lnk
2015-05-04 23:01 - 2015-05-04 23:16 - 363079291 _____ 
 
() C:\Users\Will\Downloads\TGW1918_v1_2.exe
2015-04-29 00:26 - 2015-04-29 00:26 - 00005288 _____ 
 
() C:\Users\Will\Desktop\score20150429002533.txt
2015-04-29 00:13 - 2015-05-03 23:28 - 00007309 _____ 
 
() C:\Users\Will\Desktop\ffxivbenchmarklauncher.ini
2015-04-28 23:36 - 2015-04-22 10:36 - 00000000 ____D 
 
() C:\Users\Will\Desktop\launcher_dxgi
2015-04-28 23:36 - 2015-04-22 10:31 - 00000000 ____D 
 
() C:\Users\Will\Desktop\launcher
2015-04-28 23:35 - 2015-04-29 00:26 - 00000000 ____D 
 
() C:\Users\Will\Desktop\data
2015-04-28 23:35 - 2015-04-28 23:12 - 1706252571 
 
_____ () C:\Users\Will\Desktop\ffxiv-heavensward-
 
bench.zip
2015-04-28 23:35 - 2015-04-22 10:26 - 00000000 ____D 
 
() C:\Users\Will\Desktop\game
2015-04-28 23:35 - 2015-04-22 10:25 - 12395248 _____ 
 
(SQUARE ENIX CO.,LTD.) C:\Users\Will\Desktop
 
\ffxiv-heavensward-bench.exe
2015-04-28 23:35 - 2015-04-06 13:04 - 00000000 ____D 
 
() C:\Users\Will\Desktop\asset
2015-04-28 22:52 - 2015-04-28 23:12 - 1706252571 
 
_____ () C:\Users\Will\Downloads\ffxiv-heavensward-
 
bench.zip
2015-04-27 18:52 - 2015-05-03 22:36 - 00000000 ____D 
 
() C:\Users\Will\Documents\Survarium-Steam
2015-04-26 20:09 - 2015-04-26 20:09 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\dvdcss
2015-04-24 20:23 - 2015-04-24 20:24 - 00000000 ____D 
 
() C:\Users\Will\Documents\Heroes of the Storm
2015-04-24 20:00 - 2015-04-24 20:00 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\Heroes of the Storm
2015-04-24 19:22 - 2015-04-24 20:23 - 00000000 ____D 
 
() C:\Program Files (x86)\Heroes of the Storm
2015-04-24 19:18 - 2015-04-24 19:22 - 00000000 ____D 
 
() C:\Program Files (x86)\Hearthstone
2015-04-24 19:18 - 2015-04-24 19:18 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\Hearthstone
2015-04-19 10:41 - 2015-05-03 12:22 - 00000892 _____ 
 
() C:\Windows\DirectX.log
2015-04-18 21:06 - 2015-04-18 21:06 - 01943800 _____ 
 
(Bleeping Computer, LLC) C:\Users\Will\Downloads
 
\rkill.exe
2015-04-18 20:38 - 2015-04-18 21:04 - 00000000 ____D 
 
() C:\ProgramData\Malwarebytes' Anti-Malware 
 
(portable)
2015-04-18 20:36 - 2015-04-18 20:36 - 16502728 _____ 
 
(Malwarebytes Corp.) C:\Users\Will\Downloads\mbar-
 
1.09.1.1004.exe
2015-04-18 20:04 - 2015-04-18 20:05 - 00051115 _____ () 
 
C:\Users\Will\Downloads\Result.txt
2015-04-18 20:04 - 2015-04-18 20:04 - 00402944 _____ 
 
(Farbar) C:\Users\Will\Downloads\MiniToolBox.exe
2015-04-18 20:03 - 2015-04-18 20:03 - 00415232 _____ 
 
(Farbar) C:\Users\Will\Downloads\FSS.exe
2015-04-18 20:03 - 2015-04-18 20:03 - 00002482 _____ 
 
() C:\Users\Will\Downloads\FSS.txt
2015-04-18 20:02 - 2015-05-11 19:31 - 00000000 ____D 
 
() C:\Users\Will\Downloads\FRST-OlderVersion
2015-04-18 20:01 - 2015-04-18 20:01 - 00852616 _____ 
 
() C:\Users\Will\Downloads\SecurityCheck.exe
2015-04-17 21:05 - 2015-04-17 21:05 - 00045402 _____ 
 
() C:\Users\Will\Downloads\Addition.txt
2015-04-17 21:04 - 2015-05-11 19:32 - 00023379 _____ 
 
() C:\Users\Will\Downloads\FRST.txt
2015-04-17 20:28 - 2015-04-17 20:42 - 00000000 ____D 
 
() C:\ProgramData\RogueKiller
2015-04-17 20:28 - 2015-04-17 20:28 - 00037624 _____ 
 
() C:\Windows\system32\Drivers\TrueSight.sys
2015-04-17 20:27 - 2015-05-11 19:32 - 00000000 ____D 
 
() C:\FRST
2015-04-17 20:27 - 2015-05-11 19:31 - 02102784 _____ 
 
(Farbar) C:\Users\Will\Downloads\FRST64.exe
2015-04-17 20:26 - 2015-05-05 00:07 - 00000000 ____D 
 
() C:\AdwCleaner
2015-04-17 20:26 - 2015-04-17 20:26 - 02217984 _____ 
 
() C:\Users\Will\Downloads\adwcleaner_4.201.exe
2015-04-17 20:26 - 2015-04-17 20:26 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\RogueKiller
2015-04-17 20:26 - 2015-04-17 20:26 - 00000000 ____D 
 
() C:\Program Files\RogueKiller
2015-04-17 20:25 - 2015-04-17 20:25 - 18883032 _____ 
 
(Adlice Software ) C:\Users\Will\Downloads\setup.exe
2015-04-12 00:34 - 2015-04-12 00:34 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\AMD
2015-04-11 20:25 - 2015-01-15 01:42 - 00977624 _____ 
 
(Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-04-11 20:25 - 2015-01-15 01:42 - 00073800 _____ 
 
(Realtek Semiconductor Corporation) C:\Windows
 
\system32\RtNicProp64.dll
2015-04-11 20:17 - 2015-04-11 20:17 - 00000000 ____D 
 
() C:\ProgramData\ATI
2015-04-11 20:16 - 2015-04-11 20:16 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\library_dir
2015-04-11 20:14 - 2015-04-11 20:19 - 00000000 ____D 
 
() C:\Program Files (x86)\Raptr
2015-04-11 20:14 - 2015-04-11 20:14 - 00000000 ____D 
 
() C:\Program Files (x86)\AMD AVT
2015-04-11 20:13 - 2015-04-11 20:13 - 00058610 _____ () 
 
C:\Windows
 
\SysWOW64\CCCInstall_201504112013542244.log
2015-04-11 20:13 - 2015-04-11 20:13 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\AMD Catalyst Control Center
2015-04-11 19:59 - 2015-04-11 19:59 - 05451464 _____ 
 
(Advanced Micro Devices, Inc.) C:\Users\Will
 
\Downloads\autodetectutility.exe
2015-04-11 19:59 - 2015-04-11 19:59 - 00000000 __SHD 
 
() C:\Users\Will\AppData\Local\EmieUserList
2015-04-11 19:59 - 2015-04-11 19:59 - 00000000 __SHD 
 
() C:\Users\Will\AppData\Local\EmieSiteList
2015-04-11 19:59 - 2015-04-11 19:59 - 00000000 __SHD 
 
() C:\Users\Will\AppData\Local\EmieBrowserModeList
2015-04-11 19:53 - 2015-04-11 19:53 - 00000000 ____H 
 
() C:\Windows\system32\Drivers
 
\Msft_Kernel_ViaHub3_01011.Wdf
2015-04-11 19:51 - 2015-04-11 19:51 - 00000000 ____H 
 
() C:\Windows\system32\Drivers
 
\Msft_Kernel_xhcdrv_01011.Wdf
2015-04-11 19:50 - 2015-04-11 19:53 - 00000000 ____D 
 
() C:\Program Files\VIA XHCI UASP Utility
2015-04-11 19:50 - 2015-04-11 19:50 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\VIA XHCI UASP Utility
2015-04-11 19:50 - 2015-04-11 19:50 - 00000000 ____D 
 
() C:\Program Files (x86)\VIA
2015-04-11 19:50 - 2013-03-19 17:04 - 00223744 _____ 
 
(VIA Technologies, Inc.) C:\Windows\system32\Drivers
 
\ViaHub3.sys
2015-04-11 19:50 - 2013-01-18 03:11 - 00086064 _____ 
 
(VIA Technologies, Inc.) C:\Windows\system32\Drivers
 
\vusbstor.sys
2015-04-11 19:49 - 2013-03-19 17:04 - 00295424 _____ 
 
(VIA Technologies, Inc.) C:\Windows\system32\Drivers
 
\xhcdrv.sys
2015-04-11 19:45 - 2015-04-11 19:45 - 00000000 ____D 
 
() C:\Users\Will\Documents\WPA Files
2015-04-11 19:45 - 2015-04-11 19:45 - 00000000 ____D 
 
() C:\Users\Will\AppData\Local\Windows Performance 
 
Analyzer
2015-04-11 19:40 - 2015-04-11 19:40 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\Windows Kits
2015-04-11 19:40 - 2015-04-11 19:40 - 00000000 ____D 
 
() C:\Program Files (x86)\Windows Kits
2015-04-11 19:34 - 2015-04-11 19:34 - 00998040 _____ 
 
(Microsoft Corporation) C:\Users\Will\Downloads
 
\sdksetup (1).exe
2015-04-11 19:27 - 2015-04-11 19:27 - 00998040 _____ 
 
(Microsoft Corporation) C:\Users\Will\Downloads
 
\sdksetup.exe
2015-04-11 19:26 - 2015-04-11 19:26 - 03430408 _____ 
 
(Easeware ) C:\Users\Will\Downloads
 
\DriverEasy_Setup.exe
2015-04-11 19:26 - 2015-04-11 19:26 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\Easeware
2015-04-11 19:26 - 2015-04-11 19:26 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\DriverEasy
2015-04-11 19:26 - 2015-04-11 19:26 - 00000000 ____D 
 
() C:\Program Files\Easeware
2015-04-11 12:09 - 2015-04-11 12:09 - 00555672 _____ () 
 
C:\Users\Will\Downloads\VMMap.zip
2015-04-11 12:08 - 2015-04-11 12:09 - 00276267 _____ () 
 
C:\Users\Will\Downloads\RAMMap.zip
 
==================== One Month Modified Files 
 
and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be 
 
moved.)
 
2015-05-11 19:30 - 2015-04-01 19:30 - 00014364 _____ 
 
() C:\Windows\setupact.log
2015-05-11 19:20 - 2012-06-01 22:26 - 00000830 _____ 
 
() C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 18:57 - 2012-06-08 13:54 - 00000916 _____ 
 
() C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-
 
1193129655-1466855322-3122330668-1002UA.job
2015-05-11 18:48 - 2012-05-19 02:58 - 00000904 _____ 
 
() C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-
 
1193129655-1466855322-3122330668-1000UA.job
2015-05-11 17:17 - 2012-02-27 04:01 - 00000000 ____D 
 
() C:\Program Files (x86)\Steam
2015-05-11 17:04 - 2009-07-14 00:08 - 00000006 ____H 
 
() C:\Windows\Tasks\SA.DAT
2015-05-11 17:03 - 2015-04-01 19:34 - 01412894 _____ 
 
() C:\Windows\WindowsUpdate.log
2015-05-11 17:03 - 2012-05-19 02:58 - 00000852 _____ 
 
() C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-
 
1193129655-1466855322-3122330668-1000Core.job
2015-05-11 16:07 - 2012-05-20 22:12 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\Skype
2015-05-11 03:57 - 2012-06-08 13:54 - 00000864 _____ 
 
() C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-
 
1193129655-1466855322-3122330668-1002Core.job
2015-05-08 22:07 - 2009-07-13 23:45 - 00023680 ____H 
 
() C:\Windows\system32\7B296FB0-376B-497e-B012-
 
9C450E1B7327-5P-1.C7483456-A289-439d-8115-
 
601632D005A0
2015-05-08 22:07 - 2009-07-13 23:45 - 00023680 ____H 
 
() C:\Windows\system32\7B296FB0-376B-497e-B012-
 
9C450E1B7327-5P-0.C7483456-A289-439d-8115-
 
601632D005A0
2015-05-08 18:19 - 2012-05-25 21:09 - 00000000 ____D 
 
() C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-07 22:53 - 2013-10-26 01:05 - 00000000 ____D 
 
() C:\Users\Will\AppData\Local\CrashDumps
2015-05-06 23:45 - 2014-12-29 20:37 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\vlc
2015-05-06 19:56 - 2014-01-24 21:11 - 00000000 ____D 
 
() C:\ProgramData\Oracle
2015-05-06 19:55 - 2014-10-07 12:31 - 00000000 ____D 
 
() C:\Program Files (x86)\Java
2015-05-06 19:52 - 2012-08-13 21:02 - 00000000 ____D 
 
() C:\Program Files\Java
2015-05-05 00:08 - 2015-04-07 19:09 - 00018282 _____ 
 
() C:\Windows\PFRO.log
2015-05-03 12:15 - 2012-08-01 21:19 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\Hi-Rez Studios
2015-05-03 02:30 - 2012-06-07 11:16 - 00000000 ____D 
 
() C:\ProgramData\Skype
2015-04-30 18:22 - 2015-04-01 00:22 - 00000000 ____D 
 
() C:\ProgramData\Kaspersky Lab
2015-04-30 18:17 - 2009-07-13 23:45 - 00316496 _____ 
 
() C:\Windows\system32\FNTCACHE.DAT
2015-04-29 22:32 - 2012-05-19 02:57 - 00073424 _____ 
 
() C:\Users\Will\AppData\Local
 
\GDIPFONTCACHEV1.DAT
2015-04-29 00:14 - 2012-02-27 01:56 - 00000000 ____D 
 
() C:\Users\Will\Documents\my games
2015-04-27 18:24 - 2012-05-19 02:20 - 00000000 ____D 
 
() C:\Users\Will
2015-04-24 20:47 - 2013-11-17 18:31 - 00000000 ____D 
 
() C:\Users\Will\AppData\Local\Battle.net
2015-04-24 20:23 - 2012-05-25 11:59 - 00000000 ____D 
 
() C:\ProgramData\Blizzard Entertainment
2015-04-24 19:17 - 2013-11-17 18:31 - 00000000 ____D 
 
() C:\Program Files (x86)\Battle.net
2015-04-21 00:37 - 2014-03-26 01:21 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\Tera_Awesomium
2015-04-21 00:13 - 2014-09-09 15:04 - 00000000 ____D 
 
() C:\Program Files (x86)\TERA
2015-04-21 00:05 - 2014-11-26 14:50 - 00000000 ____D 
 
() C:\ProgramData\boost_interprocess
2015-04-19 10:31 - 2012-05-22 15:18 - 00000000 ____D 
 
() C:\ProgramData\Origin
2015-04-19 10:28 - 2012-02-27 03:37 - 00000000 ____D 
 
() C:\Program Files (x86)\Origin
2015-04-18 20:38 - 2014-11-21 23:03 - 00136408 _____ 
 
(Malwarebytes Corporation) C:\Windows
 
\system32\Drivers\MBAMSwissArmy.sys
2015-04-18 20:38 - 2014-11-21 23:02 - 00107736 _____ 
 
(Malwarebytes Corporation) C:\Windows
 
\system32\Drivers\mbamchameleon.sys
2015-04-17 21:06 - 2009-07-14 00:13 - 00797410 _____ 
 
() C:\Windows\system32\PerfStringBackup.INI
2015-04-14 23:20 - 2012-06-01 22:26 - 00778416 _____ 
 
(Adobe Systems Incorporated) C:\Windows
 
\SysWOW64\FlashPlayerApp.exe
2015-04-14 23:20 - 2012-06-01 22:26 - 00142512 _____ 
 
(Adobe Systems Incorporated) C:\Windows
 
\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 23:20 - 2012-06-01 22:26 - 00003768 _____ 
 
() C:\Windows\System32\Tasks\Adobe Flash Player 
 
Updater
2015-04-11 20:25 - 2012-05-19 02:56 - 00000000 ____D 
 
() C:\Program Files (x86)\Realtek
2015-04-11 20:14 - 2013-03-07 22:46 - 00000000 ____D 
 
() C:\Program Files\AMD
2015-04-11 20:14 - 2012-06-21 17:54 - 00000000 ____D 
 
() C:\Program Files (x86)\AMD
2015-04-11 20:14 - 2012-05-19 03:04 - 00000000 ____D 
 
() C:\ProgramData\AMD
2015-04-11 20:10 - 2012-05-19 03:03 - 00000000 ____D 
 
() C:\Program Files\ATI Technologies
2015-04-11 20:03 - 2013-10-01 21:47 - 00000000 ____D 
 
() C:\ProgramData\Package Cache
2015-04-11 20:01 - 2012-02-28 01:12 - 00000000 ____D 
 
() C:\AMD
2015-04-11 19:54 - 2012-05-19 02:56 - 00000000 ___HD 
 
() C:\Program Files (x86)\InstallShield Installation 
 
Information
 
==================== Files in the root of some 
 
directories =======
 
2014-06-22 12:01 - 2014-06-22 12:01 - 0000885 _____ () 
 
C:\Program Files (x86)\Program Files (x86) - 
 
Shortcut.lnk
2013-09-13 23:41 - 2013-09-13 23:19 - 0012005 _____ () 
 
C:\Users\Will\AppData\Roaming\alsoft.ini
2013-04-22 13:21 - 2013-10-22 03:06 - 0034816 _____ () 
 
C:\Users\Will\AppData\Roaming
 
\RZR_00203f354c53873a22a6188faec3.db
2013-05-17 19:11 - 2013-07-10 01:34 - 0009308 _____ () 
 
C:\Users\Will\AppData\Local\CleanupUninstall.txt
2013-03-29 02:23 - 2013-03-29 02:23 - 0003584 _____ () 
 
C:\Users\Will\AppData\Local\DCBC2A71-70D8-
 
4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-13 11:15 - 2012-06-13 11:15 - 0000092 _____ () 
 
C:\Users\Will\AppData\Local\fusioncache.dat
2014-05-20 22:15 - 2015-04-09 18:49 - 0007614 _____ () 
 
C:\Users\Will\AppData\Local\Resmon.ResmonCfg
2014-06-11 01:02 - 2014-06-11 01:02 - 0000000 ____H () 
 
C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Guest\CTX.DAT
C:\Users\Will\Minecraft.exe
C:\Users\Will\punkomatic2.exe
C:\Users\Will\TechnicLauncher.exe
 
 
Some content of TEMP:
====================
C:\Users\Will\AppData\Local\Temp\Quarantine.exe
C:\Users\Will\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check 
 
=================
 
(There is no automatic fix for files that do not pass 
 
verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally 
 
signed
C:\Windows\System32\wininit.exe => File is digitally 
 
signed
C:\Windows\SysWOW64\wininit.exe => File is digitally 
 
signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally 
 
signed
C:\Windows\System32\svchost.exe => File is digitally 
 
signed
C:\Windows\SysWOW64\svchost.exe => File is digitally 
 
signed
C:\Windows\System32\services.exe => File is digitally 
 
signed
C:\Windows\System32\User32.dll => File is digitally 
 
signed
C:\Windows\SysWOW64\User32.dll => File is digitally 
 
signed
C:\Windows\System32\userinit.exe => File is digitally 
 
signed
C:\Windows\SysWOW64\userinit.exe => File is digitally 
 
signed
C:\Windows\System32\rpcss.dll => File is digitally 
 
signed
C:\Windows\System32\Drivers\volsnap.sys => File is 
 
digitally signed
 
 
LastRegBack: 2015-05-04 04:48
 
==================== End Of Log 
 
============================


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 AM

Posted 22 May 2015 - 03:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/576497 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:28 PM

Posted 31 May 2015 - 02:22 PM

urdadinatoatser,

 

Do you still need assistance?  If so, please provide some fresh FRST logs.

 

Delete the logs you have on your desktop along with the copy of FRST.

 

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
 

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#4 urdadinatoaster

urdadinatoaster
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 03 June 2015 - 06:19 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Will (administrator) on DERPADOO on 03-06-2015 18:13:08
Running from C:\Users\Will\Downloads
Loaded Profiles: Will (Available Profiles: Will & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Will\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\Run: [Google Update] => C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-19] (Google Inc.)
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\MountPoints2: {5eee9c99-f0df-11e3-bc67-806e6f6e6963} - E:\install.EXE id= ver=1.0.0.0
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U154&form=U154HP
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
DPF: HKLM-x32 {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1E14E7DC-6973-457B-BCC1-19EA63FD92EB}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default
FF Homepage: hxxp://www.bing.com/?pc=U154&form=U154HP
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Will\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Will\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Will\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-05-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPMFireLauncher.dll [2009-11-09] (MGame)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: Reddit Enhancement Suite - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack [2013-02-15]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-05-19]
FF Extension: IE Tab - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-21]
FF Extension: Reddit Enhancement Suite - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-02-15]
FF Extension: Web Developer - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-12-12]
FF Extension: Adblock Plus - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Reverse Youtube Playlist) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhonbaagcobjdmbocblbebcmbmmbfmi [2014-08-07]
CHR Extension: (Angry Birds) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-05-19]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-12-25]
CHR Extension: (WiBit) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejaaogemoligmkbmeafkhnaegkggihf [2012-05-19]
CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-19]
CHR Extension: (Honey) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-05-05]
CHR Extension: (Razer II The New Form) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabeahcoigimgpgcjakhbbmpjcmhgapf [2013-10-15]
CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-19]
CHR Extension: (Google+) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2012-05-19]
CHR Extension: (Google Calendar) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-05-19]
CHR Extension: (Tonematrix) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\enpfehkomaakbncdddjkoffacajcglha [2012-08-13]
CHR Extension: (Full Screen Weather) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2012-05-19]
CHR Extension: (AdBlock) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-05-19]
CHR Extension: (Bookmark Manager) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-03]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2013-12-31]
CHR Extension: (Gun Blood) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifphbghhodpimajnjejgjlfcjmnnkhci [2012-08-13]
CHR Extension: (Dropbox) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2012-05-19]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2012-05-20]
CHR Extension: (Little Alchemy) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-02-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Outlook.com) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2012-05-19]
CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1145216 2015-05-22] ()
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-09-09] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-19] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-24] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
S2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-09] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-02-25] (Echobit, LLC)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [8704 2014-10-30] (Windows ® Win 7 DDK provider) [File not signed]
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2011-11-10] (MotioninJoy) [File not signed]
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129088 2013-09-14] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [38912 2014-10-30] (SteelSeries ApS) [File not signed]
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-05-28] (Spotflux, Inc.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 KBFiltr; System32\Drivers\KBFiltr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-03 18:13 - 2015-06-03 18:17 - 00023537 _____ C:\Users\Will\Downloads\FRST.txt
2015-06-03 18:11 - 2015-06-03 18:11 - 02108928 _____ (Farbar) C:\Users\Will\Downloads\FRST64 (1).exe
2015-06-03 01:26 - 2015-06-03 01:26 - 00000320 _____ C:\Users\Will\Downloads\INI settings-51038-1-1 (1).rar
2015-06-03 01:22 - 2015-06-03 01:23 - 00584318 _____ C:\Users\Will\Downloads\skse_1_07_02 (1).7z
2015-06-03 00:45 - 2015-06-03 00:45 - 49961377 _____ C:\Users\Will\Desktop\Skyrim Redesigned-8954.7z
2015-06-03 00:44 - 2015-06-03 00:45 - 00000000 ____D C:\Users\Will\Desktop\Skyrim Redesigned
2015-06-02 21:56 - 2015-06-02 21:56 - 00006800 _____ C:\Users\Will\Downloads\XCE-1_13-BCF.7z
2015-06-02 21:28 - 2015-06-02 21:30 - 40976164 _____ C:\Users\Will\Downloads\Default Animal Replacement Med Res-3621-1-7.zip
2015-06-02 21:07 - 2015-06-02 21:07 - 00004876 _____ C:\Users\Will\Downloads\G_Real_Ice_BAIN-v3.0-5388-BCF.7z
2015-06-02 18:42 - 2015-06-02 18:42 - 00000000 ____D C:\Users\Will\AppData\Local\Nexus
2015-06-02 01:01 - 2015-06-02 01:01 - 00019873 _____ C:\Users\Will\Downloads\[katproxy.com]skyrim.realistic.overhaul.dg.v1.6.optimal.1k.2k.torrent
2015-06-01 17:49 - 2015-06-03 01:48 - 00000000 ____D C:\Users\Will\Desktop\STEP
2015-06-01 17:45 - 2015-06-01 17:45 - 00000320 _____ C:\Users\Will\Downloads\INI settings-51038-1-1.rar
2015-06-01 17:37 - 2015-06-01 17:37 - 00584318 _____ C:\Users\Will\Downloads\skse_1_07_02.7z
2015-06-01 17:29 - 2015-06-01 17:29 - 02360112 _____ C:\Users\Will\Downloads\enbseries_skyrim_v0269.zip
2015-06-01 17:27 - 2015-06-01 17:27 - 00021253 _____ C:\Users\Will\Downloads\Cell Stabilizer-41592-.zip
2015-06-01 17:26 - 2015-06-01 17:26 - 00335183 _____ C:\Users\Will\Downloads\skse_1_07_02_installer.exe
2015-06-01 17:26 - 2015-06-01 17:26 - 00002261 _____ C:\Users\Will\Desktop\Skyrim (SKSE).lnk
2015-06-01 17:26 - 2015-06-01 17:26 - 00002261 _____ C:\Users\Guest\Desktop\Skyrim (SKSE).lnk
2015-06-01 17:19 - 2015-06-03 01:35 - 00000000 ____D C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2015-06-01 17:17 - 2015-06-01 17:17 - 00001421 _____ C:\Users\Will\Desktop\Mod Organizer.lnk
2015-06-01 17:15 - 2015-06-01 17:16 - 18298624 _____ (Wrye Bash development team) C:\Users\Will\Downloads\Wrye Bash 305 - Installer-1840-305.exe
2015-06-01 17:15 - 2015-06-01 17:15 - 02546322 _____ C:\Users\Will\Downloads\TES5Edit 3.1.1-25859-3-1-1.7z
2015-06-01 17:14 - 2015-06-03 01:51 - 00000000 ____D C:\Users\Will\AppData\Local\LOOT
2015-06-01 17:14 - 2015-06-03 01:51 - 00000000 ____D C:\Program Files (x86)\LOOT
2015-06-01 17:14 - 2015-06-01 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT
2015-06-01 17:13 - 2015-06-01 17:14 - 21896146 _____ (LOOT Team) C:\Users\Will\Downloads\LOOT.Installer.exe
2015-06-01 16:38 - 2015-06-03 01:52 - 00000000 ____D C:\Program Files (x86)\Mod Organizer
2015-06-01 16:37 - 2015-06-01 16:38 - 19383202 _____ C:\Users\Will\Downloads\Mod Organizer v1_2_18 installer-1334-1-2-18.exe
2015-05-29 23:49 - 2015-05-29 23:49 - 00001452 _____ C:\Users\Will\Desktop\9Dragons.lnk
2015-05-29 23:49 - 2015-05-29 23:49 - 00001452 _____ C:\Users\Guest\Desktop\9Dragons.lnk
2015-05-29 23:49 - 2015-05-29 23:49 - 00000618 _____ C:\Users\Will\Desktop\Run 9Dragons.lnk
2015-05-29 23:49 - 2015-05-29 23:49 - 00000618 _____ C:\Users\Guest\Desktop\Run 9Dragons.lnk
2015-05-29 23:48 - 2015-05-30 13:04 - 00000000 ____D C:\9Dragons
2015-05-29 23:40 - 2015-05-29 23:47 - 00000000 ____D C:\Users\Will\Desktop\9Dragons
2015-05-29 23:38 - 2015-05-29 23:38 - 02384576 _____ (Reloaded Technologies) C:\Users\Will\Downloads\9Dragons_Downloader.exe
2015-05-25 18:52 - 2015-05-25 18:53 - 00008360 _____ C:\Windows\system32\lvcoinst.log
2015-05-25 18:52 - 2015-05-25 18:52 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-05-25 18:52 - 2015-05-25 18:52 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-05-22 21:17 - 2015-05-22 21:17 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2015-05-17 07:48 - 2015-05-17 07:48 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-11 23:30 - 2015-05-12 00:53 - 00000000 ____D C:\Users\Will\AppData\Roaming\Tera_Awesomium
2015-05-11 19:33 - 2015-05-11 19:33 - 00040527 _____ C:\Users\Will\Desktop\FRST.txt
2015-05-11 16:57 - 2015-05-11 16:57 - 00008755 _____ C:\Users\Will\Desktop\Procexp.txt
2015-05-06 21:41 - 2015-03-09 14:48 - 02508440 _____ (Sysinternals - www.sysinternals.com) C:\Users\Will\Desktop\procexp.exe
2015-05-06 21:41 - 2014-06-28 16:47 - 00002028 _____ C:\Users\Will\Desktop\Eula.txt
2015-05-06 21:41 - 2012-10-15 06:23 - 00072154 _____ C:\Users\Will\Desktop\procexp.chm
2015-05-06 21:40 - 2015-05-06 21:40 - 01190415 _____ C:\Users\Will\Downloads\ProcessExplorer (1).zip
2015-05-06 19:56 - 2015-05-06 19:56 - 00000000 _____ C:\Windows\SysWOW64\RENC6A9.tmp
2015-05-06 19:53 - 2015-05-06 19:52 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-06 19:52 - 2015-05-06 19:53 - 37328992 _____ (Oracle Corporation) C:\Users\Will\Downloads\jre-8u45-windows-i586.exe
2015-05-06 19:47 - 2015-05-06 19:49 - 43189344 _____ (Oracle Corporation) C:\Users\Will\Downloads\jre-8u45-windows-x64.exe
2015-05-06 19:47 - 2015-05-06 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-05 00:19 - 2015-05-05 00:19 - 00000000 ____D C:\ProgramData\Sophos
2015-05-05 00:17 - 2015-05-05 00:17 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-05 00:17 - 2015-05-05 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-05 00:17 - 2015-05-05 00:17 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-05-05 00:16 - 2015-05-05 00:16 - 119275136 _____ (Sophos Limited) C:\Users\Will\Downloads\Sophos Virus Removal Tool.exe
2015-05-05 00:15 - 2015-05-05 00:15 - 00002593 _____ C:\Users\Will\Desktop\AdwCleaner[S1].txt
2015-05-05 00:14 - 2015-05-05 00:14 - 00001639 _____ C:\Users\Will\Desktop\JRT.txt
2015-05-05 00:12 - 2015-05-05 00:12 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DERPADOO-Windows-7-Ultimate-(64-bit).dat
2015-05-05 00:11 - 2015-05-05 00:11 - 02716306 _____ (Thisisu) C:\Users\Will\Downloads\JRT.exe
2015-05-05 00:11 - 2015-05-05 00:11 - 00000000 ____D C:\RegBackup
2015-05-05 00:00 - 2015-05-05 00:01 - 02204160 _____ C:\Users\Will\Downloads\adwcleaner_4.203.exe
2015-05-04 23:54 - 2015-05-04 23:54 - 00448512 _____ (OldTimer Tools) C:\Users\Will\Downloads\TFC.exe
2015-05-04 23:18 - 2015-05-04 23:18 - 00002444 _____ C:\Users\Will\Desktop\The Great War 1918.lnk
2015-05-04 23:01 - 2015-05-04 23:16 - 363079291 _____ C:\Users\Will\Downloads\TGW1918_v1_2.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-03 18:17 - 2015-04-17 20:27 - 00000000 ____D C:\FRST
2015-06-03 18:01 - 2012-05-20 22:12 - 00000000 ____D C:\Users\Will\AppData\Roaming\Skype
2015-06-03 17:57 - 2012-06-08 13:54 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1002UA.job
2015-06-03 17:55 - 2012-05-19 02:58 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000UA.job
2015-06-03 17:20 - 2012-06-01 22:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 07:54 - 2012-05-19 02:58 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000Core.job
2015-06-03 03:57 - 2012-06-08 13:54 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1002Core.job
2015-06-03 01:03 - 2012-09-06 02:56 - 00000000 ____D C:\Users\Will\AppData\Roaming\uTorrent
2015-06-02 21:50 - 2015-04-01 19:34 - 01474996 _____ C:\Windows\WindowsUpdate.log
2015-06-02 18:38 - 2009-07-13 23:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 18:38 - 2009-07-13 23:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 18:13 - 2012-02-27 04:01 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-02 18:12 - 2015-04-01 19:30 - 00018611 _____ C:\Windows\setupact.log
2015-06-01 17:44 - 2009-07-14 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-01 17:25 - 2012-05-23 19:56 - 00000000 ____D C:\Users\Will\AppData\Local\Skyrim
2015-06-01 16:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-05-30 23:14 - 2013-10-26 01:05 - 00000000 ____D C:\Users\Will\AppData\Local\CrashDumps
2015-05-30 13:02 - 2012-06-06 02:32 - 00000000 ____D C:\Users\Will\AppData\Local\SniperV2
2015-05-28 00:28 - 2012-02-27 04:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-25 22:32 - 2015-04-19 10:41 - 00001274 _____ C:\Windows\DirectX.log
2015-05-25 22:27 - 2014-12-29 20:37 - 00000000 ____D C:\Users\Will\AppData\Roaming\vlc
2015-05-24 00:06 - 2012-06-02 20:49 - 00000000 ____D C:\Users\Will\AppData\Local\ArmA 2 OA
2015-05-17 07:49 - 2012-05-19 02:58 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000UA
2015-05-17 07:49 - 2012-05-19 02:58 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000Core
2015-05-14 19:12 - 2015-01-21 17:51 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-11 23:16 - 2014-09-09 15:04 - 00000000 ____D C:\Program Files (x86)\TERA
2015-05-11 23:06 - 2014-11-26 14:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-05-11 19:31 - 2015-04-18 20:02 - 00000000 ____D C:\Users\Will\Downloads\FRST-OlderVersion
2015-05-11 19:31 - 2015-04-17 20:27 - 02102784 _____ (Farbar) C:\Users\Will\Downloads\FRST64.exe
2015-05-08 18:19 - 2012-05-25 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-06 19:56 - 2014-01-24 21:11 - 00000000 ____D C:\ProgramData\Oracle
2015-05-06 19:55 - 2014-10-07 12:31 - 00000000 ____D C:\Program Files (x86)\Java
2015-05-06 19:52 - 2012-08-13 21:02 - 00000000 ____D C:\Program Files\Java
2015-05-05 00:08 - 2015-04-07 19:09 - 00018282 _____ C:\Windows\PFRO.log
2015-05-05 00:07 - 2015-04-17 20:26 - 00000000 ____D C:\AdwCleaner
 
==================== Files in the root of some directories =======
 
2014-06-22 12:01 - 2014-06-22 12:01 - 0000885 _____ () C:\Program Files (x86)\Program Files (x86) - Shortcut.lnk
2013-09-13 23:41 - 2013-09-13 23:19 - 0012005 _____ () C:\Users\Will\AppData\Roaming\alsoft.ini
2013-04-22 13:21 - 2013-10-22 03:06 - 0034816 _____ () C:\Users\Will\AppData\Roaming\RZR_00203f354c53873a22a6188faec3.db
2013-05-17 19:11 - 2013-07-10 01:34 - 0009308 _____ () C:\Users\Will\AppData\Local\CleanupUninstall.txt
2013-03-29 02:23 - 2013-03-29 02:23 - 0003584 _____ () C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-13 11:15 - 2012-06-13 11:15 - 0000092 _____ () C:\Users\Will\AppData\Local\fusioncache.dat
2014-05-20 22:15 - 2015-04-09 18:49 - 0007614 _____ () C:\Users\Will\AppData\Local\Resmon.ResmonCfg
2014-06-11 01:02 - 2014-06-11 01:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Guest\CTX.DAT
C:\Users\Will\Minecraft.exe
C:\Users\Will\punkomatic2.exe
C:\Users\Will\TechnicLauncher.exe
 
 
Some files in TEMP:
====================
C:\Users\Will\AppData\Local\Temp\Quarantine.exe
C:\Users\Will\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Will\AppData\Local\Temp\sqlite3.dll
C:\Users\Will\AppData\Local\Temp\__pythonRunner.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-24 04:57
 
==================== End of log ============================
 
 
-----------------------------------------------------------------------------------------------------------------
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Will at 2015-06-03 18:18:01
Running from C:\Users\Will\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1193129655-1466855322-3122330668-500 - Administrator - Disabled)
Guest (S-1-5-21-1193129655-1466855322-3122330668-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1193129655-1466855322-3122330668-1008 - Limited - Enabled)
Will (S-1-5-21-1193129655-1466855322-3122330668-1000 - Administrator - Enabled) => C:\Users\Will
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - )
AIM for Windows (HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\AIM) (Version:  - AOL Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.7.347 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Battlefield 2142 (HKLM-x32\...\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}) (Version:  - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.06 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.06 - Belkin) Hidden
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.8.1 - BitRaider, LLC)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.6.1 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
DriverEasy 4.9.1 (HKLM\...\DriverEasy_is1) (Version: 4.9.1.0 - Easeware)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Empire Earth Gold Edition (HKLM-x32\...\Empire Earth Gold Edition_is1) (Version:  - GOG.com)
EpicBot (HKLM-x32\...\EpicBot) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.109 - Etron Technology) Hidden
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Game Dev Tycoon v1.3.2 © Greenheart Games version 1 (HKLM-x32\...\R2FtZURldlR5Y29vbnYxMzI=_is1) (Version: 1 - )
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Happy Cloud Client (HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Hatoful Boyfriend (HKLM-x32\...\Steam App 310080) (Version:  - Mediatonic)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Influent (HKLM-x32\...\Steam App 274980) (Version:  - Rob Howland)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 6 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170060}) (Version: 1.7.0.60 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JCreator LE 5.00 (HKLM-x32\...\JCreator LE_is1) (Version:  - Xinox Software)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Linksys Wireless-G USB Network Adapter (HKLM-x32\...\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}) (Version:  - )
LOOT (HKLM-x32\...\LOOT) (Version: 0.7.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medal of Honor - Allied Assault War Chest (HKLM-x32\...\GOGPACKMEDALOFHONORPACK_is1) (Version: 2.0.0.21 - GOG.com)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version:  - PlatinumGames)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - Taleworlds Entertainment)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.2 - )
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PakkISO 0.4 (HKLM-x32\...\PakkISO_is1) (Version: PakkISO 0.4 by zorted, installer by BitLooter - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version:  - )
Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.14 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Saints Row: Gat out of Hell (HKLM-x32\...\Steam App 301910) (Version:  - Deep Silver Volition)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Secure Download Manager (HKLM-x32\...\{718B4606-2FEF-411B-B96E-4FC53B91EBC0}) (Version: 3.1.01 - Kivuto Solutions Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sleipnir Version 6.1.3 (HKLM-x32\...\FenrirSleipnirV5_is1) (Version: 6.1.3 - Fenrir Inc.)
Smart Port Forwarding (HKLM-x32\...\Smart Port Forwarding) (Version: 1.0.0.1 - Brooks Younce Software)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.7.2766.1 - Hi-Rez Studios)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Star Wars - Jedi Knight II: Jedi Outcast (HKLM-x32\...\Steam App 6030) (Version:  - Raven Software)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.10 - Bioware/EA)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strongvault Online Backup (HKLM-x32\...\{3002C8EB-2A7E-419B-B77F-5AD7E9F54A5A}) (Version: 1.0.1.0 - Strongvault) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\TeamSpeak 3 Client) (Version: 3.0.10.1 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.6 - En Masse Entertainment)
TERA (HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\teraenmasse) (Version:  - )
Tether (HKLM-x32\...\{C5C67EA4-16FA-473C-B274-904A71162DE4}) (Version: 1.0.1 - ClockworkMod)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Lord of the Rings Online™ v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04-rev266 - Ubuntu)
Unity Web Player (HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media DRM Reset (HKLM-x32\...\ResetDRM) (Version:  - )
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{a7602e27-6fa8-4ea3-bf95-f71953fc5b64}) (Version: 8.100.26898 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
WPT Redistributables (x32 Version: 8.100.26898 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26898 - Microsoft) Hidden
WPTx86 (HKLM-x32\...\{8555F42F-F978-9DC1-8DBC-7FA225AD44E1}) (Version: 8.100.26898 - Microsoft)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1193129655-1466855322-3122330668-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Will\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1193129655-1466855322-3122330668-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Will\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1193129655-1466855322-3122330668-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Will\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0693CAE0-C75D-49EE-B6D8-582E025A39BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0A01493F-3A08-47CA-BEC7-BBD8A91A3399} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {0C54F8E8-42CC-4545-A752-9A255EE2D0ED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D3C9D17-C249-4016-94F6-80839596016B} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-19] (Microsoft Corporation)
Task: {3951E883-613E-4AD4-88FA-CB46C5BE70CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1002UA => C:\Users\Tiffany\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08] (Google Inc.)
Task: {4AE963F8-9D3B-45B6-A738-E395A4A53114} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1002Core => C:\Users\Tiffany\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08] (Google Inc.)
Task: {5778668C-DD5D-42BE-92B1-2BC91E2FAE2C} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2014-08-20] (PcWinTech.com)
Task: {6204FC16-0686-4AF2-990A-564E8C535DC6} - System32\Tasks\{1D6FB7E2-27CA-4AEE-A52E-E0823925A205} => pcalua.exe -a C:\Users\Will\Desktop\pbsetup.exe -d C:\Users\Will\Desktop
Task: {7C5F9CC2-1ED8-4391-940D-3AF4E3864C4E} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {81936A56-4CCF-4F68-AF1A-F8417E25F64C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000UA => C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-19] (Google Inc.)
Task: {99007321-EAFB-45DC-A1FF-2CE4E2B36EBA} - System32\Tasks\{14D285C5-79E7-41F8-A0A4-92947A149AF2} => pcalua.exe -a C:\Users\Will\Downloads\vcredist_x86.exe -d C:\Users\Will\Downloads
Task: {C0C9CA7C-08A5-4A4D-B9F8-F4EF5F1DEB75} - System32\Tasks\{A3C26A17-3EE6-4376-8519-75B9FB3BB78B} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/202990
Task: {CA122244-E4EA-4698-9F2E-24B9C3F58C4B} - System32\Tasks\{07778674-5996-44C0-9840-ED595E6BDDBD} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe"
Task: {CDB1981F-7FA4-4CB6-90AD-1916CD9AF5F0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000Core => C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-19] (Google Inc.)
Task: {D40F4E38-39F6-4D5D-B031-452C4368747F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {D7114BFC-78F9-4A5D-9F60-A0999881022E} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-11] (Microsoft Corporation)
Task: {DC4627CC-9CD0-4BD9-BAD9-4A7682F0097F} - System32\Tasks\{CF5A59B7-C1FB-4CEC-8143-057DA4DDB30F} => pcalua.exe -a "C:\Users\Will\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files\setup.exe" -d "C:\Users\Will\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files"
Task: {F9BB68E3-ED02-406E-87B0-0D3373A31E84} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000Core.job => C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000UA.job => C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1002Core.job => C:\Users\Tiffany\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1002UA.job => C:\Users\Tiffany\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-05-24 01:47 - 2014-05-24 01:47 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-04 18:24 - 2015-02-04 18:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2009-12-28 18:25 - 2009-12-28 18:25 - 00036864 ____N () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-11-19 02:33 - 2012-11-19 02:33 - 00070264 _____ () C:\Windows\system32\bdmpega64.acm
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-03-24 08:28 - 2015-03-24 08:28 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2015-03-24 08:28 - 2015-03-24 08:28 - 00775872 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2015-03-24 08:27 - 2015-03-24 08:27 - 00408576 _____ () C:\Program Files\Rainmeter\Plugins\NowPlaying.dll
2015-03-24 08:27 - 2015-03-24 08:27 - 00058368 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll
2015-03-24 08:27 - 2015-03-24 08:27 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll
2015-03-24 08:27 - 2015-03-24 08:27 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
2015-02-02 02:52 - 2015-02-02 02:52 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-05-25 19:55 - 2015-05-22 15:22 - 01281864 _____ () C:\Users\Will\AppData\Local\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 19:55 - 2015-05-22 15:22 - 00080712 _____ () C:\Users\Will\AppData\Local\Google\Chrome\Application\43.0.2357.81\libegl.dll
2013-03-12 17:10 - 2015-04-16 12:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 19:32 - 2015-04-22 21:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 19:32 - 2015-04-22 21:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 19:32 - 2015-04-22 21:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 21:59 - 2015-06-01 22:29 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 14:38 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 14:38 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 14:38 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 14:38 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 14:38 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-09-07 23:54 - 2015-06-01 22:28 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-09-07 23:54 - 2015-05-11 14:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-05-15 23:42 - 2015-05-11 14:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Will\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Belkin USB Wireless Adaptor Utility.lnk => C:\Windows\pss\Belkin USB Wireless Adaptor Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Will^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup
MSCONFIG\startupreg: addlyrics@addlyrics.net => C:\Program Files (x86)\AddLyrics\YTLUpdater.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Will\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Google Update => "C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: itype => "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1AF184A8-AE7F-493E-A4AF-208D0167A1B4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6824A4CA-D900-4280-A907-C5D12E3B4487}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7339EAAB-B971-4388-8948-3DE67F0B61AE}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{A72C1DF7-4E87-4325-959A-8340C5127F84}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{468577F2-F9AF-4EA3-9F52-65B30449A519}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FCA7E9B4-E878-41AC-8031-F40CB9D377EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4A52CC2-150D-455B-B252-EBA27AE78CC4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{67B9F184-E61F-4C13-B16D-8A0DB323B925}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F75B53A9-E717-43FD-A6EF-7EF3FD5F20BF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{86D473FA-1134-4FD7-80A6-DF925AF2157F}C:\users\will\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\will\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2778BE18-ECD4-4D81-A8E4-E3D3C6E53F3C}C:\users\will\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\will\appdata\local\akamai\netsession_win.exe
FirewallRules: [{A983820B-D8FD-4439-950C-B93AD602409D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{00B26314-36E9-4DB2-A84F-92260606A46E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{66A9738B-2D12-4402-9C69-66C2ACEE8759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{5B87961E-04F1-46F0-A587-6DA750E9ACE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{56379BF5-FCED-421A-B32F-234B0C30B795}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{169A64E3-6045-4D49-9E40-89D2F4512CD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [TCP Query User{9D56E60F-FD89-46B4-B49C-C7A7A138382E}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3E90472C-6828-4AF8-8AB4-6ED298CA2B05}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7B1329A9-F236-4F4F-92E2-A4746C69329E}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{D1769124-792E-4A41-B1E9-E70AED3BADD3}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{810A93A5-1541-4A28-873A-C8875678F2E5}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{5D7FF2E0-41BF-404E-A683-17B0DBC81BDC}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{2F6FB762-D0BD-4630-9A39-93C3F940065C}C:\users\tiffany\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\tiffany\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{3A5D2948-3E3D-4026-8FC3-6F58DDB6BCBD}C:\users\tiffany\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\tiffany\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{70512DDE-5561-4F8E-BEF1-075F0903D582}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{2BB34167-9710-4CDA-B537-9CE665C41A08}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [TCP Query User{84A51485-CCA6-4C1A-A06B-8282B9B2D47B}C:\program files\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{F42976F4-2367-4F93-8FD3-0A68DB2D1020}C:\program files\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files\dragon age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{6C35C6A3-6CCC-466D-8037-880FE59EDF11}C:\program files\dragon age\bin_ship\daorigins.exe] => (Block) C:\program files\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{35971421-B277-49BE-A3F9-63E2DCEAAFE1}C:\program files\dragon age\bin_ship\daorigins.exe] => (Block) C:\program files\dragon age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{A399DB3E-65E4-4ED7-8F67-84E8696442C8}C:\users\will\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\will\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{9DA92C30-B3DD-4F62-8692-61A0D49DF0A4}C:\users\will\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\will\appdata\local\akamai\netsession_win.exe
FirewallRules: [{EA8EF370-7DEC-4470-9C01-163794D0BDAC}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield 2142\BF2142.exe
FirewallRules: [{966CCADB-0837-45A6-91E0-34A23E4E4252}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield 2142\BF2142.exe
FirewallRules: [{E251B26B-9C91-47F5-91D9-843EC3D36795}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
FirewallRules: [{E216F534-FD27-4F9C-B882-193712FCC8DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
FirewallRules: [{16CF619B-D674-42E6-AA43-DF736D95CA5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sonic generations\SonicGenerations.exe
FirewallRules: [{03DDBE9D-EA5A-4F6C-ADA0-965DFD09B498}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sonic generations\SonicGenerations.exe
FirewallRules: [{56AF5AA2-1847-451F-9CA3-0627F38DD9F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sonic generations\ConfigurationTool.exe
FirewallRules: [{05911FD6-AE6A-47C6-A319-A6D2F8302504}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sonic generations\ConfigurationTool.exe
FirewallRules: [{D6908B78-1597-4D48-A9A6-F2A01B877E8B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F41F2499-0E8E-4AA2-A687-9A51BC09355D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9B1B8D17-DC11-497E-81A8-B354ED45F45A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B63D0EF5-F5C0-469F-9F8A-0C933196805D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C9D3E376-0E69-4B96-95D0-1D7D0F2C036D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{79E5D41F-669B-4559-ABDC-A8F4E41A48B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{B08465AE-7BF9-4080-A6E4-A186295240A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{B328A898-2F4E-401F-AE5C-F549A6CB1D50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{1FE1D4DF-4080-4980-8070-005C2A580424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{BA589FFC-FB24-4882-BC76-91C62F1C5A35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{25C82F67-6D22-4AEB-935E-A9793F8A9514}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{DDA63E8F-B0CD-4458-BEA9-F171AF569940}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{DCA1976C-EA11-4E5F-AB89-4995690AE265}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{052B8D37-2AFA-4C9E-AAC6-5A80B510A479}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{E0BF734A-6228-4DE7-AFC2-760E7688FBDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{950B935F-2B10-4F18-9D51-5BDBFBB0B66B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{51E158BB-7303-4311-80EE-51E16E5D27C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\data\encyclopedia\how_to_play.html
FirewallRules: [{AF98C2C1-84CC-4071-9130-3E8D362AAF74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\data\encyclopedia\how_to_play.html
FirewallRules: [{165CE150-53C6-4CE4-AE89-ACE634C334E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\benchmarks\benchmark_current_settings.bat
FirewallRules: [{8D1C78C4-9E8A-48B6-97E5-1A8EC354C1E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\benchmarks\benchmark_current_settings.bat
FirewallRules: [{09527855-8688-4788-B965-74CBF86EF37A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{13BFA683-55CB-464D-A7C1-955414816382}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{48984F98-2A0C-4342-AC8A-C04B84E9282F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{4A45831F-BA10-4FBD-86D0-BB3F19139150}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{6BEC99F9-D25A-4D18-A9D8-FA5DB816FF3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mountblade warband\mb_warband.exe
FirewallRules: [{DDF905AF-ACA3-43F1-AA9E-36F55E32DB70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mountblade warband\mb_warband.exe
FirewallRules: [{1BB01980-E64E-4F94-8FE6-73AF912404DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{87E11DBF-AE57-4AEF-9897-A262DFB3EE77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1EAD67F8-BD7C-4D8E-ACC6-05172967C958}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mountblade warband\mb_warband.exe
FirewallRules: [{1640FCBD-4CF8-42EA-AFF8-213604B618CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mountblade warband\mb_warband.exe
FirewallRules: [{D1A1D8A4-9B2B-4BE3-A64D-6C75A04B5DB0}] => (Allow) LPort=80
FirewallRules: [{30D9BB83-9C78-441C-810A-4E065CFE98AA}] => (Allow) LPort=443
FirewallRules: [{63EDE4EE-F7CF-4020-93BD-0D659A38DF4C}] => (Allow) LPort=20010
FirewallRules: [{53104536-A665-4BB5-A8AE-A08D9C547493}] => (Allow) LPort=3478
FirewallRules: [{1170CFD3-A143-493D-87D7-747D2EF87507}] => (Allow) LPort=7850
FirewallRules: [{032CD3CF-6F15-4AC3-968E-9D9A76474CC2}] => (Allow) LPort=27022
FirewallRules: [{2F975FD5-3770-452A-BAD5-90DD468764CA}] => (Allow) LPort=6881
FirewallRules: [{B252F289-F470-4074-A722-B2820A181138}] => (Allow) LPort=33333
FirewallRules: [{A030332E-AE0C-483C-9484-2773C29CBAA0}] => (Allow) LPort=20443
FirewallRules: [{9E9A10F4-D34B-46AD-B396-7FE29A4C0CB7}] => (Allow) LPort=8090
FirewallRules: [{D3DFAEAD-9FEF-4452-8EED-BBA03777DA60}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{467BBF13-58C3-4485-BB26-E32B7315897A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5C5A99C2-BE03-4AB3-A16D-2565AFB761E6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{85712E91-F382-4B4D-BCB4-439C5DF39B49}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EC37415C-D705-46A7-BA07-5211951A3A30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{165FB5F8-6EB4-40EE-B204-B1A1A3C367AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{E39EC61F-AE50-4548-BBC9-4E52780B0DD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{24195972-8A67-4DA8-B90A-86B1E6319A36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{BFFBF3F7-B7FA-42F7-A0F9-18D3F0745551}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{9E3A6684-AF68-43EF-A6DD-72E7A1849600}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{CE22FF7B-6AFE-487C-B256-0B3672DBF59F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8445B3E0-7D13-427F-9750-6EC75447A46D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8BBFFFCA-AB31-460A-8412-A232024CB597}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{23343853-315E-4ADF-B456-C3A97FB1A26D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{CA6F4F41-6DDE-494B-96C2-EEBEE130561F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{FC3260E0-6A9A-46CA-A63A-BF5BEEBA8EB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{7E8A49CF-5693-4AC1-A301-D70F721180E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{28B3C947-47AD-4F5D-A7A2-94073076CE40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{EFCC6E5D-BD1D-4148-BB77-C233EA118D5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{C3FC8869-2E6A-4F19-A2D2-4879B34CACFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{0BC4F5FF-D79A-4125-96EC-538BBB225A13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{333B2473-C372-4991-B0EC-80A8E2AAF48A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{CD1AD784-2B6B-4EC0-867B-FF39BCDAB86A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F987FD53-3D91-45EC-AEBC-3F5ED696BE1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{41322571-EAA3-493F-81B3-7054F22A2E7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{5DA887BC-C44B-4452-A875-6C2BC154750D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{AFF04899-60DD-4201-93BC-C276624463D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{3261CD23-D714-44AC-A2FF-1E033C86CDB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{FF7C4D53-8B5D-47B4-A698-D32C088A9C9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{C064EB83-9F70-4C4E-88D7-0D237314F23C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{F59BF0FA-B1BB-45D9-BB2C-F886CD79110F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{07B1CF1C-92E4-4372-9634-1E55E1DF1CC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A3645E9F-D82A-4F10-BBAD-EE80788BC470}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A3E00050-132B-4183-BB19-C817DCFC30F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A0D29450-ADA6-4C76-A649-6B3C1464B25E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A3D582E8-7995-4F58-9112-D0C148C68A76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{31414CA2-A061-4CB2-BF4D-2EE15630395A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F481AD08-D40B-41A1-9E23-3AD45D256355}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A562C89F-0C57-43F2-9D20-6DB75CCEE229}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{743320B8-7FDB-4491-824F-C18E3327F0CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1C400561-A37A-4B13-A460-51C47D530395}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{7DE7054D-096E-4F33-BC32-8AD1EF934D55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{68D53741-1D62-46A1-A080-5AED02F9E251}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D0AF4219-4779-42E8-A3AC-0DBBDAB90D57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5FC9FACE-71F7-434D-819D-6F9622249E89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{7529D980-6CD6-4F79-A7C1-1529DF7E4B87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{6F1E1D00-4E62-4F60-B452-38DE0C7FF741}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{DEA0CDB2-778B-46A6-9EFF-4540169C8384}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{2409FC0A-A6E8-4515-8A7C-F408C1124DAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{78B180DD-EC4C-4C30-ACBF-0235150AF384}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{82F0C297-9A41-47CF-AC61-BDCDDC236F98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{14E3E72D-BF19-43F8-A4B2-0452ABA895D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E0051BF3-3C5A-44B2-A1DE-F2E3B4743F72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{3FC2EB3D-A3E1-4321-B80C-70FE3B71971E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{1573CE99-C909-4EEE-B898-BA06E2BC1A32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{79AF21A5-4BBD-4256-9E45-A1DEDE7C17C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{66C41D72-01F7-41EB-88E2-42D2BE494680}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{AB2FE059-E9E6-4C2E-A0DC-D573E0C704EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{B28CE007-5A7D-4537-B8B6-BE38ADFDCB34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{CFCF96C2-CA4E-4D2A-874A-FFF470FA727D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{FE6B6F2F-35B3-4B0D-BB13-5664AFDF3DC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{8EF4602A-AB7C-43C5-AB51-27513F215984}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{74022F63-6D21-437A-BE6B-8792E64F3F04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{9F0C301A-4B5B-4119-9867-3FBC9096E880}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{3AF5CE0C-03BE-42BF-B199-86B7225B8E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{0AAA160B-7BAE-4A69-83F3-897E0167656C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{54886CC8-B0B7-4A94-A6D2-E00D3D270E78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe
FirewallRules: [{7E381329-DC17-4288-A950-462FCCA55FD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe
FirewallRules: [{4FB7AFF2-F7C6-4B71-AFBE-C7858380A2B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{C829173B-EBDB-49DF-A683-C3DC2E1F5618}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{C77022E1-6231-4AED-AE32-690EC8FCF668}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{4FFB224B-309F-43C0-8AC0-F9587945600D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1B6B7DA9-F995-4A25-8A1F-48352B82EFDD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{116C9ACE-1BD2-4493-B004-7A8C94CA2648}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{00C015A5-4004-44D8-9F5C-753D7BFDE5A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{9119300E-A2E2-4088-9580-B0969CE0F366}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{CD2B12BE-68EA-4A94-8BC6-38D7ABD82F69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{A16DC9C6-10AF-46B0-8EB6-BA23509D45BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{04CA7006-DC14-4FC3-9238-C365DFF99048}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{E681E2B3-D908-4CBD-9F52-3D0119FA4013}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{884A97C1-7ED7-4FB6-83CF-8125ED5B56BD}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{D5E33295-82B9-4901-900E-413336492C7C}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{D8C49A87-65DF-4437-ADBE-DA10E20D92BF}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{0927CE4C-D28B-4229-BB76-DA565DFC3DD1}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{7A1ADC42-6492-456A-83D2-F864586F7940}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{708500FA-C965-4EC9-91A4-1D40ED912B11}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{F315824C-649F-4A25-9799-9A650AC83483}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{1EDFB1B1-1F5B-44C1-9E1C-F76804C4D21A}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{06AC8CB2-2148-45A4-9422-624CE5FD03D3}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{F0ABD652-8F48-4391-8FD8-AE4E79B6831F}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{7BDD1DE5-BF2E-44E2-972F-33E7ADBCD707}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\Rust.exe
FirewallRules: [{A3DC8903-A143-464B-BB77-45F366F12277}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\Rust.exe
FirewallRules: [{1C16818F-AAEB-451B-BF7C-61CA74CC1B58}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{9655AC4F-5511-4037-8F79-4665047DD672}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{34302D50-A65F-4339-9BF1-4E8B65744726}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{255737E8-07C8-41EE-B020-9C84543E7747}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{1938EDA5-96AB-470B-8A68-94B55C4F7440}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{87852AEF-7A74-4391-897C-2622090B8CA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{2BE1E885-067A-41A6-9830-2CCEE46EDF7A}] => (Allow) %ProgramFiles% (x86)\Glyph\GlyphClient.exe
FirewallRules: [{B27094AF-F92C-4F2E-9464-0EE943C05500}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{7BE821B4-25FF-484E-8FD6-D48107AE284B}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{33B48C32-D425-46B2-B5A5-A43513D96D0B}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{4695EF0E-90BC-47DE-A5DB-42E031368D7A}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{8FD774C3-1847-4D40-B098-C058169EEB77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{30DA24F9-D82A-4F95-B7AF-1BC73990F4AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{F2466D8B-B680-486F-A320-A463F6C324F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{03DE8D87-2B4F-403A-BC2C-320B2D20A8FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{B6A63F5E-F1D0-4D1A-845F-AF4CF04C545F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{508DDD24-DF33-4DB1-B86D-7559F1283247}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{EE7643AB-FDCB-4999-801B-2589F3C8B186}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{D604B806-45C8-41C3-8840-D106425CC9EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{1E8376D0-8510-4EE7-8596-322128E8BB8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{A82207E8-9089-409C-9166-AFA7C062B1BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{FB73084C-C4E9-44BA-970B-999CA8594165}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{9E359280-F8B8-44F8-A98F-72A1F98D366A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{E6263863-59F5-4058-98AF-86875CD63261}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{9C50A667-6BAE-44EB-BCEF-6DE3A93316B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{77F76055-CD92-496B-9495-19236921FDAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{758AF588-4FF6-4C07-B1A2-C5FBC31D9700}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{53164B79-9220-436D-AEDC-994148508A02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Volgarr\Volgarr.exe
FirewallRules: [{84E87E1C-DFFD-463B-B67D-64807E79501F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Volgarr\Volgarr.exe
FirewallRules: [{BDA0F38A-65B1-455C-8C97-A597A0D96AFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{E6203E01-4906-4CCC-BDEB-9BF204FE1515}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{DD60B248-1CC2-43B3-A1A8-A6AF63246A32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{99646E25-748A-4391-90D9-2C965A1D7191}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{00E5E729-6EB5-48A8-A8FB-E1BD51DBDDD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{BE29CD9E-D41E-4D01-A4BE-138829CD52F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{37F144BB-319F-4379-AA71-69F1789F29E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row Gat out of Hell\SaintsRowGatOutOfHell.exe
FirewallRules: [{AB11048D-A2CD-4DC8-9D63-82D3C4F285BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row Gat out of Hell\SaintsRowGatOutOfHell.exe
FirewallRules: [{91FEBE63-1A12-48A8-982F-4E6361AF0526}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{CA82E801-99CE-46AF-A34A-EB2557C76E5B}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{35ABD059-CF2A-4BB9-BE8B-AF3E3732D314}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Influent\Influent.exe
FirewallRules: [{3FCA940C-97B8-4AA5-BF57-1A272E766452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Influent\Influent.exe
FirewallRules: [{79CDC366-6198-4CD5-AD66-F7E35F8C87B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{50EE7369-9EE3-4090-8D7B-410562C8C494}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{6F88BA54-B980-45DD-9E4F-FBEFB5FB536A}] => (Allow) LPort=49189
FirewallRules: [{876F4A21-FE45-4D46-84CD-50D650D627B6}] => (Allow) LPort=5000
FirewallRules: [{2D3A2F6D-0F07-41F8-8ED9-639A75C01F1A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E8BE628-39E6-4F9E-87BF-80E1E45F90D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5E52BFD4-F1C8-4FE7-859D-784A46356DC8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5324866D-179F-465C-969A-BD6AD314F67A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BED86F2E-2989-4922-BA46-981CC92BC7EA}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7A8D1B0C-1E0A-4F12-A9D9-1C05617F1F05}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FC144065-8C8B-45F1-AA9F-44C93D2830AF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{EDDA6B1D-B334-4985-B0BF-7A6B1633E352}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{F8EF98DE-5F80-4AB3-A8C6-3FB9A828C4C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{40D20D71-691B-49AC-A1DC-9A8AC1D89A6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{9D702369-64E1-47B9-A7B4-6222A38A6DBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{81CD7A74-5B95-45B0-A0BD-46264F922625}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{0BE2359F-347F-43E3-A30F-B36816545ACA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{92D56265-256E-4B10-A1B8-16E690B95E6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [{FCCD3514-81FF-4152-B3EF-F19C37872D72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [{F0E786A1-5713-4604-896A-5C146D7789E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{657C80A8-D588-48D7-8482-8FBE4F947F82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{9A3C248E-F554-4B60-AE7A-DE7BE2F1A6E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{3A64229C-B4F3-43E2-BF62-1DD1E2FEC271}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{3FB53A6B-8D28-4947-ABDD-698A930CA6A6}] => (Allow) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/03/2015 02:14:42 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active. 
 
Context: Windows Application
 
 
Details:
Insufficient quota to complete the requested service.  (HRESULT : 0x800705ad) (0x800705ad)
 
Error: (06/02/2015 04:33:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (06/01/2015 06:35:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (06/01/2015 04:58:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (06/01/2015 04:29:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/30/2015 11:02:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ffxiv.exe, version: 1.0.0.0, time stamp: 0x555b6735
Faulting module name: ffxiv.exe, version: 1.0.0.0, time stamp: 0x555b6735
Exception code: 0xc0000005
Fault offset: 0x00018ef0
Faulting process id: 0x6adec
Faulting application start time: 0xffxiv.exe0
Faulting application path: ffxiv.exe1
Faulting module path: ffxiv.exe2
Report Id: ffxiv.exe3
 
Error: (05/30/2015 03:38:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (05/30/2015 02:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SniperEliteV2.exe, version: 0.0.0.0, time stamp: 0x537f671a
Faulting module name: Steam2.dll, version: 2.0.2117.156, time stamp: 0x52fd784f
Exception code: 0xc0000005
Fault offset: 0x001612f9
Faulting process id: 0x2b79c
Faulting application start time: 0xSniperEliteV2.exe0
Faulting application path: SniperEliteV2.exe1
Faulting module path: SniperEliteV2.exe2
Report Id: SniperEliteV2.exe3
 
Error: (05/30/2015 00:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/30/2015 03:19:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NS3FB.exe, version: 1.0.0.7, time stamp: 0x52e2299b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002dfe4
Faulting process id: 0x291ca0
Faulting application start time: 0xNS3FB.exe0
Faulting application path: NS3FB.exe1
Faulting module path: NS3FB.exe2
Report Id: NS3FB.exe3
 
 
System errors:
=============
Error: (06/03/2015 06:09:04 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d28\??\C:\Users\Will\ntuser.dat
 
Error: (06/03/2015 02:15:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RzSurroundVADStreamingService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/02/2015 10:08:57 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/01/2015 04:30:05 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (06/01/2015 04:28:42 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (06/01/2015 04:27:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
%%3
 
Error: (06/01/2015 04:27:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:25:10 PM on ‎6/‎1/‎2015 was unexpected.
 
Error: (05/30/2015 00:07:02 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/30/2015 00:07:02 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/30/2015 00:06:26 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
 
Microsoft Office:
=========================
Error: (06/03/2015 02:14:42 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Context: Windows Application
 
 
Details:
Insufficient quota to complete the requested service.  (HRESULT : 0x800705ad) (0x800705ad)
C:\
 
Error: (06/02/2015 04:33:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
 
Error: (06/01/2015 06:35:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
 
Error: (06/01/2015 04:58:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
 
Error: (06/01/2015 04:29:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/30/2015 11:02:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ffxiv.exe1.0.0.0555b6735ffxiv.exe1.0.0.0555b6735c000000500018ef06adec01d09b29fbcac3b0C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv.exeC:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv.exec9d4480a-0749-11e5-a834-94de80bf37cb
 
Error: (05/30/2015 03:38:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
 
Error: (05/30/2015 02:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SniperEliteV2.exe0.0.0.0537f671aSteam2.dll2.0.2117.15652fd784fc0000005001612f92b79c01d09b0ece5ed05dC:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2\bin\SniperEliteV2.exeC:\Program Files (x86)\Steam\Steam2.dll404b4631-0702-11e5-a834-94de80bf37cb
 
Error: (05/30/2015 00:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/30/2015 03:19:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NS3FB.exe1.0.0.752e2299bntdll.dll6.1.7601.18247521ea8e7c00000050002dfe4291ca001d09aa6dea2558cC:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB.exeC:\Windows\SysWOW64\ntdll.dlla8cea061-06a4-11e5-a238-94de80bf37cb
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-04 21:16:33.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-04 21:16:33.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-04 21:16:33.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-04 21:16:33.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-04 21:16:33.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-04 21:16:33.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-02 20:32:06.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-02 20:32:06.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-02 20:32:06.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-02 20:32:06.001
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8350 Eight-Core Processor 
Percentage of memory in use: 74%
Total physical RAM: 32732.62 MB
Available physical RAM: 8210.31 MB
Total Pagefile: 65463.42 MB
Available Pagefile: 38675.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:23.95 GB) NTFS
Drive e: (SPIRITEDAWAYUS) (CDROM) (Total:7.78 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 55CE4FF8)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A0FC92BD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#5 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:28 PM

Posted 03 June 2015 - 10:25 PM

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Strongvault Online Backup

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\MountPoints2: {5eee9c99-f0df-11e3-bc67-806e6f6e6963} - E:\install.EXE id= ver=1.0.0.0
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
C:\Program Files (x86)\Battlelog Web Plugins\2.1.3
C:\Program Files (x86)\Battlelog Web Plugins\2.3.0
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
C:\ProgramData\NexonUS\NGM
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
C:\Program Files (x86)\Pando Networks
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
C:\Program Files (x86)\OnLive
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 KBFiltr; System32\Drivers\KBFiltr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
C:\ProgramData\BitRaider\BRDriver64.sys
C:\Windows\system32\drivers\EagleX64.sys
C:\Windows\system32\DRIVERS\easytthr.sys
C:\Windows\System32\Drivers\KBFiltr.sys
C:\Windows\System32\drivers\rdvgkmd.sys
C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys
2014-06-11 01:02 - 2014-06-11 01:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Guest\CTX.DAT
C:\Users\Will\Minecraft.exe
C:\Users\Will\punkomatic2.exe
C:\Users\Will\TechnicLauncher.exe
C:\Users\Will\AppData\Local\Temp\SkypeSetup.exe
CustomCLSID: HKU\S-1-5-21-1193129655-1466855322-3122330668-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Will\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
C:\Users\Will\AppData\Local\Google\Update\1.3.26.9
Task: {6204FC16-0686-4AF2-990A-564E8C535DC6} - System32\Tasks\{1D6FB7E2-27CA-4AEE-A52E-E0823925A205} => pcalua.exe -a C:\Users\Will\Desktop\pbsetup.exe -d C:\Users\Will\Desktop
Task: {99007321-EAFB-45DC-A1FF-2CE4E2B36EBA} - System32\Tasks\{14D285C5-79E7-41F8-A0A4-92947A149AF2} => pcalua.exe -a C:\Users\Will\Downloads\vcredist_x86.exe -d C:\Users\Will\Downloads
Task: {C0C9CA7C-08A5-4A4D-B9F8-F4EF5F1DEB75} - System32\Tasks\{A3C26A17-3EE6-4376-8519-75B9FB3BB78B} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/202990
Task: {CA122244-E4EA-4698-9F2E-24B9C3F58C4B} - System32\Tasks\{07778674-5996-44C0-9840-ED595E6BDDBD} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe"
Task: {DC4627CC-9CD0-4BD9-BAD9-4A7682F0097F} - System32\Tasks\{CF5A59B7-C1FB-4CEC-8143-057DA4DDB30F} => pcalua.exe -a "C:\Users\Will\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files\setup.exe" -d "C:\Users\Will\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files"
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
RemoveProxy:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

How is the system running now?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#6 urdadinatoaster

urdadinatoaster
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 05 June 2015 - 12:36 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Will at 2015-06-03 22:29:13 Run:1
Running from C:\Users\Will\Desktop
Loaded Profiles: Will (Available Profiles: Will & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\MountPoints2: {5eee9c99-f0df-11e3-bc67-806e6f6e6963} - E:\install.EXE id= ver=1.0.0.0
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
C:\Program Files (x86)\Battlelog Web Plugins\2.1.3
C:\Program Files (x86)\Battlelog Web Plugins\2.3.0
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
C:\ProgramData\NexonUS\NGM
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
C:\Program Files (x86)\Pando Networks
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
C:\Program Files (x86)\OnLive
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 KBFiltr; System32\Drivers\KBFiltr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
C:\ProgramData\BitRaider\BRDriver64.sys
C:\Windows\system32\drivers\EagleX64.sys
C:\Windows\system32\DRIVERS\easytthr.sys
C:\Windows\System32\Drivers\KBFiltr.sys
C:\Windows\System32\drivers\rdvgkmd.sys
C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys
2014-06-11 01:02 - 2014-06-11 01:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Guest\CTX.DAT
C:\Users\Will\Minecraft.exe
C:\Users\Will\punkomatic2.exe
C:\Users\Will\TechnicLauncher.exe
C:\Users\Will\AppData\Local\Temp\SkypeSetup.exe
CustomCLSID: HKU\S-1-5-21-1193129655-1466855322-3122330668-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Will\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
C:\Users\Will\AppData\Local\Google\Update\1.3.26.9
Task: {6204FC16-0686-4AF2-990A-564E8C535DC6} - System32\Tasks\{1D6FB7E2-27CA-4AEE-A52E-E0823925A205} => pcalua.exe -a C:\Users\Will\Desktop\pbsetup.exe -d C:\Users\Will\Desktop
Task: {99007321-EAFB-45DC-A1FF-2CE4E2B36EBA} - System32\Tasks\{14D285C5-79E7-41F8-A0A4-92947A149AF2} => pcalua.exe -a C:\Users\Will\Downloads\vcredist_x86.exe -d C:\Users\Will\Downloads
Task: {C0C9CA7C-08A5-4A4D-B9F8-F4EF5F1DEB75} - System32\Tasks\{A3C26A17-3EE6-4376-8519-75B9FB3BB78B} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/202990
Task: {CA122244-E4EA-4698-9F2E-24B9C3F58C4B} - System32\Tasks\{07778674-5996-44C0-9840-ED595E6BDDBD} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe"
Task: {DC4627CC-9CD0-4BD9-BAD9-4A7682F0097F} - System32\Tasks\{CF5A59B7-C1FB-4CEC-8143-057DA4DDB30F} => pcalua.exe -a "C:\Users\Will\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files\setup.exe" -d "C:\Users\Will\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files"
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
RemoveProxy:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5eee9c99-f0df-11e3-bc67-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{5eee9c99-f0df-11e3-bc67-806e6f6e6963} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0" => key removed successfully
"C:\Program Files (x86)\Battlelog Web Plugins\2.1.3" => File/Folder not found.
"C:\Program Files (x86)\Battlelog Web Plugins\2.3.0" => File/Folder not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => key removed successfully
"C:\ProgramData\NexonUS\NGM" => File/Folder not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Program Files (x86)\Pando Networks => moved successfully.
"HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0" => key removed successfully
C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll not found.
"C:\Program Files (x86)\OnLive" => File/Folder not found.
AODDriver4.2.0 => Service removed successfully
BRDriver64 => Service removed successfully
EagleX64 => Service removed successfully
easytether => Service removed successfully
KBFiltr => Service removed successfully
VGPU => Service removed successfully
WinRing0_1_2_0 => Service removed successfully
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys" => File/Folder not found.
"C:\ProgramData\BitRaider\BRDriver64.sys" => File/Folder not found.
"C:\Windows\system32\drivers\EagleX64.sys" => File/Folder not found.
"C:\Windows\system32\DRIVERS\easytthr.sys" => File/Folder not found.
"C:\Windows\System32\Drivers\KBFiltr.sys" => File/Folder not found.
"C:\Windows\System32\drivers\rdvgkmd.sys" => File/Folder not found.
"C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys" => File/Folder not found.
C:\ProgramData\DP45977C.lfl => moved successfully.
C:\Users\Guest\CTX.DAT => moved successfully.
C:\Users\Will\Minecraft.exe => moved successfully.
C:\Users\Will\punkomatic2.exe => moved successfully.
C:\Users\Will\TechnicLauncher.exe => moved successfully.
C:\Users\Will\AppData\Local\Temp\SkypeSetup.exe => moved successfully.
"HKU\S-1-5-21-1193129655-1466855322-3122330668-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"C:\Users\Will\AppData\Local\Google\Update\1.3.26.9" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6204FC16-0686-4AF2-990A-564E8C535DC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6204FC16-0686-4AF2-990A-564E8C535DC6}" => key removed successfully
C:\Windows\System32\Tasks\{1D6FB7E2-27CA-4AEE-A52E-E0823925A205} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1D6FB7E2-27CA-4AEE-A52E-E0823925A205}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99007321-EAFB-45DC-A1FF-2CE4E2B36EBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99007321-EAFB-45DC-A1FF-2CE4E2B36EBA}" => key removed successfully
C:\Windows\System32\Tasks\{14D285C5-79E7-41F8-A0A4-92947A149AF2} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{14D285C5-79E7-41F8-A0A4-92947A149AF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0C9CA7C-08A5-4A4D-B9F8-F4EF5F1DEB75}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0C9CA7C-08A5-4A4D-B9F8-F4EF5F1DEB75}" => key removed successfully
C:\Windows\System32\Tasks\{A3C26A17-3EE6-4376-8519-75B9FB3BB78B} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A3C26A17-3EE6-4376-8519-75B9FB3BB78B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA122244-E4EA-4698-9F2E-24B9C3F58C4B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA122244-E4EA-4698-9F2E-24B9C3F58C4B}" => key removed successfully
C:\Windows\System32\Tasks\{07778674-5996-44C0-9840-ED595E6BDDBD} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{07778674-5996-44C0-9840-ED595E6BDDBD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC4627CC-9CD0-4BD9-BAD9-4A7682F0097F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC4627CC-9CD0-4BD9-BAD9-4A7682F0097F}" => key removed successfully
C:\Windows\System32\Tasks\{CF5A59B7-C1FB-4CEC-8143-057DA4DDB30F} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CF5A59B7-C1FB-4CEC-8143-057DA4DDB30F}" => key removed successfully
"C:\Windows\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found.
"C:\Windows\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {A034F878-F25A-4155-AE4B-132DCAF5C762}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  DEL %TEMP%\*.* /F /S /Q =========
 
Deleted file - C:\Users\Will\AppData\Local\Temp\6DF3.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\AdobeARM.log
Deleted file - C:\Users\Will\AppData\Local\Temp\adwcleaner.db
Deleted file - C:\Users\Will\AppData\Local\Temp\AdwCleaner.jpg
Deleted file - C:\Users\Will\AppData\Local\Temp\chrome_installer.log
Deleted file - C:\Users\Will\AppData\Local\Temp\Cleaning.ico
Deleted file - C:\Users\Will\AppData\Local\Temp\EULA.txt
C:\Users\Will\AppData\Local\Temp\FXSAPIDebugLogFile.txt
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Will\AppData\Local\Temp\HULFont000.ttf
Deleted file - C:\Users\Will\AppData\Local\Temp\HULFont001.ttf
Deleted file - C:\Users\Will\AppData\Local\Temp\JavaDeployReg.log
Deleted file - C:\Users\Will\AppData\Local\Temp\java_install_reg.log
Deleted file - C:\Users\Will\AppData\Local\Temp\jpg1026.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpg1CA4.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpg2965.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpg31BA.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpgA2C3.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpgA669.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpgAC26.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpgB163.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpgDFA4.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpgDFB5.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpgE468.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpgEA84.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpgF1FB.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpgF4C6.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\jpgFEC8.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\JRT.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\JRT2.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\jusched.log
Deleted file - C:\Users\Will\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20150525_223153468-MSI_vc_red.msi.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20150525_223153468.html
Deleted file - C:\Users\Will\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20150525_223101403-MSI_vc_red.msi.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20150525_223101403.html
Deleted file - C:\Users\Will\AppData\Local\Temp\npC5A0.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\npC929.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\npC92A.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\Quarantine.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\RDB876.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\Report.ico
Deleted file - C:\Users\Will\AppData\Local\Temp\Scan.ico
Deleted file - C:\Users\Will\AppData\Local\Temp\sluDFE3.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\sluDFE4.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\sluDFE5.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\sqlite3.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\t0x116993445.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\tmp8591.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\Uninstall.ico
Deleted file - C:\Users\Will\AppData\Local\Temp\utt30BF.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\utt30C0.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\utt30C1.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\utt30C2.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\utt30C3.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\uttD2C7.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\uttD2C8.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\uttD2C9.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\uttD2CA.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\uttD2CB.tmp
Deleted file - C:\Users\Will\AppData\Local\Temp\__pythonRunner.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF00A1B23BC267FA65.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF1C770F439E599EDF.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF1C7DF1EB56FAB60E.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF1D005C523399F2E0.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF308472E0ADE6A0E1.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF396AB7A74F874F97.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF3F7FB3103035FB97.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF4800BA5A7E0FEE0F.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF753C906E19E9347D.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF7F9261AB623874AB.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF81F5C5A2132B032C.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF85D6EB73BC300EAB.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF85F8CC416E8CD153.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DF90278A57A64D1974.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DFA9331B0A535A3C47.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DFC6DD70229CF5130D.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DFEA63FBF50EEAE7BB.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DFEC760C49EA1BA6A8.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\~DFED67BA054121C879.TMP
Deleted file - C:\Users\Will\AppData\Local\Temp\CdFileMgr\-a50a3885-e967-48.dds
Deleted file - C:\Users\Will\AppData\Local\Temp\CR_0FEE6.tmp\SETUP_PATCH.PACKED.7Z
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Binaries\UnSetup.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Binaries\InstallData\eula.rtf
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\vcredist_x64_vs2010sp1.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\vcredist_x86_vs2010sp1.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\AMD\amdcpusetup.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\Binaries\UnSetup.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\Binaries\InstallData\eula.rtf
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\APR2007_xinput_x64.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\APR2007_xinput_x86.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\DSETUP.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\dsetup32.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\dxdllreg_x86.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\DXSETUP.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\dxupdate.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\Feb2010_X3DAudio_x64.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\Feb2010_X3DAudio_x86.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\Jun2010_D3DCompiler_43_x64.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\Jun2010_D3DCompiler_43_x86.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\Jun2010_d3dx11_43_x64.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\Jun2010_d3dx11_43_x86.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\Jun2010_d3dx9_43_x64.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\Jun2010_d3dx9_43_x86.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\Jun2010_XAudio_x64.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\Epic-1bd208b3-28e8-42f0-98a3-99053ed3e283\Redist\DXRedistCutdown\Jun2010_XAudio_x86.cab
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\appinit64_null.reg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\appinit_null.reg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\ask.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\askCLSID.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\askregkey_x64.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\askregkey_x86.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\askregvalue_x64.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\askregvalue_x86.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\badAPPINIT.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\badFOLDERS.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\badFOLDERScom.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\badFOLDERSstart.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\badLNK.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\badTASKS.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\badvalues.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\browsermngr_keys.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\browsermngr_values.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\CHOICE.DAT
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\chrome.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\CHRregkey_x64.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\CHRregkey_x86.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\CHR_extensions.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\CHR_open_x64.reg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\CHR_open_x86.reg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\clean_shortcut.vbs
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\currentmd5.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\CUT.DAT
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\datamngr_del.reg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\defaultscope.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\delfolders.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\ev_clear.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FFbrowsermngr.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FFextensions.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FFpluginREG.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FFplugins.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FFprefs.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FFregkey_x64.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FFregkey_x86.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FFwhtlist.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FFXML.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FFXPI.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FF_open_x64.reg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\FF_open_x86.reg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\firefox.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\get.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\GREP.DAT
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\IEwhtlst.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\iexplore.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\IE_open_x64.reg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\IE_open_x86.reg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\IFEO.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\libiconv2.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\libintl3.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\medfos.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\misc.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\mws.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\newmd5.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\NIRCMD.DAT
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\pcre3.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\prelim.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\regex2.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\runvalues.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\runvalues_x64.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\runvalues_x86.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\searchlnk.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\SED.DAT
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\services.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\serviceseventlog.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\SHORTCUT.DAT
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\surfvox.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\TDL4.bat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\WGET.DAT
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\winlogon.reg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\wl_bhoclsid.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\wl_processes.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\wl_toolbars.cfg
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\nfo\choice.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\nfo\GNU utilities for Win32.url
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\nfo\sed.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\nfo\shortcut.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\nfo\Tweaking.com Registry Backup.url
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\nfo\wget.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\temp\null.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\change_log.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\data.dat
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\keywords.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\MSINET.Ocx
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\pcwintech_tasksch.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\Settings.ini
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\SSubTmr6.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingFormControls.ocx
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingImgCtl.ocx
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingRegistryBackup.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingRegistryBackup.exe.manifest
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\tweaking_com_treeview.ocx
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\tweaking_tabs.ocx
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\vbalIml6.ocx
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\files\dosdev.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\files\recovery_console.reg
Deleted file - C:\Users\Will\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\MozUpdater\bgupdate\updater.ini
Deleted file - C:\Users\Will\AppData\Local\Temp\NexusClientCLI\A Quality World Map - New Installer-4929-8-4.7z
Deleted file - C:\Users\Will\AppData\Local\Temp\NexusClientCLI\A Quality World Map - New Installer-4929-8-4.7z.zip
Deleted file - C:\Users\Will\AppData\Local\Temp\NexusClientCLI\overwrites\Data\Textures\terrain\Tamriel\ixs2zbg2_tamriel.32.0.-32.dds
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\devtools_resources.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\icudt.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\libcef.dll
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\SuperNodeCompressed.7z
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\SuperNodeCompressed.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\SuperNodeDownloadManager.exe
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\9Dragons_HTML.html
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\css\styles.css
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\css\ui-lightness\jquery-ui-1.10.3.custom.css
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\css\ui-lightness\images\ui-bg_flat_75_ffffff_40x100.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\agree_default.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\agree_disabled.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\agree_over.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\background-darken.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\background.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\browse_default.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\browse_disabled.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\browse_over.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\cancel_default.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\cancel_disabled.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\cancel_over.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\close.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\close_mouseover.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\icon.ico
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\loading.gif
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\loading_bar.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\loading_bar_2.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\minimize.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\minimize_mouseover.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\next_default.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\next_disabled.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\next_over.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\open_default.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\open_disabled.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\open_over.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\pause_default.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\pause_disabled.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\pause_over.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\resume_default.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\resume_disabled.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\resume_over.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\stop_default.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\stop_disabled.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\stop_over.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\525d1816ef911007f8310ae1\img\systray.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\js\dm.js
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\js\jquery-1.9.1.min.js
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\js\jquery-ui-1.10.3.custom.min.js
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\js\stats\Charts.js
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\js\stats\stats.js
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\js\stats\Bootstrap\bootstrap.js
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\js\stats\Bootstrap\bootstrap.min.js
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\js\stats\D3\d3.v3.min.js
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\js\stats\D3\nv.d3.min.js
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\am.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\ar.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\bg.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\bn.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\ca.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\cs.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\da.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\de.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\el.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\en-GB.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\en-US.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\es-419.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\es.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\et.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\fa.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\fi.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\fil.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\fr.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\gu.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\he.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\hi.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\hr.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\hu.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\id.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\it.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\ja.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\kn.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\ko.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\lt.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\lv.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\ml.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mr.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\ms.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\nb.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\nl.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\pl.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\pt-BR.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\pt-PT.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\ro.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\ru.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\sk.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\sl.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\sr.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\sv.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\sw.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\ta.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\te.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\th.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\tr.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\uk.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\vi.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\zh-CN.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\zh-TW.pak
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\cs\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\de\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\el\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_AR\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_BO\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_CL\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_CO\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_CR\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_DO\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_EC\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_ES\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_GT\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_HN\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_MX\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_NI\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_PA\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_PE\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_PR\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_PY\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_SV\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_UY\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\es_VE\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\fr\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\it\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\ja\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\ko\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\nl\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\pl\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\pt\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\ro\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\ru\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\th\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\tr\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\zh\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\zh_CN\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\zh_HK\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\zh_MO\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\zh_SG\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\locales\mo\zh_TW\LC_MESSAGES\dm.mo
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\logs\Log.2015.05.30.04.39.31.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\logs\Log.2015.05.30.04.39.40.txt
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\packages\525d1d03ef911007f8310af9.json
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\shortcuts\525d1d03ef911007f8310af9.lnk
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\stats\stats.html
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\stats\css\Base.css
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\stats\css\Bootstrap\bootstrap-responsive.css
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\stats\css\Bootstrap\bootstrap-responsive.min.css
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\stats\css\Bootstrap\bootstrap.css
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\stats\css\Bootstrap\bootstrap.min.css
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\stats\css\Bootstrap\images\glyphicons-halflings-white.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\stats\css\Bootstrap\images\glyphicons-halflings.png
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\stats\css\D3\nv.d3.css
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\stats\img\black-background.jpg
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\stats\img\grey-background.jpg
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\transfers\263e80523b274a1584e85512150865f6.json
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\transfers\435570c3fab2453e9a6ae80d5d1142f3.json
Deleted file - C:\Users\Will\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\transfers\4e862313506045ab8403b322b36f82bd.json
Deleted file - C:\Users\Will\AppData\Local\Temp\Skype\DbTemp\temp-0wZKS0a7ZkHbNj2dNhSHpljj
Deleted file - C:\Users\Will\AppData\Local\Temp\Skype\DbTemp\temp-dtAgbRQv5n1PUOxVB4H6tK7j
 
========= End of CMD: =========
 
 
=========  RD /S /Q %TEMP% =========
 
C:\Users\Will\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
 
The system needed a reboot.. 
 
==== End of Fixlog 22:29:54 ====
 
 
It's still a bit too early to tell, but unfortunately it looks like the issue persists.


#7 urdadinatoaster

urdadinatoaster
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 05 June 2015 - 08:48 PM

System memory is back up to 66%. I feel confident saying the problem has not yet been resolved.



#8 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:28 PM

Posted 06 June 2015 - 03:00 AM

FIRST >>>
 
Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.
 
 
SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#9 urdadinatoaster

urdadinatoaster
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 13 June 2015 - 05:40 PM

Terribly sorry! I must have missed the notification that you posted!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Will (administrator) on DERPADOO on 13-06-2015 17:41:29
Running from C:\Users\Will\Desktop
Loaded Profiles: Will (Available Profiles: Will & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\...\Run: [Google Update] => C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-19] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U154&form=U154HP
HKU\S-1-5-21-1193129655-1466855322-3122330668-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
DPF: HKLM-x32 {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1E14E7DC-6973-457B-BCC1-19EA63FD92EB}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default
FF Homepage: hxxp://www.bing.com/?pc=U154&form=U154HP
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Will\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Will\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Will\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-3122330668-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-05-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPMFireLauncher.dll [2009-11-09] (MGame)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: Reddit Enhancement Suite - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack [2013-02-15]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-05-19]
FF Extension: IE Tab - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-21]
FF Extension: Reddit Enhancement Suite - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-02-15]
FF Extension: Web Developer - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-12-12]
FF Extension: Adblock Plus - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Reverse Youtube Playlist) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhonbaagcobjdmbocblbebcmbmmbfmi [2014-08-07]
CHR Extension: (Angry Birds) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-05-19]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-12-25]
CHR Extension: (WiBit) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejaaogemoligmkbmeafkhnaegkggihf [2012-05-19]
CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-19]
CHR Extension: (Honey) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-06-07]
CHR Extension: (Razer II The New Form) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabeahcoigimgpgcjakhbbmpjcmhgapf [2013-10-15]
CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-19]
CHR Extension: (Google+) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2012-05-19]
CHR Extension: (Google Calendar) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-05-19]
CHR Extension: (Tonematrix) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\enpfehkomaakbncdddjkoffacajcglha [2012-08-13]
CHR Extension: (Full Screen Weather) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2012-05-19]
CHR Extension: (AdBlock) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-05-19]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2013-12-31]
CHR Extension: (Gun Blood) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifphbghhodpimajnjejgjlfcjmnnkhci [2012-08-13]
CHR Extension: (Dropbox) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2012-05-19]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2012-05-20]
CHR Extension: (Little Alchemy) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-02-02]
CHR Extension: (Google Wallet) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Outlook.com) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2012-05-19]
CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1145216 2015-05-22] ()
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-09-09] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-19] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-24] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [282296 2015-06-13] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-09] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-02-25] (Echobit, LLC)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [8704 2014-10-30] (Windows ® Win 7 DDK provider) [File not signed]
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2011-11-10] (MotioninJoy) [File not signed]
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129088 2013-09-14] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [38912 2014-10-30] (SteelSeries ApS) [File not signed]
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-05-28] (Spotflux, Inc.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-13 17:41 - 2015-06-13 17:41 - 02109952 _____ (Farbar) C:\Users\Will\Desktop\FRST64.exe
2015-06-13 17:41 - 2015-06-13 17:41 - 00000000 ____D C:\Users\Will\Desktop\FRST-OlderVersion
2015-06-13 17:28 - 2015-06-13 17:28 - 02231296 _____ C:\Users\Will\Downloads\AdwCleaner (1).exe
2015-06-12 21:00 - 2015-06-12 22:37 - 00000000 ____D C:\Users\Will\AppData\Local\The Witcher
2015-06-12 21:00 - 2015-06-12 21:34 - 00000000 ____D C:\Users\Will\Documents\The Witcher
2015-06-12 20:58 - 2015-06-12 20:58 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2015-06-09 21:20 - 2015-06-09 21:20 - 18169520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-07 01:23 - 2015-06-07 01:23 - 02231296 _____ C:\Users\Will\Downloads\AdwCleaner.exe
2015-06-07 01:22 - 2015-06-07 01:22 - 00002413 _____ C:\Users\Will\Desktop\JRT.txt
2015-06-07 01:18 - 2015-06-07 01:18 - 02942406 _____ (Thisisu) C:\Users\Will\Downloads\JRT (1).exe
2015-06-03 18:18 - 2015-06-03 18:18 - 00082492 _____ C:\Users\Will\Downloads\Addition.txt
2015-06-03 18:13 - 2015-06-03 18:18 - 00036535 _____ C:\Users\Will\Downloads\FRST.txt
2015-06-03 01:26 - 2015-06-03 01:26 - 00000320 _____ C:\Users\Will\Downloads\INI settings-51038-1-1 (1).rar
2015-06-03 01:22 - 2015-06-03 01:23 - 00584318 _____ C:\Users\Will\Downloads\skse_1_07_02 (1).7z
2015-06-02 21:56 - 2015-06-02 21:56 - 00006800 _____ C:\Users\Will\Downloads\XCE-1_13-BCF.7z
2015-06-02 21:28 - 2015-06-02 21:30 - 40976164 _____ C:\Users\Will\Downloads\Default Animal Replacement Med Res-3621-1-7.zip
2015-06-02 21:07 - 2015-06-02 21:07 - 00004876 _____ C:\Users\Will\Downloads\G_Real_Ice_BAIN-v3.0-5388-BCF.7z
2015-06-02 18:42 - 2015-06-02 18:42 - 00000000 ____D C:\Users\Will\AppData\Local\Nexus
2015-06-02 01:01 - 2015-06-02 01:01 - 00019873 _____ C:\Users\Will\Downloads\[katproxy.com]skyrim.realistic.overhaul.dg.v1.6.optimal.1k.2k.torrent
2015-06-01 17:49 - 2015-06-07 17:37 - 00000000 ____D C:\Users\Will\STEP
2015-06-01 17:45 - 2015-06-01 17:45 - 00000320 _____ C:\Users\Will\Downloads\INI settings-51038-1-1.rar
2015-06-01 17:37 - 2015-06-01 17:37 - 00584318 _____ C:\Users\Will\Downloads\skse_1_07_02.7z
2015-06-01 17:29 - 2015-06-01 17:29 - 02360112 _____ C:\Users\Will\Downloads\enbseries_skyrim_v0269.zip
2015-06-01 17:27 - 2015-06-01 17:27 - 00021253 _____ C:\Users\Will\Downloads\Cell Stabilizer-41592-.zip
2015-06-01 17:26 - 2015-06-01 17:26 - 00335183 _____ C:\Users\Will\Downloads\skse_1_07_02_installer.exe
2015-06-01 17:26 - 2015-06-01 17:26 - 00002261 _____ C:\Users\Guest\Desktop\Skyrim (SKSE).lnk
2015-06-01 17:19 - 2015-06-03 01:35 - 00000000 ____D C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2015-06-01 17:17 - 2015-06-01 17:17 - 00001421 _____ C:\Users\Will\Desktop\Mod Organizer.lnk
2015-06-01 17:15 - 2015-06-01 17:16 - 18298624 _____ (Wrye Bash development team) C:\Users\Will\Downloads\Wrye Bash 305 - Installer-1840-305.exe
2015-06-01 17:15 - 2015-06-01 17:15 - 02546322 _____ C:\Users\Will\Downloads\TES5Edit 3.1.1-25859-3-1-1.7z
2015-06-01 17:14 - 2015-06-06 00:47 - 00000000 ____D C:\Users\Will\AppData\Local\LOOT
2015-06-01 17:14 - 2015-06-06 00:47 - 00000000 ____D C:\Program Files (x86)\LOOT
2015-06-01 17:14 - 2015-06-01 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT
2015-06-01 17:13 - 2015-06-01 17:14 - 21896146 _____ (LOOT Team) C:\Users\Will\Downloads\LOOT.Installer.exe
2015-06-01 16:38 - 2015-06-12 00:39 - 00000000 ____D C:\Program Files (x86)\Mod Organizer
2015-06-01 16:37 - 2015-06-01 16:38 - 19383202 _____ C:\Users\Will\Downloads\Mod Organizer v1_2_18 installer-1334-1-2-18.exe
2015-05-29 23:49 - 2015-05-29 23:49 - 00001452 _____ C:\Users\Guest\Desktop\9Dragons.lnk
2015-05-29 23:49 - 2015-05-29 23:49 - 00000618 _____ C:\Users\Guest\Desktop\Run 9Dragons.lnk
2015-05-29 23:48 - 2015-06-07 17:34 - 00000000 ____D C:\9Dragons
2015-05-29 23:38 - 2015-05-29 23:38 - 02384576 _____ (Reloaded Technologies) C:\Users\Will\Downloads\9Dragons_Downloader.exe
2015-05-25 18:52 - 2015-05-25 18:53 - 00008360 _____ C:\Windows\system32\lvcoinst.log
2015-05-25 18:52 - 2015-05-25 18:52 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-05-25 18:52 - 2015-05-25 18:52 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-05-22 21:17 - 2015-05-22 21:17 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2015-05-17 07:48 - 2015-05-17 07:48 - 00000000 ____D C:\Program Files (x86)\Google
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-13 17:41 - 2015-05-11 19:33 - 00021641 _____ C:\Users\Will\Desktop\FRST.txt
2015-06-13 17:41 - 2015-04-17 20:27 - 00000000 ____D C:\FRST
2015-06-13 17:37 - 2015-04-01 19:30 - 00021467 _____ C:\Windows\setupact.log
2015-06-13 17:37 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-13 17:36 - 2015-04-01 19:34 - 01500948 _____ C:\Windows\WindowsUpdate.log
2015-06-13 17:34 - 2015-04-17 20:26 - 00000000 ____D C:\AdwCleaner
2015-06-13 17:24 - 2012-05-20 22:12 - 00000000 ____D C:\Users\Will\AppData\Roaming\Skype
2015-06-13 17:20 - 2012-06-01 22:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-13 16:57 - 2012-06-08 13:54 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1002UA.job
2015-06-13 16:54 - 2012-05-19 02:58 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000UA.job
2015-06-13 16:20 - 2014-05-24 01:48 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-06-13 16:20 - 2012-05-24 15:14 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-06-13 16:13 - 2014-05-24 01:48 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-06-13 16:13 - 2012-02-27 04:01 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-13 16:12 - 2009-07-14 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-13 07:54 - 2012-05-19 02:58 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000Core.job
2015-06-13 03:57 - 2012-06-08 13:54 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1002Core.job
2015-06-13 01:35 - 2013-11-17 18:31 - 00000000 ____D C:\Users\Will\AppData\Local\Battle.net
2015-06-13 01:34 - 2013-07-31 23:20 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-06-12 21:00 - 2015-04-19 10:41 - 00019709 _____ C:\Windows\DirectX.log
2015-06-12 20:53 - 2009-07-13 23:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-12 20:53 - 2009-07-13 23:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-10 23:06 - 2015-04-24 19:18 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-10 18:03 - 2012-05-19 02:20 - 00000000 ____D C:\Users\Will
2015-06-09 23:28 - 2014-12-29 20:37 - 00000000 ____D C:\Users\Will\AppData\Roaming\vlc
2015-06-09 21:30 - 2015-04-26 20:09 - 00000000 ____D C:\Users\Will\AppData\Roaming\dvdcss
2015-06-09 21:20 - 2012-06-01 22:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 21:20 - 2012-06-01 22:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 21:20 - 2012-06-01 22:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-07 17:37 - 2013-11-17 18:31 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-07 01:38 - 2014-11-18 23:06 - 00000000 ____D C:\Users\Will\AppData\Roaming\OBS
2015-06-06 03:14 - 2013-10-01 21:47 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-06 00:41 - 2012-06-07 11:16 - 00000000 ____D C:\ProgramData\Skype
2015-06-03 22:29 - 2013-04-02 18:33 - 00000000 ____D C:\Users\Guest
2015-06-03 01:03 - 2012-09-06 02:56 - 00000000 ____D C:\Users\Will\AppData\Roaming\uTorrent
2015-06-01 17:25 - 2012-05-23 19:56 - 00000000 ____D C:\Users\Will\AppData\Local\Skyrim
2015-05-30 23:14 - 2013-10-26 01:05 - 00000000 ____D C:\Users\Will\AppData\Local\CrashDumps
2015-05-30 13:02 - 2012-06-06 02:32 - 00000000 ____D C:\Users\Will\AppData\Local\SniperV2
2015-05-28 00:28 - 2012-02-27 04:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-24 00:06 - 2012-06-02 20:49 - 00000000 ____D C:\Users\Will\AppData\Local\ArmA 2 OA
2015-05-17 07:49 - 2012-05-19 02:58 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000UA
2015-05-17 07:49 - 2012-05-19 02:58 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1193129655-1466855322-3122330668-1000Core
2015-05-14 19:12 - 2015-01-21 17:51 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
 
==================== Files in the root of some directories =======
 
2014-06-22 12:01 - 2014-06-22 12:01 - 0000885 _____ () C:\Program Files (x86)\Program Files (x86) - Shortcut.lnk
2013-09-13 23:41 - 2013-09-13 23:19 - 0012005 _____ () C:\Users\Will\AppData\Roaming\alsoft.ini
2013-04-22 13:21 - 2013-10-22 03:06 - 0034816 _____ () C:\Users\Will\AppData\Roaming\RZR_00203f354c53873a22a6188faec3.db
2013-05-17 19:11 - 2013-07-10 01:34 - 0009308 _____ () C:\Users\Will\AppData\Local\CleanupUninstall.txt
2013-03-29 02:23 - 2013-03-29 02:23 - 0003584 _____ () C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-13 11:15 - 2012-06-13 11:15 - 0000092 _____ () C:\Users\Will\AppData\Local\fusioncache.dat
2014-05-20 22:15 - 2015-04-09 18:49 - 0007614 _____ () C:\Users\Will\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Will\AppData\Local\Temp\Quarantine.exe
C:\Users\Will\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Will\AppData\Local\Temp\sqlite3.dll
C:\Users\Will\AppData\Local\Temp\__pythonRunner.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-03 21:22
 
==================== End of log ============================

 

_____________________________________________________________________________

 

# AdwCleaner v4.206 - Logfile created 13/06/2015 at 17:34:30

# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Will - DERPADOO
# Running from : C:\Users\Will\Downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
File Deleted : C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
 
-\\ Google Chrome v
 
[C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [13929 bytes] - [17/04/2015 20:43:31]
AdwCleaner[R1].txt - [2509 bytes] - [05/05/2015 00:05:03]
AdwCleaner[R2].txt - [2292 bytes] - [13/06/2015 17:28:52]
AdwCleaner[S0].txt - [14058 bytes] - [17/04/2015 20:45:34]
AdwCleaner[S1].txt - [2593 bytes] - [05/05/2015 00:07:14]
AdwCleaner[S2].txt - [2233 bytes] - [13/06/2015 17:34:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2292  bytes] ##########

Edited by urdadinatoaster, 13 June 2015 - 05:42 PM.


#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:28 PM

Posted 14 June 2015 - 03:07 AM

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from here .  The version installed on your system is not the latest; this will update that version for you.

Double Click on the mbam-setup.exe file to install the application.

 

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once updated, please select Settings > Detection and Protection. Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"
Detection%20Settings_zpsaviydqil.png

Once the settings have been configured, select the Dashboard tab to return to the Main screen and select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.
mbam21-scaninprogress_zps38w26yvt.jpg

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

Please make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
386d1e7f-0e85-4425-b4dc-fa8ad24a4855_zps

The report screen will open.
a50e2fb7-0c07-4ff6-917c-19e7329dab8a_zps

At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
ExportSaved_zpsac3a71eb.png

The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.


Edited by dbrisendine, 14 June 2015 - 03:08 AM.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#11 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:28 PM

Posted 24 June 2015 - 03:07 PM

Do you still need assistance with this?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#12 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:28 PM

Posted 01 July 2015 - 11:05 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users