Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unwanted pages opening in browser and unable to run certain programs


  • This topic is locked This topic is locked
24 replies to this topic

#1 Twinmum

Twinmum

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:22 PM

Posted 09 June 2015 - 05:28 AM

Hello. Thanks in advance for helping me.

 

After a LAN party, my daughter complained about various pop ups appearing and asked for my help. We found a number of items that had been installed that day and removed them. However on restarting the computer, some persisted.

I tried to run AVG and Malwarebytes, but neither would run.

The browser was allso hijacked by searching.com

 

At that point I came here and on advice I have tried the following

details of all logs can be found at the topiic here.....  http://www.bleepingcomputer.com/forums/t/578670/searchingcom-plus-other-nasties/

 

MiniToolbox by Farbar  - results posted

Security Check by screen317 - results posted

 

AdwCleaner by Explode  - log posted

ran AdwCleaner again chose cleaning and posted log

 

Junkware Removal Tool - could not get to run

Emsisoft Emergency Kit - could not get to run

 

Rkill  - wouldn't run

FixExec - 6 processes were terminated - log posted

 

Malwarebytes Anti-Malware  would not run

Malwarebytes Chameleon would not run

 

From there Alexstrasza directed me to the Prep Guide which in turn has brought me here.

 

I have run FRST and the log follows. Addition.txt file attached

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Ashlee (administrator) on ASHLEE-PC on 09-06-2015 19:50:10
Running from C:\Users\Ashlee\Desktop
Loaded Profiles: Ashlee (Available Profiles: Ashlee & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Infonaut) C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIS without Co) C:\Windows\Provider\UpdaterToolService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\First Verify\afirstsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590656 2015-05-15] (Razer Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [gmsd_au_319] => [X]
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Ashlee\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-05] (Valve Corporation)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-02] (Nota Inc.)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [SkypeVoiceChanger] => C:\Program Files (x86)\AthTek\Voice Changer for Skype\SkypeVoiceChanger.exe /auto
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Spotify Web Helper] => C:\Users\Ashlee\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-07] (Spotify Ltd)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282816 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [BackUp978759929] => C:\Users\Ashlee\AppData\Roaming\BackUp978759929.exe [462848 2009-07-14] ()
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Spotify] => C:\Users\Ashlee\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-06-07] (Spotify Ltd)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\MountPoints2: {e3b5af4d-3888-11e4-ad75-94de80741260} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2014-01-19]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-05-19]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-08-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-05-19]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C580.lnk [2015-04-13]
ShortcutTarget: C580.lnk -> C:\ProgramData\{b7519684-238b-5ef1-b751-196842385a10}\C580.exe (No File)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F0.lnk [2015-04-13]
ShortcutTarget: F0.lnk -> C:\ProgramData\{de85fefc-dde9-3678-de85-5fefcddefbf3}\F0.exe (No File)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FF60.lnk [2015-04-13]
ShortcutTarget: FF60.lnk -> C:\ProgramData\{25e291f2-cb0c-d8a3-25e2-291f2cb047cb}\FF60.exe (No File)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-06-09]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Ashlee\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sword Art Online 01 - Aincrad.pdf.lnk [2015-04-14]
ShortcutTarget: Sword Art Online 01 - Aincrad.pdf.lnk -> C:\ProgramData\{ee76c9f7-2d40-9c66-ee76-6c9f72d427dc}\Sword Art Online 01 - Aincrad.pdf.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610&q={searchTerms}
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610&q={searchTerms}
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AutoDeAlsAPp -> {45CC82C0-0455-4320-AA19-6DA582FB82A1} -> C:\Program Files (x86)\AutoDeAlsAPp\cgdqXOtRnI5Mj1.x64.dll No File
BHO-x32: AutoDeAlsAPp -> {45CC82C0-0455-4320-AA19-6DA582FB82A1} -> C:\Program Files (x86)\AutoDeAlsAPp\cgdqXOtRnI5Mj1.dll No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 02 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 03 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 04 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 05 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 06 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 07 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 08 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 09 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 10 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 21 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9-x64 01 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 02 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 03 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 04 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 05 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 06 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 07 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 08 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 09 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 10 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 21 C:\Windows\Provider.dll [173056 2015-06-09] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6F1B4597-E969-44DF-9C33-538B39C15279}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{7456F197-4F43-40A3-A9AC-23678AC01AA8}: [NameServer] 81.218.119.5,82.163.142.130
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610

FireFox:
========
FF ProfilePath: C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
FF Homepage: hxxp://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-23] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin HKU\S-1-5-21-3659292527-334032331-3834142823-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ashlee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3659292527-334032331-3834142823-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin HKU\S-1-5-21-3659292527-334032331-3834142823-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Extension: QuickSearch - C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\searchffv2@gmail.com [2015-06-09]
FF Extension: AutoDeAlsAPp - C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\SGgT8s@l.net [2015-06-08]
FF Extension: DiscountMan - C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\zocqdcuicrwotfz_cu@ctyynqwbqekmlook.com [2015-06-08]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\extensions\searchffv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-06-03] <==== ATTENTION

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (YouTube) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Google Sheets) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Hola Better Internet) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-15]
CHR Extension: (Google Wallet) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (Gmail) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 cybusyro; C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009\jnsc264B.tmp [223232 2015-06-06] () [File not signed]
S2 dequzody; C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009\hnsx4ABE.tmp [167424 2015-06-06] () [File not signed]
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-12-16] (Hi-Rez Studios) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 insvc_1.10.0.14; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-11] (Infonaut)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S2 muqusoni; C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009\nsv2CB6.tmp [684032 2015-06-08] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-07] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 UpdateDustTool; C:\Windows\Provider\UpdaterToolService.exe [111616 2015-04-22] (VIS without Co) [File not signed]
R2 Verifies and fixes issues; C:\Windows\SysWOW64\First Verify\afirstsvc.exe [100768 2015-04-20] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run  [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-05-04] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-11] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-03] ()
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-11] (Infonaut)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2014-05-30] (MotioninJoy) [File not signed]
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-24] (Razer, Inc.)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2014-12-22] (Creative Technology Ltd.)
S3 BS978759929; \??\C:\Users\Ashlee\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 11:50 - 2015-06-10 11:50 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-10 11:49 - 2015-06-10 11:49 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-09 19:50 - 2015-06-09 19:50 - 00029208 _____ C:\Users\Ashlee\Desktop\FRST.txt
2015-06-09 19:49 - 2015-06-09 19:50 - 00000000 ____D C:\FRST
2015-06-09 19:49 - 2015-06-09 19:48 - 02108928 _____ (Farbar) C:\Users\Ashlee\Desktop\FRST64.exe
2015-06-09 19:28 - 2015-06-09 19:40 - 00020974 _____ C:\Windows\system32\DB978759929
2015-06-09 19:15 - 2015-06-09 19:21 - 00000000 ____D C:\Users\Ashlee\Desktop\New folder (2)
2015-06-09 18:58 - 2015-06-09 18:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ashlee\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-09 18:06 - 2015-06-09 18:06 - 00000743 _____ C:\Users\Ashlee\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-09 18:03 - 2015-06-09 18:04 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\FixExec.exe
2015-06-09 17:54 - 2015-06-09 17:54 - 00266320 _____ C:\Windows\Minidump\060915-58203-01.dmp
2015-06-09 17:26 - 2015-06-09 18:04 - 00002406 _____ C:\Users\Ashlee\Desktop\FixExec.txt
2015-06-09 17:16 - 2015-06-09 17:16 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\iexplore.exe.exe
2015-06-09 10:52 - 2015-06-09 18:55 - 00173056 _____ C:\Windows\Provider.dll
2015-06-09 10:52 - 2015-06-09 18:55 - 00000000 ____D C:\Windows\Provider32
2015-06-09 10:52 - 2015-06-09 16:52 - 00173056 _____ C:\Windows\Provider20150609185459PM.dll
2015-06-09 10:52 - 2015-06-09 15:52 - 00173056 _____ C:\Windows\Provider20150609165252PM.dll
2015-06-09 10:52 - 2015-06-09 14:52 - 00173056 _____ C:\Windows\Provider20150609155243PM.dll
2015-06-09 10:52 - 2015-06-09 13:52 - 00173056 _____ C:\Windows\Provider20150609145235PM.dll
2015-06-09 10:52 - 2015-06-09 12:52 - 00173056 _____ C:\Windows\Provider20150609135227PM.dll
2015-06-09 10:52 - 2015-06-09 11:52 - 00173056 _____ C:\Windows\Provider20150609125218PM.dll
2015-06-09 10:52 - 2015-06-09 10:52 - 00718497 _____ C:\Windows\unins000.exe
2015-06-09 10:52 - 2015-06-09 10:52 - 00010265 _____ C:\Windows\unins000.dat
2015-06-09 10:52 - 2015-06-09 10:52 - 00000000 ____D C:\Windows\Provider
2015-06-09 10:52 - 2015-06-09 10:52 - 00000000 _____ C:\Windows\SysWOW64\0
2015-06-09 10:52 - 2015-06-02 18:30 - 00173056 _____ C:\Windows\Provider20150609115210AM.dll
2015-06-09 10:52 - 2015-06-02 18:30 - 00101888 _____ C:\Windows\Installer.exe
2015-06-09 10:51 - 2015-06-09 10:51 - 00004040 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-06-09 10:51 - 2015-06-09 10:51 - 00000000 ____D C:\Users\Ashlee\AppData\Local\SmartWeb
2015-06-09 10:51 - 2015-06-09 10:51 - 00000000 ____D C:\Program Files (x86)\Infonaut_1.10.0.14
2015-06-09 10:41 - 2015-06-09 10:41 - 00001052 _____ C:\Users\Ashlee\Desktop\Continue Live Installation.lnk
2015-06-08 21:35 - 2015-06-09 18:06 - 00000000 ____D C:\EEK
2015-06-08 21:35 - 2015-06-08 18:38 - 157272816 _____ C:\Users\Ashlee\Desktop\EmsisoftEmergencyKit.exe
2015-06-08 19:00 - 2015-06-08 18:34 - 02943232 _____ (Thisisu) C:\Users\Ashlee\Desktop\JRT.exe
2015-06-08 12:10 - 2015-06-08 12:10 - 00000000 ____D C:\Program Files (x86)\PatternGenerators
2015-06-08 12:09 - 2015-06-09 18:09 - 00000356 _____ C:\Windows\Tasks\PragmaInstance.job
2015-06-08 12:09 - 2015-06-08 12:09 - 00004096 _____ C:\Windows\SysWOW64\ntwdblib.dll
2015-06-08 12:09 - 2015-06-08 12:09 - 00003270 _____ C:\Windows\System32\Tasks\PragmaInstance
2015-06-08 11:51 - 2015-06-08 18:47 - 00000000 ____D C:\AdwCleaner
2015-06-08 11:47 - 2015-06-08 11:38 - 02231296 _____ C:\Users\Ashlee\Desktop\AdwCleaner.exe
2015-06-08 11:35 - 2015-06-09 19:46 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\tor
2015-06-07 21:38 - 2015-06-07 21:35 - 00852652 _____ C:\Users\Ashlee\Desktop\SecurityCheck.exe
2015-06-07 21:32 - 2015-06-07 21:32 - 00044168 _____ C:\Users\Ashlee\Desktop\Result.txt
2015-06-07 21:18 - 2015-06-08 18:46 - 00000000 ____D C:\Windows\SysWOW64\First Verify
2015-06-07 21:18 - 2015-06-07 21:15 - 00403456 _____ (Farbar) C:\Users\Ashlee\Desktop\MiniToolBox.exe
2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Users\Ashlee\Desktop\Old Firefox Data
2015-06-07 13:45 - 2015-06-07 13:45 - 00002962 _____ C:\Windows\System32\Tasks\{ADE10CA8-0517-48D7-B47B-41A289B4EB0B}
2015-06-07 13:45 - 2015-06-07 13:45 - 00002962 _____ C:\Windows\System32\Tasks\{8317BDAB-C750-49F2-8B00-1555AB078FC2}
2015-06-07 13:41 - 2015-06-07 13:41 - 10694392 _____ (VS Revo Group ) C:\Users\Ashlee\Downloads\RevoUninProSetup.exe
2015-06-07 12:58 - 2015-06-07 12:58 - 04928968 _____ (AVG Technologies) C:\Users\Ashlee\Downloads\avg_free_stb_all_5961p1_177.exe
2015-06-07 11:15 - 2015-06-07 11:17 - 00286776 _____ C:\Windows\Minidump\060715-70730-01.dmp
2015-06-07 11:08 - 2015-06-07 11:08 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\One System Care
2015-06-07 10:49 - 2015-06-07 10:49 - 00000000 ____D C:\Users\Ashlee\AppData\Local\CrashRpt
2015-06-07 10:42 - 2015-06-07 10:42 - 00613255 _____ (CMI Limited) C:\Users\Ashlee\AppData\Local\nscC9C8.tmp
2015-06-07 10:41 - 2015-06-07 10:59 - 00000000 ____D C:\Program Files (x86)\gmsd_au_319
2015-06-06 21:33 - 2015-06-06 21:33 - 00613255 _____ (CMI Limited) C:\Users\Ashlee\AppData\Local\nsx9B76.tmp
2015-06-06 20:22 - 2015-06-09 10:52 - 00001351 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-06 20:22 - 2015-06-09 10:52 - 00001303 _____ C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-06 20:22 - 2015-06-09 10:52 - 00001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-06 20:11 - 2015-06-06 20:12 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\03DE0294-1433585494-0574-1206-600700080009
2015-06-06 19:58 - 2015-06-06 19:58 - 00000000 ____D C:\Users\Ashlee\Documents\Optimizer Pro
2015-06-06 19:53 - 2015-06-09 13:53 - 00000342 _____ C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job
2015-06-06 19:53 - 2015-06-06 19:53 - 00003256 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[3c32]
2015-06-06 19:43 - 2015-06-09 16:58 - 01146180 _____ C:\Windows\system32\CFG978759929
2015-06-06 19:38 - 2015-06-06 19:39 - 00292848 _____ C:\Windows\Minidump\060615-53211-01.dmp
2015-06-06 17:28 - 2015-06-06 17:36 - 00000000 ____D C:\ProgramData\abc
2015-06-06 17:15 - 2009-06-11 07:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-06 17:14 - 2015-06-08 20:51 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009
2015-06-06 17:13 - 2015-06-06 17:13 - 00000000 ____D C:\Program Files\13
2015-06-06 16:02 - 2015-06-06 16:02 - 16979960 _____ (Sun Microsystems, Inc.) C:\Users\Ashlee\Downloads\jre-6u37-windows-i586.exe
2015-06-06 15:59 - 2015-06-06 15:59 - 00561248 _____ (Oracle Corporation) C:\Users\Ashlee\Downloads\jxpiinstall(9).exe
2015-06-06 11:54 - 2015-06-06 11:54 - 00000000 ____D C:\ProgramData\Steam
2015-06-06 11:52 - 2015-06-06 11:55 - 00000000 ____D C:\ProgramData\PopCap Games
2015-06-05 19:06 - 2015-06-05 19:07 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Armagetron
2015-06-05 19:06 - 2015-06-05 19:06 - 00000886 _____ C:\Users\UpdatusUser\Desktop\Armagetron Advanced.lnk
2015-06-05 19:06 - 2015-06-05 19:06 - 00000886 _____ C:\Users\Ashlee\Desktop\Armagetron Advanced.lnk
2015-06-05 19:06 - 2015-06-05 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armagetron Advanced
2015-06-05 19:06 - 2015-06-05 19:06 - 00000000 ____D C:\ProgramData\Armagetron
2015-06-05 19:06 - 2015-06-05 19:06 - 00000000 ____D C:\Program Files (x86)\Armagetron Advanced
2015-06-05 19:04 - 2015-06-05 19:05 - 00000000 ____D C:\Users\Ashlee\Documents\argametron
2015-06-04 22:38 - 2015-06-08 18:47 - 00000000 ____D C:\Windows\system32\log
2015-06-03 11:51 - 2015-06-08 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 11:28 - 2015-06-03 11:28 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Avg
2015-06-01 14:02 - 2015-06-01 14:02 - 00000000 ____D C:\Users\Ashlee\AppData\Local\GWX
2015-05-30 17:39 - 2015-05-30 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-30 17:39 - 2015-05-30 17:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-30 17:39 - 2015-05-30 17:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-30 17:38 - 2015-05-30 17:39 - 13095136 _____ (Microsoft Corporation) C:\Users\Ashlee\Downloads\Silverlight_x64.exe
2015-05-23 16:44 - 2015-05-23 16:55 - 54553958 _____ C:\Users\Ashlee\Downloads\SpeedChess.zip
2015-05-19 18:22 - 2015-05-19 18:22 - 07893868 _____ C:\Users\Ashlee\Downloads\old bonnie.rar
2015-05-19 18:21 - 2015-05-19 18:22 - 00000000 ____D C:\Users\Ashlee\AppData\Local\WinZip
2015-05-19 18:21 - 2015-05-19 18:21 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-05-19 18:21 - 2015-05-19 18:21 - 00000000 ____D C:\ProgramData\WinZip
2015-05-19 18:21 - 2015-05-19 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-05-19 18:21 - 2015-05-19 18:21 - 00000000 ____D C:\Program Files\WinZip
2015-05-19 18:20 - 2015-05-19 18:20 - 01080672 _____ (WinZip) C:\Users\Ashlee\Downloads\wz19-mf.exe
2015-05-16 22:38 - 2015-05-16 22:38 - 00000226 _____ C:\Users\Ashlee\Desktop\▶ Pitch Perfect 2 Official Sountrack (14. The Barden Bellas - World Championship Finale 2) - YouTube.URL
2015-05-15 20:16 - 2015-05-15 20:17 - 03020666 _____ C:\Users\Ashlee\Downloads\toadash.zip
2015-05-15 13:29 - 2015-06-07 11:27 - 00000024 _____ C:\Users\Ashlee\AppData\Roaming\appdataFr25.bin
2015-05-14 23:28 - 2015-05-01 23:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 23:28 - 2015-05-01 23:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 23:17 - 2015-05-05 11:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 23:17 - 2015-05-05 11:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 23:17 - 2015-04-22 12:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 23:17 - 2015-04-22 11:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 23:17 - 2015-04-22 03:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 23:17 - 2015-04-22 03:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 23:17 - 2015-04-22 03:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 23:17 - 2015-04-22 02:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 23:17 - 2015-04-22 02:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 23:17 - 2015-04-22 02:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 23:17 - 2015-04-22 02:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 23:17 - 2015-04-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 23:17 - 2015-04-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 23:17 - 2015-04-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 23:17 - 2015-04-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 23:17 - 2015-04-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 23:17 - 2015-04-22 02:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 23:17 - 2015-04-22 02:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 23:17 - 2015-04-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 23:17 - 2015-04-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 23:17 - 2015-04-22 02:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 23:17 - 2015-04-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 23:17 - 2015-04-22 02:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 23:17 - 2015-04-22 02:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 23:17 - 2015-04-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 23:17 - 2015-04-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 23:17 - 2015-04-22 02:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 23:17 - 2015-04-22 02:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 23:17 - 2015-04-22 02:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 23:17 - 2015-04-22 02:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 23:17 - 2015-04-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 23:17 - 2015-04-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 23:17 - 2015-04-22 02:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 23:17 - 2015-04-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 23:17 - 2015-04-22 02:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 23:17 - 2015-04-22 02:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 23:17 - 2015-04-22 02:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 23:17 - 2015-04-22 02:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 23:17 - 2015-04-22 01:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 23:17 - 2015-04-22 01:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 23:17 - 2015-04-22 01:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 23:17 - 2015-04-22 01:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 23:17 - 2015-04-22 01:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 23:17 - 2015-04-22 01:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 23:17 - 2015-04-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 23:17 - 2015-04-22 01:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 23:17 - 2015-04-22 01:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 23:17 - 2015-04-22 01:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 23:17 - 2015-04-22 01:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 23:17 - 2015-04-22 01:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 23:17 - 2015-04-22 01:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 23:17 - 2015-04-22 01:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 23:17 - 2015-04-22 01:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 23:17 - 2015-04-22 01:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 23:17 - 2015-04-22 01:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 23:17 - 2015-04-22 01:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 23:17 - 2015-04-22 01:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 23:17 - 2015-04-22 01:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 23:17 - 2015-04-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 23:17 - 2015-04-22 01:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 23:17 - 2015-04-22 00:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 23:17 - 2015-04-22 00:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 23:17 - 2015-04-18 13:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 23:17 - 2015-04-18 12:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 23:17 - 2015-04-13 13:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 23:16 - 2015-04-28 05:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 23:16 - 2015-04-28 05:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 23:16 - 2015-04-28 05:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 23:16 - 2015-04-28 05:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 23:16 - 2015-04-28 05:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 23:16 - 2015-04-28 05:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 23:16 - 2015-04-28 05:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 23:16 - 2015-04-28 05:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 23:16 - 2015-04-28 05:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 23:16 - 2015-04-28 05:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 23:16 - 2015-04-28 05:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 23:16 - 2015-04-28 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 23:16 - 2015-04-28 05:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 23:16 - 2015-04-28 05:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 23:16 - 2015-04-28 05:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 23:16 - 2015-04-28 05:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 23:16 - 2015-04-28 05:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 05:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 23:16 - 2015-04-28 05:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 23:16 - 2015-04-28 05:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 23:16 - 2015-04-28 05:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-14 23:16 - 2015-04-28 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 23:16 - 2015-04-28 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 23:16 - 2015-04-28 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 23:16 - 2015-04-28 05:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-14 23:16 - 2015-04-28 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 23:16 - 2015-04-28 05:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 23:16 - 2015-04-28 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 23:16 - 2015-04-28 05:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 23:16 - 2015-04-28 05:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-14 23:16 - 2015-04-28 05:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 23:16 - 2015-04-28 05:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-14 23:16 - 2015-04-28 05:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-14 23:16 - 2015-04-28 05:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-14 23:16 - 2015-04-28 05:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-14 23:16 - 2015-04-28 05:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 23:16 - 2015-04-28 05:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 23:16 - 2015-04-28 05:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 23:16 - 2015-04-28 05:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 23:16 - 2015-04-28 05:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 23:16 - 2015-04-28 05:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 23:16 - 2015-04-28 05:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-14 23:16 - 2015-04-28 05:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 23:16 - 2015-04-28 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 23:16 - 2015-04-28 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 04:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 23:16 - 2015-04-28 03:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 23:16 - 2015-04-28 03:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 23:16 - 2015-04-28 03:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 03:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 23:16 - 2015-04-28 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 23:16 - 2015-04-20 13:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 23:16 - 2015-04-20 13:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 23:16 - 2015-04-20 12:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 23:16 - 2015-04-20 12:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 23:16 - 2015-04-08 13:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 23:16 - 2015-04-08 13:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 23:16 - 2015-04-08 13:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 23:16 - 2015-03-04 14:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-14 23:16 - 2015-03-04 14:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-14 23:16 - 2015-03-04 14:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 23:16 - 2015-03-04 14:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-14 23:16 - 2015-03-04 14:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-14 23:16 - 2015-03-04 14:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-14 23:16 - 2015-03-04 14:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 23:16 - 2015-02-18 17:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 23:16 - 2015-02-18 17:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 23:16 - 2015-01-29 13:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 23:16 - 2015-01-29 13:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 21:21 - 2015-05-14 21:33 - 00000000 ____D C:\Users\Ashlee\Desktop\FTB server
2015-05-14 21:21 - 2015-05-14 21:23 - 22523510 _____ C:\Users\Ashlee\Desktop\modpacks^FTBLite^1_2_3^FTBLite_Server.zip
2015-05-14 21:09 - 2015-05-14 21:12 - 00000000 ____D C:\Users\Ashlee\Desktop\Mine
2015-05-14 20:02 - 2015-05-14 20:02 - 00000000 ____D C:\Users\Ashlee\Downloads\versions
2015-05-14 20:02 - 2015-05-14 20:02 - 00000000 ____D C:\Users\Ashlee\Downloads\libraries
2015-05-14 20:01 - 2015-05-14 20:35 - 00000000 ____D C:\Users\Ashlee\Downloads\FTBLite
2015-05-14 19:58 - 2015-05-15 19:26 - 00000000 ____D C:\Users\Ashlee\AppData\Local\ftblauncher
2015-05-14 18:28 - 2015-05-14 18:28 - 16449937 _____ C:\Users\Ashlee\Downloads\modpacks^FTBRETROSMP^1^RetroSMP_Server.zip
2015-05-10 22:07 - 2015-05-10 22:07 - 00001168 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2015-05-10 22:07 - 2015-05-10 22:07 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2015-05-10 22:07 - 2015-05-10 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-05-10 22:07 - 2015-05-10 22:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-05-10 22:06 - 2015-05-10 22:06 - 00000000 ____D C:\Program Files (x86)\TechSmith
2015-05-10 21:53 - 2015-05-10 22:04 - 259562296 _____ C:\Users\Ashlee\Downloads\camtasia.exe
2015-05-10 18:50 - 2015-05-10 18:50 - 00575961 _____ C:\Users\Ashlee\Downloads\POPCORNtime.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 19:43 - 2013-08-01 16:39 - 00000000 ____D C:\Users\Ashlee\AppData\Local\LogMeIn Hamachi
2015-06-09 19:29 - 2013-07-17 15:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-09 18:48 - 2014-06-16 15:30 - 00000000 ____D C:\Users\Ashlee\AppData\Local\CrashDumps
2015-06-09 18:05 - 2009-07-14 14:45 - 00031744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 18:05 - 2009-07-14 14:45 - 00031744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 18:01 - 2014-06-09 14:47 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Spotify
2015-06-09 18:01 - 2014-06-09 14:46 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Spotify
2015-06-09 18:01 - 2013-07-17 15:42 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Skype
2015-06-09 18:00 - 2013-07-17 11:16 - 01753574 _____ C:\Windows\WindowsUpdate.log
2015-06-09 17:55 - 2013-07-17 19:10 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-09 17:54 - 2015-03-22 16:27 - 00000000 ____D C:\Windows\Minidump
2015-06-09 17:54 - 2014-12-21 15:36 - 00001342 _____ C:\Windows\Tasks\FRVOIK.job
2015-06-09 17:54 - 2014-12-21 15:36 - 00001334 _____ C:\Windows\Tasks\WF.job
2015-06-09 17:54 - 2013-07-17 11:44 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-09 17:54 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 17:54 - 2009-07-14 14:51 - 00160565 _____ C:\Windows\setupact.log
2015-06-09 17:53 - 2015-03-22 16:27 - 353188517 _____ C:\Windows\MEMORY.DMP
2015-06-09 17:08 - 2009-07-14 15:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-09 10:52 - 2015-02-07 01:32 - 00001588 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 10:52 - 2014-12-21 23:14 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\TeamViewer
2015-06-09 10:52 - 2013-07-17 11:17 - 00001715 _____ C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-09 10:30 - 2013-07-17 15:38 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Adobe
2015-06-09 10:21 - 2009-07-14 15:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-09 00:06 - 2013-07-18 15:58 - 00000000 ____D C:\Users\Ashlee\Downloads\PaintToolSAI
2015-06-08 18:47 - 2013-07-17 11:16 - 00000000 ____D C:\Users\Ashlee
2015-06-08 18:47 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-08 18:31 - 2014-06-01 17:25 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Battle.net
2015-06-08 16:52 - 2014-06-01 17:35 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-08 16:41 - 2014-06-01 17:25 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-08 16:39 - 2014-06-01 17:25 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Battle.net
2015-06-08 15:59 - 2010-11-21 13:47 - 00311384 _____ C:\Windows\PFRO.log
2015-06-08 12:10 - 2015-04-13 17:27 - 00000000 ____D C:\ProgramData\16446166674148545210
2015-06-07 21:20 - 2009-07-14 15:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 13:49 - 2014-09-05 13:10 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-07 10:39 - 2014-10-28 14:32 - 00000000 ____D C:\Users\Ashlee\AppData\Local\DisplayFusion
2015-06-06 21:28 - 2014-12-23 18:00 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-06 20:19 - 2013-07-17 11:40 - 00063216 _____ C:\Users\Ashlee\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-06 20:17 - 2009-07-14 14:45 - 00285280 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-06 18:56 - 2013-07-17 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2015-06-06 18:56 - 2013-07-17 11:28 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2015-06-06 18:56 - 2013-07-17 11:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-06 10:42 - 2013-07-17 12:34 - 00000000 ____D C:\ProgramData\MFAData
2015-06-05 23:18 - 2014-12-21 23:14 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-05 23:18 - 2014-12-21 23:14 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-05 23:18 - 2014-12-21 23:14 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-03 15:44 - 2013-11-17 10:35 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\TS3Client
2015-06-03 14:43 - 2013-11-17 10:35 - 00000000 ____D C:\Users\Ashlee\AppData\Local\TeamSpeak 3 Client
2015-06-03 14:38 - 2014-08-09 18:52 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\.minecraft
2015-06-01 15:20 - 2015-04-16 20:19 - 00000000 ____D C:\Users\Ashlee\Documents\Camtasia Studio
2015-06-01 15:01 - 2015-04-01 09:20 - 00000000 ____D C:\Users\Ashlee\Documents\SavedGames
2015-05-27 11:15 - 2013-10-14 19:26 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Audacity
2015-05-26 18:11 - 2014-05-29 20:34 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Microsoft Games
2015-05-20 14:29 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-05-20 13:26 - 2015-04-04 23:34 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 13:26 - 2015-04-04 23:34 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-19 15:09 - 2015-02-07 00:10 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Popcorn-Time
2015-05-17 18:49 - 2013-07-17 15:42 - 00000000 ____D C:\ProgramData\Skype
2015-05-16 11:03 - 2013-07-24 19:37 - 00040700 _____ C:\Windows\system32\lvcoinst.log
2015-05-15 09:40 - 2011-04-12 18:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-15 09:40 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 23:39 - 2014-05-05 11:49 - 00000000 ____D C:\Windows\system32\MRT
2015-05-14 23:31 - 2014-05-05 11:49 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 20:35 - 2014-08-10 12:01 - 00000000 ____D C:\Users\Ashlee\Downloads\assets
2015-05-14 20:01 - 2013-07-17 19:14 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\ftblauncher
2015-05-14 19:58 - 2013-07-17 19:14 - 06628862 _____ () C:\Users\Ashlee\Desktop\FTB_Launcher.exe
2015-05-14 19:45 - 2013-08-01 16:03 - 02346993 _____ () C:\Users\Ashlee\Desktop\TechnicLauncher.exe
2015-05-14 19:45 - 2013-08-01 16:03 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\.technic
2015-05-12 16:08 - 2013-07-17 12:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-05-10 22:06 - 2014-06-14 14:30 - 00000000 ____D C:\ProgramData\TechSmith

==================== Files in the root of some directories =======

2013-07-17 12:37 - 2013-11-12 14:26 - 0003725 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-12-21 10:33 - 2013-12-21 09:43 - 0012005 _____ () C:\Users\Ashlee\AppData\Roaming\alsoft.ini
2015-05-15 13:29 - 2015-06-07 11:27 - 0000024 _____ () C:\Users\Ashlee\AppData\Roaming\appdataFr25.bin
2015-04-28 11:31 - 2015-05-08 14:17 - 0000020 _____ () C:\Users\Ashlee\AppData\Roaming\appdataFr3.bin
2009-07-14 09:19 - 2009-07-14 11:14 - 0462848 _____ () C:\Users\Ashlee\AppData\Roaming\BackUp978759929.exe
2014-05-16 20:28 - 2015-06-08 12:28 - 0003888 _____ () C:\Users\Ashlee\AppData\Roaming\SpeedRunnersLog.txt
2014-12-27 14:30 - 2014-12-27 14:30 - 0003284 _____ () C:\Users\Ashlee\AppData\Roaming\TargetInvocationLog.txt
2014-08-16 16:08 - 2014-08-16 16:08 - 0003584 _____ () C:\Users\Ashlee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-07 10:42 - 2015-06-07 10:42 - 0613255 _____ (CMI Limited) C:\Users\Ashlee\AppData\Local\nscC9C8.tmp
2015-06-06 21:33 - 2015-06-06 21:33 - 0613255 _____ (CMI Limited) C:\Users\Ashlee\AppData\Local\nsx9B76.tmp
2015-06-06 19:00 - 2015-06-08 11:46 - 0011718 _____ () C:\Users\Ashlee\AppData\Local\Temp-log.txt

Some files in TEMP:
====================
C:\Users\Ashlee\AppData\Local\Temp\_isA8FB.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 23:40

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Ashlee at 2015-06-09 19:50:41
Running from C:\Users\Ashlee\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3659292527-334032331-3834142823-500 - Administrator - Disabled)
Ashlee (S-1-5-21-3659292527-334032331-3834142823-1000 - Administrator - Enabled) => C:\Users\Ashlee
Guest (S-1-5-21-3659292527-334032331-3834142823-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3659292527-334032331-3834142823-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.0.1 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.0 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Productions Ltd.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Armagetron Advanced 0.2.8.2.1.gcc (HKLM-x32\...\Armagetron Advanced) (Version: 0.2.8.2.1.gcc - Armagetron Advanced Team)
Artemis Spaceship Bridge Simulator (HKLM-x32\...\Steam App 247350) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AutoDeAlsAPp (HKLM-x32\...\{B0EC0808-6922-8705-C255-F9C79C315BD5}) (Version:  - )
AVG 2015 (Version: 15.0.4311 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
BeamNG-Techdemo-0.3 (remove only) (HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\BeamNG-Techdemo-0.3) (Version:  - )
Beasts of Prey (HKLM-x32\...\Steam App 299860) (Version:  - Octagon Interactive)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version:  - Gaijin Games)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Bleed (HKLM-x32\...\Steam App 239800) (Version:  - Ian Campbell)
Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Cubemen 2 (HKLM-x32\...\Steam App 228440) (Version:  - 3 Sprockets)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
DisplayFusion 7.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.1.0.0 - Binary Fortress Software)
DustApps version 1.7 (HKLM-x32\...\{CE9793E8-C305-45AA-AE10-52EE0ADDED4F}_is1) (Version: 1.7 - Microsoft)
Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.28 - NCH Software)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Fish Tycoon 1.0 (HKLM-x32\...\Fish Tycoon) (Version: 1.0 - Last Day of Work)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
FlatOut (HKLM-x32\...\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}) (Version: 1.00.0000 - Empire Interactive)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Gom VPN  Bypass and unblock (HKLM-x32\...\{60EACF28-3304-CDE7-8F98-5992F85D389C}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Gyazo 2.0.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc. & Toshiyuki Masui)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Keysticks (HKLM-x32\...\{017E32B0-23A9-40F0-952B-6B12F0702A15}) (Version: 1.8.1 - Keysticks.net)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - Tomorrow Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
MapleStory (HKLM-x32\...\Steam App 216150) (Version:  - Nexon)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minimum (HKLM-x32\...\Steam App 214190) (Version:  - Human Head Studios)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero12EssTSST (HKLM-x32\...\{1DEC64C1-7F34-44CD-BC35-8E0A096300CF}) (Version: 12.0.01100 - Nero AG)
Nuclear Dawn (HKLM-x32\...\Steam App 17710) (Version:  - InterWave Studios)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenTTD 1.5.0 (HKLM-x32\...\OpenTTD) (Version: 1.5.0 - OpenTTD)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Peggle Extreme (HKLM-x32\...\Steam App 3483) (Version:  - PopCap Games, Inc.)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Plug & Play (HKLM-x32\...\Steam App 353560) (Version:  - Mario von Rickenbach)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.18 - NCH Software)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26027 - Razer Inc.)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - Coffee Stain Studios)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Screencheat (HKLM-x32\...\Steam App 301970) (Version:  - Samurai Punk)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
SimCity 4 (HKLM-x32\...\{611BD998-34B9-4DDA-00AE-0CB4632E86FA}) (Version:  - )
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2247.4 - Hi-Rez Studios)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Star Conflict (HKLM-x32\...\Steam App 212070) (Version:  - Star Gem Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sumo Paint Bamboo 2.2 (HKLM-x32\...\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1) (Version: v2.2 - UNKNOWN)
Sumo Paint Bamboo 2.2 (x32 Version: 2.2 - UNKNOWN) Hidden
Sumotori Dreams (HKLM-x32\...\Sumotori Dreams) (Version:  - )
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales from the Borderlands (HKLM-x32\...\Steam App 330830) (Version:  - Telltale Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
Unity Web Player (HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.14 - NCH Software)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.00 beta 8 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3659292527-334032331-3834142823-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-3659292527-334032331-3834142823-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
 
==================== Restore Points =========================
 
05-06-2015 23:48:07 Scheduled Checkpoint
06-06-2015 16:02:48 Installed Java™ 6 Update 37
06-06-2015 17:30:06 Removed Bonjour
06-06-2015 17:30:33 Removed Bonjour
06-06-2015 18:55:52 Removed Apple Application Support
06-06-2015 18:56:25 Configured AutoGreen B12.0206.1
06-06-2015 21:27:38 Removed Java™ 6 Update 37
06-06-2015 21:28:18 Removed Java 8 Update 45
06-06-2015 21:28:34 Removed Java 8 Update 45
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03609884-DEF8-4B52-B50B-47D80903AC09} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0AFF1FA5-BA09-4E86-93C8-AAD3DBC82D09} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {2E4FF92B-4A62-4CF5-BE91-304031570A57} - System32\Tasks\{30574783-C900-47C0-8CDB-928D174C8BE4} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {2F0A56E9-9288-4D22-A9E9-42FF276DC3D0} - System32\Tasks\AdobeAAMUpdater-1.0-Ashlee-PC-Ashlee => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {34B91367-E070-4FE2-9773-E5A5612CAE74} - System32\Tasks\Bidaily Synchronize Task[3c32] => c:\programdata\{94f731b2-5629-116d-94f7-731b2562c6c9}\hqghumeaylnlf.exe <==== ATTENTION
Task: {479B3070-87D4-4845-8C33-B97AB5B4286C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {53DC48DC-CE9D-4175-A2D3-9B231E496296} - System32\Tasks\FRVOIK => C:\Users\Ashlee\AppData\Roaming\FRVOIK.exe <==== ATTENTION
Task: {5D341F26-6BF2-4C1F-86C0-80552ACFD280} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {6CE614EA-D2B9-43AA-AF0B-7021C959DD63} - System32\Tasks\{BB0DE410-5512-4FE3-B3A6-685F957A216D} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {6FBF231F-1F9C-4245-AA1B-297154DB01E8} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Ashlee\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {A2C7C9F3-33AD-444D-B3C4-8CECB5AFC13B} - System32\Tasks\WF => C:\Users\Ashlee\AppData\Roaming\WF.exe <==== ATTENTION
Task: {A8D6DFE7-3960-4947-9B65-FC7FA8BA7111} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {ABD553C5-2F23-40F0-B40A-91C16F550649} - System32\Tasks\{8317BDAB-C750-49F2-8B00-1555AB078FC2} => C:\Users\Ashlee\Downloads\RevoUninProSetup.exe [2015-06-07] (VS Revo Group                                               )
Task: {BD0E20D7-4E5C-4FDE-9425-97A71FBD235B} - System32\Tasks\PragmaInstance => c:\programdata\{edfb5e3e-60fc-1ab3-edfb-b5e3e60f78f9}\4056202311027190382b.exe
Task: {C760D4CA-9554-448A-B068-CB4BF23DB171} - System32\Tasks\{ADE10CA8-0517-48D7-B47B-41A289B4EB0B} => C:\Users\Ashlee\Downloads\RevoUninProSetup.exe [2015-06-07] (VS Revo Group                                               )
Task: {CDD63F2F-59BC-46EF-9DB5-B0A2D138FCAC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {CE1F40EA-2D74-42EF-9D41-2AED8946CF53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {D0DAB0AC-A790-4535-B646-F989794797BF} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {FA32993A-F6CB-47A9-9D5E-5F517D5BF945} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-18] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job => c:\programdata\{94f731b2-5629-116d-94f7-731b2562c6c9}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\FRVOIK.job => C:\Users\Ashlee\AppData\Roaming\FRVOIK.exe <==== ATTENTION
Task: C:\Windows\Tasks\PragmaInstance.job => c:\programdata\{edfb5e3e-60fc-1ab3-edfb-b5e3e60f78f9}\4056202311027190382b.exe
Task: C:\Windows\Tasks\WF.job => C:\Users\Ashlee\AppData\Roaming\WF.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-09 10:52 - 2015-06-09 18:55 - 00173056 _____ () C:\Windows\Provider.dll
2013-07-17 11:44 - 2013-01-19 01:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-05 11:24 - 2015-02-05 11:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-06-07 21:18 - 2015-04-20 20:13 - 00100768 _____ () C:\Windows\SysWOW64\First Verify\afirstsvc.exe
2013-07-17 17:34 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-07-17 11:25 - 2012-08-09 20:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-07-17 11:25 - 2012-08-09 20:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-10-16 19:39 - 2012-10-16 19:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2013-07-17 17:36 - 2013-07-17 17:36 - 00225792 _____ () C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
2014-12-19 14:57 - 2014-12-19 14:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-06-09 10:52 - 2015-06-09 18:55 - 00145408 _____ () C:\Windows\Provider32\Provider.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-01 08:20 - 2015-04-17 03:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 10:21 - 2015-04-23 12:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 10:21 - 2015-04-23 12:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 10:21 - 2015-04-23 12:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 15:32 - 2015-06-05 04:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 14:36 - 2014-12-02 07:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 14:36 - 2014-12-02 07:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 14:36 - 2014-12-02 07:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 14:36 - 2014-12-02 07:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 14:36 - 2014-12-02 07:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-09 17:56 - 2015-06-05 04:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-06-08 11:35 - 1999-12-31 23:00 - 00714452 _____ () C:\Users\Ashlee\AppData\Local\Temp\T978759929\Tor\libevent-2-0-5.dll
2015-06-08 11:35 - 1999-12-31 23:00 - 00091026 _____ () C:\Users\Ashlee\AppData\Local\Temp\T978759929\Tor\libssp-0.dll
2015-06-08 11:35 - 1999-12-31 23:00 - 00517814 _____ () C:\Users\Ashlee\AppData\Local\Temp\T978759929\Tor\libgcc_s_sjlj-1.dll
2015-06-08 11:35 - 1999-12-31 23:00 - 00110592 _____ () C:\Users\Ashlee\AppData\Local\Temp\T978759929\Tor\zlib1.dll
2012-10-16 19:39 - 2012-10-16 19:39 - 00060504 _____ () C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll
2015-05-20 12:29 - 2015-05-20 12:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-01-07 20:27 - 2015-01-07 20:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2013-07-09 13:45 - 2015-05-12 05:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-10-18 00:31 - 2014-10-18 00:31 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2013-07-17 11:26 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-17 11:24 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-04-15 18:29 - 2015-04-15 18:29 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ashlee\AppData\Local\DisplayFusion\Wallpaper_1
DNS Servers: 81.218.119.5 - 82.163.142.130
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: vToolbarUpdater3.2.0 => 2
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CFFE1EBB-0E00-485C-BAE3-8BC4F954B25A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{01A462E1-297B-4DFE-A5B8-2C09767D9D19}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8B2BE5EB-7ADE-4646-AEF8-23D654B904CD}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{D56831BD-179B-47AA-98F7-BFF23209FB1C}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{486AC982-2A18-41FF-9447-9569E0F459B2}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{56DC0448-BCC0-4CA2-A792-A281DDBCF37B}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{F63C5DB9-59A9-4D8B-BF35-3939E145DF7F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F994A8C1-F09B-4A9E-9717-777831A61CD1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9B3F166E-AEC7-4B75-94CC-B2C91F559809}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{7551E01A-04D1-4072-8285-11015119709F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{33A8966B-BEDE-4DB7-90CA-50FE9665D2E5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9594CB31-A60C-4CA1-A3A4-8251CE89A06D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3DF2BD9A-2688-4B30-8C42-031C714F7ACD}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F176FA48-A02F-4C2A-8D2C-BB0415756CE0}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{FA2CC63F-E9F4-477D-9ED2-A6E637EC7AEE}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{30B971A1-6BEE-4410-8E24-C277F378F31D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F75A12B1-1E2B-4218-A8C3-2EA3C7820C8B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0837FEF3-901C-44B9-872C-1CB9591849B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{647902C8-7C79-4FEA-AD37-86239BF3D988}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{20FC8611-E0F1-47DE-8DE0-71FBF47D0BDF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{90021E7C-4369-4747-96AD-AE3BA7396757}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{B3AA02C6-3055-4D88-9FE8-61A23C67ECBE}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{8B84A7EB-6071-49EB-9388-58108339BC66}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{A402BD6D-2AB2-48A6-AB1E-AD8F999A7B5C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{88C25CB2-15B2-45EF-B023-3E3B2A620D7D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AB6A51B7-35F8-4E79-ACC4-C79D84FB3E1F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A96D093B-6FB8-4C18-AD5D-771D12794A0F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{91FC639E-E65C-4240-BF75-9A129387FBCC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E7E48DD3-980F-4C2E-A482-68ED068A6325}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{67DFFF85-E12E-473F-BE97-32CE8D29F305}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{779362FD-10B8-409C-B956-5D98C7BFBFFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{3282AFE4-AC27-4D5D-816C-67401289EE4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{82A05DB6-D278-4CB8-B0A3-CF4723C5A5FD}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{18D0F1AD-4C15-4333-BDC5-3FF9D135C932}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{6282A4E0-20A6-437C-83EF-F3C407DDE4FD}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{86CC270C-E92B-4CB6-B716-72DEDDCEEFB1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3BF39164-1401-4872-8E6C-2AEEBC91C8A2}] => (Allow) LPort=2869
FirewallRules: [{45A760FB-78A1-405E-8BB9-BA2EDD332B70}] => (Allow) LPort=1900
FirewallRules: [{467118C0-5C7F-4308-A614-7DDF121683E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{9E8B5B51-9E6F-4A2F-9107-A640EDDAD5C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{9A7838AB-8C7C-43A2-90D1-58BCA480B957}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{4CB4E5FF-752E-4715-A07C-7E9045D7C28A}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{01D75EAC-6BE6-49D7-ABD3-FE1E2D33104A}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{37752A26-1223-4F44-93FA-2C90EEF1A58F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{FF2D668D-06A3-4039-A2EF-2B693CAB8F59}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{851D2077-951F-4166-B916-6CABF338B5DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{A83CBFAD-08D9-4F13-A87E-0CC186DEAD75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{E0C81EF0-9EC6-4A20-A416-50544E15F05A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{EC538FA3-4E73-4DFA-B27E-DB37EF3CD80C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{B609BF04-5278-4F98-BE33-F0D985BB935B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{294ED720-7117-466A-89A1-51E60F409F18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{62EE5D98-8BC9-4F13-B709-9040846CF4CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{2FC956A2-5930-4A46-AAD1-F36D98F7C29C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{D4D0A665-7FA4-4132-A727-883EF5F1B3FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{686F21A3-00C6-4DD3-9A0F-ACCD253D791F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{7BAD9AA6-4277-4377-8C30-A7DDE5CE6C32}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{77E1FA1A-0219-4757-8588-E0ACE9AF84A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{4081457B-AFE2-4842-8C78-FFFBFEDB9545}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{81531AD9-281E-45E0-9630-51042A9DDF3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BIT.TRIP RUNNER\RUNNER.exe
FirewallRules: [{C90A00EA-791D-437E-AC62-567D98E413A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BIT.TRIP RUNNER\RUNNER.exe
FirewallRules: [{969B23A9-8A3A-484E-A68D-6CC6A107C4C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{FCC6E302-CC2F-4A0D-9C98-588B42DDCFDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{AD8AA45F-C175-43B1-B6B7-36DD67FDEA08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{1E35C37F-35A6-4FC7-8361-653DDC435558}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{619A6229-DA4B-464F-A3EB-CBE07BFAB2CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{262C6708-886F-4F9D-AC27-CB8E25461EB2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{38C732CF-CE38-463D-ACDB-31C9954703AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{9CB45B8E-D0CC-4D65-B09A-94ADC111F55F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{981E1677-BA0A-482E-A6DE-533D084F88FC}C:\program files (x86)\empire interactive\flatout\flatout.exe] => (Allow) C:\program files (x86)\empire interactive\flatout\flatout.exe
FirewallRules: [UDP Query User{1F157EC5-DFA3-400C-AC11-2E3738D22046}C:\program files (x86)\empire interactive\flatout\flatout.exe] => (Allow) C:\program files (x86)\empire interactive\flatout\flatout.exe
FirewallRules: [{AC37D2B3-3543-4584-BB3F-FC64F2D58566}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cubemen 2\Cubemen2.exe
FirewallRules: [{6B6E6D0C-D170-4A4D-92DB-2B7FCE4C16A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cubemen 2\Cubemen2.exe
FirewallRules: [TCP Query User{7A511C01-5B8D-4F05-843D-DADDD108439B}C:\program files (x86)\cube world\server.exe] => (Allow) C:\program files (x86)\cube world\server.exe
FirewallRules: [UDP Query User{ACA7AF00-2792-40A0-B4FE-023176D94E15}C:\program files (x86)\cube world\server.exe] => (Allow) C:\program files (x86)\cube world\server.exe
FirewallRules: [{6F63B180-A854-4760-AC2C-B748FDAA9CE0}] => (Allow) C:\program files (x86)\cube world\server.exe
FirewallRules: [{2EA333DA-3732-4ACE-A452-6703C0EDB26B}] => (Allow) C:\program files (x86)\cube world\server.exe
FirewallRules: [{36E1BF94-C057-4B4E-A442-E210BA1655A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{71240F25-C292-476E-9AC3-04D874146DFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{74BF96FB-0463-47F0-9D7E-319306231A78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{66175A1D-DAC9-4D05-A970-668415FAA160}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{D2AEA14A-B360-4560-B463-8947DABA54DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B482A3EB-E0D5-4ECC-9F24-F27ECAC2C61B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{542E9BF1-CC75-4F23-BCEA-252C0FDD465B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{6F12746B-2216-4E10-A3F7-6A1FAD3EDFB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{CA93EE6A-5F53-4E53-9F7E-DB9EF5FBEFB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{1AD3B947-A39A-4B9F-BD91-530708AEF19E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{0AE80357-C470-4689-8ADB-1E381049410F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{7C6897D0-150F-4EA4-8810-943FCA5CD292}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{2A242C1E-659E-4830-BAD6-12D6FBF10CF7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D120B5F1-B568-404C-8C8C-AEA6F58EEBED}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BA1313A8-D393-4C58-90A8-ABEA173B48E0}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{05B2BEDC-4E8F-41A3-95A6-EB31D16A6336}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{58FF3CF3-D19A-47B1-9291-03B6233EDCE7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E5351E57-4479-4ABE-95A2-19382A73E666}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{438FBC9D-A862-470D-AA1E-2B607ACF9B33}C:\users\ashlee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ashlee\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CFA0647B-6D64-4B5B-9C5A-C76D08C74522}C:\users\ashlee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ashlee\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5258EA5A-E806-4629-86DB-D25D336365F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{F0842B81-ABBD-48FC-AF11-8FEF48A23741}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [TCP Query User{5A87BB02-226E-4456-AA9B-E547538C3FBE}C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [UDP Query User{27C9BCD0-A56C-4107-B845-4BB9AA4F9B66}C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [{0DDBA69A-7876-464F-A7E1-26006A52EF61}] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [{E956E907-6BEF-4C0C-98FD-EAD7FF2D2422}] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [{713EC9B6-EC1F-448D-81C5-8ADA08221939}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{FCB52105-B35D-47C0-84B8-3A69A4341F5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{59D4F1FF-47D2-46B6-94BE-39EB41973861}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{48D0B8FD-3F57-4A0F-8432-718B54ADB422}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{DB283EDD-1741-45CA-87FE-CE0251138D64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{FF17B871-0365-4FC8-848D-E4CEB48E2809}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{4D71F998-A982-43E3-B6E5-793D5FEF05EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{A3ACAC60-87C8-44B4-8386-A2F5C7F99000}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{47CA64CF-7F9B-48DD-A3E1-7AD65FBBAB1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\bittriprunner2\runner2.exe
FirewallRules: [{3CA62E76-4EE2-4EB8-90EA-1FD21D5F6029}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\bittriprunner2\runner2.exe
FirewallRules: [{05AD79F9-FC3A-4A6B-94FF-0A827A0F30F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{511EA682-B93B-4FF1-96E1-56C3AEC5359C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{D1D23233-B85A-4DD1-BDAD-4A8475F5289F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{03F9DBF7-816A-449C-A375-546BBDC7F99D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{3EC0E80A-8741-4940-9B16-FDE103D26E82}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{EA7D0A01-26B1-44B8-A7B9-0AC8FBDA736A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{89329F9F-DE9E-446E-8B5F-90E349F0154D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{D273096E-6779-4DAD-9E79-8537DD191094}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{5132BD76-18E9-4322-A00C-4B83A9A38D6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{2F2B98BD-58F6-464E-96EE-9EFD361587B3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{4744D28E-B152-4686-906D-13EA39C1EF00}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{F7668D2E-4567-4B50-8757-5A8BA128E258}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{AA30A3AC-AD8B-4710-B474-C166DA5A98CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{577C2BE7-A20D-411F-ACDC-57803D9952DE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E0DAD14-8421-470F-830A-86920A76AFC8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{3E7A8B69-137E-46AF-AE52-375789CB0397}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{E0DB5393-FB58-4481-B4FC-49FEA0A8F552}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{238CEC9D-747F-4912-9DBB-5524A86E6A5D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{D8EFCD42-4AB8-4718-950F-2C60448B3709}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\star conflict\game.exe
FirewallRules: [{A09032F4-14BA-4845-9BF0-28F1E7581ECC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\star conflict\game.exe
FirewallRules: [{5697648A-0F10-43FF-BFBA-8445DE081C3A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{1537FAD7-4012-48DE-83FE-96EE568618C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{DF113F1E-E6BE-47FF-8EE3-A5B213E5FA84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{4AB88992-D03F-4C8D-BB31-79BB8C954690}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{D842DB95-404D-4B6E-A3ED-0B4E3C1940B4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F0E50512-B659-4AFF-81B9-E9B00DE08DDD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B36ED70C-357D-4DAC-8DC2-E71DAC9F1203}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9EC03D65-C707-4ECD-A3D3-D9CF494EBF2B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B7A63BC7-2B9D-4E64-8118-6A42A4325482}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{C1CA456A-9572-4616-8016-DE046337A22C}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{4A979D40-2CC7-4C04-A667-85E6C11858C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{E9E0B935-3ED2-43AE-A9F7-BE49DD5D3E25}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{5BF0D0DD-9D0E-44CF-8EDB-FE76F01AC056}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{D743F07E-2196-4137-BE3E-6250FE7E91C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{1659BC04-5F61-4352-8C64-99E0D438186A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{B6FA94F1-E107-432B-94FB-27BE201AD2ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{211F3D76-85EE-4999-A051-2B1FCD51A71A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{6AD9A32B-A913-4448-A1A1-3BA5295F857F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{336FE581-DA6F-4463-89D6-EA90F773E19D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{0A7A6334-0FBF-4235-AE8D-5F820AC76A69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{0BDB7046-1064-4A8A-95A0-764BE67ABE55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from the Borderlands\GameApp.exe
FirewallRules: [{CD4C7957-6773-4EE6-9339-7529E669321A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from the Borderlands\GameApp.exe
FirewallRules: [{63E090DD-6E79-4F86-B081-3F44F95B0B1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{F7F8BE6C-EDEA-4CD4-BE5B-CB9DFEC642FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{45F2E21E-23EF-4113-B1B3-557090A7D855}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{0EDD9925-6EBA-4158-A3F7-B57BFC6966AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{4DC3192F-DDDD-4029-87E9-B3DDFBC54CDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Screencheat\screencheat.exe
FirewallRules: [{C8E62657-DD1E-4900-B891-C8C028CEDA44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Screencheat\screencheat.exe
FirewallRules: [{B4ED135E-DA9C-4CA6-B7D4-310868C9C618}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Artemis\Artemis.exe
FirewallRules: [{8FD4E66E-63EE-4DF1-BED7-ECD5AE992ED9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Artemis\Artemis.exe
FirewallRules: [TCP Query User{1711D3C8-8BFC-40B0-BF2E-1D1018B298BF}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{496FA34C-75AA-494C-9B04-DFA109BC7ECE}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{4B2A3561-C711-4DAC-B155-D8CE577F5CCA}] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{17845312-6695-451A-ACCE-B2B74587C224}] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{89812BA7-82B2-4326-8A95-ABE39DA87D5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{1EE9AE95-5138-4CA7-8B15-83C3E7297295}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{77AC231D-5F86-49E0-BED0-DA1660329341}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{D7BE3A9E-098C-4F65-9C78-8A1DA826C012}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [TCP Query User{C6FAA4F8-E694-44EF-A7AD-385C4A3F1BFE}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{54633D04-5934-4532-BFD3-ED6F558E4660}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{81242B47-963A-4B30-8A0F-7A610A8AB309}] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{BC81EB93-B0D3-4CF3-AF19-FC247228FE9A}] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{B9787486-679F-40F1-BF60-42077C467761}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D48F39A7-5BD2-40B3-9B19-8D670EADB7C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{DDAE2D9A-5E97-436B-A73B-3B6A78E26C41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{9276E0D4-CE83-4DD2-A2A3-4308B49E0CE3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{C8BFC258-BB85-4002-A1BD-C38E526EA468}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{EFA7DA15-D694-4B04-AFFD-5595ADD67A1B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{61D23508-760B-4F6D-A21F-D960775D4833}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{F7D7B90E-E701-4A45-97CF-C5C49FB737CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{9B542DC4-35C5-4DE0-8AB8-E11F66DF51CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nuclear Dawn\nucleardawn.exe
FirewallRules: [{CC920096-5D96-47EA-B8C7-3D4D63CDB6AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nuclear Dawn\nucleardawn.exe
FirewallRules: [{D96E33FA-6281-4197-AB32-420E242A9462}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{9AA714C1-EEB2-4C5F-A143-209E89661824}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{7354462A-3AF3-4AA0-B88D-BA97F2B63AB4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{9F3DE6F9-10F4-4A1E-B856-351EC18AD5D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{11A800D0-EB63-4B80-ACA5-8FE1DCC4937E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BeastsOfPrey\BoP.exe
FirewallRules: [{1B075C3F-A29A-4C84-B0D4-573749D3B2D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BeastsOfPrey\BoP.exe
FirewallRules: [TCP Query User{65AAA524-EBD1-47EA-A54A-CFF2D7798942}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{F101F2D5-DBA8-4308-95AB-B106E214700D}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{3DBDBD5D-46DE-4ABD-AB37-A4D0A03C656C}] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{AEF589B8-701A-4CD8-A36E-94FA5329A87B}] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{E52038A3-F730-4D21-B1D4-E414052ACA17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{09B7A68D-CC28-4CBA-8FE0-3ED47EE2829D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{3C0CF389-C35F-4ADF-B5BA-9EE0BDC2CFB3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{FB89EA6E-F11E-4C8C-BCF9-AA48A91E08CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{12AB1D4A-AEA0-4E81-9610-DD6BA5DF808C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A653015-4603-4189-B17C-1D3E89C4369E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{111E362C-D03C-4E1A-96AA-A5921D5D2378}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{69B01954-E4C3-4D81-861A-E61FAA9B9871}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{7A5668D2-B062-4573-A557-7E8875C738CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{FDB839C2-FD74-42C4-9174-80BE18CE6311}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{700AF3FF-F28E-4FDD-A4D2-BD889C1F53F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{C56D9B61-C3F5-481D-BDE6-EFAEC10DB5E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{FA56F61F-49E5-4DD7-A5E5-51FAB49661E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BeastsOfPrey\BoPServer.exe
FirewallRules: [{351EE148-B9EC-426D-BBA3-B49672539F63}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BeastsOfPrey\BoPServer.exe
FirewallRules: [{8D74E8BB-BB15-4B0B-B8EF-407EB7C28E80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bleed\Bleed.exe
FirewallRules: [{A59A244C-4BF2-4CDC-B19C-F2FC1C910A75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bleed\Bleed.exe
FirewallRules: [{08F3EE04-950F-46FE-9BDF-61F825513E1B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9A313851-6C6B-4DCE-8771-E35BA13A0CBA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{45EF1F2B-132E-4BD2-A314-A90B7337F94C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MapleStory\nxsteam.exe
FirewallRules: [{901DD377-288C-4B3A-8C94-BB5BBA99C3FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MapleStory\nxsteam.exe
FirewallRules: [{6441A490-DA63-43BC-92A8-EC17E91B51D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{D090F7E4-4395-4E7F-9B92-69D4AB0FB32B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{1BF332A9-1C80-42F1-B353-9D0F4FC46B7F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{9C916D3A-4C99-422C-AFBE-A8D4CF8303A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [TCP Query User{64D375E5-6B67-4D2C-A5F0-8B5FA7D95EE2}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{E27FD787-1A89-420E-8803-D1520F60C119}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{1D87DBD7-72D0-47E0-BF6F-FDBA84EAD380}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{4876C9B3-0BAC-4DC5-9BCE-D50BD8062ECF}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{396857E2-B52F-4000-A3D4-B4B46ABDD11A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{DAE601F3-6E1C-4C61-9BD9-7725BD0D4087}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{A61F9DA8-EDA2-47C0-996B-A810D12F9D05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{12350A7E-B015-4491-80FD-B1796E949107}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{FC15B77E-E2B3-4EDD-BCE4-95BA6FF5F3BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Minimum\Binaries\Win32\MinGame-Win32-F.exe
FirewallRules: [{285C7906-7830-4080-A0B7-A96CEBF8BAA9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Minimum\Binaries\Win32\MinGame-Win32-F.exe
FirewallRules: [{F6B3072F-6D61-4B0A-93EF-CCD3503D83AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{6AC4B97F-0006-4A30-88F7-D8F7B902B8D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{4DFAF586-161B-401E-9942-F0032CBC9A46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{AAF41A8F-8B7E-44FE-914F-7F33F0864B9C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{790A0C8B-BD76-412B-A5FC-D037CA0F2449}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{140D7608-E56D-4BD1-B865-8E75D2C4B906}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
FirewallRules: [TCP Query User{5A9ECFBF-5E10-4372-9D45-41BD045AFED7}C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{4D282EAA-44AA-421D-8A33-CF15EB6BBECC}C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{E942CCB8-2C33-4D07-816E-E8BA8E193DC4}] => (Block) C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{0793EAEB-9108-4CD1-BF11-7C8C551BDCD7}] => (Block) C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{3B65519B-9287-4FB0-AB24-3148D5A71A09}] => (Allow) LPort=8317
FirewallRules: [{A889F06A-26A8-4A40-8E3D-C1BA126E0172}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{2A104A2F-57D0-4E45-8675-788693AFC6FF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{1773133B-7E7E-412A-B498-B44EEECBA871}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plug & Play\pnp.exe
FirewallRules: [{778DBBA2-9362-493C-ABE3-76D76DD29B37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plug & Play\pnp.exe
FirewallRules: [{EDD91BAC-3B04-439C-9E19-CDE76CFB7D03}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{57D9A732-B49B-4E66-B800-154CE148DD75}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1C35A8A7-CF2B-4E3E-A947-A3A29A0E2150}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{38413AB9-55E0-4EBB-A77E-7160700E6415}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{F415251F-F84D-43B1-80F7-72ACB86E0488}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [TCP Query User{4CC99D07-D0B9-4FEE-8D29-9F7A18FF8BDF}C:\program files (x86)\armagetron advanced\armagetronad.exe] => (Block) C:\program files (x86)\armagetron advanced\armagetronad.exe
FirewallRules: [UDP Query User{B68987CE-D76E-4560-96DA-2810677376C2}C:\program files (x86)\armagetron advanced\armagetronad.exe] => (Block) C:\program files (x86)\armagetron advanced\armagetronad.exe
FirewallRules: [{AE871FD7-CF1E-431B-B013-20C4BE2C1A2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E7699121-0E44-47F1-9EDB-0DCA40753E42}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{149163FE-8A80-4C86-94E9-7027B89EDCDC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{51720C3A-E13F-48ED-B7D6-45B9888D7CEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AEFE3C0F-D5AA-47D6-81DC-AD9AB82F7EE6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Extreme\PeggleExtreme.exe
FirewallRules: [{FE1CB46C-582B-4DFA-B274-C7F6676DBC4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Extreme\PeggleExtreme.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: scfd_1_10_0_16
Description: scfd_1_10_0_16
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: scfd_1_10_0_16
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/09/2015 06:48:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x24e0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (06/09/2015 06:47:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x2700
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (06/09/2015 06:46:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1e78
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (06/09/2015 05:55:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2015 05:09:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2015 04:55:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2015 04:54:03 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (7120429F) (80131506)
 
Error: (06/09/2015 10:56:05 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (7120429F) (80131506)
 
Error: (06/09/2015 10:52:40 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (7120429F) (80131506)
 
Error: (06/09/2015 10:52:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer.exe, version: 10.0.43174.0, time stamp: 0x556c3b30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02abb5e0
Faulting process id: 0x580
Faulting application start time: 0xTeamViewer.exe0
Faulting application path: TeamViewer.exe1
Faulting module path: TeamViewer.exe2
Report Id: TeamViewer.exe3
 
 
System errors:
=============
Error: (06/09/2015 06:04:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Manual Motherboard service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/09/2015 06:04:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Key In Callout service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/09/2015 06:04:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Single Spaced Removable Media service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/09/2015 05:57:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (06/09/2015 05:57:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (06/09/2015 05:57:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (06/09/2015 05:55:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
scfd_1_10_0_16
 
Error: (06/09/2015 05:54:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UpdateCheck service failed to start due to the following error: 
%%2
 
Error: (06/09/2015 05:54:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error: 
%%2
 
Error: (06/09/2015 05:54:20 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xfffff8a00237c000, 0x0000000000000000, 0xfffff800034f308a, 0x0000000000000000)C:\Windows\MEMORY.DMP060915-58203-01
 
 
Microsoft Office:
=========================
Error: (06/09/2015 06:48:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa124e001d0a290ee5ce509C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll401a0d98-0e84-11e5-9ca7-94de80741260
 
Error: (06/09/2015 06:47:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa1270001d0a290cf853d8cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll232cff3a-0e84-11e5-9ca7-94de80741260
 
Error: (06/09/2015 06:46:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa11e7801d0a28a9afce5d5C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll066b473f-0e84-11e5-9ca7-94de80741260
 
Error: (06/09/2015 05:55:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2015 05:09:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2015 04:55:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2015 04:54:03 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (7120429F) (80131506)
 
Error: (06/09/2015 10:56:05 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (7120429F) (80131506)
 
Error: (06/09/2015 10:52:40 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (7120429F) (80131506)
 
Error: (06/09/2015 10:52:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TeamViewer.exe10.0.43174.0556c3b30unknown0.0.0.000000000c000000502abb5e058001d0a24a2d9fa871C:\Program Files (x86)\TeamViewer\TeamViewer.exeunknownc5e09c26-0e41-11e5-9b51-94de80741260
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 36%
Total physical RAM: 8150.19 MB
Available physical RAM: 5195.79 MB
Total Pagefile: 16300.38 MB
Available Pagefile: 13039.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:101.63 GB) NTFS
Drive e: (Lexar) (Removable) (Total:14.9 GB) (Free:14.72 GB) FAT32
Drive f: (FO_CD2) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D290F437)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
 
==================== End of log ============================

Attached Files


Edited by xXToffeeXx, 09 June 2015 - 09:17 AM.


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:22 AM

Posted 09 June 2015 - 09:50 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Let's get going now :thumbup2:

==========================
 
Hi Twinmum,

We need to remove some programs with Revo Uninstaller Free:
 
Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
AutoDeAlsAPp
Infonaut 1.10.0.14
Google Chrome
SmartWeb
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
() C:\Windows\SysWOW64\First Verify\afirstsvc.exe
C:\Windows\SysWOW64\First Verify
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_au_319] => [X]
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [BackUp978759929] => C:\Users\Ashlee\AppData\Roaming\BackUp978759929.exe [462848 2009-07-14] ()
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C580.lnk [2015-04-13]
ShortcutTarget: C580.lnk -> C:\ProgramData\{b7519684-238b-5ef1-b751-196842385a10}\C580.exe (No File)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F0.lnk [2015-04-13]
ShortcutTarget: F0.lnk -> C:\ProgramData\{de85fefc-dde9-3678-de85-5fefcddefbf3}\F0.exe (No File)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FF60.lnk [2015-04-13]
ShortcutTarget: FF60.lnk -> C:\ProgramData\{25e291f2-cb0c-d8a3-25e2-291f2cb047cb}\FF60.exe (No File)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sword Art Online 01 - Aincrad.pdf.lnk [2015-04-14]
ShortcutTarget: Sword Art Online 01 - Aincrad.pdf.lnk -> C:\ProgramData\{ee76c9f7-2d40-9c66-ee76-6c9f72d427dc}\Sword Art Online 01 - Aincrad.pdf.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Winsock: Catalog9 01 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 02 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 03 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 04 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 05 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 06 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 07 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 08 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 09 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 10 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 21 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9-x64 01 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 02 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 03 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 04 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 05 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 06 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 07 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 08 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 09 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 10 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 21 C:\Windows\Provider.dll [173056 2015-06-09] ()
S2 cybusyro; C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009\jnsc264B.tmp [223232 2015-06-06] () [File not signed]
S2 dequzody; C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009\hnsx4ABE.tmp [167424 2015-06-06] () [File not signed]
S2 muqusoni; C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009\nsv2CB6.tmp [684032 2015-06-08] () [File not signed]
C:\Users\Ashlee\AppData\Roaming\BackUp978759929.exe
C:\ProgramData\{b7519684-238b-5ef1-b751-196842385a10}
C:\ProgramData\{de85fefc-dde9-3678-de85-5fefcddefbf3}
C:\ProgramData\{25e291f2-cb0c-d8a3-25e2-291f2cb047cb}
C:\ProgramData\{ee76c9f7-2d40-9c66-ee76-6c9f72d427dc}
C:\Windows\Provider32
C:\Windows\Provider.dll
C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009
C:\Users\Ashlee\AppData\Roaming\03DE0294-1433585494-0574-1206-600700080009
2015-06-09 10:52 - 2015-06-09 16:52 - 00173056 _____ C:\Windows\Provider20150609185459PM.dll
2015-06-09 10:52 - 2015-06-09 15:52 - 00173056 _____ C:\Windows\Provider20150609165252PM.dll
2015-06-09 10:52 - 2015-06-09 14:52 - 00173056 _____ C:\Windows\Provider20150609155243PM.dll
2015-06-09 10:52 - 2015-06-09 13:52 - 00173056 _____ C:\Windows\Provider20150609145235PM.dll
2015-06-09 10:52 - 2015-06-09 12:52 - 00173056 _____ C:\Windows\Provider20150609135227PM.dll
2015-06-09 10:52 - 2015-06-09 11:52 - 00173056 _____ C:\Windows\Provider20150609125218PM.dll
2015-06-09 10:52 - 2015-06-09 10:52 - 00000000 ____D C:\Windows\Provider
2015-06-09 10:52 - 2015-06-02 18:30 - 00173056 _____ C:\Windows\Provider20150609115210AM.dll
2015-06-07 10:42 - 2015-06-07 10:42 - 00613255 _____ (CMI Limited) C:\Users\Ashlee\AppData\Local\nscC9C8.tmp
2015-06-06 21:33 - 2015-06-06 21:33 - 00613255 _____ (CMI Limited) C:\Users\Ashlee\AppData\Local\nsx9B76.tmp
C:\Users\Ashlee\AppData\Local\Temp\_isA8FB.exe
Task: {34B91367-E070-4FE2-9773-E5A5612CAE74} - System32\Tasks\Bidaily Synchronize Task[3c32] => c:\programdata\{94f731b2-5629-116d-94f7-731b2562c6c9}\hqghumeaylnlf.exe <==== ATTENTION
c:\programdata\{94f731b2-5629-116d-94f7-731b2562c6c9}
Task: {53DC48DC-CE9D-4175-A2D3-9B231E496296} - System32\Tasks\FRVOIK => C:\Users\Ashlee\AppData\Roaming\FRVOIK.exe <==== ATTENTION
C:\Users\Ashlee\AppData\Roaming\FRVOIK.exe
Task: {A2C7C9F3-33AD-444D-B3C4-8CECB5AFC13B} - System32\Tasks\WF => C:\Users\Ashlee\AppData\Roaming\WF.exe <==== ATTENTION
C:\Users\Ashlee\AppData\Roaming\WF.exe
Task: {BD0E20D7-4E5C-4FDE-9425-97A71FBD235B} - System32\Tasks\PragmaInstance => c:\programdata\{edfb5e3e-60fc-1ab3-edfb-b5e3e60f78f9}\4056202311027190382b.exe
c:\programdata\{edfb5e3e-60fc-1ab3-edfb-b5e3e60f78f9}
Task: C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job => c:\programdata\{94f731b2-5629-116d-94f7-731b2562c6c9}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\FRVOIK.job => C:\Users\Ashlee\AppData\Roaming\FRVOIK.exe <==== ATTENTION
Task: C:\Windows\Tasks\PragmaInstance.job => c:\programdata\{edfb5e3e-60fc-1ab3-edfb-b5e3e60f78f9}\4056202311027190382b.exe
Task: C:\Windows\Tasks\WF.job => C:\Users\Ashlee\AppData\Roaming\WF.exe <==== ATTENTION
CMD: netsh winsock reset
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Twinmum

Twinmum
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:22 PM

Posted 09 June 2015 - 09:04 PM

Thank you Toffee for taking the time to help us...

 

I've done all you asked with a few hiccups

When I ran Revo, it started to populate the list with programs, then crashed to a blue screen with a message about encountering a problem and shutting down to avoid damage (there was more to the message but it was gone before I could read it all) When it restarted I ran Revo with (mostly) no more problems.

While uninstalling AutoDeAlAPp there was a pop up that said  Running the application uninstaller failed. Possible invallid uninstall command.

Despite that message, it continued and found leftovers to remove.

 

When I did Infonaut, I got to the point of checking boxes for leftovers and the window just vanished from the screen.

 

When looking for leftovers for SmartWeb it came up with two entries, but they were not bold, so I left them.

 

It wanted to resart and the computer shut down, but didn't restart correctly - all I had was a black screen with a flashing curser in the corner. I waited some time, but eventually we just hit the power button. It restarted and resumed making a report.

 

FRST and AdwCleaner both ran without a hitch  - reports follow

 

Norma

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Ashlee at 2015-06-10 11:29:18 Run:1
Running from C:\Users\Ashlee\Desktop
Loaded Profiles: Ashlee (Available Profiles: Ashlee & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
() C:\Windows\SysWOW64\First Verify\afirstsvc.exe
C:\Windows\SysWOW64\First Verify
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_au_319] => [X]
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [BackUp978759929] => C:\Users\Ashlee\AppData\Roaming\BackUp978759929.exe [462848 2009-07-14] ()
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C580.lnk [2015-04-13]
ShortcutTarget: C580.lnk -> C:\ProgramData\{b7519684-238b-5ef1-b751-196842385a10}\C580.exe (No File)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F0.lnk [2015-04-13]
ShortcutTarget: F0.lnk -> C:\ProgramData\{de85fefc-dde9-3678-de85-5fefcddefbf3}\F0.exe (No File)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FF60.lnk [2015-04-13]
ShortcutTarget: FF60.lnk -> C:\ProgramData\{25e291f2-cb0c-d8a3-25e2-291f2cb047cb}\FF60.exe (No File)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sword Art Online 01 - Aincrad.pdf.lnk [2015-04-14]
ShortcutTarget: Sword Art Online 01 - Aincrad.pdf.lnk -> C:\ProgramData\{ee76c9f7-2d40-9c66-ee76-6c9f72d427dc}\Sword Art Online 01 - Aincrad.pdf.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Winsock: Catalog9 01 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 02 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 03 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 04 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 05 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 06 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 07 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 08 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 09 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 10 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9 21 C:\Windows\Provider32\Provider.dll [145408 2015-06-09] ()
Winsock: Catalog9-x64 01 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 02 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 03 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 04 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 05 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 06 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 07 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 08 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 09 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 10 C:\Windows\Provider.dll [173056 2015-06-09] ()
Winsock: Catalog9-x64 21 C:\Windows\Provider.dll [173056 2015-06-09] ()
S2 cybusyro; C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009\jnsc264B.tmp [223232 2015-06-06] () [File not signed]
S2 dequzody; C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009\hnsx4ABE.tmp [167424 2015-06-06] () [File not signed]
S2 muqusoni; C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009\nsv2CB6.tmp [684032 2015-06-08] () [File not signed]
C:\Users\Ashlee\AppData\Roaming\BackUp978759929.exe
C:\ProgramData\{b7519684-238b-5ef1-b751-196842385a10}
C:\ProgramData\{de85fefc-dde9-3678-de85-5fefcddefbf3}
C:\ProgramData\{25e291f2-cb0c-d8a3-25e2-291f2cb047cb}
C:\ProgramData\{ee76c9f7-2d40-9c66-ee76-6c9f72d427dc}
C:\Windows\Provider32
C:\Windows\Provider.dll
C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009
C:\Users\Ashlee\AppData\Roaming\03DE0294-1433585494-0574-1206-600700080009
2015-06-09 10:52 - 2015-06-09 16:52 - 00173056 _____ C:\Windows\Provider20150609185459PM.dll
2015-06-09 10:52 - 2015-06-09 15:52 - 00173056 _____ C:\Windows\Provider20150609165252PM.dll
2015-06-09 10:52 - 2015-06-09 14:52 - 00173056 _____ C:\Windows\Provider20150609155243PM.dll
2015-06-09 10:52 - 2015-06-09 13:52 - 00173056 _____ C:\Windows\Provider20150609145235PM.dll
2015-06-09 10:52 - 2015-06-09 12:52 - 00173056 _____ C:\Windows\Provider20150609135227PM.dll
2015-06-09 10:52 - 2015-06-09 11:52 - 00173056 _____ C:\Windows\Provider20150609125218PM.dll
2015-06-09 10:52 - 2015-06-09 10:52 - 00000000 ____D C:\Windows\Provider
2015-06-09 10:52 - 2015-06-02 18:30 - 00173056 _____ C:\Windows\Provider20150609115210AM.dll
2015-06-07 10:42 - 2015-06-07 10:42 - 00613255 _____ (CMI Limited) C:\Users\Ashlee\AppData\Local\nscC9C8.tmp
2015-06-06 21:33 - 2015-06-06 21:33 - 00613255 _____ (CMI Limited) C:\Users\Ashlee\AppData\Local\nsx9B76.tmp
C:\Users\Ashlee\AppData\Local\Temp\_isA8FB.exe
Task: {34B91367-E070-4FE2-9773-E5A5612CAE74} - System32\Tasks\Bidaily Synchronize Task[3c32] => c:\programdata\{94f731b2-5629-116d-94f7-731b2562c6c9}\hqghumeaylnlf.exe <==== ATTENTION
c:\programdata\{94f731b2-5629-116d-94f7-731b2562c6c9}
Task: {53DC48DC-CE9D-4175-A2D3-9B231E496296} - System32\Tasks\FRVOIK => C:\Users\Ashlee\AppData\Roaming\FRVOIK.exe <==== ATTENTION
C:\Users\Ashlee\AppData\Roaming\FRVOIK.exe
Task: {A2C7C9F3-33AD-444D-B3C4-8CECB5AFC13B} - System32\Tasks\WF => C:\Users\Ashlee\AppData\Roaming\WF.exe <==== ATTENTION
C:\Users\Ashlee\AppData\Roaming\WF.exe
Task: {BD0E20D7-4E5C-4FDE-9425-97A71FBD235B} - System32\Tasks\PragmaInstance => c:\programdata\{edfb5e3e-60fc-1ab3-edfb-b5e3e60f78f9}\4056202311027190382b.exe
c:\programdata\{edfb5e3e-60fc-1ab3-edfb-b5e3e60f78f9}
Task: C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job => c:\programdata\{94f731b2-5629-116d-94f7-731b2562c6c9}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\FRVOIK.job => C:\Users\Ashlee\AppData\Roaming\FRVOIK.exe <==== ATTENTION
Task: C:\Windows\Tasks\PragmaInstance.job => c:\programdata\{edfb5e3e-60fc-1ab3-edfb-b5e3e60f78f9}\4056202311027190382b.exe
Task: C:\Windows\Tasks\WF.job => C:\Users\Ashlee\AppData\Roaming\WF.exe <==== ATTENTION
CMD: netsh winsock reset
*****************

[3548] C:\Windows\SysWOW64\First Verify\afirstsvc.exe => process closed successfully.
C:\Windows\SysWOW64\First Verify => moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_au_319 => value removed successfully
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackUp978759929 => value removed successfully
C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C580.lnk => moved successfully.
C:\ProgramData\{b7519684-238b-5ef1-b751-196842385a10}\C580.exe not found.
C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F0.lnk => moved successfully.
C:\ProgramData\{de85fefc-dde9-3678-de85-5fefcddefbf3}\F0.exe not found.
C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FF60.lnk => moved successfully.
C:\ProgramData\{25e291f2-cb0c-d8a3-25e2-291f2cb047cb}\FF60.exe not found.
C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sword Art Online 01 - Aincrad.pdf.lnk => moved successfully.
C:\ProgramData\{ee76c9f7-2d40-9c66-ee76-6c9f72d427dc}\Sword Art Online 01 - Aincrad.pdf.exe not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Winsock: Catalog entry 000000000001 => removed successfully
Winsock: Catalog entry 000000000002 => removed successfully
Winsock: Catalog entry 000000000003 => removed successfully
Winsock: Catalog entry 000000000004 => removed successfully
Winsock: Catalog entry 000000000005 => removed successfully
Winsock: Catalog entry 000000000006 => removed successfully
Winsock: Catalog entry 000000000007 => removed successfully
Winsock: Catalog entry 000000000008 => removed successfully
Winsock: Catalog entry 000000000009 => removed successfully
Winsock: Catalog entry 000000000010 => removed successfully
Winsock: Catalog entry 000000000021 => removed successfully
Winsock: Catalog entry 000000000001 => removed successfully
Winsock: Catalog entry 000000000002 => removed successfully
Winsock: Catalog entry 000000000003 => removed successfully
Winsock: Catalog entry 000000000004 => removed successfully
Winsock: Catalog entry 000000000005 => removed successfully
Winsock: Catalog entry 000000000006 => removed successfully
Winsock: Catalog entry 000000000007 => removed successfully
Winsock: Catalog entry 000000000008 => removed successfully
Winsock: Catalog entry 000000000009 => removed successfully
Winsock: Catalog entry 000000000010 => removed successfully
Winsock: Catalog entry 000000000021 => removed successfully
cybusyro => Service stopped successfully.
cybusyro => Service removed successfully
dequzody => Service stopped successfully.
dequzody => Service removed successfully
muqusoni => Service stopped successfully.
muqusoni => Service removed successfully
C:\Users\Ashlee\AppData\Roaming\BackUp978759929.exe => moved successfully.
"C:\ProgramData\{b7519684-238b-5ef1-b751-196842385a10}" => File/Folder not found.
"C:\ProgramData\{de85fefc-dde9-3678-de85-5fefcddefbf3}" => File/Folder not found.
"C:\ProgramData\{25e291f2-cb0c-d8a3-25e2-291f2cb047cb}" => File/Folder not found.
"C:\ProgramData\{ee76c9f7-2d40-9c66-ee76-6c9f72d427dc}" => File/Folder not found.
C:\Windows\Provider32 => moved successfully.
C:\Windows\Provider.dll => moved successfully.
C:\Users\Ashlee\AppData\Roaming\03DE0294-1433574867-0574-1206-600700080009 => moved successfully.
C:\Users\Ashlee\AppData\Roaming\03DE0294-1433585494-0574-1206-600700080009 => moved successfully.
C:\Windows\Provider20150609185459PM.dll => moved successfully.
C:\Windows\Provider20150609165252PM.dll => moved successfully.
C:\Windows\Provider20150609155243PM.dll => moved successfully.
C:\Windows\Provider20150609145235PM.dll => moved successfully.
C:\Windows\Provider20150609135227PM.dll => moved successfully.
C:\Windows\Provider20150609125218PM.dll => moved successfully.

"C:\Windows\Provider" folder move:

Could not move "C:\Windows\Provider" folder => Scheduled to move on reboot.

C:\Windows\Provider20150609115210AM.dll => moved successfully.
C:\Users\Ashlee\AppData\Local\nscC9C8.tmp => moved successfully.
C:\Users\Ashlee\AppData\Local\nsx9B76.tmp => moved successfully.
C:\Users\Ashlee\AppData\Local\Temp\_isA8FB.exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34B91367-E070-4FE2-9773-E5A5612CAE74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34B91367-E070-4FE2-9773-E5A5612CAE74}" => key removed successfully
C:\Windows\System32\Tasks\Bidaily Synchronize Task[3c32] => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[3c32]" => key removed successfully
"c:\programdata\{94f731b2-5629-116d-94f7-731b2562c6c9}" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53DC48DC-CE9D-4175-A2D3-9B231E496296}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53DC48DC-CE9D-4175-A2D3-9B231E496296}" => key removed successfully
C:\Windows\System32\Tasks\FRVOIK => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FRVOIK" => key removed successfully
"C:\Users\Ashlee\AppData\Roaming\FRVOIK.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A2C7C9F3-33AD-444D-B3C4-8CECB5AFC13B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2C7C9F3-33AD-444D-B3C4-8CECB5AFC13B}" => key removed successfully
C:\Windows\System32\Tasks\WF => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WF" => key removed successfully
"C:\Users\Ashlee\AppData\Roaming\WF.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD0E20D7-4E5C-4FDE-9425-97A71FBD235B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD0E20D7-4E5C-4FDE-9425-97A71FBD235B}" => key removed successfully
C:\Windows\System32\Tasks\PragmaInstance => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PragmaInstance" => key removed successfully
"c:\programdata\{edfb5e3e-60fc-1ab3-edfb-b5e3e60f78f9}" => File/Folder not found.
C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job => moved successfully.
C:\Windows\Tasks\FRVOIK.job => moved successfully.
C:\Windows\Tasks\PragmaInstance.job => moved successfully.
C:\Windows\Tasks\WF.job => moved successfully.

=========  netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-10 11:36:41)<=

C:\Windows\Provider => Is moved successfully

==== End of Fixlog 11:36:41 ====

 

 

 

 

 

 

 

 

 

 

# AdwCleaner v4.206 - Logfile created 10/06/2015 at 11:41:31
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ashlee - ASHLEE-PC
# Running from : C:\Users\Ashlee\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : cherimoya
Service Found : csrcc
Service Found : shopperz Updater
Service Found : innfd_1_10_0_14
Service Found : d54b8bbd-6b74-4d90-b801-8120aa8b2438

***** [ Files / Folders ] *****

File Found : C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Found : C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
File Found : C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
File Found : C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\user.js
File Found : C:\Users\Ashlee\Desktop\Continue Live Installation.lnk
File Found : C:\Windows\System32\drivers\cherimoya.sys
Folder Found : C:\Program Files\shopperz
Folder Found : C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Found : C:\Users\Ashlee\AppData\Local\SmartWeb
Folder Found : C:\Users\Ashlee\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Found : C:\Users\Ashlee\AppData\LocalLow\SmartWeb
Folder Found : C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\searchffv2@gmail.com
Folder Found : C:\Users\Ashlee\AppData\Roaming\One System Care

***** [ Scheduled tasks ] *****

Task Found : SmartWeb Upgrade Trigger Task

***** [ Shortcuts ] *****

Shortcut Infected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Infected : C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Infected : C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Infected : C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Infected : C:\Users\Ashlee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - "c:\program files\internet explorer\iexplore.exe" hxxp://www.istartsurf.com/?type=sc&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
Key Found : HKCU\Software\AppDataLow\Software\SmartWeb
Key Found : HKCU\Software\One System Care
Key Found : [x64] HKCU\Software\One System Care
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Found : HKLM\SOFTWARE\istartsurfSoftware
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\shopperz
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : [x64] HKLM\SOFTWARE\shopperz
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[2qj84rt9.default-1433651581028] - Line Found : user_pref("browser.newtab.url", "hxxp://www.istartsurf.com/newtab/?type=nt&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610");
[2qj84rt9.default-1433651581028] - Line Found : user_pref("extensions.rNgAKzRLbtyOEjiG.scode", "(function(){try{if(window.location.href.indexOf(\"pjnEpdnErTrGqdk6pdw6pdw5qa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]

-\\ Google Chrome v

[C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : lccekmodgklaepjeofjdjpbminllajkg
[C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
[C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610

*************************

AdwCleaner[R0].txt - [26035 bytes] - [08/06/2015 11:52:05]
AdwCleaner[R1].txt - [20537 bytes] - [08/06/2015 18:45:47]
AdwCleaner[R2].txt - [8656 bytes] - [10/06/2015 11:41:31]
AdwCleaner[S0].txt - [18572 bytes] - [08/06/2015 18:47:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [8775 bytes] ##########



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:22 AM

Posted 10 June 2015 - 06:46 AM

Hi Twinmum,
 
You are welcome :)
 

When I ran Revo, it started to populate the list with programs, then crashed to a blue screen with a message about encountering a problem and shutting down to avoid damage (there was more to the message but it was gone before I could read it all) When it restarted I ran Revo with (mostly) no more problems.
While uninstalling AutoDeAlAPp there was a pop up that said  Running the application uninstaller failed. Possible invallid uninstall command.
Despite that message, it continued and found leftovers to remove.
 
When I did Infonaut, I got to the point of checking boxes for leftovers and the window just vanished from the screen.
 
When looking for leftovers for SmartWeb it came up with two entries, but they were not bold, so I left them.
 
It wanted to resart and the computer shut down, but didn't restart correctly - all I had was a black screen with a flashing curser in the corner. I waited some time, but eventually we just hit the power button. It restarted and resumed making a report.

Thank you for such a detailed summary. Let me know if you experience anything out of the ordinary.
Once the adware and malware have been removed the system should be more stable.
 
Double click on AdwCleaner.exe to run the tool again.

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
Please re-run FRST from the desktop (like you did before), put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Twinmum

Twinmum
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:22 PM

Posted 10 June 2015 - 08:02 PM

Hi Toffee

Both ran fine. Logs follow. We must be getting close. Her browser is now retaining google as the home page :-) although there are still a few pop up ads here and there.

Quick question.. You had me remove Google Chrome before. Is there a problem with it? (I have never used it myself)

 

Norma

 

# AdwCleaner v4.206 - Logfile created 11/06/2015 at 10:38:19
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ashlee - ASHLEE-PC
# Running from : C:\Users\Ashlee\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : cherimoya
[#] Service Deleted : csrcc
[#] Service Deleted : shopperz Updater
[#] Service Deleted : innfd_1_10_0_14
[#] Service Deleted : d54b8bbd-6b74-4d90-b801-8120aa8b2438

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Users\Ashlee\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Ashlee\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Ashlee\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Ashlee\AppData\Roaming\One System Care
Folder Deleted : C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\searchffv2@gmail.com
Folder Deleted : C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Windows\System32\drivers\cherimoya.sys
File Deleted : C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
File Deleted : C:\Users\Ashlee\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\user.js
File Deleted : C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Deleted : C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : SmartWeb Upgrade Trigger Task

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Ashlee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\One System Care
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\shopperz
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Deleted : [x64] HKLM\SOFTWARE\shopperz

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[2qj84rt9.default-1433651581028\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.istartsurf.com/newtab/?type=nt&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610");
[2qj84rt9.default-1433651581028\prefs.js] - Line Deleted : user_pref("extensions.rNgAKzRLbtyOEjiG.scode", "(function(){try{if(window.location.href.indexOf(\"pjnEpdnErTrGqdk6pdw6pdw5qa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]

-\\ Google Chrome v

[C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg
[C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610
[C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.istartsurf.com/?type=hp&ts=1433811127&z=f2e2b70d7d50f01a768de4eg4z8cfc7b9g6g6g4cfg&from=face&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC38461084610

*************************

AdwCleaner[R0].txt - [26035 bytes] - [08/06/2015 11:52:05]
AdwCleaner[R1].txt - [20537 bytes] - [08/06/2015 18:45:47]
AdwCleaner[R2].txt - [8882 bytes] - [10/06/2015 11:41:31]
AdwCleaner[R3].txt - [8941 bytes] - [11/06/2015 10:36:56]
AdwCleaner[S0].txt - [18572 bytes] - [08/06/2015 18:47:16]
AdwCleaner[S1].txt - [6932 bytes] - [11/06/2015 10:38:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6991  bytes] ##########

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Ashlee (administrator) on ASHLEE-PC on 11-06-2015 10:45:01
Running from C:\Users\Ashlee\Desktop
Loaded Profiles: Ashlee (Available Profiles: Ashlee & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Spotify Ltd) C:\Users\Ashlee\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Huyde.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Huyde64.exe
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590656 2015-05-15] (Razer Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-05] (Valve Corporation)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-02] (Nota Inc.)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [SkypeVoiceChanger] => C:\Program Files (x86)\AthTek\Voice Changer for Skype\SkypeVoiceChanger.exe /auto
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Spotify Web Helper] => C:\Users\Ashlee\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-07] (Spotify Ltd)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282816 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Spotify] => C:\Users\Ashlee\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-06-07] (Spotify Ltd)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\MountPoints2: {e3b5af4d-3888-11e4-ad75-94de80741260} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2014-01-19]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-05-19]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-08-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-05-19]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AutoDeAlsAPp -> {45CC82C0-0455-4320-AA19-6DA582FB82A1} -> C:\Program Files (x86)\AutoDeAlsAPp\cgdqXOtRnI5Mj1.x64.dll No File
BHO: shopperz -> {d0174004-bb12-464b-b666-9ba9bdbd750a} -> C:\Program Files\shopperz\Gaalmi64.dll No File
BHO-x32: AutoDeAlsAPp -> {45CC82C0-0455-4320-AA19-6DA582FB82A1} -> C:\Program Files (x86)\AutoDeAlsAPp\cgdqXOtRnI5Mj1.dll No File
BHO-x32: shopperz -> {d0174004-bb12-464b-b666-9ba9bdbd750a} -> C:\Program Files\shopperz\Gaalmi.dll No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6F1B4597-E969-44DF-9C33-538B39C15279}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{7456F197-4F43-40A3-A9AC-23678AC01AA8}: [NameServer] 81.218.119.5,82.163.142.130

FireFox:
========
FF ProfilePath: C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028
FF Homepage: https://www.google.com.au/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-23] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin HKU\S-1-5-21-3659292527-334032331-3834142823-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ashlee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3659292527-334032331-3834142823-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin HKU\S-1-5-21-3659292527-334032331-3834142823-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Extension: AutoDeAlsAPp - C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\SGgT8s@l.net [2015-06-08]
FF Extension: DiscountMan - C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\zocqdcuicrwotfz_cu@ctyynqwbqekmlook.com [2015-06-08]
FF HKLM\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-06-03] <==== ATTENTION

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (YouTube) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Google Sheets) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Hola Better Internet) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-24]
CHR Extension: (Google Wallet) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (Gmail) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-12-16] (Hi-Rez Studios) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-07] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run  [X]
S2 UpdateDustTool; "C:\Windows\Provider\UpdaterToolService.exe" [X]
S2 Verifies and fixes issues; C:\Windows\SysWOW64\First Verify\afirstsvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-05-04] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-11] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-03] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2014-05-30] (MotioninJoy) [File not signed]
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-24] (Razer, Inc.)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2014-12-22] (Creative Technology Ltd.)
S3 BS978759929; \??\C:\Users\Ashlee\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 11:50 - 2015-06-10 11:50 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-10 11:49 - 2015-06-10 11:49 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-10 11:29 - 2015-06-10 11:29 - 00003630 _____ C:\Windows\System32\Tasks\Papuir
2015-06-10 10:57 - 2015-06-10 10:58 - 00290192 _____ C:\Windows\Minidump\061015-55224-01.dmp
2015-06-10 10:55 - 2015-06-10 10:55 - 00001264 _____ C:\Users\Ashlee\Desktop\Revo Uninstaller.lnk
2015-06-10 10:55 - 2015-06-10 10:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-10 10:55 - 2015-06-10 10:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ashlee\Desktop\revosetup.exe
2015-06-10 10:44 - 2015-06-02 05:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 10:44 - 2015-06-02 04:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 10:44 - 2015-05-28 00:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 10:44 - 2015-05-28 00:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 10:44 - 2015-05-23 13:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 10:44 - 2015-05-23 13:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 10:44 - 2015-05-23 13:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 10:44 - 2015-05-23 13:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 10:44 - 2015-05-23 13:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 10:44 - 2015-05-23 13:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 10:44 - 2015-05-23 13:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 10:44 - 2015-05-23 13:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 10:44 - 2015-05-23 13:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 10:44 - 2015-05-23 13:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 10:44 - 2015-05-23 13:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 10:44 - 2015-05-23 13:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 10:44 - 2015-05-23 13:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 10:44 - 2015-05-23 12:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 10:44 - 2015-05-23 12:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 10:44 - 2015-05-23 12:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 10:44 - 2015-05-23 12:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 10:44 - 2015-05-23 12:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 10:44 - 2015-05-23 12:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 10:44 - 2015-05-23 12:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 10:44 - 2015-05-23 12:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 10:44 - 2015-05-23 12:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 10:44 - 2015-05-23 12:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 10:44 - 2015-05-23 12:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 10:44 - 2015-05-23 12:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 10:44 - 2015-05-23 12:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 10:44 - 2015-05-23 05:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 10:44 - 2015-05-23 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 10:44 - 2015-05-23 05:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 10:44 - 2015-05-23 05:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 10:44 - 2015-05-23 05:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 10:44 - 2015-05-23 05:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 10:44 - 2015-05-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 10:44 - 2015-05-23 04:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 10:44 - 2015-05-23 04:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 10:44 - 2015-05-23 04:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 10:44 - 2015-05-23 04:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 10:44 - 2015-05-23 04:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 10:44 - 2015-05-23 04:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 10:44 - 2015-05-23 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 10:44 - 2015-05-23 04:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 10:44 - 2015-05-23 04:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 10:44 - 2015-05-23 04:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 10:44 - 2015-05-23 04:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 10:44 - 2015-05-23 04:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 10:44 - 2015-05-23 04:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 10:44 - 2015-05-23 04:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 10:44 - 2015-05-23 04:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 10:44 - 2015-05-23 04:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 10:44 - 2015-05-23 04:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 10:44 - 2015-05-23 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 10:44 - 2015-05-23 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 10:44 - 2015-05-23 03:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 10:44 - 2015-05-23 03:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 10:44 - 2015-05-23 03:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 10:44 - 2015-05-23 03:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 10:43 - 2015-05-23 04:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 10:43 - 2015-05-21 23:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 10:42 - 2015-05-26 03:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 10:42 - 2015-04-30 04:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 10:42 - 2015-04-30 04:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 10:42 - 2015-04-30 04:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 10:42 - 2015-04-30 04:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 10:42 - 2015-04-30 04:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 10:42 - 2015-04-30 04:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 10:42 - 2015-04-30 04:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 10:42 - 2015-04-30 04:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 10:42 - 2015-04-30 04:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 10:42 - 2015-04-30 04:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 10:41 - 2015-05-26 04:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 10:41 - 2015-05-26 04:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 10:41 - 2015-05-26 04:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 10:41 - 2015-05-26 04:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 10:41 - 2015-05-26 04:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 10:41 - 2015-05-26 04:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 10:41 - 2015-05-26 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 10:41 - 2015-05-26 04:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 10:41 - 2015-05-26 04:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 10:41 - 2015-05-26 04:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 10:41 - 2015-05-26 04:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 10:41 - 2015-05-26 04:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 10:41 - 2015-05-26 04:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 10:41 - 2015-05-26 03:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 10:41 - 2015-05-26 03:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 10:41 - 2015-05-26 03:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 10:41 - 2015-05-26 03:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 10:41 - 2015-05-26 03:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 10:41 - 2015-05-26 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 10:41 - 2015-05-26 02:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 10:41 - 2015-05-26 02:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 10:41 - 2015-05-26 02:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 10:40 - 2015-04-25 04:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 10:40 - 2015-04-25 03:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 10:40 - 2015-04-11 13:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 10:25 - 2015-06-10 10:25 - 00262192 _____ C:\Windows\Minidump\061015-19406-01.dmp
2015-06-09 19:50 - 2015-06-11 10:45 - 00021739 _____ C:\Users\Ashlee\Desktop\FRST.txt
2015-06-09 19:50 - 2015-06-09 19:51 - 00078738 _____ C:\Users\Ashlee\Desktop\Addition.txt
2015-06-09 19:49 - 2015-06-11 10:45 - 00000000 ____D C:\FRST
2015-06-09 19:49 - 2015-06-09 19:48 - 02108928 _____ (Farbar) C:\Users\Ashlee\Desktop\FRST64.exe
2015-06-09 19:15 - 2015-06-09 19:21 - 00000000 ____D C:\Users\Ashlee\Desktop\New folder (2)
2015-06-09 18:58 - 2015-06-09 18:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ashlee\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-09 18:06 - 2015-06-09 18:06 - 00000743 _____ C:\Users\Ashlee\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-09 18:03 - 2015-06-09 18:04 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\FixExec.exe
2015-06-09 17:54 - 2015-06-09 17:54 - 00266320 _____ C:\Windows\Minidump\060915-58203-01.dmp
2015-06-09 17:26 - 2015-06-09 18:04 - 00002406 _____ C:\Users\Ashlee\Desktop\FixExec.txt
2015-06-09 17:16 - 2015-06-09 17:16 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\iexplore.exe.exe
2015-06-09 10:52 - 2015-06-09 22:56 - 00173056 _____ C:\Windows\Provider20150609235620PM.dll
2015-06-09 10:52 - 2015-06-09 21:56 - 00173056 _____ C:\Windows\Provider20150609225610PM.dll
2015-06-09 10:52 - 2015-06-09 20:55 - 00173056 _____ C:\Windows\Provider20150609215558PM.dll
2015-06-09 10:52 - 2015-06-09 19:55 - 00173056 _____ C:\Windows\Provider20150609205539PM.dll
2015-06-09 10:52 - 2015-06-09 18:55 - 00173056 _____ C:\Windows\Provider20150609195524PM.dll
2015-06-09 10:52 - 2015-06-09 10:52 - 00718497 _____ C:\Windows\unins000.exe
2015-06-09 10:52 - 2015-06-09 10:52 - 00010265 _____ C:\Windows\unins000.dat
2015-06-09 10:52 - 2015-06-09 10:52 - 00000000 _____ C:\Windows\SysWOW64\0
2015-06-09 10:52 - 2015-06-02 18:30 - 00101888 _____ C:\Windows\Installer.exe
2015-06-08 21:35 - 2015-06-09 18:06 - 00000000 ____D C:\EEK
2015-06-08 21:35 - 2015-06-08 18:38 - 157272816 _____ C:\Users\Ashlee\Desktop\EmsisoftEmergencyKit.exe
2015-06-08 19:00 - 2015-06-08 18:34 - 02943232 _____ (Thisisu) C:\Users\Ashlee\Desktop\JRT.exe
2015-06-08 12:10 - 2015-06-08 12:10 - 00000000 ____D C:\Program Files (x86)\PatternGenerators
2015-06-08 12:09 - 2015-06-08 12:09 - 00004096 _____ C:\Windows\SysWOW64\ntwdblib.dll
2015-06-08 11:51 - 2015-06-11 10:38 - 00000000 ____D C:\AdwCleaner
2015-06-08 11:47 - 2015-06-08 11:38 - 02231296 _____ C:\Users\Ashlee\Desktop\AdwCleaner.exe
2015-06-08 11:35 - 2015-06-11 10:45 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\tor
2015-06-07 21:38 - 2015-06-07 21:35 - 00852652 _____ C:\Users\Ashlee\Desktop\SecurityCheck.exe
2015-06-07 21:32 - 2015-06-07 21:32 - 00044168 _____ C:\Users\Ashlee\Desktop\Result.txt
2015-06-07 21:18 - 2015-06-07 21:15 - 00403456 _____ (Farbar) C:\Users\Ashlee\Desktop\MiniToolBox.exe
2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Users\Ashlee\Desktop\Old Firefox Data
2015-06-07 13:45 - 2015-06-07 13:45 - 00002962 _____ C:\Windows\System32\Tasks\{ADE10CA8-0517-48D7-B47B-41A289B4EB0B}
2015-06-07 13:45 - 2015-06-07 13:45 - 00002962 _____ C:\Windows\System32\Tasks\{8317BDAB-C750-49F2-8B00-1555AB078FC2}
2015-06-07 13:41 - 2015-06-07 13:41 - 10694392 _____ (VS Revo Group ) C:\Users\Ashlee\Downloads\RevoUninProSetup.exe
2015-06-07 12:58 - 2015-06-07 12:58 - 04928968 _____ (AVG Technologies) C:\Users\Ashlee\Downloads\avg_free_stb_all_5961p1_177.exe
2015-06-07 11:15 - 2015-06-07 11:17 - 00286776 _____ C:\Windows\Minidump\060715-70730-01.dmp
2015-06-07 10:49 - 2015-06-07 10:49 - 00000000 ____D C:\Users\Ashlee\AppData\Local\CrashRpt
2015-06-07 10:41 - 2015-06-07 10:59 - 00000000 ____D C:\Program Files (x86)\gmsd_au_319
2015-06-06 20:22 - 2015-06-11 10:38 - 00001049 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-06 20:22 - 2015-06-11 10:38 - 00001001 _____ C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-06 20:22 - 2015-06-11 10:38 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-06 19:58 - 2015-06-06 19:58 - 00000000 ____D C:\Users\Ashlee\Documents\Optimizer Pro
2015-06-06 19:43 - 2015-06-09 16:58 - 01146180 _____ C:\Windows\system32\CFG978759929
2015-06-06 19:38 - 2015-06-06 19:39 - 00292848 _____ C:\Windows\Minidump\060615-53211-01.dmp
2015-06-06 17:28 - 2015-06-06 17:36 - 00000000 ____D C:\ProgramData\abc
2015-06-06 17:15 - 2009-06-11 07:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-06 17:13 - 2015-06-06 17:13 - 00000000 ____D C:\Program Files\13
2015-06-06 16:02 - 2015-06-06 16:02 - 16979960 _____ (Sun Microsystems, Inc.) C:\Users\Ashlee\Downloads\jre-6u37-windows-i586.exe
2015-06-06 15:59 - 2015-06-06 15:59 - 00561248 _____ (Oracle Corporation) C:\Users\Ashlee\Downloads\jxpiinstall(9).exe
2015-06-06 11:54 - 2015-06-06 11:54 - 00000000 ____D C:\ProgramData\Steam
2015-06-06 11:52 - 2015-06-06 11:55 - 00000000 ____D C:\ProgramData\PopCap Games
2015-06-05 19:06 - 2015-06-05 19:07 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Armagetron
2015-06-05 19:06 - 2015-06-05 19:06 - 00000886 _____ C:\Users\UpdatusUser\Desktop\Armagetron Advanced.lnk
2015-06-05 19:06 - 2015-06-05 19:06 - 00000886 _____ C:\Users\Ashlee\Desktop\Armagetron Advanced.lnk
2015-06-05 19:06 - 2015-06-05 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armagetron Advanced
2015-06-05 19:06 - 2015-06-05 19:06 - 00000000 ____D C:\ProgramData\Armagetron
2015-06-05 19:06 - 2015-06-05 19:06 - 00000000 ____D C:\Program Files (x86)\Armagetron Advanced
2015-06-05 19:04 - 2015-06-05 19:05 - 00000000 ____D C:\Users\Ashlee\Documents\argametron
2015-06-04 22:38 - 2015-06-08 18:47 - 00000000 ____D C:\Windows\system32\log
2015-06-03 11:51 - 2015-06-08 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 11:28 - 2015-06-03 11:28 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Avg
2015-06-01 14:02 - 2015-06-01 14:02 - 00000000 ____D C:\Users\Ashlee\AppData\Local\GWX
2015-05-30 17:39 - 2015-05-30 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-30 17:39 - 2015-05-30 17:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-30 17:39 - 2015-05-30 17:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-30 17:38 - 2015-05-30 17:39 - 13095136 _____ (Microsoft Corporation) C:\Users\Ashlee\Downloads\Silverlight_x64.exe
2015-05-23 16:44 - 2015-05-23 16:55 - 54553958 _____ C:\Users\Ashlee\Downloads\SpeedChess.zip
2015-05-19 18:22 - 2015-05-19 18:22 - 07893868 _____ C:\Users\Ashlee\Downloads\old bonnie.rar
2015-05-19 18:21 - 2015-05-19 18:22 - 00000000 ____D C:\Users\Ashlee\AppData\Local\WinZip
2015-05-19 18:21 - 2015-05-19 18:21 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-05-19 18:21 - 2015-05-19 18:21 - 00000000 ____D C:\ProgramData\WinZip
2015-05-19 18:21 - 2015-05-19 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-05-19 18:21 - 2015-05-19 18:21 - 00000000 ____D C:\Program Files\WinZip
2015-05-19 18:20 - 2015-05-19 18:20 - 01080672 _____ (WinZip) C:\Users\Ashlee\Downloads\wz19-mf.exe
2015-05-16 22:38 - 2015-05-16 22:38 - 00000226 _____ C:\Users\Ashlee\Desktop\▶ Pitch Perfect 2 Official Sountrack (14. The Barden Bellas - World Championship Finale 2) - YouTube.URL
2015-05-15 20:16 - 2015-05-15 20:17 - 03020666 _____ C:\Users\Ashlee\Downloads\toadash.zip
2015-05-15 13:29 - 2015-06-10 11:18 - 00000024 _____ C:\Users\Ashlee\AppData\Roaming\appdataFr25.bin
2015-05-14 23:28 - 2015-05-01 23:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 23:28 - 2015-05-01 23:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 23:17 - 2015-04-18 13:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 23:17 - 2015-04-18 12:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 23:17 - 2015-04-13 13:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 23:16 - 2015-04-20 13:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 23:16 - 2015-04-20 13:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 23:16 - 2015-04-20 12:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 23:16 - 2015-04-08 13:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 23:16 - 2015-04-08 13:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 23:16 - 2015-04-08 13:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 23:16 - 2015-03-04 14:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-14 23:16 - 2015-03-04 14:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-14 23:16 - 2015-03-04 14:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 23:16 - 2015-03-04 14:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-14 23:16 - 2015-03-04 14:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-14 23:16 - 2015-03-04 14:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-14 23:16 - 2015-03-04 14:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 23:16 - 2015-02-18 17:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 23:16 - 2015-02-18 17:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 23:16 - 2015-01-29 13:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 23:16 - 2015-01-29 13:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 21:21 - 2015-05-14 21:33 - 00000000 ____D C:\Users\Ashlee\Desktop\FTB server
2015-05-14 21:21 - 2015-05-14 21:23 - 22523510 _____ C:\Users\Ashlee\Desktop\modpacks^FTBLite^1_2_3^FTBLite_Server.zip
2015-05-14 21:09 - 2015-05-14 21:12 - 00000000 ____D C:\Users\Ashlee\Desktop\Mine
2015-05-14 20:02 - 2015-05-14 20:02 - 00000000 ____D C:\Users\Ashlee\Downloads\versions
2015-05-14 20:02 - 2015-05-14 20:02 - 00000000 ____D C:\Users\Ashlee\Downloads\libraries
2015-05-14 20:01 - 2015-05-14 20:35 - 00000000 ____D C:\Users\Ashlee\Downloads\FTBLite
2015-05-14 19:58 - 2015-05-15 19:26 - 00000000 ____D C:\Users\Ashlee\AppData\Local\ftblauncher
2015-05-14 18:28 - 2015-05-14 18:28 - 16449937 _____ C:\Users\Ashlee\Downloads\modpacks^FTBRETROSMP^1^RetroSMP_Server.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 10:45 - 2009-07-14 15:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 10:44 - 2013-07-17 11:16 - 01713389 _____ C:\Windows\WindowsUpdate.log
2015-06-11 10:43 - 2014-06-09 14:46 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Spotify
2015-06-11 10:43 - 2013-07-17 15:42 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Skype
2015-06-11 10:42 - 2014-06-09 14:47 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Spotify
2015-06-11 10:42 - 2013-08-01 16:39 - 00000000 ____D C:\Users\Ashlee\AppData\Local\LogMeIn Hamachi
2015-06-11 10:41 - 2013-07-17 19:10 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-11 10:40 - 2013-07-17 11:44 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-11 10:40 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-11 10:40 - 2009-07-14 14:51 - 00160845 _____ C:\Windows\setupact.log
2015-06-11 10:38 - 2013-07-17 11:17 - 00000991 _____ C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-11 10:29 - 2013-07-17 15:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-11 10:23 - 2009-07-14 14:45 - 00031744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-11 10:23 - 2009-07-14 14:45 - 00031744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-11 10:18 - 2013-07-17 15:38 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Adobe
2015-06-11 10:09 - 2009-07-14 15:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-11 10:08 - 2009-07-14 14:45 - 00285280 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 10:07 - 2014-12-11 14:29 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 10:07 - 2014-05-07 21:28 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 10:06 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 23:58 - 2014-05-05 11:49 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 23:54 - 2014-05-05 11:49 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 21:18 - 2014-06-16 15:30 - 00000000 ____D C:\Users\Ashlee\AppData\Local\CrashDumps
2015-06-10 18:35 - 2015-03-29 11:39 - 00000000 ____D C:\Users\Ashlee\Documents\Telltale Games
2015-06-10 16:47 - 2013-07-18 15:58 - 00000000 ____D C:\Users\Ashlee\Downloads\PaintToolSAI
2015-06-10 11:29 - 2015-04-15 17:29 - 18169520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-10 11:29 - 2013-07-17 15:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 11:29 - 2013-07-17 15:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 11:29 - 2013-07-17 12:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 11:18 - 2015-02-07 01:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-10 10:57 - 2015-03-22 16:27 - 881545661 _____ C:\Windows\MEMORY.DMP
2015-06-10 10:57 - 2015-03-22 16:27 - 00000000 ____D C:\Windows\Minidump
2015-06-09 17:08 - 2009-07-14 15:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-09 10:52 - 2014-12-21 23:14 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\TeamViewer
2015-06-08 18:47 - 2013-07-17 11:16 - 00000000 ____D C:\Users\Ashlee
2015-06-08 18:47 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-08 18:31 - 2014-06-01 17:25 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Battle.net
2015-06-08 16:52 - 2014-06-01 17:35 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-08 16:41 - 2014-06-01 17:25 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-08 16:39 - 2014-06-01 17:25 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Battle.net
2015-06-08 15:59 - 2010-11-21 13:47 - 00311384 _____ C:\Windows\PFRO.log
2015-06-08 12:10 - 2015-04-13 17:27 - 00000000 ____D C:\ProgramData\16446166674148545210
2015-06-07 13:49 - 2014-09-05 13:10 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-07 10:39 - 2014-10-28 14:32 - 00000000 ____D C:\Users\Ashlee\AppData\Local\DisplayFusion
2015-06-06 21:28 - 2014-12-23 18:00 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-06 20:19 - 2013-07-17 11:40 - 00063216 _____ C:\Users\Ashlee\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-06 18:56 - 2013-07-17 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2015-06-06 18:56 - 2013-07-17 11:28 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2015-06-06 18:56 - 2013-07-17 11:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-06 10:42 - 2013-07-17 12:34 - 00000000 ____D C:\ProgramData\MFAData
2015-06-05 23:18 - 2014-12-21 23:14 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-05 23:18 - 2014-12-21 23:14 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-05 23:18 - 2014-12-21 23:14 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-03 15:44 - 2013-11-17 10:35 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\TS3Client
2015-06-03 14:43 - 2013-11-17 10:35 - 00000000 ____D C:\Users\Ashlee\AppData\Local\TeamSpeak 3 Client
2015-06-03 14:38 - 2014-08-09 18:52 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\.minecraft
2015-06-01 15:20 - 2015-04-16 20:19 - 00000000 ____D C:\Users\Ashlee\Documents\Camtasia Studio
2015-06-01 15:01 - 2015-04-01 09:20 - 00000000 ____D C:\Users\Ashlee\Documents\SavedGames
2015-05-27 11:15 - 2013-10-14 19:26 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Audacity
2015-05-26 18:11 - 2014-05-29 20:34 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Microsoft Games
2015-05-20 14:29 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-05-20 13:26 - 2015-04-04 23:34 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 13:26 - 2015-04-04 23:34 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-19 15:09 - 2015-02-07 00:10 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Popcorn-Time
2015-05-17 18:49 - 2013-07-17 15:42 - 00000000 ____D C:\ProgramData\Skype
2015-05-16 11:03 - 2013-07-24 19:37 - 00040700 _____ C:\Windows\system32\lvcoinst.log
2015-05-15 09:40 - 2011-04-12 18:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-15 09:40 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 20:35 - 2014-08-10 12:01 - 00000000 ____D C:\Users\Ashlee\Downloads\assets
2015-05-14 20:01 - 2013-07-17 19:14 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\ftblauncher
2015-05-14 19:58 - 2013-07-17 19:14 - 06628862 _____ () C:\Users\Ashlee\Desktop\FTB_Launcher.exe
2015-05-14 19:45 - 2013-08-01 16:03 - 02346993 _____ () C:\Users\Ashlee\Desktop\TechnicLauncher.exe
2015-05-14 19:45 - 2013-08-01 16:03 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\.technic
2015-05-12 16:08 - 2013-07-17 12:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2013-07-17 12:37 - 2013-11-12 14:26 - 0003725 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-12-21 10:33 - 2013-12-21 09:43 - 0012005 _____ () C:\Users\Ashlee\AppData\Roaming\alsoft.ini
2015-05-15 13:29 - 2015-06-10 11:18 - 0000024 _____ () C:\Users\Ashlee\AppData\Roaming\appdataFr25.bin
2015-04-28 11:31 - 2015-05-08 14:17 - 0000020 _____ () C:\Users\Ashlee\AppData\Roaming\appdataFr3.bin
2014-05-16 20:28 - 2015-06-08 12:28 - 0003888 _____ () C:\Users\Ashlee\AppData\Roaming\SpeedRunnersLog.txt
2014-12-27 14:30 - 2014-12-27 14:30 - 0003284 _____ () C:\Users\Ashlee\AppData\Roaming\TargetInvocationLog.txt
2014-08-16 16:08 - 2014-08-16 16:08 - 0003584 _____ () C:\Users\Ashlee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-06 19:00 - 2015-06-08 11:46 - 0011718 _____ () C:\Users\Ashlee\AppData\Local\Temp-log.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 23:40

==================== End of log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Ashlee at 2015-06-11 10:45:58
Running from C:\Users\Ashlee\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3659292527-334032331-3834142823-500 - Administrator - Disabled)
Ashlee (S-1-5-21-3659292527-334032331-3834142823-1000 - Administrator - Enabled) => C:\Users\Ashlee
Guest (S-1-5-21-3659292527-334032331-3834142823-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3659292527-334032331-3834142823-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.0.1 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.0 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Productions Ltd.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Armagetron Advanced 0.2.8.2.1.gcc (HKLM-x32\...\Armagetron Advanced) (Version: 0.2.8.2.1.gcc - Armagetron Advanced Team)
Artemis Spaceship Bridge Simulator (HKLM-x32\...\Steam App 247350) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AVG 2015 (Version: 15.0.4311 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
BeamNG-Techdemo-0.3 (remove only) (HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\BeamNG-Techdemo-0.3) (Version:  - )
Beasts of Prey (HKLM-x32\...\Steam App 299860) (Version:  - Octagon Interactive)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version:  - Gaijin Games)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Bleed (HKLM-x32\...\Steam App 239800) (Version:  - Ian Campbell)
Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Cubemen 2 (HKLM-x32\...\Steam App 228440) (Version:  - 3 Sprockets)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
DisplayFusion 7.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.1.0.0 - Binary Fortress Software)
DustApps version 1.7 (HKLM-x32\...\{CE9793E8-C305-45AA-AE10-52EE0ADDED4F}_is1) (Version: 1.7 - Microsoft)
Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.28 - NCH Software)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Fish Tycoon 1.0 (HKLM-x32\...\Fish Tycoon) (Version: 1.0 - Last Day of Work)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
FlatOut (HKLM-x32\...\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}) (Version: 1.00.0000 - Empire Interactive)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Gom VPN  Bypass and unblock (HKLM-x32\...\{60EACF28-3304-CDE7-8F98-5992F85D389C}) (Version:  - )
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Gyazo 2.0.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc. & Toshiyuki Masui)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Keysticks (HKLM-x32\...\{017E32B0-23A9-40F0-952B-6B12F0702A15}) (Version: 1.8.1 - Keysticks.net)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - Tomorrow Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
MapleStory (HKLM-x32\...\Steam App 216150) (Version:  - Nexon)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minimum (HKLM-x32\...\Steam App 214190) (Version:  - Human Head Studios)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero12EssTSST (HKLM-x32\...\{1DEC64C1-7F34-44CD-BC35-8E0A096300CF}) (Version: 12.0.01100 - Nero AG)
Nuclear Dawn (HKLM-x32\...\Steam App 17710) (Version:  - InterWave Studios)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenTTD 1.5.0 (HKLM-x32\...\OpenTTD) (Version: 1.5.0 - OpenTTD)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Peggle Extreme (HKLM-x32\...\Steam App 3483) (Version:  - PopCap Games, Inc.)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Plug & Play (HKLM-x32\...\Steam App 353560) (Version:  - Mario von Rickenbach)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.18 - NCH Software)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26027 - Razer Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - Coffee Stain Studios)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Screencheat (HKLM-x32\...\Steam App 301970) (Version:  - Samurai Punk)
shopperz 2.0.0.461 (HKLM\...\{d0174004-bb12-464b-b666-9ba9bdbd750a}_is1) (Version: 2.0.0.461 - shopperz)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
SimCity 4 (HKLM-x32\...\{611BD998-34B9-4DDA-00AE-0CB4632E86FA}) (Version:  - )
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2247.4 - Hi-Rez Studios)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Star Conflict (HKLM-x32\...\Steam App 212070) (Version:  - Star Gem Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sumo Paint Bamboo 2.2 (HKLM-x32\...\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1) (Version: v2.2 - UNKNOWN)
Sumo Paint Bamboo 2.2 (x32 Version: 2.2 - UNKNOWN) Hidden
Sumotori Dreams (HKLM-x32\...\Sumotori Dreams) (Version:  - )
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales from the Borderlands (HKLM-x32\...\Steam App 330830) (Version:  - Telltale Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
Unity Web Player (HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.14 - NCH Software)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.00 beta 8 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3659292527-334032331-3834142823-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-3659292527-334032331-3834142823-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points =========================

06-06-2015 16:02:48 Installed Java™ 6 Update 37
06-06-2015 17:30:06 Removed Bonjour
06-06-2015 17:30:33 Removed Bonjour
06-06-2015 18:55:52 Removed Apple Application Support
06-06-2015 18:56:25 Configured AutoGreen B12.0206.1
06-06-2015 21:27:38 Removed Java™ 6 Update 37
06-06-2015 21:28:18 Removed Java 8 Update 45
06-06-2015 21:28:34 Removed Java 8 Update 45
10-06-2015 11:10:18 Revo Uninstaller's restore point - AutoDeAlsAPp
10-06-2015 11:15:51 Revo Uninstaller's restore point - Infonaut 1.10.0.14
10-06-2015 11:18:00 Revo Uninstaller's restore point - Google Chrome
10-06-2015 11:23:44 Revo Uninstaller's restore point - SmartWeb
10-06-2015 23:52:32 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03609884-DEF8-4B52-B50B-47D80903AC09} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {04E5D48A-62D4-4E63-9205-84378188D385} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {0AFF1FA5-BA09-4E86-93C8-AAD3DBC82D09} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {2E4FF92B-4A62-4CF5-BE91-304031570A57} - System32\Tasks\{30574783-C900-47C0-8CDB-928D174C8BE4} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {2F0A56E9-9288-4D22-A9E9-42FF276DC3D0} - System32\Tasks\AdobeAAMUpdater-1.0-Ashlee-PC-Ashlee => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {6CE614EA-D2B9-43AA-AF0B-7021C959DD63} - System32\Tasks\{BB0DE410-5512-4FE3-B3A6-685F957A216D} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {ABD553C5-2F23-40F0-B40A-91C16F550649} - System32\Tasks\{8317BDAB-C750-49F2-8B00-1555AB078FC2} => C:\Users\Ashlee\Downloads\RevoUninProSetup.exe [2015-06-07] (VS Revo Group                                               )
Task: {C760D4CA-9554-448A-B068-CB4BF23DB171} - System32\Tasks\{ADE10CA8-0517-48D7-B47B-41A289B4EB0B} => C:\Users\Ashlee\Downloads\RevoUninProSetup.exe [2015-06-07] (VS Revo Group                                               )
Task: {CA794006-CC78-49D8-B21A-10C2E2018724} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {CDD63F2F-59BC-46EF-9DB5-B0A2D138FCAC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {CE1F40EA-2D74-42EF-9D41-2AED8946CF53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {D0DAB0AC-A790-4535-B646-F989794797BF} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {ECCD8464-3A64-4BAE-83B4-F72D6BBC27B1} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-17] (Microsoft Corporation)
Task: {F30FD8A7-3EFA-4BF9-A0CB-121140D2802C} - System32\Tasks\Papuir => C:\Program Files\shopperz\Asyofakaz.bat
Task: {FA32993A-F6CB-47A9-9D5E-5F517D5BF945} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-18] (Microsoft Corporation)
Task: {FC0366AB-534A-44F5-BEC6-1CE9995AE5DD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2013-07-17 11:44 - 2013-01-19 01:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-05 11:24 - 2015-02-05 11:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-07-17 17:34 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-07-17 11:25 - 2012-08-09 20:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-07-17 11:25 - 2012-08-09 20:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-10-16 19:39 - 2012-10-16 19:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2013-07-17 17:36 - 2013-07-17 17:36 - 00225792 _____ () C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-16 19:39 - 2012-10-16 19:39 - 00060504 _____ () C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll
2015-05-20 12:29 - 2015-05-20 12:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2014-10-18 00:31 - 2014-10-18 00:31 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2013-07-17 11:26 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-17 11:24 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-06-10 11:29 - 2015-06-10 11:29 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
2015-06-08 11:35 - 1999-12-31 23:00 - 00714452 _____ () C:\Users\Ashlee\AppData\Local\Temp\T978759929\Tor\libevent-2-0-5.dll
2015-06-08 11:35 - 1999-12-31 23:00 - 00091026 _____ () C:\Users\Ashlee\AppData\Local\Temp\T978759929\Tor\libssp-0.dll
2015-06-08 11:35 - 1999-12-31 23:00 - 00517814 _____ () C:\Users\Ashlee\AppData\Local\Temp\T978759929\Tor\libgcc_s_sjlj-1.dll
2015-06-08 11:35 - 1999-12-31 23:00 - 00110592 _____ () C:\Users\Ashlee\AppData\Local\Temp\T978759929\Tor\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ashlee\AppData\Local\DisplayFusion\Wallpaper_1
DNS Servers: 81.218.119.5 - 82.163.142.130

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: vToolbarUpdater3.2.0 => 2
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CFFE1EBB-0E00-485C-BAE3-8BC4F954B25A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{01A462E1-297B-4DFE-A5B8-2C09767D9D19}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8B2BE5EB-7ADE-4646-AEF8-23D654B904CD}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{D56831BD-179B-47AA-98F7-BFF23209FB1C}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{486AC982-2A18-41FF-9447-9569E0F459B2}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{56DC0448-BCC0-4CA2-A792-A281DDBCF37B}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{F63C5DB9-59A9-4D8B-BF35-3939E145DF7F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F994A8C1-F09B-4A9E-9717-777831A61CD1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9B3F166E-AEC7-4B75-94CC-B2C91F559809}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{7551E01A-04D1-4072-8285-11015119709F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{33A8966B-BEDE-4DB7-90CA-50FE9665D2E5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9594CB31-A60C-4CA1-A3A4-8251CE89A06D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3DF2BD9A-2688-4B30-8C42-031C714F7ACD}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F176FA48-A02F-4C2A-8D2C-BB0415756CE0}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{FA2CC63F-E9F4-477D-9ED2-A6E637EC7AEE}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{30B971A1-6BEE-4410-8E24-C277F378F31D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F75A12B1-1E2B-4218-A8C3-2EA3C7820C8B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0837FEF3-901C-44B9-872C-1CB9591849B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{647902C8-7C79-4FEA-AD37-86239BF3D988}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{20FC8611-E0F1-47DE-8DE0-71FBF47D0BDF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{90021E7C-4369-4747-96AD-AE3BA7396757}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{B3AA02C6-3055-4D88-9FE8-61A23C67ECBE}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{8B84A7EB-6071-49EB-9388-58108339BC66}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{A402BD6D-2AB2-48A6-AB1E-AD8F999A7B5C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{88C25CB2-15B2-45EF-B023-3E3B2A620D7D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AB6A51B7-35F8-4E79-ACC4-C79D84FB3E1F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A96D093B-6FB8-4C18-AD5D-771D12794A0F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{91FC639E-E65C-4240-BF75-9A129387FBCC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E7E48DD3-980F-4C2E-A482-68ED068A6325}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{67DFFF85-E12E-473F-BE97-32CE8D29F305}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{779362FD-10B8-409C-B956-5D98C7BFBFFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{3282AFE4-AC27-4D5D-816C-67401289EE4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{82A05DB6-D278-4CB8-B0A3-CF4723C5A5FD}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{18D0F1AD-4C15-4333-BDC5-3FF9D135C932}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{6282A4E0-20A6-437C-83EF-F3C407DDE4FD}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{86CC270C-E92B-4CB6-B716-72DEDDCEEFB1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3BF39164-1401-4872-8E6C-2AEEBC91C8A2}] => (Allow) LPort=2869
FirewallRules: [{45A760FB-78A1-405E-8BB9-BA2EDD332B70}] => (Allow) LPort=1900
FirewallRules: [{467118C0-5C7F-4308-A614-7DDF121683E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{9E8B5B51-9E6F-4A2F-9107-A640EDDAD5C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{9A7838AB-8C7C-43A2-90D1-58BCA480B957}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{4CB4E5FF-752E-4715-A07C-7E9045D7C28A}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{01D75EAC-6BE6-49D7-ABD3-FE1E2D33104A}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{37752A26-1223-4F44-93FA-2C90EEF1A58F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{FF2D668D-06A3-4039-A2EF-2B693CAB8F59}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{851D2077-951F-4166-B916-6CABF338B5DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{A83CBFAD-08D9-4F13-A87E-0CC186DEAD75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{E0C81EF0-9EC6-4A20-A416-50544E15F05A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{EC538FA3-4E73-4DFA-B27E-DB37EF3CD80C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{B609BF04-5278-4F98-BE33-F0D985BB935B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{294ED720-7117-466A-89A1-51E60F409F18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{62EE5D98-8BC9-4F13-B709-9040846CF4CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{2FC956A2-5930-4A46-AAD1-F36D98F7C29C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{D4D0A665-7FA4-4132-A727-883EF5F1B3FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{686F21A3-00C6-4DD3-9A0F-ACCD253D791F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{7BAD9AA6-4277-4377-8C30-A7DDE5CE6C32}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{77E1FA1A-0219-4757-8588-E0ACE9AF84A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{4081457B-AFE2-4842-8C78-FFFBFEDB9545}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{81531AD9-281E-45E0-9630-51042A9DDF3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BIT.TRIP RUNNER\RUNNER.exe
FirewallRules: [{C90A00EA-791D-437E-AC62-567D98E413A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BIT.TRIP RUNNER\RUNNER.exe
FirewallRules: [{969B23A9-8A3A-484E-A68D-6CC6A107C4C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{FCC6E302-CC2F-4A0D-9C98-588B42DDCFDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{AD8AA45F-C175-43B1-B6B7-36DD67FDEA08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{1E35C37F-35A6-4FC7-8361-653DDC435558}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{619A6229-DA4B-464F-A3EB-CBE07BFAB2CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{262C6708-886F-4F9D-AC27-CB8E25461EB2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{38C732CF-CE38-463D-ACDB-31C9954703AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{9CB45B8E-D0CC-4D65-B09A-94ADC111F55F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{981E1677-BA0A-482E-A6DE-533D084F88FC}C:\program files (x86)\empire interactive\flatout\flatout.exe] => (Allow) C:\program files (x86)\empire interactive\flatout\flatout.exe
FirewallRules: [UDP Query User{1F157EC5-DFA3-400C-AC11-2E3738D22046}C:\program files (x86)\empire interactive\flatout\flatout.exe] => (Allow) C:\program files (x86)\empire interactive\flatout\flatout.exe
FirewallRules: [{AC37D2B3-3543-4584-BB3F-FC64F2D58566}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cubemen 2\Cubemen2.exe
FirewallRules: [{6B6E6D0C-D170-4A4D-92DB-2B7FCE4C16A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cubemen 2\Cubemen2.exe
FirewallRules: [TCP Query User{7A511C01-5B8D-4F05-843D-DADDD108439B}C:\program files (x86)\cube world\server.exe] => (Allow) C:\program files (x86)\cube world\server.exe
FirewallRules: [UDP Query User{ACA7AF00-2792-40A0-B4FE-023176D94E15}C:\program files (x86)\cube world\server.exe] => (Allow) C:\program files (x86)\cube world\server.exe
FirewallRules: [{6F63B180-A854-4760-AC2C-B748FDAA9CE0}] => (Allow) C:\program files (x86)\cube world\server.exe
FirewallRules: [{2EA333DA-3732-4ACE-A452-6703C0EDB26B}] => (Allow) C:\program files (x86)\cube world\server.exe
FirewallRules: [{36E1BF94-C057-4B4E-A442-E210BA1655A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{71240F25-C292-476E-9AC3-04D874146DFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{74BF96FB-0463-47F0-9D7E-319306231A78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{66175A1D-DAC9-4D05-A970-668415FAA160}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{D2AEA14A-B360-4560-B463-8947DABA54DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B482A3EB-E0D5-4ECC-9F24-F27ECAC2C61B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{542E9BF1-CC75-4F23-BCEA-252C0FDD465B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{6F12746B-2216-4E10-A3F7-6A1FAD3EDFB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{CA93EE6A-5F53-4E53-9F7E-DB9EF5FBEFB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{1AD3B947-A39A-4B9F-BD91-530708AEF19E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{0AE80357-C470-4689-8ADB-1E381049410F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{7C6897D0-150F-4EA4-8810-943FCA5CD292}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{2A242C1E-659E-4830-BAD6-12D6FBF10CF7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D120B5F1-B568-404C-8C8C-AEA6F58EEBED}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BA1313A8-D393-4C58-90A8-ABEA173B48E0}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{05B2BEDC-4E8F-41A3-95A6-EB31D16A6336}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{58FF3CF3-D19A-47B1-9291-03B6233EDCE7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E5351E57-4479-4ABE-95A2-19382A73E666}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{438FBC9D-A862-470D-AA1E-2B607ACF9B33}C:\users\ashlee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ashlee\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CFA0647B-6D64-4B5B-9C5A-C76D08C74522}C:\users\ashlee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ashlee\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5258EA5A-E806-4629-86DB-D25D336365F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{F0842B81-ABBD-48FC-AF11-8FEF48A23741}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [TCP Query User{5A87BB02-226E-4456-AA9B-E547538C3FBE}C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [UDP Query User{27C9BCD0-A56C-4107-B845-4BB9AA4F9B66}C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [{0DDBA69A-7876-464F-A7E1-26006A52EF61}] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [{E956E907-6BEF-4C0C-98FD-EAD7FF2D2422}] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [{713EC9B6-EC1F-448D-81C5-8ADA08221939}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{FCB52105-B35D-47C0-84B8-3A69A4341F5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{59D4F1FF-47D2-46B6-94BE-39EB41973861}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{48D0B8FD-3F57-4A0F-8432-718B54ADB422}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{DB283EDD-1741-45CA-87FE-CE0251138D64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{FF17B871-0365-4FC8-848D-E4CEB48E2809}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{4D71F998-A982-43E3-B6E5-793D5FEF05EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{A3ACAC60-87C8-44B4-8386-A2F5C7F99000}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{47CA64CF-7F9B-48DD-A3E1-7AD65FBBAB1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\bittriprunner2\runner2.exe
FirewallRules: [{3CA62E76-4EE2-4EB8-90EA-1FD21D5F6029}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\bittriprunner2\runner2.exe
FirewallRules: [{05AD79F9-FC3A-4A6B-94FF-0A827A0F30F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{511EA682-B93B-4FF1-96E1-56C3AEC5359C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{D1D23233-B85A-4DD1-BDAD-4A8475F5289F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{03F9DBF7-816A-449C-A375-546BBDC7F99D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{3EC0E80A-8741-4940-9B16-FDE103D26E82}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{EA7D0A01-26B1-44B8-A7B9-0AC8FBDA736A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{89329F9F-DE9E-446E-8B5F-90E349F0154D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{D273096E-6779-4DAD-9E79-8537DD191094}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{5132BD76-18E9-4322-A00C-4B83A9A38D6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{2F2B98BD-58F6-464E-96EE-9EFD361587B3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{4744D28E-B152-4686-906D-13EA39C1EF00}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{F7668D2E-4567-4B50-8757-5A8BA128E258}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{AA30A3AC-AD8B-4710-B474-C166DA5A98CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{577C2BE7-A20D-411F-ACDC-57803D9952DE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E0DAD14-8421-470F-830A-86920A76AFC8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{3E7A8B69-137E-46AF-AE52-375789CB0397}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{E0DB5393-FB58-4481-B4FC-49FEA0A8F552}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{238CEC9D-747F-4912-9DBB-5524A86E6A5D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{D8EFCD42-4AB8-4718-950F-2C60448B3709}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\star conflict\game.exe
FirewallRules: [{A09032F4-14BA-4845-9BF0-28F1E7581ECC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\star conflict\game.exe
FirewallRules: [{5697648A-0F10-43FF-BFBA-8445DE081C3A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{1537FAD7-4012-48DE-83FE-96EE568618C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{DF113F1E-E6BE-47FF-8EE3-A5B213E5FA84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{4AB88992-D03F-4C8D-BB31-79BB8C954690}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{D842DB95-404D-4B6E-A3ED-0B4E3C1940B4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F0E50512-B659-4AFF-81B9-E9B00DE08DDD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B36ED70C-357D-4DAC-8DC2-E71DAC9F1203}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9EC03D65-C707-4ECD-A3D3-D9CF494EBF2B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B7A63BC7-2B9D-4E64-8118-6A42A4325482}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{C1CA456A-9572-4616-8016-DE046337A22C}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{4A979D40-2CC7-4C04-A667-85E6C11858C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{E9E0B935-3ED2-43AE-A9F7-BE49DD5D3E25}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{5BF0D0DD-9D0E-44CF-8EDB-FE76F01AC056}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{D743F07E-2196-4137-BE3E-6250FE7E91C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{1659BC04-5F61-4352-8C64-99E0D438186A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{B6FA94F1-E107-432B-94FB-27BE201AD2ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{211F3D76-85EE-4999-A051-2B1FCD51A71A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{6AD9A32B-A913-4448-A1A1-3BA5295F857F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{336FE581-DA6F-4463-89D6-EA90F773E19D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{0A7A6334-0FBF-4235-AE8D-5F820AC76A69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{0BDB7046-1064-4A8A-95A0-764BE67ABE55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from the Borderlands\GameApp.exe
FirewallRules: [{CD4C7957-6773-4EE6-9339-7529E669321A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from the Borderlands\GameApp.exe
FirewallRules: [{63E090DD-6E79-4F86-B081-3F44F95B0B1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{F7F8BE6C-EDEA-4CD4-BE5B-CB9DFEC642FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{45F2E21E-23EF-4113-B1B3-557090A7D855}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{0EDD9925-6EBA-4158-A3F7-B57BFC6966AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{4DC3192F-DDDD-4029-87E9-B3DDFBC54CDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Screencheat\screencheat.exe
FirewallRules: [{C8E62657-DD1E-4900-B891-C8C028CEDA44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Screencheat\screencheat.exe
FirewallRules: [{B4ED135E-DA9C-4CA6-B7D4-310868C9C618}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Artemis\Artemis.exe
FirewallRules: [{8FD4E66E-63EE-4DF1-BED7-ECD5AE992ED9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Artemis\Artemis.exe
FirewallRules: [TCP Query User{1711D3C8-8BFC-40B0-BF2E-1D1018B298BF}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{496FA34C-75AA-494C-9B04-DFA109BC7ECE}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{4B2A3561-C711-4DAC-B155-D8CE577F5CCA}] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{17845312-6695-451A-ACCE-B2B74587C224}] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{89812BA7-82B2-4326-8A95-ABE39DA87D5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{1EE9AE95-5138-4CA7-8B15-83C3E7297295}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{77AC231D-5F86-49E0-BED0-DA1660329341}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{D7BE3A9E-098C-4F65-9C78-8A1DA826C012}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [TCP Query User{C6FAA4F8-E694-44EF-A7AD-385C4A3F1BFE}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{54633D04-5934-4532-BFD3-ED6F558E4660}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{81242B47-963A-4B30-8A0F-7A610A8AB309}] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{BC81EB93-B0D3-4CF3-AF19-FC247228FE9A}] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{B9787486-679F-40F1-BF60-42077C467761}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D48F39A7-5BD2-40B3-9B19-8D670EADB7C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{DDAE2D9A-5E97-436B-A73B-3B6A78E26C41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{9276E0D4-CE83-4DD2-A2A3-4308B49E0CE3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{C8BFC258-BB85-4002-A1BD-C38E526EA468}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{EFA7DA15-D694-4B04-AFFD-5595ADD67A1B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{61D23508-760B-4F6D-A21F-D960775D4833}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{F7D7B90E-E701-4A45-97CF-C5C49FB737CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{9B542DC4-35C5-4DE0-8AB8-E11F66DF51CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nuclear Dawn\nucleardawn.exe
FirewallRules: [{CC920096-5D96-47EA-B8C7-3D4D63CDB6AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nuclear Dawn\nucleardawn.exe
FirewallRules: [{D96E33FA-6281-4197-AB32-420E242A9462}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{9AA714C1-EEB2-4C5F-A143-209E89661824}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{7354462A-3AF3-4AA0-B88D-BA97F2B63AB4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{9F3DE6F9-10F4-4A1E-B856-351EC18AD5D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{11A800D0-EB63-4B80-ACA5-8FE1DCC4937E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BeastsOfPrey\BoP.exe
FirewallRules: [{1B075C3F-A29A-4C84-B0D4-573749D3B2D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BeastsOfPrey\BoP.exe
FirewallRules: [TCP Query User{65AAA524-EBD1-47EA-A54A-CFF2D7798942}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{F101F2D5-DBA8-4308-95AB-B106E214700D}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{3DBDBD5D-46DE-4ABD-AB37-A4D0A03C656C}] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{AEF589B8-701A-4CD8-A36E-94FA5329A87B}] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{E52038A3-F730-4D21-B1D4-E414052ACA17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{09B7A68D-CC28-4CBA-8FE0-3ED47EE2829D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{3C0CF389-C35F-4ADF-B5BA-9EE0BDC2CFB3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{FB89EA6E-F11E-4C8C-BCF9-AA48A91E08CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{12AB1D4A-AEA0-4E81-9610-DD6BA5DF808C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A653015-4603-4189-B17C-1D3E89C4369E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{111E362C-D03C-4E1A-96AA-A5921D5D2378}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{69B01954-E4C3-4D81-861A-E61FAA9B9871}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{7A5668D2-B062-4573-A557-7E8875C738CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{FDB839C2-FD74-42C4-9174-80BE18CE6311}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{700AF3FF-F28E-4FDD-A4D2-BD889C1F53F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{C56D9B61-C3F5-481D-BDE6-EFAEC10DB5E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{FA56F61F-49E5-4DD7-A5E5-51FAB49661E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BeastsOfPrey\BoPServer.exe
FirewallRules: [{351EE148-B9EC-426D-BBA3-B49672539F63}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BeastsOfPrey\BoPServer.exe
FirewallRules: [{8D74E8BB-BB15-4B0B-B8EF-407EB7C28E80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bleed\Bleed.exe
FirewallRules: [{A59A244C-4BF2-4CDC-B19C-F2FC1C910A75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bleed\Bleed.exe
FirewallRules: [{08F3EE04-950F-46FE-9BDF-61F825513E1B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9A313851-6C6B-4DCE-8771-E35BA13A0CBA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{45EF1F2B-132E-4BD2-A314-A90B7337F94C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MapleStory\nxsteam.exe
FirewallRules: [{901DD377-288C-4B3A-8C94-BB5BBA99C3FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MapleStory\nxsteam.exe
FirewallRules: [{6441A490-DA63-43BC-92A8-EC17E91B51D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{D090F7E4-4395-4E7F-9B92-69D4AB0FB32B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{1BF332A9-1C80-42F1-B353-9D0F4FC46B7F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{9C916D3A-4C99-422C-AFBE-A8D4CF8303A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [TCP Query User{64D375E5-6B67-4D2C-A5F0-8B5FA7D95EE2}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{E27FD787-1A89-420E-8803-D1520F60C119}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{1D87DBD7-72D0-47E0-BF6F-FDBA84EAD380}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{4876C9B3-0BAC-4DC5-9BCE-D50BD8062ECF}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{396857E2-B52F-4000-A3D4-B4B46ABDD11A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{DAE601F3-6E1C-4C61-9BD9-7725BD0D4087}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{A61F9DA8-EDA2-47C0-996B-A810D12F9D05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{12350A7E-B015-4491-80FD-B1796E949107}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{FC15B77E-E2B3-4EDD-BCE4-95BA6FF5F3BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Minimum\Binaries\Win32\MinGame-Win32-F.exe
FirewallRules: [{285C7906-7830-4080-A0B7-A96CEBF8BAA9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Minimum\Binaries\Win32\MinGame-Win32-F.exe
FirewallRules: [{F6B3072F-6D61-4B0A-93EF-CCD3503D83AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{6AC4B97F-0006-4A30-88F7-D8F7B902B8D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{4DFAF586-161B-401E-9942-F0032CBC9A46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{AAF41A8F-8B7E-44FE-914F-7F33F0864B9C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{790A0C8B-BD76-412B-A5FC-D037CA0F2449}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{140D7608-E56D-4BD1-B865-8E75D2C4B906}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
FirewallRules: [TCP Query User{5A9ECFBF-5E10-4372-9D45-41BD045AFED7}C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{4D282EAA-44AA-421D-8A33-CF15EB6BBECC}C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{E942CCB8-2C33-4D07-816E-E8BA8E193DC4}] => (Block) C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{0793EAEB-9108-4CD1-BF11-7C8C551BDCD7}] => (Block) C:\users\ashlee\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{3B65519B-9287-4FB0-AB24-3148D5A71A09}] => (Allow) LPort=8317
FirewallRules: [{A889F06A-26A8-4A40-8E3D-C1BA126E0172}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{2A104A2F-57D0-4E45-8675-788693AFC6FF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{1773133B-7E7E-412A-B498-B44EEECBA871}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plug & Play\pnp.exe
FirewallRules: [{778DBBA2-9362-493C-ABE3-76D76DD29B37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plug & Play\pnp.exe
FirewallRules: [{57D9A732-B49B-4E66-B800-154CE148DD75}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1C35A8A7-CF2B-4E3E-A947-A3A29A0E2150}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{38413AB9-55E0-4EBB-A77E-7160700E6415}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{F415251F-F84D-43B1-80F7-72ACB86E0488}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [TCP Query User{4CC99D07-D0B9-4FEE-8D29-9F7A18FF8BDF}C:\program files (x86)\armagetron advanced\armagetronad.exe] => (Block) C:\program files (x86)\armagetron advanced\armagetronad.exe
FirewallRules: [UDP Query User{B68987CE-D76E-4560-96DA-2810677376C2}C:\program files (x86)\armagetron advanced\armagetronad.exe] => (Block) C:\program files (x86)\armagetron advanced\armagetronad.exe
FirewallRules: [{AE871FD7-CF1E-431B-B013-20C4BE2C1A2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E7699121-0E44-47F1-9EDB-0DCA40753E42}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{149163FE-8A80-4C86-94E9-7027B89EDCDC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{51720C3A-E13F-48ED-B7D6-45B9888D7CEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AEFE3C0F-D5AA-47D6-81DC-AD9AB82F7EE6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Extreme\PeggleExtreme.exe
FirewallRules: [{FE1CB46C-582B-4DFA-B274-C7F6676DBC4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Extreme\PeggleExtreme.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: scfd_1_10_0_16
Description: scfd_1_10_0_16
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: scfd_1_10_0_16
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2015 10:43:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.4.85.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1284

Start Time: 01d0a3df6930bea3

Termination Time: 5

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (06/11/2015 10:41:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2015 10:09:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 09:17:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Risk of Rain.exe, version: 1.0.0.41, time stamp: 0x54ca65bc
Faulting module name: gameoverlayrenderer.dll, version: 2.81.34.6, time stamp: 0x55708c6b
Exception code: 0xc0000005
Fault offset: 0x000672da
Faulting process id: 0xadf8
Faulting application start time: 0xRisk of Rain.exe0
Faulting application path: Risk of Rain.exe1
Faulting module path: Risk of Rain.exe2
Report Id: Risk of Rain.exe3

Error: (06/10/2015 07:32:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1394
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (06/10/2015 07:31:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SmartWebApp.exe, version: 8.0.9.2, time stamp: 0x54e31eaf
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1624
Faulting application start time: 0xSmartWebApp.exe0
Faulting application path: SmartWebApp.exe1
Faulting module path: SmartWebApp.exe2
Report Id: SmartWebApp.exe3

Error: (06/10/2015 11:39:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.4.85.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1258

Start Time: 01d0a31dfdebf7c4

Termination Time: 4

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (06/10/2015 11:36:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 11:29:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1c04
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (06/10/2015 11:01:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.4.85.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1564

Start Time: 01d0a318bedf969d

Termination Time: 4

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:


System errors:
=============
Error: (06/11/2015 10:43:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/11/2015 10:43:57 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/11/2015 10:43:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (06/11/2015 10:41:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
scfd_1_10_0_16

Error: (06/11/2015 10:41:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UpdateCheck service failed to start due to the following error:
%%2

Error: (06/11/2015 10:40:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%2

Error: (06/11/2015 10:38:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/11/2015 10:38:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (06/11/2015 10:38:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/11/2015 10:38:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (06/11/2015 10:43:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.4.85.102128401d0a3df6930bea35C:\Program Files (x86)\Skype\Phone\Skype.exe

Error: (06/11/2015 10:41:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2015 10:09:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 09:17:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Risk of Rain.exe1.0.0.4154ca65bcgameoverlayrenderer.dll2.81.34.655708c6bc0000005000672daadf801d0a365cea76b4cC:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exeC:\Program Files (x86)\Steam\gameoverlayrenderer.dll4b2dbce7-0f62-11e5-9dd4-94de80741260

Error: (06/10/2015 07:32:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa1139401d0a3247738301fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll954f2e50-0f53-11e5-9dd4-94de80741260

Error: (06/10/2015 07:31:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SmartWebApp.exe8.0.9.254e31eafunknown0.0.0.000000000c000000500000000162401d0a31e053f8dacC:\Users\Ashlee\AppData\Local\SmartWeb\SmartWebApp.exeunknown899b4062-0f53-11e5-9dd4-94de80741260

Error: (06/10/2015 11:39:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.4.85.102125801d0a31dfdebf7c44C:\Program Files (x86)\Skype\Phone\Skype.exe

Error: (06/10/2015 11:36:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 11:29:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa11c0401d0a31bd736f8b2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1d1fac23-0f10-11e5-9be3-94de80741260

Error: (06/10/2015 11:01:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.4.85.102156401d0a318bedf969d4C:\Program Files (x86)\Skype\Phone\Skype.exe


==================== Memory info ===========================

Processor: Intel® Core™ i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 27%
Total physical RAM: 8150.19 MB
Available physical RAM: 5873.68 MB
Total Pagefile: 16300.38 MB
Available Pagefile: 13767.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:100.67 GB) NTFS
Drive e: (Lexar) (Removable) (Total:14.9 GB) (Free:14.72 GB) FAT32
Drive f: (FO_CD2) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D290F437)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== End of log ============================



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:22 AM

Posted 11 June 2015 - 08:20 AM

Hi Twinmum,
 

Quick question.. You had me remove Google Chrome before. Is there a problem with it? (I have never used it myself)

Google Chrome is fine, however the adware has updated Chrome to a dev version which meant that it could install the extensions which normally google would block. You can reinstall Chrome after these steps, if you wish to use it :)
 
Seems like the AVG install is corrupted, so best to uninstall it for the time being. We'll get an AV reinstall in a bit.
 
--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Huyde.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Huyde64.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AutoDeAlsAPp -> {45CC82C0-0455-4320-AA19-6DA582FB82A1} -> C:\Program Files (x86)\AutoDeAlsAPp\cgdqXOtRnI5Mj1.x64.dll No File
BHO: shopperz -> {d0174004-bb12-464b-b666-9ba9bdbd750a} -> C:\Program Files\shopperz\Gaalmi64.dll No File
BHO-x32: AutoDeAlsAPp -> {45CC82C0-0455-4320-AA19-6DA582FB82A1} -> C:\Program Files (x86)\AutoDeAlsAPp\cgdqXOtRnI5Mj1.dll No File
BHO-x32: shopperz -> {d0174004-bb12-464b-b666-9ba9bdbd750a} -> C:\Program Files\shopperz\Gaalmi.dll No File
FF Plugin HKU\S-1-5-21-3659292527-334032331-3834142823-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: AutoDeAlsAPp - C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\SGgT8s@l.net [2015-06-08]
FF Extension: DiscountMan - C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\zocqdcuicrwotfz_cu@ctyynqwbqekmlook.com [2015-06-08]
FF HKLM\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-06-03] <==== ATTENTION
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run  [X]
S2 UpdateDustTool; "C:\Windows\Provider\UpdaterToolService.exe" [X]
S2 Verifies and fixes issues; C:\Windows\SysWOW64\First Verify\afirstsvc.exe [X]
2015-06-09 10:52 - 2015-06-09 22:56 - 00173056 _____ C:\Windows\Provider20150609235620PM.dll
2015-06-09 10:52 - 2015-06-09 21:56 - 00173056 _____ C:\Windows\Provider20150609225610PM.dll
2015-06-09 10:52 - 2015-06-09 20:55 - 00173056 _____ C:\Windows\Provider20150609215558PM.dll
2015-06-09 10:52 - 2015-06-09 19:55 - 00173056 _____ C:\Windows\Provider20150609205539PM.dll
2015-06-09 10:52 - 2015-06-09 18:55 - 00173056 _____ C:\Windows\Provider20150609195524PM.dll
2015-06-09 10:52 - 2015-06-09 10:52 - 00718497 _____ C:\Windows\unins000.exe
2015-06-09 10:52 - 2015-06-09 10:52 - 00010265 _____ C:\Windows\unins000.dat
2015-06-09 10:52 - 2015-06-09 10:52 - 00000000 _____ C:\Windows\SysWOW64\0
2015-06-09 10:52 - 2015-06-02 18:30 - 00101888 _____ C:\Windows\Installer.exe
2015-06-06 19:58 - 2015-06-06 19:58 - 00000000 ____D C:\Users\Ashlee\Documents\Optimizer Pro
2015-06-06 19:43 - 2015-06-09 16:58 - 01146180 _____ C:\Windows\system32\CFG978759929
AVG 2015 (Version: 15.0.4311 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Task: {F30FD8A7-3EFA-4BF9-A0CB-121140D2802C} - System32\Tasks\Papuir => C:\Program Files\shopperz\Asyofakaz.bat
Folder: C:\ProgramData\abc
Folder: C:\Program Files\13
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

We need to remove some programs with Revo Uninstaller Free:
 
Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
AVG 2015
Google Update Helper
shopperz 2.0.0.461
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Twinmum

Twinmum
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:22 PM

Posted 11 June 2015 - 08:59 PM

FRST ran with no problems.. log follows.

 Ran Revo but can only find Google Update Helper there. No sign of AVG or shopperz.

Double clicked Google Update Helper and while it was uninstalling, it cam up with a pop up that the computer needed to be restarted. At this point Revo had stopped doing anything so I said ok to the restart. When it started up again though, Revo didn't automatically start up again. When I started Revo again, Google Update was still there, so the next time when faced with the question about restarting, I said I would do it later. As soon as I did that, Revo resumed and removed the program.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Ashlee at 2015-06-12 11:10:29 Run:2
Running from C:\Users\Ashlee\Desktop
Loaded Profiles: Ashlee (Available Profiles: Ashlee & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Huyde.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Huyde64.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AutoDeAlsAPp -> {45CC82C0-0455-4320-AA19-6DA582FB82A1} -> C:\Program Files (x86)\AutoDeAlsAPp\cgdqXOtRnI5Mj1.x64.dll No File
BHO: shopperz -> {d0174004-bb12-464b-b666-9ba9bdbd750a} -> C:\Program Files\shopperz\Gaalmi64.dll No File
BHO-x32: AutoDeAlsAPp -> {45CC82C0-0455-4320-AA19-6DA582FB82A1} -> C:\Program Files (x86)\AutoDeAlsAPp\cgdqXOtRnI5Mj1.dll No File
BHO-x32: shopperz -> {d0174004-bb12-464b-b666-9ba9bdbd750a} -> C:\Program Files\shopperz\Gaalmi.dll No File
FF Plugin HKU\S-1-5-21-3659292527-334032331-3834142823-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: AutoDeAlsAPp - C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\SGgT8s@l.net [2015-06-08]
FF Extension: DiscountMan - C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\zocqdcuicrwotfz_cu@ctyynqwbqekmlook.com [2015-06-08]
FF HKLM\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-06-03] <==== ATTENTION
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run  [X]
S2 UpdateDustTool; "C:\Windows\Provider\UpdaterToolService.exe" [X]
S2 Verifies and fixes issues; C:\Windows\SysWOW64\First Verify\afirstsvc.exe [X]
2015-06-09 10:52 - 2015-06-09 22:56 - 00173056 _____ C:\Windows\Provider20150609235620PM.dll
2015-06-09 10:52 - 2015-06-09 21:56 - 00173056 _____ C:\Windows\Provider20150609225610PM.dll
2015-06-09 10:52 - 2015-06-09 20:55 - 00173056 _____ C:\Windows\Provider20150609215558PM.dll
2015-06-09 10:52 - 2015-06-09 19:55 - 00173056 _____ C:\Windows\Provider20150609205539PM.dll
2015-06-09 10:52 - 2015-06-09 18:55 - 00173056 _____ C:\Windows\Provider20150609195524PM.dll
2015-06-09 10:52 - 2015-06-09 10:52 - 00718497 _____ C:\Windows\unins000.exe
2015-06-09 10:52 - 2015-06-09 10:52 - 00010265 _____ C:\Windows\unins000.dat
2015-06-09 10:52 - 2015-06-09 10:52 - 00000000 _____ C:\Windows\SysWOW64\0
2015-06-09 10:52 - 2015-06-02 18:30 - 00101888 _____ C:\Windows\Installer.exe
2015-06-06 19:58 - 2015-06-06 19:58 - 00000000 ____D C:\Users\Ashlee\Documents\Optimizer Pro
2015-06-06 19:43 - 2015-06-09 16:58 - 01146180 _____ C:\Windows\system32\CFG978759929
AVG 2015 (Version: 15.0.4311 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Task: {F30FD8A7-3EFA-4BF9-A0CB-121140D2802C} - System32\Tasks\Papuir => C:\Program Files\shopperz\Asyofakaz.bat
Folder: C:\ProgramData\abc
Folder: C:\Program Files\13
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\shopperz => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\shopperz64 => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45CC82C0-0455-4320-AA19-6DA582FB82A1}" => key removed successfully
"HKCR\CLSID\{45CC82C0-0455-4320-AA19-6DA582FB82A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0174004-bb12-464b-b666-9ba9bdbd750a}" => key removed successfully
"HKCR\CLSID\{d0174004-bb12-464b-b666-9ba9bdbd750a}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45CC82C0-0455-4320-AA19-6DA582FB82A1}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{45CC82C0-0455-4320-AA19-6DA582FB82A1}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0174004-bb12-464b-b666-9ba9bdbd750a}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{d0174004-bb12-464b-b666-9ba9bdbd750a}" => key removed successfully
"HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => key removed successfully
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found.
C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\SGgT8s@l.net => moved successfully.
C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028\Extensions\zocqdcuicrwotfz_cu@ctyynqwbqekmlook.com => moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{d0174004-bb12-464b-b666-9ba9bdbd750a} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{d0174004-bb12-464b-b666-9ba9bdbd750a} => value removed successfully
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully.
UpdateCheck => Service removed successfully
UpdateDustTool => Service removed successfully
Verifies and fixes issues => Service removed successfully
C:\Windows\Provider20150609235620PM.dll => moved successfully.
C:\Windows\Provider20150609225610PM.dll => moved successfully.
C:\Windows\Provider20150609215558PM.dll => moved successfully.
C:\Windows\Provider20150609205539PM.dll => moved successfully.
C:\Windows\Provider20150609195524PM.dll => moved successfully.
C:\Windows\unins000.exe => moved successfully.
C:\Windows\unins000.dat => moved successfully.
C:\Windows\SysWOW64\0 => moved successfully.
C:\Windows\Installer.exe => moved successfully.
C:\Users\Ashlee\Documents\Optimizer Pro => moved successfully.
C:\Windows\system32\CFG978759929 => moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D18996D6-F390-4040-9890-A6DC3E171A15}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D18996D6-F390-4040-9890-A6DC3E171A15}\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F30FD8A7-3EFA-4BF9-A0CB-121140D2802C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F30FD8A7-3EFA-4BF9-A0CB-121140D2802C}" => key removed successfully
C:\Windows\System32\Tasks\Papuir => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Papuir" => key removed successfully

========================= Folder: C:\ProgramData\abc ========================

2015-06-06 17:28 - 2015-06-06 17:28 - 0212996 _____ () C:\ProgramData\abc\17AF54B9
2015-06-06 17:28 - 2015-06-06 17:28 - 1359364 _____ () C:\ProgramData\abc\4DEDA591
2015-06-06 17:29 - 2015-06-06 17:29 - 16832180 _____ () C:\ProgramData\abc\6C8E155
2015-06-06 17:34 - 2015-06-06 17:34 - 0003284 _____ () C:\ProgramData\abc\99E1F920
2015-06-06 17:36 - 2015-06-06 17:36 - 0475140 _____ () C:\ProgramData\abc\AA012CZ

====== End of Folder: ======


========================= Folder: C:\Program Files\13 ========================

2015-04-07 19:12 - 2015-04-07 19:12 - 0107776 _____ () C:\Program Files\13\uninstaller.exe

====== End of Folder: ======


==== End of Fixlog 11:10:30 ====



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:22 AM

Posted 12 June 2015 - 11:26 AM

Hi Twinmum,
 

Ran Revo but can only find Google Update Helper there. No sign of AVG or shopperz.

No worries on that :)
 
Good to know about Google helper though.
 
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Emsisoft log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 Twinmum

Twinmum
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:22 PM

Posted 12 June 2015 - 07:54 PM

Not sure how to progress here. I already have EEK installed. Alexstrasza had me download and install it when she was trying to help me. It wouldn't run then and still refuses to run. I have double clicked the icon and also right click run as administrator. In both instances, I get a message asking if I want to allow it. I say yes, but nothing happens after that.

Do I just move on to ESET?

 

Norma



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:22 AM

Posted 13 June 2015 - 01:52 PM

Hi Twinmum,

 

Yes, please try ESET and see if it will run.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 Twinmum

Twinmum
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:22 PM

Posted 13 June 2015 - 07:57 PM

Hi Toffee

 

No luck with ESET either. I download it to the desktop and double click it and nothing happens. If I try run as administrator, I get a pop up asking me to allow it, I say yes, but then nothing happens after that.

 

Norma



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:22 AM

Posted 16 June 2015 - 06:13 AM

Hi Twinmum,
 
How is the computer running currently? Any issues with the browsers?
 
Tweaking.com - Windows Repair All-In-One (Portable)
 
- Download Windows Repair All-In-One (Portable Version) from here.
 
- Extract tweaking.com_windows_repair_aio.zip to your Desktop.
 
- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)
 
- A window will appear. Click Step 2.
2f8o60N.png
 
- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.
 
- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.
 
- Go to Step 3, then click Check in the See If Check Disk Is Needed.
 
- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png
 
- Go to Step 4, then click Do It.
zDtdN75.png
 
- Go to Step 5. Under System Restore click Create.
f7lEe1N.png
 
- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png
 
- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 Twinmum

Twinmum
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:22 PM

Posted 17 June 2015 - 04:48 AM

 
How is the computer running currently? Any issues with the browsers?
 

 

It's still very slow doing anything in a browser, plus it's still opening second unwanted pages whenever we go to another page. Not sure how it is doing now.. Ashlee has gone away for a few days, so I will have to go on it myself later and give it a test run.

 

Ran Windows Repairer  with no big hassles, although when it rebooted and checked files it took several hours. When it did start up again, I had to start the repairer up again.

Anyway, here is the log...

 

 

Tweaking.com - Windows Repair v3.2.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: ASHLEE-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ashlee
Current Profile SID: S-1-5-21-3659292527-334032331-3834142823-1000
Current Profile Classes: S-1-5-21-3659292527-334032331-3834142823-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ashlee\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:44:43

Process Count: 100
Commit Total: 5.62 GB
Commit Limit: 15.91 GB
Commit Peak: 6.30 GB
Handle Count: 30098
Kernel Total: 454.40 MB
Kernel Paged: 309.19 MB
Kernel Non Paged: 145.21 MB
System Cache: 2.64 GB
Thread Count: 1160
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.96 GB
Memory Used: 5.40 GB(67.9118%)
Memory Avail.: 2.55 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.96 GB
Memory Used: 4.81 GB(60.4672%)
Memory Avail.: 3.15 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (17/06/2015 4:45:15 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 152
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (17/06/2015 4:45:16 PM)

   Running Repair Under Current User Account
   Done (17/06/2015 4:45:22 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (17/06/2015 4:45:22 PM)


Decompressing & Updating Windows Permission File services.txt
Done,  0.22 seconds.

   Running Repair Under System Account
   Done (17/06/2015 4:47:13 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (17/06/2015 4:47:13 PM)

   Running Repair Under System Account
   Done (17/06/2015 4:47:46 PM)

03 - Reset Service Permissions
   Start (17/06/2015 4:47:46 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:47:54 PM)

04 - Register System Files
   Start (17/06/2015 4:47:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:48:32 PM)

05 - Repair WMI
   Start (17/06/2015 4:48:32 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   No Antivirus Products Reported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (17/06/2015 4:51:47 PM)

06 - Repair Windows Firewall
   Start (17/06/2015 4:51:47 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.13 seconds.

   Running Repair Under System Account
   Done (17/06/2015 4:52:21 PM)

07 - Repair Internet Explorer
   Start (17/06/2015 4:52:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:52:37 PM)

08 - Repair MDAC/MS Jet
   Start (17/06/2015 4:52:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:52:44 PM)

09 - Repair Hosts File
   Start (17/06/2015 4:52:44 PM)
   Running Repair Under System Account
   Done (17/06/2015 4:52:45 PM)

10 - Remove Policies Set By Infections
   Start (17/06/2015 4:52:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:52:47 PM)

12 - Repair Icons
   Start (17/06/2015 4:52:47 PM)
   Running Repair Under Current User Account
   Done (17/06/2015 4:52:48 PM)

13 - Repair Network
   Start (17/06/2015 4:52:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:53:07 PM)

15 - Repair Proxy Settings
   Start (17/06/2015 4:53:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:53:09 PM)

17 - Repair Windows Updates
   Start (17/06/2015 4:53:09 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.22 seconds.

   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (17/06/2015 4:53:34 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (17/06/2015 4:53:34 PM)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (17/06/2015 4:53:34 PM)

19 - Repair Volume Shadow Copy Service
   Start (17/06/2015 4:53:34 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.13 seconds.

   Running Repair Under System Account
   Done (17/06/2015 4:53:52 PM)

21 - Repair MSI (Windows Installer)
   Start (17/06/2015 4:53:52 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.13 seconds.

   Running Repair Under System Account
   Done (17/06/2015 4:54:04 PM)

23.01 - Repair bat Association
   Start (17/06/2015 4:54:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:06 PM)

23.02 - Repair cmd Association
   Start (17/06/2015 4:54:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:08 PM)

23.03 - Repair com Association
   Start (17/06/2015 4:54:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:11 PM)

23.04 - Repair Directory Association
   Start (17/06/2015 4:54:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:13 PM)

23.05 - Repair Drive Association
   Start (17/06/2015 4:54:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:15 PM)

23.06 - Repair exe Association
   Start (17/06/2015 4:54:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:17 PM)

23.07 - Repair Folder Association
   Start (17/06/2015 4:54:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:19 PM)

23.08 - Repair inf Association
   Start (17/06/2015 4:54:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:22 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (17/06/2015 4:54:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:24 PM)

23.10 - Repair msc Association
   Start (17/06/2015 4:54:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:26 PM)

23.11 - Repair reg Association
   Start (17/06/2015 4:54:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:28 PM)

23.12 - Repair scr Association
   Start (17/06/2015 4:54:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:30 PM)

24 - Repair Windows Safe Mode
   Start (17/06/2015 4:54:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:33 PM)

25 - Repair Print Spooler
   Start (17/06/2015 4:54:33 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.13 seconds.

   Running Repair Under System Account
   Done (17/06/2015 4:54:45 PM)

26 - Restore Important Windows Services
   Start (17/06/2015 4:54:46 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.13 seconds.

   Running Repair Under System Account
   Done (17/06/2015 4:54:50 PM)

27 - Set Windows Services To Default Startup
   Start (17/06/2015 4:54:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:55 PM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

31 - Repair Windows 'New' Submenu
   Start (17/06/2015 4:54:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (17/06/2015 4:54:58 PM)

33 - Repair Performance Counters
   Start (17/06/2015 4:54:58 PM)
   Running Repair Under Current User Account
   Done (17/06/2015 4:55:04 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (17/06/2015 4:55:04 PM)
   Total Repair Time: 00:09:51


...YOU MUST RESTART YOUR SYSTEM...
 



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:22 AM

Posted 17 June 2015 - 03:15 PM

Hi Twinmum,
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 Twinmum

Twinmum
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:22 PM

Posted 17 June 2015 - 08:55 PM

Ran FRST - log follows.   After I ran FRST, I thought I'd stay on her computer and see how things are running. I didn't stay long, it's still very slow going from page to page and is still opening up a new tab going to pages about system cleaning and such whenever I try to go to a different page.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Ashlee (administrator) on ASHLEE-PC on 18-06-2015 11:43:40
Running from C:\Users\Ashlee\Desktop
Loaded Profiles: Ashlee (Available Profiles: Ashlee & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Spotify Ltd) C:\Users\Ashlee\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590656 2015-05-15] (Razer Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-05] (Valve Corporation)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-02] (Nota Inc.)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [SkypeVoiceChanger] => C:\Program Files (x86)\AthTek\Voice Changer for Skype\SkypeVoiceChanger.exe /auto
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Spotify Web Helper] => C:\Users\Ashlee\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-07] (Spotify Ltd)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282816 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\Run: [Spotify] => C:\Users\Ashlee\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-06-07] (Spotify Ltd)
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\...\MountPoints2: {e3b5af4d-3888-11e4-ad75-94de80741260} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2014-01-19]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-05-19]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-08-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-05-19]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-3659292527-334032331-3834142823-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6F1B4597-E969-44DF-9C33-538B39C15279}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{7456F197-4F43-40A3-A9AC-23678AC01AA8}: [NameServer] 81.218.119.5,82.163.142.130

FireFox:
========
FF ProfilePath: C:\Users\Ashlee\AppData\Roaming\Mozilla\Firefox\Profiles\2qj84rt9.default-1433651581028
FF Homepage: https://www.google.com.au/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-23] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin HKU\S-1-5-21-3659292527-334032331-3834142823-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ashlee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3659292527-334032331-3834142823-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (YouTube) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Google Sheets) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Hola Better Internet) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-24]
CHR Extension: (Google Wallet) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (Gmail) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-12-16] (Hi-Rez Studios) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-07] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-05-04] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-11] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-03] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2014-05-30] (MotioninJoy) [File not signed]
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-24] (Razer, Inc.)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2014-12-22] (Creative Technology Ltd.)
S3 BS978759929; \??\C:\Users\Ashlee\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-18 11:38 - 2015-06-18 11:44 - 00029290 _____ C:\Windows\system32\DB978759929
2015-06-18 11:37 - 2015-06-18 11:37 - 00000000 ____D C:\Users\Ashlee\Desktop\FRST-OlderVersion
2015-06-17 16:00 - 2015-06-17 16:00 - 00003544 ____N C:\bootsqm.dat
2015-06-17 12:00 - 2015-06-17 12:01 - 00000000 ____D C:\Users\Ashlee\Desktop\Tweaking.com - Windows Repair
2015-06-16 01:48 - 2015-06-16 01:49 - 00292864 _____ C:\Windows\Minidump\061615-63882-01.dmp
2015-06-15 23:27 - 2015-06-15 23:27 - 00000000 ____D C:\Users\Ashlee\Documents\Square Enix
2015-06-15 10:40 - 2015-06-15 10:40 - 00266320 _____ C:\Windows\Minidump\061515-60746-01.dmp
2015-06-14 21:03 - 2015-06-16 21:41 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Nidhogg
2015-06-12 17:17 - 2015-06-12 17:17 - 00000000 ____D C:\Users\Ashlee\Documents\stuff
2015-06-12 11:25 - 2015-06-15 22:30 - 01080444 _____ C:\Windows\system32\CFG978759929
2015-06-12 11:07 - 2015-06-12 11:07 - 00003141 _____ C:\Users\Ashlee\Desktop\fixlist..txt
2015-06-10 11:50 - 2015-06-10 11:50 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-10 11:49 - 2015-06-10 11:49 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-10 10:57 - 2015-06-10 10:58 - 00290192 _____ C:\Windows\Minidump\061015-55224-01.dmp
2015-06-10 10:55 - 2015-06-10 10:55 - 00001264 _____ C:\Users\Ashlee\Desktop\Revo Uninstaller.lnk
2015-06-10 10:55 - 2015-06-10 10:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-10 10:55 - 2015-06-10 10:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ashlee\Desktop\revosetup.exe
2015-06-10 10:44 - 2015-06-02 05:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 10:44 - 2015-06-02 04:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 10:44 - 2015-05-28 00:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 10:44 - 2015-05-28 00:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 10:44 - 2015-05-23 13:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 10:44 - 2015-05-23 13:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 10:44 - 2015-05-23 13:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 10:44 - 2015-05-23 13:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 10:44 - 2015-05-23 13:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 10:44 - 2015-05-23 13:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 10:44 - 2015-05-23 13:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 10:44 - 2015-05-23 13:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 10:44 - 2015-05-23 13:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 10:44 - 2015-05-23 13:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 10:44 - 2015-05-23 13:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 10:44 - 2015-05-23 13:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 10:44 - 2015-05-23 13:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 10:44 - 2015-05-23 12:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 10:44 - 2015-05-23 12:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 10:44 - 2015-05-23 12:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 10:44 - 2015-05-23 12:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 10:44 - 2015-05-23 12:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 10:44 - 2015-05-23 12:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 10:44 - 2015-05-23 12:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 10:44 - 2015-05-23 12:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 10:44 - 2015-05-23 12:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 10:44 - 2015-05-23 12:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 10:44 - 2015-05-23 12:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 10:44 - 2015-05-23 12:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 10:44 - 2015-05-23 12:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 10:44 - 2015-05-23 05:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 10:44 - 2015-05-23 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 10:44 - 2015-05-23 05:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 10:44 - 2015-05-23 05:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 10:44 - 2015-05-23 05:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 10:44 - 2015-05-23 05:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 10:44 - 2015-05-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 10:44 - 2015-05-23 04:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 10:44 - 2015-05-23 04:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 10:44 - 2015-05-23 04:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 10:44 - 2015-05-23 04:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 10:44 - 2015-05-23 04:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 10:44 - 2015-05-23 04:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 10:44 - 2015-05-23 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 10:44 - 2015-05-23 04:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 10:44 - 2015-05-23 04:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 10:44 - 2015-05-23 04:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 10:44 - 2015-05-23 04:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 10:44 - 2015-05-23 04:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 10:44 - 2015-05-23 04:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 10:44 - 2015-05-23 04:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 10:44 - 2015-05-23 04:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 10:44 - 2015-05-23 04:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 10:44 - 2015-05-23 04:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 10:44 - 2015-05-23 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 10:44 - 2015-05-23 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 10:44 - 2015-05-23 03:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 10:44 - 2015-05-23 03:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 10:44 - 2015-05-23 03:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 10:44 - 2015-05-23 03:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 10:43 - 2015-05-23 04:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 10:43 - 2015-05-23 04:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 10:43 - 2015-05-21 23:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 10:42 - 2015-05-26 03:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 10:42 - 2015-04-30 04:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 10:42 - 2015-04-30 04:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 10:42 - 2015-04-30 04:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 10:42 - 2015-04-30 04:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 10:42 - 2015-04-30 04:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 10:42 - 2015-04-30 04:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 10:42 - 2015-04-30 04:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 10:42 - 2015-04-30 04:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 10:42 - 2015-04-30 04:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 10:42 - 2015-04-30 04:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 10:41 - 2015-05-26 04:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 10:41 - 2015-05-26 04:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 10:41 - 2015-05-26 04:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 10:41 - 2015-05-26 04:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 10:41 - 2015-05-26 04:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 10:41 - 2015-05-26 04:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 10:41 - 2015-05-26 04:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 10:41 - 2015-05-26 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 10:41 - 2015-05-26 04:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 10:41 - 2015-05-26 04:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 10:41 - 2015-05-26 04:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 10:41 - 2015-05-26 04:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 04:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 10:41 - 2015-05-26 04:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 10:41 - 2015-05-26 04:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 10:41 - 2015-05-26 04:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 10:41 - 2015-05-26 04:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 10:41 - 2015-05-26 04:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 10:41 - 2015-05-26 03:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 10:41 - 2015-05-26 03:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 10:41 - 2015-05-26 03:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 10:41 - 2015-05-26 03:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 10:41 - 2015-05-26 03:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 10:41 - 2015-05-26 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 03:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 10:41 - 2015-05-26 02:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 10:41 - 2015-05-26 02:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 10:41 - 2015-05-26 02:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 10:41 - 2015-05-26 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 10:40 - 2015-04-25 04:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 10:40 - 2015-04-25 03:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 10:40 - 2015-04-11 13:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 10:25 - 2015-06-10 10:25 - 00262192 _____ C:\Windows\Minidump\061015-19406-01.dmp
2015-06-09 19:50 - 2015-06-18 11:43 - 00019700 _____ C:\Users\Ashlee\Desktop\FRST.txt
2015-06-09 19:50 - 2015-06-11 10:46 - 00077148 _____ C:\Users\Ashlee\Desktop\Addition.txt
2015-06-09 19:49 - 2015-06-18 11:43 - 00000000 ____D C:\FRST
2015-06-09 19:49 - 2015-06-18 11:37 - 02109952 _____ (Farbar) C:\Users\Ashlee\Desktop\FRST64.exe
2015-06-09 19:15 - 2015-06-09 19:21 - 00000000 ____D C:\Users\Ashlee\Desktop\New folder (2)
2015-06-09 18:58 - 2015-06-09 18:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ashlee\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-09 18:06 - 2015-06-09 18:06 - 00000743 _____ C:\Users\Ashlee\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-09 18:03 - 2015-06-09 18:04 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\FixExec.exe
2015-06-09 17:54 - 2015-06-09 17:54 - 00266320 _____ C:\Windows\Minidump\060915-58203-01.dmp
2015-06-09 17:26 - 2015-06-09 18:04 - 00002406 _____ C:\Users\Ashlee\Desktop\FixExec.txt
2015-06-09 17:16 - 2015-06-09 17:16 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\iexplore.exe.exe
2015-06-08 21:35 - 2015-06-16 04:38 - 00000000 ____D C:\EEK
2015-06-08 21:35 - 2015-06-08 18:38 - 157272816 _____ C:\Users\Ashlee\Desktop\EmsisoftEmergencyKit.exe
2015-06-08 19:00 - 2015-06-08 18:34 - 02943232 _____ (Thisisu) C:\Users\Ashlee\Desktop\JRT.exe
2015-06-08 12:10 - 2015-06-08 12:10 - 00000000 ____D C:\Program Files (x86)\PatternGenerators
2015-06-08 12:09 - 2015-06-08 12:09 - 00004096 _____ C:\Windows\SysWOW64\ntwdblib.dll
2015-06-08 11:51 - 2015-06-11 10:38 - 00000000 ____D C:\AdwCleaner
2015-06-08 11:47 - 2015-06-08 11:38 - 02231296 _____ C:\Users\Ashlee\Desktop\AdwCleaner.exe
2015-06-08 11:35 - 2015-06-17 17:04 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\tor
2015-06-07 21:38 - 2015-06-07 21:35 - 00852652 _____ C:\Users\Ashlee\Desktop\SecurityCheck.exe
2015-06-07 21:32 - 2015-06-07 21:32 - 00044168 _____ C:\Users\Ashlee\Desktop\Result.txt
2015-06-07 21:18 - 2015-06-07 21:15 - 00403456 _____ (Farbar) C:\Users\Ashlee\Desktop\MiniToolBox.exe
2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Users\Ashlee\Desktop\Old Firefox Data
2015-06-07 13:45 - 2015-06-07 13:45 - 00002962 _____ C:\Windows\System32\Tasks\{ADE10CA8-0517-48D7-B47B-41A289B4EB0B}
2015-06-07 13:45 - 2015-06-07 13:45 - 00002962 _____ C:\Windows\System32\Tasks\{8317BDAB-C750-49F2-8B00-1555AB078FC2}
2015-06-07 13:41 - 2015-06-07 13:41 - 10694392 _____ (VS Revo Group ) C:\Users\Ashlee\Downloads\RevoUninProSetup.exe
2015-06-07 12:58 - 2015-06-07 12:58 - 04928968 _____ (AVG Technologies) C:\Users\Ashlee\Downloads\avg_free_stb_all_5961p1_177.exe
2015-06-07 11:15 - 2015-06-07 11:17 - 00286776 _____ C:\Windows\Minidump\060715-70730-01.dmp
2015-06-07 10:49 - 2015-06-07 10:49 - 00000000 ____D C:\Users\Ashlee\AppData\Local\CrashRpt
2015-06-07 10:41 - 2015-06-07 10:59 - 00000000 ____D C:\Program Files (x86)\gmsd_au_319
2015-06-06 20:22 - 2015-06-11 10:38 - 00001049 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-06 20:22 - 2015-06-11 10:38 - 00001001 _____ C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-06 20:22 - 2015-06-11 10:38 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-06 19:38 - 2015-06-06 19:39 - 00292848 _____ C:\Windows\Minidump\060615-53211-01.dmp
2015-06-06 17:28 - 2015-06-06 17:36 - 00000000 ____D C:\ProgramData\abc
2015-06-06 17:15 - 2009-06-11 07:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-06 17:13 - 2015-06-06 17:13 - 00000000 ____D C:\Program Files\13
2015-06-06 16:02 - 2015-06-06 16:02 - 16979960 _____ (Sun Microsystems, Inc.) C:\Users\Ashlee\Downloads\jre-6u37-windows-i586.exe
2015-06-06 15:59 - 2015-06-06 15:59 - 00561248 _____ (Oracle Corporation) C:\Users\Ashlee\Downloads\jxpiinstall(9).exe
2015-06-06 11:54 - 2015-06-06 11:54 - 00000000 ____D C:\ProgramData\Steam
2015-06-06 11:52 - 2015-06-06 11:55 - 00000000 ____D C:\ProgramData\PopCap Games
2015-06-05 19:06 - 2015-06-05 19:07 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Armagetron
2015-06-05 19:06 - 2015-06-05 19:06 - 00000886 _____ C:\Users\UpdatusUser\Desktop\Armagetron Advanced.lnk
2015-06-05 19:06 - 2015-06-05 19:06 - 00000886 _____ C:\Users\Ashlee\Desktop\Armagetron Advanced.lnk
2015-06-05 19:06 - 2015-06-05 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armagetron Advanced
2015-06-05 19:06 - 2015-06-05 19:06 - 00000000 ____D C:\ProgramData\Armagetron
2015-06-05 19:06 - 2015-06-05 19:06 - 00000000 ____D C:\Program Files (x86)\Armagetron Advanced
2015-06-05 19:04 - 2015-06-05 19:05 - 00000000 ____D C:\Users\Ashlee\Documents\argametron
2015-06-04 22:38 - 2015-06-08 18:47 - 00000000 ____D C:\Windows\system32\log
2015-06-03 11:51 - 2015-06-12 11:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 11:28 - 2015-06-03 11:28 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Avg
2015-06-01 14:02 - 2015-06-01 14:02 - 00000000 ____D C:\Users\Ashlee\AppData\Local\GWX
2015-05-30 17:39 - 2015-05-30 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-30 17:39 - 2015-05-30 17:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-30 17:39 - 2015-05-30 17:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-30 17:38 - 2015-05-30 17:39 - 13095136 _____ (Microsoft Corporation) C:\Users\Ashlee\Downloads\Silverlight_x64.exe
2015-05-23 16:44 - 2015-05-23 16:55 - 54553958 _____ C:\Users\Ashlee\Downloads\SpeedChess.zip
2015-05-19 18:22 - 2015-05-19 18:22 - 07893868 _____ C:\Users\Ashlee\Downloads\old bonnie.rar
2015-05-19 18:21 - 2015-05-19 18:22 - 00000000 ____D C:\Users\Ashlee\AppData\Local\WinZip
2015-05-19 18:21 - 2015-05-19 18:21 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-05-19 18:21 - 2015-05-19 18:21 - 00000000 ____D C:\ProgramData\WinZip
2015-05-19 18:21 - 2015-05-19 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-05-19 18:21 - 2015-05-19 18:21 - 00000000 ____D C:\Program Files\WinZip
2015-05-19 18:20 - 2015-05-19 18:20 - 01080672 _____ (WinZip) C:\Users\Ashlee\Downloads\wz19-mf.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-18 11:43 - 2013-07-17 15:38 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Adobe
2015-06-18 11:36 - 2014-06-09 14:47 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Spotify
2015-06-18 11:36 - 2014-06-09 14:46 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Spotify
2015-06-18 11:36 - 2013-07-17 15:42 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Skype
2015-06-18 11:36 - 2009-07-14 14:45 - 00031744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-18 11:36 - 2009-07-14 14:45 - 00031744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-18 11:35 - 2009-07-14 15:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 11:32 - 2013-08-01 16:39 - 00000000 ____D C:\Users\Ashlee\AppData\Local\LogMeIn Hamachi
2015-06-18 11:31 - 2013-07-17 19:10 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-18 11:31 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-18 11:30 - 2013-07-17 11:44 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-18 11:30 - 2009-07-14 14:51 - 00161517 _____ C:\Windows\setupact.log
2015-06-17 17:01 - 2013-07-17 11:40 - 00063216 _____ C:\Users\Ashlee\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-17 17:00 - 2011-04-12 18:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-17 16:58 - 2010-11-21 13:47 - 00311990 _____ C:\Windows\PFRO.log
2015-06-17 16:58 - 2009-07-14 14:45 - 00285280 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-17 16:52 - 2009-07-14 12:34 - 00000439 _____ C:\Windows\win.ini
2015-06-17 16:48 - 2013-07-17 11:16 - 01851942 _____ C:\Windows\WindowsUpdate.log
2015-06-17 16:29 - 2013-07-17 15:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 18:58 - 2014-06-16 15:30 - 00000000 ____D C:\Users\Ashlee\AppData\Local\CrashDumps
2015-06-16 04:38 - 2015-04-04 23:34 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-16 04:38 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2015-06-16 04:37 - 2013-07-18 15:58 - 00000000 ____D C:\Users\Ashlee\Downloads\PaintToolSAI
2015-06-16 01:48 - 2015-03-22 16:27 - 843142533 _____ C:\Windows\MEMORY.DMP
2015-06-16 01:48 - 2015-03-22 16:27 - 00000000 ____D C:\Windows\Minidump
2015-06-15 23:47 - 2014-06-01 17:25 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Battle.net
2015-06-15 23:27 - 2014-06-01 17:25 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-15 10:40 - 2013-07-17 11:16 - 00000000 ____D C:\Users\Ashlee
2015-06-14 10:58 - 2014-12-21 23:14 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\TeamViewer
2015-06-12 10:51 - 2009-07-14 15:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-11 10:38 - 2013-07-17 11:17 - 00000991 _____ C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-11 10:07 - 2014-12-11 14:29 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 10:07 - 2014-05-07 21:28 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 10:06 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 23:58 - 2014-05-05 11:49 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 23:54 - 2014-05-05 11:49 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 18:35 - 2015-03-29 11:39 - 00000000 ____D C:\Users\Ashlee\Documents\Telltale Games
2015-06-10 11:29 - 2015-04-15 17:29 - 18169520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-10 11:29 - 2013-07-17 15:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 11:29 - 2013-07-17 15:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 11:29 - 2013-07-17 12:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 11:18 - 2015-05-15 13:29 - 00000024 _____ C:\Users\Ashlee\AppData\Roaming\appdataFr25.bin
2015-06-10 11:18 - 2015-02-07 01:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-09 17:08 - 2009-07-14 15:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-08 18:47 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-08 16:52 - 2014-06-01 17:35 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-08 16:39 - 2014-06-01 17:25 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Battle.net
2015-06-08 12:10 - 2015-04-13 17:27 - 00000000 ____D C:\ProgramData\16446166674148545210
2015-06-07 13:49 - 2014-09-05 13:10 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-07 10:39 - 2014-10-28 14:32 - 00000000 ____D C:\Users\Ashlee\AppData\Local\DisplayFusion
2015-06-06 21:28 - 2014-12-23 18:00 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-06 18:56 - 2013-07-17 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2015-06-06 18:56 - 2013-07-17 11:28 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2015-06-06 18:56 - 2013-07-17 11:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-06 10:42 - 2013-07-17 12:34 - 00000000 ____D C:\ProgramData\MFAData
2015-06-05 23:18 - 2014-12-21 23:14 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-05 23:18 - 2014-12-21 23:14 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-05 23:18 - 2014-12-21 23:14 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-03 15:44 - 2013-11-17 10:35 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\TS3Client
2015-06-03 14:43 - 2013-11-17 10:35 - 00000000 ____D C:\Users\Ashlee\AppData\Local\TeamSpeak 3 Client
2015-06-03 14:38 - 2014-08-09 18:52 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\.minecraft
2015-06-01 15:20 - 2015-04-16 20:19 - 00000000 ____D C:\Users\Ashlee\Documents\Camtasia Studio
2015-06-01 15:01 - 2015-04-01 09:20 - 00000000 ____D C:\Users\Ashlee\Documents\SavedGames
2015-05-27 11:15 - 2013-10-14 19:26 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Audacity
2015-05-26 18:11 - 2014-05-29 20:34 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Microsoft Games
2015-05-20 14:29 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-05-20 13:26 - 2015-04-04 23:34 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-19 15:09 - 2015-02-07 00:10 - 00000000 ____D C:\Users\Ashlee\AppData\Local\Popcorn-Time

==================== Files in the root of some directories =======

2013-07-17 12:37 - 2013-11-12 14:26 - 0003725 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-12-21 10:33 - 2013-12-21 09:43 - 0012005 _____ () C:\Users\Ashlee\AppData\Roaming\alsoft.ini
2015-05-15 13:29 - 2015-06-10 11:18 - 0000024 _____ () C:\Users\Ashlee\AppData\Roaming\appdataFr25.bin
2015-04-28 11:31 - 2015-05-08 14:17 - 0000020 _____ () C:\Users\Ashlee\AppData\Roaming\appdataFr3.bin
2014-05-16 20:28 - 2015-06-08 12:28 - 0003888 _____ () C:\Users\Ashlee\AppData\Roaming\SpeedRunnersLog.txt
2014-12-27 14:30 - 2014-12-27 14:30 - 0003284 _____ () C:\Users\Ashlee\AppData\Roaming\TargetInvocationLog.txt
2014-08-16 16:08 - 2014-08-16 16:08 - 0003584 _____ () C:\Users\Ashlee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-06 19:00 - 2015-06-08 11:46 - 0011718 _____ () C:\Users\Ashlee\AppData\Local\Temp-log.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 23:40

==================== End of log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users