Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacked by 'oursurfing'


  • This topic is locked This topic is locked
26 replies to this topic

#1 grahamc2

grahamc2

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 16 July 2015 - 12:10 PM

I found that my browser was hijacked by oursurfing, and came across this website as a result of searching for answers. I have read through the threads, and it seemed to point to MBAM as being a solution. I downloaded it and started a scan. I then removed all of what it found to be malware. I was most concerned about it removing the oursurfing, and it said that it did, but I found that it is still there, hijacking my browser. Any help in removing this would be greatly appreciated.



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:29 PM

Posted 17 July 2015 - 01:21 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

Also please post the log from MBAM to see what was removed.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 grahamc2

grahamc2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 17 July 2015 - 07:57 AM

Thanks for a quick reply! Here's the logs of what you requested:

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Graham (administrator) on GRAHAM-TOSH on 17-07-2015 13:49:29
Running from C:\Users\Graham\Desktop
Loaded Profiles: Graham (Available Profiles: Graham & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
() C:\Program Files (x86)\IObit\Malware Cleaner\MalwareCleaner.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
HKLM\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-07] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-07] (Saitek)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2563472 2015-07-15] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-05-31] (Power Software Ltd)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-16] (Valve Corporation)
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\MountPoints2: F - F:\INSTALL.EXE
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\MountPoints2: {edaa2409-14ec-11e5-acca-74de2b00215d} - G:\Startme.exe
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll File not found
AppInit_DLLs:  C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll File not found
AppInit_DLLs-x32: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll => "C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll" File not found
AppInit_DLLs-x32:  C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll => "C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2012-05-08]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-03]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-03]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-12-25]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=94493384_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://isearch.avg.com/?cid={AAF39A61-DC12-4784-A3E7-AAD3AE4615BD}&mid=6a9060ad926f47d0ab9039d3c97c1bc0-0f9b000f974babc8f67d077cfa085f844bbb7ae5&lang=en&ds=st011&pr=sa&d=2012-06-15 11:46:19&v=11.1.0.12&sap=hp
URLSearchHook: HKLM-x32 - BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} -  No File
URLSearchHook: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000 - BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} -  No File
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
SearchScopes: HKU\.DEFAULT -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000 -> Backup.Old.DefaultScope {5A921EA0-EA7F-4F9C-AAB5-0E9A7F813136}
SearchScopes: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&appid=21&systemid=2&sr=0&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-11-01] (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-12-26] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: BrotherSoft Extreme Toolbar -> {51a86bb3-6602-4c85-92a5-130ee4864f13} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.7.0.147\AVG Secure Search_toolbar.dll [2015-07-15] (AVG Secure Search)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-02-20] (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.7.0.147\AVG Secure Search_toolbar.dll [2015-07-15] (AVG Secure Search)
Toolbar: HKU\.DEFAULT -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000 -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Toolbar: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.7.0\ViProtocol.dll [2015-07-15] (AVG Secure Search)
Tcpip\..\Interfaces\{B514F3E9-674A-4128-9311-388758F82FC2}: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2011-12-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.7.0\\npsitesafety.dll No File
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1887274369-1401611307-3145796470-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin HKU\S-1-5-21-1887274369-1401611307-3145796470-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Graham\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta763\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha188\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4141\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8356\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home2688\ff [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-12-16]
CHR Extension: (Google Drive) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-14]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-04-13]
CHR Extension: (YouTube) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Google Search) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (Ads Removal) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-03-03]
CHR Extension: (Heroes & Generals) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-05-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Skype Click to Call) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-08-30]
CHR Extension: (Google Wallet) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Click&Clean App) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-12-16]
CHR Extension: (Gmail) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Graham\AppData\Local\Temp\ccex.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-01] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Program Manager; C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe [945816 2015-07-15] (Spigot, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 vToolbarUpdater18.7.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [1842576 2015-07-15] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18480 2015-05-11] (Intel® Corporation)
S2 abengine; No ImagePath
S3 BEService; "C:\Program Files (x86)\Common Files\BattlEye\BEService.exe" [X]
S3 Desura Install Service; C:\Program Files (x86)\Common Files\Desura\desura_service.exe [X]
S2 RsMgrSvc; No ImagePath
S2 RzKLService; No ImagePath
S3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [X]
S2 Util alleybrowse; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-31] (REALiX™)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-06-17] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2014-11-01] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
S3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2010-06-17] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-07-08] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-07-08] (Saitek)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-07-16] (电脑管家)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WinRing0_1_2_0; No ImagePath
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUdisk64.sys [X]
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TS888x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-17 13:49 - 2015-07-17 13:50 - 00030043 _____ C:\Users\Graham\Desktop\FRST.txt
2015-07-17 13:48 - 2015-07-17 13:49 - 00000000 ____D C:\FRST
2015-07-17 13:48 - 2015-07-17 13:48 - 02133504 _____ (Farbar) C:\Users\Graham\Downloads\FRST64.exe
2015-07-17 13:48 - 2015-07-17 13:48 - 02133504 _____ (Farbar) C:\Users\Graham\Desktop\FRST64.exe
2015-07-16 17:50 - 2015-07-16 17:50 - 00001057 _____ C:\Users\Graham\Desktop\MBAM scan.txt
2015-07-16 16:55 - 2015-07-17 13:42 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 16:55 - 2015-07-16 17:58 - 00000000 ____D C:\Program Files (x86)\Application Updater
2015-07-16 16:55 - 2015-07-16 17:50 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2015-07-16 16:55 - 2015-07-16 16:56 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-16 16:55 - 2015-07-16 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-16 16:55 - 2015-07-16 16:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-16 16:55 - 2015-07-16 16:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-16 16:55 - 2015-06-18 08:52 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-16 16:55 - 2015-06-18 08:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-16 16:55 - 2015-06-18 08:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-16 16:54 - 2015-07-16 16:55 - 21547816 _____ (Malwarebytes Corporation ) C:\Users\Graham\Downloads\mbam-setup.exe
2015-07-16 16:27 - 2015-07-16 16:27 - 00000000 _____ C:\autoexec.bat
2015-07-16 16:26 - 2015-07-16 16:26 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Graham\Downloads\SpyHunter-Installer.exe
2015-07-16 15:28 - 2015-07-16 15:51 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-07-16 14:04 - 2015-07-16 14:04 - 00000000 ____D C:\ProgramData\TXQMPC
2015-07-16 13:59 - 2015-07-16 14:03 - 00000000 ____D C:\ProgramData\LocalStorage
2015-07-16 13:56 - 2015-07-16 13:56 - 00000000 ____D C:\Users\Graham\.android
2015-07-16 13:54 - 2015-07-16 13:55 - 00000000 ____D C:\Users\Graham\AppData\Roaming\ppslog
2015-07-16 13:52 - 2015-07-16 13:52 - 00003322 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-07-16 13:37 - 2015-07-16 13:37 - 00000000 _____ C:\Windows\prleth.sys
2015-07-16 13:37 - 2015-07-16 13:37 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-16 13:35 - 2015-07-16 14:33 - 00000000 ____D C:\Users\Graham\AppData\Local\Opera Software
2015-07-16 13:35 - 2015-07-16 13:35 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-07-16 13:35 - 2015-07-16 13:34 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-07-16 13:35 - 2015-07-16 13:34 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-07-16 13:34 - 2015-07-16 14:33 - 00000000 ____D C:\Users\Graham\AppData\Roaming\Tencent
2015-07-16 13:34 - 2015-07-16 14:33 - 00000000 ____D C:\Users\Graham\AppData\Roaming\Opera Software
2015-07-16 13:34 - 2015-07-16 13:34 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-07-16 13:33 - 2015-07-16 14:11 - 00000000 ____D C:\ProgramData\Tencent
2015-07-16 13:33 - 2015-07-16 13:33 - 00000000 ____D C:\Users\Graham\Documents\ËѺüÓ°Òô
2015-07-16 13:32 - 2015-07-16 13:32 - 00000000 ____D C:\Users\Graham\AppData\Local\Temp尰
2015-07-16 13:28 - 2015-07-16 13:28 - 00000000 ____D C:\Users\Public\QiYi
2015-07-16 13:27 - 2014-07-30 03:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-07-16 13:26 - 2015-07-16 15:25 - 00000000 ____D C:\Program Files (x86)\Rising
2015-07-16 13:26 - 2015-07-16 13:27 - 00000000 ____D C:\ProgramData\Rising
2015-07-16 13:26 - 2015-07-16 13:26 - 00003992 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2015-07-16 13:26 - 2015-07-16 13:26 - 00003090 _____ C:\Windows\System32\Tasks\tet3008
2015-07-16 13:26 - 2015-07-16 13:26 - 00000002 _____ C:\END
2015-07-15 13:51 - 2015-07-15 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-15 13:51 - 2015-07-15 13:51 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-14 20:05 - 2015-07-17 13:41 - 00000616 _____ C:\Windows\setupact.log
2015-07-14 20:05 - 2015-07-16 18:02 - 00278394 _____ C:\Windows\PFRO.log
2015-07-14 20:05 - 2015-07-14 20:05 - 00000000 _____ C:\Windows\setuperr.log
2015-07-14 20:04 - 2015-07-14 20:04 - 00000000 _____ C:\asc_rdflag
2015-07-14 16:21 - 2015-07-14 16:21 - 00000222 _____ C:\Users\Graham\Desktop\War Thunder.url
2015-07-13 20:16 - 2015-07-13 20:16 - 00000226 _____ C:\Windows\system32\cpuminer-conf.json
2015-07-13 19:30 - 2015-07-13 19:30 - 44880750 _____ C:\Users\Graham\Downloads\87336cdecf3604ad01a9cca023b2df6f0fb46165.zip
2015-07-12 16:09 - 2015-07-12 16:09 - 13028864 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 12694808 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 11117808 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 10811392 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 05906536 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 05375448 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-07-12 16:09 - 2015-07-12 16:09 - 00513640 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00444008 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00442880 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00440320 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00432128 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00431104 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00428544 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00410112 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00401512 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00384512 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00330752 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00280680 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00256616 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00187496 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00175104 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00173672 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-07-12 16:09 - 2015-07-12 16:09 - 00116224 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4229.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00101376 _____ C:\Windows\system32\igdde64.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00081408 _____ C:\Windows\SysWOW64\igdde32.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00017082 _____ C:\Windows\system32\iglhxs64.vp
2015-07-12 16:09 - 2015-07-12 16:09 - 00009728 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-07-11 16:20 - 2015-07-11 16:20 - 85735793 _____ C:\Users\Graham\Downloads\Research_and_Development.zip
2015-07-11 16:13 - 2015-07-11 16:16 - 57216921 _____ ( ) C:\Users\Graham\Downloads\RD_17.7.2009_Full_Install.exe
2015-07-06 18:21 - 2015-07-06 18:21 - 00000605 _____ C:\Users\Graham\Desktop\World of Warships.lnk
2015-07-06 18:21 - 2015-07-06 18:21 - 00000000 ____D C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-07-06 18:18 - 2015-07-06 18:18 - 07049832 _____ (Wargaming.net ) C:\Users\Graham\Downloads\WoWS_internet_install_eu.exe
2015-07-06 15:09 - 2015-07-06 15:09 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-07-06 15:07 - 2015-07-06 15:07 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-06 15:07 - 2015-07-06 15:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-06 15:07 - 2015-07-06 15:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-06 15:07 - 2015-07-06 15:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-06 15:07 - 2015-07-06 15:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-06 15:07 - 2015-07-06 15:07 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-06 15:04 - 2015-07-06 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-07-06 15:03 - 2015-07-06 15:03 - 00419936 _____ C:\Windows\system32\locale.nls
2015-07-06 15:03 - 2015-07-06 15:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-07-06 14:19 - 2015-07-06 14:19 - 00002669 _____ C:\Users\Public\Desktop\Intel® Extreme Tuning Utility.lnk
2015-07-06 14:19 - 2015-07-06 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Extreme Tuning Utility
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____D C:\uninstall
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2015-07-06 14:17 - 2015-07-06 14:17 - 00000000 ____D C:\Users\Graham\Intel
2015-07-06 14:17 - 2015-07-06 14:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-06 14:12 - 2015-07-06 14:12 - 51455984 _____ (Intel Corporation) C:\Users\Graham\Downloads\XTU-Setup-exe.exe
2015-07-01 16:37 - 2015-07-15 13:51 - 00000893 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-07-01 11:59 - 2015-07-17 13:43 - 00000000 ____D C:\Users\Graham\AppData\Local\LogMeIn Hamachi
2015-07-01 11:54 - 2015-07-01 11:55 - 08552448 _____ C:\Users\Graham\Downloads\hamachi.msi
2015-06-30 15:55 - 2015-06-30 15:55 - 00000220 _____ C:\Users\Graham\Desktop\The Ship.url
2015-06-27 14:08 - 2015-06-27 14:08 - 08438949 _____ C:\Users\Graham\Downloads\QuickyBaby Modpack 9.8.1 (V3).zip
2015-06-27 14:05 - 2015-06-27 14:05 - 01600240 _____ (Overwolf) C:\Users\Graham\Downloads\OverwolfInstaller.exe
2015-06-20 20:52 - 2015-06-20 20:52 - 00000000 ____D C:\Users\Graham\AppData\Local\Introversion
2015-06-20 20:51 - 2015-06-20 20:52 - 00000000 ____D C:\Users\Graham\Downloads\prisonarchitect-alpha28-pc
2015-06-20 20:48 - 2015-06-20 20:49 - 127921196 _____ C:\Users\Graham\Downloads\prisonarchitect-alpha28-pc.zip
2015-06-17 13:42 - 2015-06-17 13:42 - 00000000 ____D C:\ProgramData\Sony
2015-06-17 13:42 - 2015-06-17 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-17 13:43 - 2014-11-01 16:26 - 00002882 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Graham)
2015-07-17 13:43 - 2013-03-29 17:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-17 13:42 - 2013-06-03 21:42 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-07-17 13:42 - 2011-08-03 11:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-17 13:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 20:08 - 2012-06-04 18:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-16 20:04 - 2011-08-03 11:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 18:12 - 2009-07-14 05:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-16 18:12 - 2009-07-14 05:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-16 18:00 - 2013-07-28 15:07 - 00002100 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2015-07-16 17:50 - 2012-10-28 16:17 - 00000000 ____D C:\Users\Graham\AppData\Roaming\GameCenter
2015-07-16 17:50 - 2011-12-28 18:19 - 00000000 ____D C:\Program Files (x86)\Conduit
2015-07-16 16:55 - 2015-05-29 17:40 - 00003908 _____ C:\Windows\System32\Tasks\Program Manager
2015-07-16 16:23 - 2011-08-03 11:00 - 00002235 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-16 15:56 - 2009-07-14 06:13 - 00783360 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 15:35 - 2014-01-10 17:04 - 00187392 ___SH C:\Users\Graham\Desktop\Thumbs.db
2015-07-16 15:26 - 2009-07-14 05:45 - 04974800 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 14:36 - 2009-07-14 03:34 - 00000537 _____ C:\Windows\win.ini
2015-07-16 14:33 - 2011-12-25 06:33 - 00001718 _____ C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-16 14:23 - 2011-12-25 06:33 - 00102976 _____ C:\Users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-16 13:59 - 2011-08-03 11:00 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 13:59 - 2011-08-03 11:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 13:56 - 2011-12-25 06:31 - 00000000 ____D C:\Users\Graham
2015-07-16 13:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-07-16 13:45 - 2011-09-08 07:45 - 01790593 _____ C:\Windows\WindowsUpdate.log
2015-07-16 13:36 - 2014-05-26 16:23 - 00000000 __SHD C:\Users\Graham\AppData\Local\EmieUserList
2015-07-16 13:36 - 2014-05-26 16:23 - 00000000 __SHD C:\Users\Graham\AppData\Local\EmieSiteList
2015-07-16 13:30 - 2012-03-09 20:19 - 00000000 ____D C:\Users\Graham\AppData\Local\Unity
2015-07-16 13:09 - 2012-06-04 18:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 13:09 - 2012-06-04 18:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 13:09 - 2012-06-04 18:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 13:50 - 2012-06-15 11:46 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2015-07-14 21:54 - 2011-12-25 15:06 - 00000000 ____D C:\Users\Graham\AppData\Roaming\Skype
2015-07-14 20:04 - 2014-03-04 08:56 - 83279872 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-07-14 20:04 - 2014-03-04 08:56 - 00466944 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-07-14 20:04 - 2014-03-04 08:56 - 00057344 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2015-07-14 20:04 - 2014-03-04 08:56 - 00024576 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-07-14 16:19 - 2012-06-06 13:06 - 00000000 ____D C:\Users\Graham\AppData\Roaming\SoftGrid Client
2015-07-14 16:17 - 2011-08-03 10:41 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-14 11:44 - 2012-02-06 18:49 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-12 16:09 - 2015-05-31 14:22 - 11245520 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-07-12 16:09 - 2013-03-08 19:09 - 00031984 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-07-12 16:09 - 2012-10-23 22:45 - 09007616 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-07-12 16:09 - 2012-10-23 22:45 - 00064000 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-07-12 16:09 - 2012-10-23 22:44 - 00110592 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-07-12 16:09 - 2011-04-04 18:54 - 12937864 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-07-12 16:03 - 2014-01-16 20:19 - 00000000 ____D C:\ProgramData\ProductData
2015-07-11 20:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-07-06 22:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2015-07-06 22:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-07-06 22:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-06 18:19 - 2012-10-31 13:32 - 00000000 ____D C:\Games
2015-07-06 14:25 - 2012-12-24 12:48 - 00000000 ____D C:\ProgramData\Intel
2015-07-06 14:18 - 2011-08-03 11:07 - 00000000 ____D C:\Program Files (x86)\Intel
2015-07-06 14:18 - 2011-08-03 10:57 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-27 17:00 - 2014-02-03 17:58 - 00000000 ____D C:\Users\Graham\AppData\Local\Warframe
2015-06-26 16:52 - 2011-08-03 10:45 - 00000000 ____D C:\ProgramData\Skype
2015-06-23 13:30 - 2010-11-21 04:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-17 16:07 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-17 13:42 - 2011-08-03 10:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-17 12:24 - 2015-04-30 20:51 - 00000000 ____D C:\Users\Graham\AppData\Roaming\TS3Client
 
==================== Files in the root of some directories =======
 
2011-11-26 12:52 - 2011-11-26 12:52 - 0000096 _____ () C:\Users\Graham\AppData\Roaming\75941e26.dat
2012-02-26 13:41 - 2012-02-26 13:41 - 0000235 _____ () C:\Users\Graham\AppData\Roaming\fixpermissions.bat
2012-01-03 20:02 - 2015-05-10 17:12 - 0007597 _____ () C:\Users\Graham\AppData\Local\Resmon.ResmonCfg
2013-04-22 20:32 - 2013-02-21 20:32 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
C:\Users\Graham\AppData\Local\Temp\360Inst_sohuyy.exe
C:\Users\Graham\AppData\Local\Temp\geeplayersetup_unfix.exe
C:\Users\Graham\AppData\Local\Temp\masauto_runxx.dl.dll
C:\Users\Graham\AppData\Local\Temp\masblog_runxx.dl.dll
C:\Users\Graham\AppData\Local\Temp\masflag_runxx.dl.dll
C:\Users\Graham\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Graham\AppData\Local\Temp\QYAgent_runxx.dl.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-15 14:32
 
==================== End of log ============================
 
 
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Graham at 2015-07-17 13:51:29
Running from C:\Users\Graham\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1887274369-1401611307-3145796470-500 - Administrator - Disabled)
Graham (S-1-5-21-1887274369-1401611307-3145796470-1000 - Administrator - Enabled) => C:\Users\Graham
Guest (S-1-5-21-1887274369-1401611307-3145796470-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1887274369-1401611307-3145796470-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Amnesia - The Dark Descent Demo (HKLM-x32\...\{576CA494-F771-4B10-9AF0-8ED4A7AFB0CC}_is1) (Version: 1.0.1 - Frictional Games)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.7.0.147 - AVG Technologies)
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version:  - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Better Surf Plus (HKLM-x32\...\Better Surf Plus) (Version: 1.1 - Better Surf) <==== ATTENTION
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPU Miner (HKLM\...\cpuminer) (Version: 1.1 - Open Source)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disney Toontown Online (HKLM-x32\...\Disney Toontown Online) (Version:  - Walt Disney Internet Group)
Driver Booster 2.3 (HKLM-x32\...\Driver Booster_is1) (Version: 2.3 - IObit)
DriverIdentifier 4.0 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Estranged: Act I (HKLM-x32\...\Steam App 261820) (Version:  - Alan Edwardes)
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Game Cam 2.6.1.0 (HKLM-x32\...\Game Cam) (Version: 2.6.1.0 - Game Cam Portal, Inc.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version:  - Filip Victor)
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version:  - )
Half-Life Source (HKLM-x32\...\Half-Life Source) (Version:  - )
Half-Life Uplink (HKLM-x32\...\Half-Life Uplink) (Version:  - )
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Hydra VSTi/DXi v1.2 (HKLM-x32\...\SynapseHydra_is1) (Version: 1.2 - Synapse Audio Software)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel Extreme Tuning Utility (HKLM-x32\...\{c39ccdf6-4cad-48b9-87d8-00131589afca}) (Version: 5.2.0.14 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 5.2.0.14 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
IObit Apps Toolbar v21.9 (HKLM-x32\...\{B4827A4D-3E2A-4B1C-82B0-FAD23A22B506}) (Version: 21.9 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.27 - IObit)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java™ 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lambda Wars Beta (HKLM-x32\...\Steam App 270370) (Version:  - Vortal Storm)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
Malware Cleaner (HKLM-x32\...\Malware Cleaner) (Version: 1.0.0.108 - IObit)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McPixel version 1.0.4 (HKLM-x32\...\McPixel_is1) (Version: 1.0.4 - Sos)
MechWarrior Vengeance (HKLM-x32\...\MechWarrior Vengeance) (Version:  - )
Media Player (HKLM-x32\...\MediaPlayerV1alpha188) (Version: 1.1 - Media Player) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha4141) (Version: 1.1 - Media View) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha8356) (Version: 1.1 - Media View) <==== ATTENTION
Media Watch (HKLM-x32\...\MediaWatchV1home2688) (Version: 1.1 - Media Watch) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MTX (HKLM-x32\...\{6583D00E-0924-4950-8BE9-5D09FE70B333}) (Version: 1.0.0 - mektek.net)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.2 - Power Software Ltd)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Smart Technology Programming Software 7.0.1.12 (HKLM\...\{C745CDDF-A4EA-4448-87ED-D17F83B0EE39}) (Version: 7.0.1.12 - Mad Catz)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Synergy (HKLM-x32\...\Steam App 17520) (Version:  - Synergy Team)
System Requirements Lab CYRI (HKLM-x32\...\{E77DA909-3532-4C95-AFEB-06310E88462A}) (Version: 6.0.3.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea, Co.LTD)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Ship (HKLM-x32\...\Steam App 2400) (Version:  - Outerlight Ltd.)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.0.2.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Unity Web Player (HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Universe Sandbox (HKLM-x32\...\Universe Sandbox) (Version:  - )
User's Guide EPSON SX130 Series (HKLM-x32\...\EPSON SX130 Series Useg) (Version:  - )
Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Walking Dead (HKLM-x32\...\Walking Dead_is1) (Version:  - Martin)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Wincore MediaBar (HKLM-x32\...\Wincore MediaBar) (Version: 3.0.0.119265 - Musiclab, LLC) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.10 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.5 - win.rar GmbH)
Wondershare Video Editor(Build 3.0.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
WorldPainter 0.7.3 (HKLM\...\4144-4862-0472-7103) (Version: 0.7.3 - pepsoft.org)
WWI Source Beta 1.0 (HKLM-x32\...\WWI Source) (Version: Beta 1.0 - WWI Source Devs)
YouTube Downloader 3.5 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - BienneSoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
16-07-2015 13:38:12 16/07/2015
16-07-2015 13:41:11 Restore Operation
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {025DEA95-D8E1-4817-97E6-B582459CD40D} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-02] (IObit)
Task: {07FB8BCC-4121-47BA-B244-4A7CC8D3EE8B} - System32\Tasks\{2DA54569-A98A-4C87-94F6-EBF1BB25D04E} => C:\Games\Piranha Games\MechWarrior Online\Bin32\MechWarriorOnline.exe
Task: {08DDB443-908F-4F88-84A6-70F30AB1F481} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-04-07] (IObit)
Task: {09E45754-450F-42C5-8512-D4C4084AC5B2} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{5BD1378D-1507-4C52-A433-AE3D938D85BF}.exe
Task: {0D9090E1-C372-428C-BF37-2BB3D753B033} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {171D5E9D-BEEE-4EC1-857E-C36D464BCF6B} - System32\Tasks\{353EC7C1-DDB8-4829-A531-D2284CA3B184} => pcalua.exe -a "C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe" -d "c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead" -c -nosplash -world=empty -mod=@dayz
Task: {1CC514E1-3F48-4A16-A444-07C64D25871C} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-05-14] (IObit)
Task: {2D240487-2726-4F73-957E-C7EE7148D61E} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {3B19B70B-0037-4058-BE46-5799C95659E7} - System32\Tasks\Uninstaller_SkipUac_Graham => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-01] (IObit)
Task: {3C21C739-EC18-48DB-AFD8-E3372D3AFA7A} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-05-14] (IObit)
Task: {45AD5AC6-1429-4C2E-8265-1C8C4420D407} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {519CB08F-2FA2-4890-92FF-4AF93572903A} - System32\Tasks\SmartDefrag_Schedule => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {5C84BA0A-29DF-4D73-9CEE-62A976B414EF} - System32\Tasks\{2A9C88EE-3DB3-48DC-AEFE-BB55AE17DB22} => pcalua.exe -a C:\Users\Graham\Desktop\install_AT2_version_11_FULL.exe -d C:\Users\Graham\Desktop
Task: {6D1F6CF0-F2AB-4D41-AD39-7C8540004AE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {6D715F29-2282-43FA-8A69-19F6B029419E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {70492B50-ED5C-4903-8587-0CE1A4007F54} - System32\Tasks\{B967A8A5-EA65-4FD0-9127-C4FDE95AB554} => pcalua.exe -a "C:\Program Files (x86)\Registry Helper\uninst.exe"
Task: {731EDB3F-C064-47D5-9162-F7879C0105BE} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-03-11] (Intel Corporation)
Task: {88D981F5-BB84-41A3-8581-30AF131FCD9C} - System32\Tasks\Driver Booster SkipUAC (Graham) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-05-14] (IObit)
Task: {89EA2DEA-F343-4BB9-9F7B-324EB7A2E9E1} - System32\Tasks\ASC7_SkipUac_Graham => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {9334E93F-0033-43AB-A60E-CCFB6A843430} - System32\Tasks\tet3008 => C:\PROGRA~2\FASTSE~1\tet3008.exe
Task: {9856FF38-152F-48D5-A864-71C811709173} - System32\Tasks\{90587CBD-8EFF-4D4B-A608-E32D813571B7} => pcalua.exe -a "C:\program files (x86)\steam\steamapps\common\left 4 dead 2\bin\addoninstaller.exe" -d "c:\program files (x86)\steam\steamapps\common\left 4 dead 2" -c /register
Task: {9AD92617-F8A6-4FD2-A2DE-9D9DDAB2D8A5} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\PROGRAM FILES (X86)\RISING\RAV\rsdelaylauncher.exe
Task: {A567BE0F-19BE-4F18-876D-F8181BD02275} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A5AFD17C-1733-4E10-8CD6-CE32A6C61F21} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {AB2D16AE-3214-42B8-BF36-736415EA658B} - System32\Tasks\Program Manager => C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe [2015-07-15] (Spigot, Inc.)
Task: {AFDB45C9-982F-4322-9A4B-7E0010668205} - System32\Tasks\{50F5593E-97ED-4D99-9736-DD7032219BAF} => pcalua.exe -a "C:\Users\Graham\Downloads\dxwebsetup (1).exe" -d C:\Users\Graham\Downloads
Task: {CFFC8A4A-A766-4561-8176-F9BB2CC38642} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {D5EB5F0B-A0DB-4883-9688-B94202309685} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {D78C5370-B931-4C76-A423-40F5961DE075} - System32\Tasks\{FAFB831D-01FC-4356-82CE-8B5483FA5D4F} => pcalua.exe -a C:\Users\Graham\Downloads\258.96_desktop_win7_winvista_64bit_english_whql.exe -d C:\Users\Graham\Downloads
Task: {E9902A6A-6908-46DD-B5DC-B2FD65916564} - System32\Tasks\Escolade => C:\Users\Graham\AppData\Roaming\iPumper\Updater.exe <==== ATTENTION
Task: {F5FCB70A-D6C4-4C77-9170-A68D178108AE} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-01] (IObit)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{5BD1378D-1507-4C52-A433-AE3D938D85BF}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-29 20:19 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2014-04-29 20:19 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2011-12-31 19:29 - 2011-12-15 13:38 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-11-18 16:18 - 2010-11-18 16:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2015-07-15 13:50 - 2015-07-15 13:49 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
2011-04-04 18:18 - 2011-04-04 18:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-03 10:39 - 2011-02-22 11:06 - 00563576 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\en\Humphrey.resources.dll
2012-06-15 11:46 - 2015-07-15 13:49 - 02563472 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2013-07-28 15:07 - 2013-07-24 21:27 - 02828096 _____ () C:\Program Files (x86)\IObit\Malware Cleaner\MalwareCleaner.exe
2010-12-08 14:42 - 2010-12-08 14:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-07-28 15:07 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-19 13:36 - 2014-06-04 16:17 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2015-07-15 13:50 - 2015-07-15 13:49 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\log4cplusU.dll
2013-03-25 15:23 - 2015-07-03 17:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-03 20:18 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-12-03 20:18 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2014-12-03 20:18 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-04 15:28 - 2015-07-16 01:53 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-25 17:24 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-25 17:24 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-25 17:24 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-25 17:24 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-25 17:24 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-03-25 22:54 - 2015-07-16 01:53 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-07 13:52 - 2015-07-07 21:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2013-07-28 15:07 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2013-06-23 12:28 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2013-06-23 12:28 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2013-06-23 12:28 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2013-10-21 18:35 - 2013-12-12 19:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2013-10-21 18:35 - 2013-05-16 20:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2013-12-14 13:05 - 2013-10-16 23:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2013-10-21 18:35 - 2013-05-16 20:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2013-03-26 17:16 - 2015-07-03 17:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-07-14 21:53 - 2015-07-13 22:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 21:53 - 2015-07-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4791 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Facebook Update => "c:\users\graham\appdata\local\facebook\update\facebookupdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe
MSCONFIG\startupreg: NBAgent => "c:\program files (x86)\nero\nero 10\nero backitup\nbagent.exe" /winstart
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
MSCONFIG\startupreg: Teco => "%programfiles%\toshiba\teco\teco.exe" /r
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DD76B88C-933A-4D1D-B2FE-6AC465B3BBCC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F8AAFFDD-CB9D-4576-829B-0F805B7E20BD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A467D23B-AA56-454A-969E-C35E4955B64C}] => (Allow) LPort=2869
FirewallRules: [{DB485AE4-96E8-4217-9156-DED45AFBE9B8}] => (Allow) LPort=1900
FirewallRules: [{5463F49F-7DE1-4B59-ADB9-2E471D291519}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AC98DE6D-FEB7-4934-8B01-5369EFD90205}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9A73F317-722A-4BD7-BEC9-C1911D074BAA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{272749CB-5738-4B6D-B1CE-87CE3C3521B0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6477D4F4-5278-4854-96FA-0E959DA8D4AF}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{1CF5204D-8CDD-48BF-B091-C71055F32893}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4777F8E9-4F0A-4602-8D18-F42614B3F073}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3EAC3485-0504-4305-A90D-08465E3FC065}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FED7496C-5A56-4946-91B3-4BFC9278B2BF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3E6C59D2-FC16-45B0-A20F-24F52733C49D}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{A8F2FBEB-D9F6-4A6A-802A-44393A982834}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3C6E3675-4740-43C1-BEB7-690FF5D6E75C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{D0B054A4-049B-4176-BF1D-8212705F5BA6}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{6D5F9056-B97A-4471-B9F5-FB624DF4AC54}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{177E67A9-7D1E-4703-93DA-31719CF3E533}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{053A5339-9FB4-46BB-A6A3-3F599966F557}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{509D51C1-F5E2-4244-8EB3-7816FD97E4E0}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{936EEA89-AF51-4393-8D82-7849003A126F}] => (Allow) C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{868DFB41-0A10-4426-B41A-EADAA791379B}] => (Allow) C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [TCP Query User{6B60B5B0-1FC7-4B61-A5C6-DADD29A7F16A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{FC9E6593-F13D-4830-BFE4-36FA7E922423}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{007462C4-5728-40EF-8412-CA0A2465CBB5}C:\program files (x86)\steam\steamapps\philcam630\synergy\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\synergy\hl2.exe
FirewallRules: [UDP Query User{511BC8B8-5805-480E-836D-4C697D518635}C:\program files (x86)\steam\steamapps\philcam630\synergy\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\synergy\hl2.exe
FirewallRules: [{ED2DB1F5-2D28-439A-A1E6-DE0EF4F8F93D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\philcam630\synergy\hl2.exe
FirewallRules: [{7381F228-4B68-439D-9272-5B4C54EB5BC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\philcam630\synergy\hl2.exe
FirewallRules: [TCP Query User{2A33351D-3CAA-462B-8EAA-85F58487CCA6}C:\program files (x86)\steam\steamapps\philcam630\half-life 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life 2\hl2.exe
FirewallRules: [UDP Query User{83179AF0-6CB4-4110-BF19-3A919183DC8A}C:\program files (x86)\steam\steamapps\philcam630\half-life 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life 2\hl2.exe
FirewallRules: [{FFE7A20E-ECB3-46D7-9AEB-5C3BDED338A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\counter-strike source\hl2.exe
FirewallRules: [{BBD1D878-E7BC-4FC9-AF02-C5027E40F3D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\counter-strike source\hl2.exe
FirewallRules: [{5B903541-FFE3-45C7-85A0-854C93A9583C}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{758BD9D9-6045-40FB-A1A5-51E2EBA9CE9C}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{2ECC8C52-B006-4ED1-BA79-81D66822095A}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{BD541702-89C5-4DD4-9BC5-20AC328817C7}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [TCP Query User{23DE3B95-0EFF-47CD-85DC-15EF3C6B8C63}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [UDP Query User{942AB918-23AF-44BC-A115-A5D12C275D52}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [TCP Query User{718648B7-D631-4026-90E7-A4AA1A39E6EA}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{0B11BE03-8146-4920-AD31-96A823095238}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{49207669-9F1E-4916-B417-9C518B09EB7D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{B571EB61-A406-4C6D-AE86-AA39FE954F6C}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{6CBB54F5-2DEC-4A50-A302-79C642D73F82}C:\program files (x86)\steam\steamapps\philcam630\half-life 2 deathmatch\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life 2 deathmatch\hl2.exe
FirewallRules: [UDP Query User{8671C75F-08BD-4015-A74B-88A8D731DB50}C:\program files (x86)\steam\steamapps\philcam630\half-life 2 deathmatch\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life 2 deathmatch\hl2.exe
FirewallRules: [TCP Query User{7EF89254-7FFE-446C-BFC3-CF92E534E773}C:\program files (x86)\1clickdownload\1clickdownloader.exe] => (Allow) C:\program files (x86)\1clickdownload\1clickdownloader.exe
FirewallRules: [UDP Query User{75A2CE94-6FB2-4511-933C-15CF9CEFC4B1}C:\program files (x86)\1clickdownload\1clickdownloader.exe] => (Allow) C:\program files (x86)\1clickdownload\1clickdownloader.exe
FirewallRules: [TCP Query User{F03BCF0F-06C3-43A9-BB22-4F85F470B2C9}C:\program files (x86)\steam\steamapps\philcam630\half-life blue shift\hl.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life blue shift\hl.exe
FirewallRules: [UDP Query User{3C8F71DA-E057-4D3C-BD00-611D64C368CF}C:\program files (x86)\steam\steamapps\philcam630\half-life blue shift\hl.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life blue shift\hl.exe
FirewallRules: [{4CF12864-5125-4260-A077-D6AC45AA25CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\philcam630\source sdk base 2007\hl2.exe
FirewallRules: [{2C10A579-3BD9-4DB2-925D-E3CFC224D186}] => (Allow) C:\Program Files (x86)\Steam\steamapps\philcam630\source sdk base 2007\hl2.exe
FirewallRules: [TCP Query User{671D1171-B962-416A-8B13-A64D1E6F468C}C:\program files (x86)\microsoft games\mechwarrior vengeance\mw4.icd] => (Allow) C:\program files (x86)\microsoft games\mechwarrior vengeance\mw4.icd
FirewallRules: [UDP Query User{0657E699-CE37-4A0E-8C27-A90405ACF2EF}C:\program files (x86)\microsoft games\mechwarrior vengeance\mw4.icd] => (Allow) C:\program files (x86)\microsoft games\mechwarrior vengeance\mw4.icd
FirewallRules: [TCP Query User{618A5086-58C5-4615-ACB9-BF31BB6E7E92}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{C55989C6-F3F8-4515-9207-8EA9E3B06705}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{32A644E9-E0AC-44B2-BFF4-1E4900E4279E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{09467E5A-8F63-4FCD-8A72-2A0A1FEAE28E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{19A061A6-259E-442C-90BA-BCFAB51E213A}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe] => (Allow) C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe
FirewallRules: [UDP Query User{BAA4F5A6-9677-40FA-957A-09F196C888A7}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe] => (Allow) C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe
FirewallRules: [TCP Query User{D8F2602E-762F-4313-B3D2-C5386B6BB21A}C:\users\graham\documents\arma 2\expansion\beta\arma2oa.exe] => (Allow) C:\users\graham\documents\arma 2\expansion\beta\arma2oa.exe
FirewallRules: [UDP Query User{A2B2BCDF-9492-415E-8DDF-BCDC13D33F43}C:\users\graham\documents\arma 2\expansion\beta\arma2oa.exe] => (Allow) C:\users\graham\documents\arma 2\expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{4F42982A-D2A9-418D-B07D-56275BA1EB1C}C:\program files (x86)\steam\steamapps\grahamc22\garry's mod beta\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\garry's mod beta\hl2.exe
FirewallRules: [UDP Query User{142E41FE-3DC1-46E0-B1B6-DD72CD9E185F}C:\program files (x86)\steam\steamapps\grahamc22\garry's mod beta\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\garry's mod beta\hl2.exe
FirewallRules: [TCP Query User{50D1601B-ED26-4E17-B3C8-EC55832EEC96}C:\program files (x86)\steam\steamapps\grahamc22\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{57C85D41-4FA6-4581-92ED-F51D9B4844BA}C:\program files (x86)\steam\steamapps\grahamc22\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\team fortress 2\hl2.exe
FirewallRules: [{D678EF3C-A22A-45E8-8537-9AF7B0B7D762}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{4E2EC7BA-4C15-480C-B094-F3534418AF9C}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{A48B4B30-61F0-4B49-9481-F9578D8F41D0}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{ACEFE5FA-0BEF-4858-96DF-F09495CBA98D}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{137A7303-7E1C-4CB5-97E3-90C59BCC8BDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{91CF1152-BCE8-47DF-B79C-0A70DF76766E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{6C97F48B-2871-41CE-9C11-F9F1ECE1AFAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2\arma2.exe
FirewallRules: [{F66392E4-1C97-45A7-83DB-6205DA81662E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2\arma2.exe
FirewallRules: [{7A13903D-4C53-47E4-9404-8A29BE1A7BD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{038490FB-75F5-4132-A9F4-2C835267178B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{C82A1C35-BD4E-441B-BDA9-C306A49174B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{2D603CAC-961B-46A9-B261-1D6FD7CF90C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{BCCB500D-1308-48F7-8B5E-D0743922E231}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
FirewallRules: [{4012665D-99D1-4CAE-8BD0-55BB77B82B27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
FirewallRules: [TCP Query User{756CC918-B705-46C2-93CA-02E596A7D9C6}C:\program files (x86)\mektek.net\mtx\mtx.exe] => (Allow) C:\program files (x86)\mektek.net\mtx\mtx.exe
FirewallRules: [UDP Query User{9C8888CC-0103-4B90-8325-9A4E8F4DBC40}C:\program files (x86)\mektek.net\mtx\mtx.exe] => (Allow) C:\program files (x86)\mektek.net\mtx\mtx.exe
FirewallRules: [TCP Query User{162EE2E4-7507-4250-919B-6EF4AF4FB89E}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe] => (Allow) C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe
FirewallRules: [UDP Query User{CFBD1A3C-444E-4309-8AF2-9F2FEC897ABE}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe] => (Allow) C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe
FirewallRules: [{C403E8F8-6B36-4C46-9A0C-E98B8E81FDE4}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{424A2461-AEB2-4CB2-8D11-958D90059148}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{4923E365-89B6-4C82-BA85-983964BEFBD9}] => (Allow) C:\Users\Graham\AppData\Roaming\svchost.exe
FirewallRules: [{8D41D9A1-0C2E-4BD9-8DFB-457AE56B7A35}] => (Allow) C:\Users\Graham\AppData\Roaming\svchost.exe
FirewallRules: [{69E27D7B-9F4E-4EF6-AB19-B7DFB8F5F967}] => (Allow) C:\Users\Graham\AppData\Roaming\svchost.exe
FirewallRules: [{F628F4DD-353C-4B07-ABB1-4A675440226E}] => (Allow) C:\Users\Graham\AppData\Roaming\svchost.exe
FirewallRules: [TCP Query User{A4F5E8B5-7997-4712-97ED-D1E9DB382393}C:\program files (x86)\steam\steamapps\grahamc22\source sdk base 2007\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\source sdk base 2007\hl2.exe
FirewallRules: [UDP Query User{4098D436-BC66-421C-A246-0007B33DD2F3}C:\program files (x86)\steam\steamapps\grahamc22\source sdk base 2007\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\source sdk base 2007\hl2.exe
FirewallRules: [TCP Query User{80FF0073-75E1-4A70-B4CA-B5C8148AA9D2}C:\program files (x86)\s.w.a.t. 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\s.w.a.t. 4\content\system\swat4.exe
FirewallRules: [UDP Query User{C132141C-279E-44BD-850F-ECF6F1368187}C:\program files (x86)\s.w.a.t. 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\s.w.a.t. 4\content\system\swat4.exe
FirewallRules: [TCP Query User{3239D1D5-74C9-4B23-9521-54BD657178F3}C:\program files (x86)\steam\steamapps\grahamc22\half-life 2 deathmatch\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\grahamc22\half-life 2 deathmatch\hl2.exe
FirewallRules: [UDP Query User{5A0AB6E3-2ED0-47C4-88A7-8C01C74D3B11}C:\program files (x86)\steam\steamapps\grahamc22\half-life 2 deathmatch\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\grahamc22\half-life 2 deathmatch\hl2.exe
FirewallRules: [{E778A41D-2176-4635-B08C-AB501046CBDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\synergy\hl2.exe
FirewallRules: [{D8A1E6BB-FB43-43F8-B170-38D486D4F1BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\synergy\hl2.exe
FirewallRules: [{0AFFF582-415F-4F29-8273-3402FA4175EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\garrysmod\hl2.exe
FirewallRules: [{EEC11254-8D66-42DA-8E78-C3F170AC9AF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\garrysmod\hl2.exe
FirewallRules: [{4418E35D-1F76-4864-AA62-3A8B880E60C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
FirewallRules: [{4FBFB1DA-B659-4471-866C-38D2D88C37D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{25D5D45B-1D8A-4CA1-9BA9-CD0848353B99}C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{5BC684AA-DA05-43A0-BC56-E2D8A4EC749A}C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{20EF13A0-B4D0-4881-B205-467D40FC3B61}] => (Block) %ProgramFiles% (x86)\Bandicamcrack\bdcam.exe
FirewallRules: [{061A863B-1BF4-4A3F-9659-B75ECA4DEB52}] => (Block) %ProgramFiles% (x86)\Bandicamcrack\bdcam.exe
FirewallRules: [{711BC2BB-C96B-4CB4-8328-E399CEB30EB3}] => (Allow) C:\Program Files (x86)\War Thunder\launcher.exe
FirewallRules: [{3DBE9E2E-AB9B-402D-87AD-24C49D946C76}] => (Allow) C:\Program Files (x86)\War Thunder\launcher.exe
FirewallRules: [TCP Query User{BBA708F5-3B6C-49CF-BE62-9B431C9EE01B}C:\program files (x86)\war thunder\aces.exe] => (Allow) C:\program files (x86)\war thunder\aces.exe
FirewallRules: [UDP Query User{62BB2852-DE9B-406F-8F0C-89A615BC655C}C:\program files (x86)\war thunder\aces.exe] => (Allow) C:\program files (x86)\war thunder\aces.exe
FirewallRules: [{D8593FBB-3653-4EDD-88ED-A86220A7AB8B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5984A462-3EAA-4554-ACCF-67BC829A194D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AA0AC1C0-2B7D-45EB-8F66-D559EBFD5DD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\counter-strike source\hl2.exe
FirewallRules: [{BF51A849-9AE7-4DE1-85C5-1A41B4BB2D57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{9AA696EA-DA06-43F7-82BD-7B11E772658B}C:\program files (x86)\steam\steamapps\grahamc22\source sdk base\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\source sdk base\hl2.exe
FirewallRules: [UDP Query User{76A778B8-8A12-4153-BBB7-6315FD8ED081}C:\program files (x86)\steam\steamapps\grahamc22\source sdk base\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\source sdk base\hl2.exe
FirewallRules: [TCP Query User{D271292B-66CE-4802-858C-CB9AC551317A}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{C093623D-0E72-4971-8A3C-62BB36B3437F}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{7144389F-BC99-48A0-A9A7-23A6A8471BA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\source sdk base 2007\hl2.exe
FirewallRules: [{8A594C59-B816-425A-8172-AD1F6205957B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\source sdk base 2007\hl2.exe
FirewallRules: [{1591A23A-ECE9-4131-AA7B-2FC1D0A94515}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{2C27A25D-DA19-484F-B773-042A988655AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\sourcesdk\bin\SDKLauncher.exe
FirewallRules: [{4738DA61-918E-4752-B63F-79E975FD21A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\sourcesdk\bin\SDKLauncher.exe
FirewallRules: [{EF5FB62B-99DA-4A6D-BBE7-8FB691D980F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{FFC5C9AE-5417-4A93-B40A-17403F2F1414}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{5C49437B-7AA2-4067-91C1-6A40006434E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{38B17B65-E5D0-49F9-8E10-72929E064547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{BEE53DED-A2F2-4DAC-91EE-5A62C7A8AB23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{345A0DCE-008D-4C51-A2C5-6262C40C914D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{82A9E6E0-7D65-4D42-9C4E-E6D291FD69D6}] => (Allow) D:\SteamLibrary\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{BF2B2CFC-2968-445E-A913-DD2390C68363}] => (Allow) D:\SteamLibrary\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C035B161-1DAA-4743-8869-19000F002365}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{0EBE208B-9BF7-41C0-8457-BB41D510E25F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F2EBC9FF-14BF-44B4-8D7F-1066FDB32831}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{287A90AA-1830-41A2-B07E-DE6E825BE909}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{537BDABF-3340-411B-96BA-43BFE202CC2E}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{983CBD38-7A35-40E1-9150-D8F3F6A3549E}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B1FFC528-BC3E-4EB0-A743-CFA4B16BB392}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{07778FF8-C04D-416C-A894-C05CCAD52B65}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{18C5E7A4-2456-4929-A55D-D0E8153899FC}] => (Allow) D:\SteamLibrary\SteamApps\common\Estranged Act I\hl2.exe
FirewallRules: [{4F332834-52CB-4833-BC1F-59928E2A0A6B}] => (Allow) D:\SteamLibrary\SteamApps\common\Estranged Act I\hl2.exe
FirewallRules: [{982202C5-7404-4853-A41A-7D7984E50F31}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{AAEEE902-A79B-48CF-BEF6-808D1AFD340D}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{C0564C93-DF00-46DE-A2D4-A20D9C92DC5C}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{F87B7AE3-6A43-44CB-A5B1-0261168819D7}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{EC62568B-85CF-4D31-A483-BAD367ED8B6D}] => (Allow) D:\SteamLibrary\SteamApps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{006C5016-E576-4F80-A4AC-F7E515508074}] => (Allow) D:\SteamLibrary\SteamApps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{FBBCF9D8-3A6D-4A02-80E3-F2A15E732024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe
FirewallRules: [{85D63EE4-010F-4B56-AE32-EF667BE4C799}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe
FirewallRules: [{435CA06E-D191-4FAD-95EC-BBB563B012A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{50A108E4-41A6-49A9-B10E-758564B492B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{A721AD2F-4101-4CAC-8396-50A343C54C8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{36F6AC45-9371-4018-B9CF-B01D606F666B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{3348789D-5CB7-417C-81DD-D48D6364E3DE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FA2CE76C-0B94-4CF7-A523-5BD8A21D376D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{77FF919F-1CAA-469F-97FE-C2C265FC60A9}D:\world_of_tanks\wotlauncher.exe] => (Allow) D:\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{6BD11B07-5C5E-4102-BA96-2DBD05E59AC7}D:\world_of_tanks\wotlauncher.exe] => (Allow) D:\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{80E88E44-B84B-454E-99E7-B0DFF94C95A2}D:\world_of_tanks\worldoftanks.exe] => (Allow) D:\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{0E93EB82-8B4B-4E16-B6DD-BD55E6215A8D}D:\world_of_tanks\worldoftanks.exe] => (Allow) D:\world_of_tanks\worldoftanks.exe
FirewallRules: [{10DBE40C-0D0A-4AE9-85DF-8B596A45834A}] => (Allow) D:\SteamLibrary\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{99E28C78-80EF-42DB-B4B5-BE5ABDE2DB2A}] => (Allow) D:\SteamLibrary\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [TCP Query User{9F984793-33E5-4A47-BEEC-E209C70B6D54}D:\war thunder\launcher.exe] => (Allow) D:\war thunder\launcher.exe
FirewallRules: [UDP Query User{9CFA41D8-0EBE-48FF-8024-AC51668FD43E}D:\war thunder\launcher.exe] => (Allow) D:\war thunder\launcher.exe
FirewallRules: [TCP Query User{6EC8FF90-B7C4-41E9-96F6-AC9B7521FEAE}D:\war thunder\aces.exe] => (Allow) D:\war thunder\aces.exe
FirewallRules: [UDP Query User{E09C223E-804E-4463-8255-EC4247185BB0}D:\war thunder\aces.exe] => (Allow) D:\war thunder\aces.exe
FirewallRules: [{3CD7F736-3139-43AB-BFA9-2088C704B3E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{3FECB2FE-2133-43DA-9BA5-12C1EAF238D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{54B498D2-C6E1-4A84-A06F-1F821E57B929}] => (Allow) D:\SteamLibrary\SteamApps\common\Lambda Wars\lambdawars.exe
FirewallRules: [{43741737-9EBB-4A1B-867A-B393946C37DA}] => (Allow) D:\SteamLibrary\SteamApps\common\Lambda Wars\lambdawars.exe
FirewallRules: [{90D5469B-1211-413D-B60D-AF67573A3497}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{D882E798-8BA9-47A5-B4BA-9E0C45BBF3C4}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{31C44749-6244-490B-8CD3-F18997CF4906}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{E889F8AA-CFE2-4106-9087-5DBD0D73BFC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{AFD2BFE6-6A43-4D70-9D6F-D15F79C731A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{BABD5139-DD02-469E-A957-5820758354DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{D1BAFB6A-619B-4CCE-A0B6-801186C1847F}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{9A14F2DA-476C-4372-9DCB-5E9AFE96D717}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{B727CF9B-CA2F-474C-B7EB-F27CD331D138}] => (Allow) D:\SteamLibrary\SteamApps\common\The Ship\ship.exe
FirewallRules: [{8AA9433C-3255-438B-9FC7-C9C69AF11094}] => (Allow) D:\SteamLibrary\SteamApps\common\The Ship\ship.exe
FirewallRules: [TCP Query User{F6697358-8B2F-4715-AB33-C0E5C18A4ABC}D:\world_of_warships\wowslauncher.exe] => (Allow) D:\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{3529D5E2-D66A-4B55-84E2-72286367A805}D:\world_of_warships\wowslauncher.exe] => (Allow) D:\world_of_warships\wowslauncher.exe
FirewallRules: [{4F8C9E7B-8EFD-4C0D-BF4D-06C3CC47F17D}] => (Allow) D:\SteamLibrary\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{51EC2340-F347-4C49-9C10-89461774D472}] => (Allow) D:\SteamLibrary\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{55081788-ED1C-4DEE-8B61-8FA544FD7B4C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5735C6E1-0D09-43F9-A9F7-D392DC40A9BA}D:\steamlibrary\steamapps\common\war thunder\aces.exe] => (Allow) D:\steamlibrary\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{A9EDFFD4-699B-4972-944A-14F7800CB25F}D:\steamlibrary\steamapps\common\war thunder\aces.exe] => (Allow) D:\steamlibrary\steamapps\common\war thunder\aces.exe
FirewallRules: [{DDF24900-8DE1-47FD-93DB-9DBDCB7B0234}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{2981D614-EDFD-4013-A0B2-3DCE4AB06A11}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{35CE99DB-75E3-449A-AE5C-4AA9C7DF26B1}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{CCEB11FD-1EF1-406E-9F30-1752E81457B3}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{D0E4B851-EFFD-4FF0-84FB-26EBCE50A830}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{16818B79-8396-4ADD-9A69-B2BD39D6BEE9}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{0174A8F9-DAE9-4734-91FE-0320EE3361E7}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{5404F8EE-15DD-49A0-B036-7884D316AECE}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{85451DDE-D29F-472C-9DF8-27857A9203D1}] => (Allow) C:\Users\Graham\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{354700B9-4B11-42AF-8583-0EF5BBFC0269}] => (Allow) C:\Users\Graham\AppData\Roaming\IQIYI Video\GeePlayer\GpUpdate.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: tencent QMUdisk
Description: tencent QMUdisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: QMUdisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/17/2015 01:43:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 06:04:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 06:02:10 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/16/2015 06:02:10 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/16/2015 06:00:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 04:51:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 03:50:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 03:36:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 03:30:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 02:33:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: alleybrowsebho.dll, version: 0.0.0.0, time stamp: 0x5578f478
Exception code: 0xc0000005
Fault offset: 0x00026eb0
Faulting process id: 0x13f4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (07/17/2015 01:42:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util alleybrowse service failed to start due to the following error: 
%%3
 
Error: (07/17/2015 01:42:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzKLService service failed to start due to the following error: 
%%3
 
Error: (07/17/2015 01:41:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The abengine service failed to start due to the following error: 
%%3
 
Error: (07/17/2015 01:41:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Rsd Service service failed to start due to the following error: 
%%3
 
Error: (07/16/2015 08:44:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (07/16/2015 06:03:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util alleybrowse service failed to start due to the following error: 
%%3
 
Error: (07/16/2015 06:03:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzKLService service failed to start due to the following error: 
%%3
 
Error: (07/16/2015 06:03:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The abengine service failed to start due to the following error: 
%%3
 
Error: (07/16/2015 06:03:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Rsd Service service failed to start due to the following error: 
%%3
 
Error: (07/16/2015 06:02:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSDP Discovery service failed to start due to the following error: 
%%1069
 
 
Microsoft Office:
=========================
Error: (07/17/2015 01:43:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 06:04:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 06:02:10 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/16/2015 06:02:10 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/16/2015 06:00:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 04:51:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 03:50:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 03:36:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 03:30:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 02:33:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bballeybrowsebho.dll0.0.0.05578f478c000000500026eb013f401d0bfcbfb3e5e43C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\alleybrowse\alleybrowsebho.dll4a6a03bf-2bbf-11e5-90fb-74de2b00215d
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 51%
Total physical RAM: 4043.86 MB
Available physical RAM: 1974 MB
Total Virtual: 8085.93 MB
Available Virtual: 5714.19 MB
 
==================== Drives ================================
 
Drive c: (WINDOWS) (Fixed) (Total:232.34 GB) (Free:32.4 GB) NTFS
Drive d: (Data) (Fixed) (Total:233.03 GB) (Free:127.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 36578230)
Partition 1: (Active) - (Size=399 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
MBAM:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 16/07/2015
Scan Time: 16:57
Logfile: MBAM scan.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.16.04
Rootkit Database: v2015.07.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Graham
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 452603
Time Elapsed: 50 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Having read through the MBAM scan, it told me there was 500+ threats, though it that log, it tells me otherwise... Not sure what it means..


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:29 PM

Posted 17 July 2015 - 12:24 PM

Hello,

 

 

Please post the previous log from Malwarebytes to see what was deleted.

 

 

Also I suggest you to uninstall µTorrent.


Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Libre Office or GIMP."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software

 

 

 

Registry Editor / Cleaner Warning !!



The following is referring to Advanced SystemCare 7.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

 

So I would recommend to uninstall the following programs from your computer:

 

µTorrent => already mentioned why
Advanced SystemCare 7 => already mentioned why.
AVG Security Toolbar => ineffective and ofthen bundled with 3rd party software.

Better Surf Plus => adware
CPU Miner => if you didn't purposely install it
Driver Booster 2.3 => I don't recommend using such programs. The drivers should be downloaded and installed manually from their manufacturers' websites.
DriverIdentifier 4.0 => the same as above
IObit Apps Toolbar v21.9 -> useless toolbar
IObit Malware Fighter => ineffective and shouldn't be used as a main antivirus program.
Java™ 7 Update 1 => Older versions have vulnerabilities that malware can use to infect your system. Download and install the latest version Java 8 Update 51 from here
Java 7 Update 55 => The same as above
Malware Cleaner => adware
Media Player => adware
Media View => adware
Media View => adware
Media Watch => adware
Surfing Protection => useless toolbar
Wincore MediaBar => adware

 

 

 

Next please download the following file => Attached File  fixlist.txt   12.16KB   5 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for you, for use on that particular machine.

Let me know how are things after the fix above.

 

Regards,

Georgi


cXfZ4wS.png


#5 grahamc2

grahamc2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 17 July 2015 - 12:57 PM

Just before I download the file you have left me, there are some of the items in which you recommended me to uninstall, though I can not find where to uninstall them as they do not appear in my extensions part of chrome, or in the programs list in the control panel.

 

Better Surf

Media Player

Media View

Media View

Media Watch

Wincore Media Bar



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:29 PM

Posted 17 July 2015 - 01:32 PM

No need to worry about them. We will remove them manually if needed at a later stage.

You can proceed with the next steps from my previous post.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 grahamc2

grahamc2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 17 July 2015 - 01:50 PM

So I ran the fix, and here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Graham at 2015-07-17 19:34:13 Run:1
Running from C:\Users\Graham\Desktop
Loaded Profiles: Graham (Available Profiles: Graham & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll File not found
AppInit_DLLs:  C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll File not found
AppInit_DLLs-x32: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll => "C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll" File not found
AppInit_DLLs-x32:  C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll => "C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll" File not found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=94493384_hao_pg
URLSearchHook: HKLM-x32 - BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} -  No File
URLSearchHook: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000 - BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} -  No File
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
SearchScopes: HKU\.DEFAULT -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000 -> Backup.Old.DefaultScope {5A921EA0-EA7F-4F9C-AAB5-0E9A7F813136}
SearchScopes: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&appid=21&systemid=2&sr=0&q={searchTerms}
BHO-x32: BrotherSoft Extreme Toolbar -> {51a86bb3-6602-4c85-92a5-130ee4864f13} ->  No File
Toolbar: HKLM-x32 - BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000 -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Toolbar: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta763\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha188\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4141\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8356\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home2688\ff [not found]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Graham\AppData\Local\Temp\ccex.crx [Not Found]
S3 Program Manager; C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe [945816 2015-07-15] (Spigot, Inc.)
C:\Program Files (x86)\Common Files\ProgramManager
S2 abengine; No ImagePath
S2 Util alleybrowse; No ImagePath
2015-07-16 16:55 - 2015-07-16 17:58 - 00000000 ____D C:\Program Files (x86)\Application Updater
2015-07-16 16:55 - 2015-07-16 17:50 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2015-07-16 13:37 - 2015-07-16 13:37 - 00000000 _____ C:\Windows\prleth.sys
2015-07-16 13:37 - 2015-07-16 13:37 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-16 17:50 - 2011-12-28 18:19 - 00000000 ____D C:\Program Files (x86)\Conduit
2015-07-16 16:55 - 2015-05-29 17:40 - 00003908 _____ C:\Windows\System32\Tasks\Program Manager
2011-11-26 12:52 - 2011-11-26 12:52 - 0000096 _____ () C:\Users\Graham\AppData\Roaming\75941e26.dat
Task: {2D240487-2726-4F73-957E-C7EE7148D61E} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {9334E93F-0033-43AB-A60E-CCFB6A843430} - System32\Tasks\tet3008 => C:\PROGRA~2\FASTSE~1\tet3008.exe
Task: {D5EB5F0B-A0DB-4883-9688-B94202309685} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {E9902A6A-6908-46DD-B5DC-B2FD65916564} - System32\Tasks\Escolade => C:\Users\Graham\AppData\Roaming\iPumper\Updater.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
FirewallRules: [{936EEA89-AF51-4393-8D82-7849003A126F}] => (Allow) C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{868DFB41-0A10-4426-B41A-EADAA791379B}] => (Allow) C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{D678EF3C-A22A-45E8-8537-9AF7B0B7D762}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{4E2EC7BA-4C15-480C-B094-F3534418AF9C}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{A48B4B30-61F0-4B49-9481-F9578D8F41D0}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{ACEFE5FA-0BEF-4858-96DF-F09495CBA98D}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{4923E365-89B6-4C82-BA85-983964BEFBD9}] => (Allow) C:\Users\Graham\AppData\Roaming\svchost.exe
FirewallRules: [{8D41D9A1-0C2E-4BD9-8DFB-457AE56B7A35}] => (Allow) C:\Users\Graham\AppData\Roaming\svchost.exe
FirewallRules: [{69E27D7B-9F4E-4EF6-AB19-B7DFB8F5F967}] => (Allow) C:\Users\Graham\AppData\Roaming\svchost.exe
FirewallRules: [{F628F4DD-353C-4B07-ABB1-4A675440226E}] => (Allow) C:\Users\Graham\AppData\Roaming\svchost.exe
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
Hosts:
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll" => value data removed successfully.
" C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll" => value data removed successfully.
"C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll" => value data removed successfully.
" C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll" => value data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} => value removed successfully
"HKCR\Wow6432Node\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}" => key removed successfully
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} => key not found. 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} => key not found. 
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully
"HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}" => key removed successfully
HKCR\Wow6432Node\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{51a86bb3-6602-4c85-92a5-130ee4864f13} => value removed successfully
HKCR\Wow6432Node\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{51A86BB3-6602-4C85-92A5-130EE4864F13} => value removed successfully
HKCR\CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{51A86BB3-6602-4C85-92A5-130EE4864F13} => value removed successfully
HKCR\CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13} => key not found. 
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff not found.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta763\ff not found.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha188\ff not found.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4141\ff not found.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8356\ff not found.
C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home2688\ff not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj" => key removed successfully
Program Manager => Service removed successfully
C:\Program Files (x86)\Common Files\ProgramManager => moved successfully.
abengine => Service removed successfully
Util alleybrowse => Service removed successfully
C:\Program Files (x86)\Application Updater => moved successfully.
C:\Program Files (x86)\IObit Apps Toolbar => moved successfully.
C:\Windows\prleth.sys => moved successfully.
C:\Windows\hgfs.sys => moved successfully.
C:\Program Files (x86)\Conduit => moved successfully.
C:\Windows\System32\Tasks\Program Manager => moved successfully.
C:\Users\Graham\AppData\Roaming\75941e26.dat => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D240487-2726-4F73-957E-C7EE7148D61E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D240487-2726-4F73-957E-C7EE7148D61E}" => key removed successfully
C:\Windows\System32\Tasks\LaunchPreSignup => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9334E93F-0033-43AB-A60E-CCFB6A843430}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9334E93F-0033-43AB-A60E-CCFB6A843430}" => key removed successfully
C:\Windows\System32\Tasks\tet3008 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tet3008" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5EB5F0B-A0DB-4883-9688-B94202309685}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5EB5F0B-A0DB-4883-9688-B94202309685}" => key removed successfully
C:\Windows\System32\Tasks\Go for FilesUpdate => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go for FilesUpdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9902A6A-6908-46DD-B5DC-B2FD65916564}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9902A6A-6908-46DD-B5DC-B2FD65916564}" => key removed successfully
C:\Windows\System32\Tasks\Escolade => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Escolade" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\abengine" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{936EEA89-AF51-4393-8D82-7849003A126F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{868DFB41-0A10-4426-B41A-EADAA791379B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D678EF3C-A22A-45E8-8537-9AF7B0B7D762} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E2EC7BA-4C15-480C-B094-F3534418AF9C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A48B4B30-61F0-4B49-9481-F9578D8F41D0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ACEFE5FA-0BEF-4858-96DF-F09495CBA98D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4923E365-89B6-4C82-BA85-983964BEFBD9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D41D9A1-0C2E-4BD9-8DFB-457AE56B7A35} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69E27D7B-9F4E-4EF6-AB19-B7DFB8F5F967} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F628F4DD-353C-4B07-ABB1-4A675440226E} => value removed successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {F2AB9424-7764-4521-908E-46C3F9A92C4F}.
{5B65AF56-BAB4-4C23-99BD-14F7E8BB3CA5} canceled.
{03B5679F-1D6D-42FE-A4DB-D2A5EF60CF38} canceled.
{059ADD0E-4917-47F8-B17A-117F4C29A6C6} canceled.
{CD3CBA00-8057-4C39-AD7F-BAA1726DB03B} canceled.
4 out of 5 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 1.3 GB temporary data Removed.
 
 
The system needed a reboot.. 
 

==== End of Fixlog 19:40:14 ==== 

 

 

After having this done, I found that my browser is still being hijacked by oursurfing. It is no longer in chrome (though I did reset chromes settings to default earlier), but is still in IE.



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:29 PM

Posted 17 July 2015 - 02:15 PM

Hi,

 

 

STEP 1

 

 

Please download the latest version of AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download the latest version of Junkware Removal Tool and save it to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 3

 

 

Run a new scan with FRST (make sure that Addition.txt is checked before you press the SCAN button) and then post both logs in your next reply for my review.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 grahamc2

grahamc2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 17 July 2015 - 02:58 PM

Here are the next set of logs: 

 

# AdwCleaner v4.208 - Logfile created 17/07/2015 at 20:22:40
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Graham - GRAHAM-TOSH
# Running from : C:\Users\Graham\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : QMUdisk
[#] Service Deleted : TS888x64
[#] Service Deleted : TSSKX64
[#] Service Deleted : vToolbarUpdater18.7.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\tencent
Folder Deleted : C:\ProgramData\TXQMPC
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\goforfiles
Folder Deleted : C:\Program Files (x86)\IObit Toolbar
Folder Deleted : C:\Program Files (x86)\tencent
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\tencent
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\abengine
Folder Deleted : C:\Program Files\Common Files\tencent
Folder Deleted : C:\Users\Graham\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Graham\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Graham\AppData\Local\PackageAware
Folder Deleted : C:\Users\Graham\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Graham\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Graham\AppData\LocalLow\wincorebsband
Folder Deleted : C:\Users\Graham\AppData\LocalLow\BrotherSoft_Extreme
Folder Deleted : C:\Users\Graham\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Graham\AppData\Roaming\tencent
Folder Deleted : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPumper
Folder Deleted : C:\Users\Guest\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fopdddcinljmpmioaklghcalngfhbaen
File Deleted : C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkcefkcdkepgkpbgncjchhbjgoanleod
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal
File Deleted : C:\END
File Deleted : C:\Windows\SysWOW64\SafeAppLM.ocx
File Deleted : C:\Windows\SysWOW64\drivers\TS888x64.sys
File Deleted : C:\Windows\System32\cpuminer-conf.json
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Deleted : HKLM\SOFTWARE\CLASSES\METNSD
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Deleted : HKCU\Software\23556fb1360f366337f97c924e76ead3
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AEE88B81-C2FB-4733-A826-88CB0A67FB61}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AEE88B81-C2FB-4733-A826-88CB0A67FB61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52D6AD2D-360B-4CB3-8AF2-9DB2827AD36B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\IObit Apps
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Kromtech
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\IObit Apps
Key Deleted : HKCU\Software\AppDataLow\Software\mediabarbs
Key Deleted : HKCU\Software\AppDataLow\Software\BrotherSoft_Extreme
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\bearsharemediabartb
Key Deleted : HKLM\SOFTWARE\BetterSurf
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Video Player
Key Deleted : HKLM\SOFTWARE\VideoPlayerV3
Key Deleted : HKLM\SOFTWARE\Better-Surf
Key Deleted : HKLM\SOFTWARE\IObit Apps
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\AIM Toolbar
Key Deleted : HKLM\SOFTWARE\W3I
Key Deleted : HKLM\SOFTWARE\searchult
Key Deleted : HKLM\SOFTWARE\BrotherSoft_Extreme
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKU\.DEFAULT\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\oursurfing.com
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={AAF39A61-DC12-4784-A3E7-AAD3AE4615BD}&mid=6a9060ad926f47d0ab9039d3c97c1bc0-0f9b000f974babc8f67d077cfa085f844bbb7ae5&lang=en&ds=st011&pr=sa&d=2012-06-15 11:46:19&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}&search=&qsrc=0&o=312&l=sem
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxps://isearch.avg.com/?cid={AAF39A61-DC12-4784-A3E7-AAD3AE4615BD}&mid=6a9060ad926f47d0ab9039d3c97c1bc0-0f9b000f974babc8f67d077cfa085f844bbb7ae5&lang=en&ds=st011&pr=sa&d=2012-06-15 11:46:19&v=12.2.5.32&sap=hp
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [17633 bytes] - [17/07/2015 20:19:56]
AdwCleaner[S0].txt - [17036 bytes] - [17/07/2015 20:22:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17096  bytes] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Graham on 17/07/2015 at 20:31:19.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster SkipUAC (Graham)
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster SkipUAC (SYSTEM)
Successfully deleted: [Task] C:\Windows\system32\tasks\SmartDefrag3_Startup
Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Administrator
Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Graham
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update alleybrowse
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util alleybrowse
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\SysWOW64\sho2F1D.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho3208.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho3A0B.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho5E0C.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho5ED5.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho7CD3.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho8440.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoA844.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoAEED.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoB0CE.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoB627.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoB97.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoC558.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoC5E0.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoD657.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoF37A.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoF711.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{01DF19C0-F048-44EC-99B2-590062125948}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{0F7E4D4D-F456-425B-A78D-97B8CF1F9E2A}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{109F9861-F1FD-4B9C-9983-98FDA05ADCD2}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{1F23646D-B182-4F3A-89CA-AB814C1A0320}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{1F4CFB7C-CF11-4FE7-A6EF-B164F1761D21}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{22031697-EB41-4182-9115-51A4C47A0E22}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{3F50D090-ADAB-41A3-9A2D-379C3FCF4152}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{423910AE-A1BB-4796-B9BE-0023C2B5F89E}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{4777A329-F57E-48FB-8EFF-FC640B91E6F3}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{495F7A02-046C-4EC1-977F-31958E1DE14C}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{4C7BB4E5-01F4-416F-9C6C-1124B6B4053B}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{510EAE73-5BAC-4577-8943-44480DD576DB}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{5490A9BF-F315-4262-9907-2A6112D8AADC}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{577508AE-9B60-48B0-AF2E-58592748573F}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{6B08F676-034F-4BCA-9CA6-5352BD972237}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{6FCF42D8-2773-4589-A01F-9F680A8D4867}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{73EE6318-1898-4B76-8AFD-B390C55F0D85}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{784F43FF-A295-4C2A-AE4C-59D5588FA29F}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{7A4E54A4-70F6-4409-8448-9246C113A42D}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{7A5FD564-6770-4788-B69F-0B9721CC8B59}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{7B721CE0-0A3E-46A6-AC77-DC7D8CE0D3AD}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{7BF03127-C20C-4AD6-8276-F836AA1278BD}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{7CD9CC48-2A6D-4BE5-A827-6A5CB89CF552}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{7DFA4B13-B802-4BDF-BC54-0658DD101B18}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{86F48522-9F02-4B83-86B8-77E978E8B60B}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{8A0906F4-5BC3-4AC7-B43E-83CC15EC8E9B}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{8C654B4D-49B9-4282-9733-F5497F9161D9}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{9D737168-7032-43DA-9377-4C1B7A34132D}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{A2D7E419-1F53-4C4F-92FC-6FDCB3123A1A}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{A30025B9-7BFA-4E7F-A1A9-18CB3FE6ACF2}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{ADD1A2CE-25F2-491B-A226-942F4E808450}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{B2DC1B9A-96F3-4EAB-930E-D20EE37ED671}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{B749FD7A-D723-4A27-B8DF-6BDAC1B82379}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{BCEED13B-9AF9-46FE-BF45-22EFD8749F3A}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{C00B1D6B-A245-4C5B-84E2-430D55A224A8}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{C04438A8-B60A-46F3-AF93-52310B5593B8}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{C78467A9-055D-4A00-B964-EDEE69F7C887}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{CC3C05D4-492D-4B64-B325-A3F432334266}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{D065C470-A0CA-49FB-85B4-FBF81FE40EC5}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{D8D5348D-9935-4568-B42B-D54B790B065D}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{D99FCA7E-D137-4B78-87C4-E9D5F67496C0}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{DB949B18-34F9-40D9-A013-9407CAEA56DB}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{DDD0EF31-846D-48B7-89CD-583AEEFAE850}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{DE507879-2836-4BC0-860A-A07D362CB546}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{EA8B4D51-C42F-4F9E-AA8B-89C42B209ADF}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{EB0B06C7-5E33-4F62-9905-B06584E6F263}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{ECC6C8D2-8DD8-4E96-9F64-1940459B97AA}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{EDBDC403-641E-42D8-BD4E-C0326ED06BDB}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{F181E28D-6599-4D4A-A837-88F9F4D17FA6}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{F91B1B63-8548-4117-9213-ED02BC11A971}
Successfully deleted: [Empty Folder] C:\Users\Graham\Appdata\Local\{FA9D0EF3-DAF9-4495-9C3D-1DE22FDF46AC}
Successfully deleted: [Folder] C:\Program Files (x86)\IObit\Driver Booster
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\ProgramData\IObit\Driver Booster
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Graham\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Graham\AppData\Roaming\IObit\Driver Booster
Successfully deleted: [Folder] C:\Users\Graham\AppData\Roaming\ppslog
Successfully deleted: [Folder] C:\Users\Graham\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\Users\Public\qiyi
Successfully deleted: [Folder] C:\Users\Graham\AppData\Roaming\3909
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Graham\Appdata\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
 
[C:\Users\Graham\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Graham\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
fopdddcinljmpmioaklghcalngfhbaen
 
[C:\Users\Graham\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Graham\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  bbjciahceamgodcoidkjpchnokgfpphh,
  cjpglkicenollcignonpgiafdgfeehoj,
  fopdddcinljmpmioaklghcalngfhbaen,
  gkcefkcdkepgkpbgncjchhbjgoanleod,
  jplinpmadfkdgipabgcdchbdikologlh,
  mhkaekfpcppmmioggniknbnbdbcigpkk,
  ndibdjnfmopecpmkdieinmbadjfpblof
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/07/2015 at 20:44:34.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Graham (administrator) on GRAHAM-TOSH on 17-07-2015 20:49:15
Running from C:\Users\Graham\Desktop
Loaded Profiles: Graham (Available Profiles: Graham & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
HKLM\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-07] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-07] (Saitek)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-05-31] (Power Software Ltd)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-16] (Valve Corporation)
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\MountPoints2: F - F:\INSTALL.EXE
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\MountPoints2: {edaa2409-14ec-11e5-acca-74de2b00215d} - G:\Startme.exe
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2012-05-08]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-03]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-03]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-12-25]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B514F3E9-674A-4128-9311-388758F82FC2}: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_51\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1887274369-1401611307-3145796470-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin HKU\S-1-5-21-1887274369-1401611307-3145796470-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Graham\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta763\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha188\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4141\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8356\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home2688\ff [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-12-16]
CHR Extension: (Google Drive) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-14]
CHR Extension: (YouTube) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Google Search) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (Ads Removal) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2015-07-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Skype Click to Call) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-08-30]
CHR Extension: (Google Wallet) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Click&Clean App) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-12-16]
CHR Extension: (Gmail) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-01] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18480 2015-05-11] (Intel® Corporation)
S3 BEService; "C:\Program Files (x86)\Common Files\BattlEye\BEService.exe" [X]
S3 Desura Install Service; C:\Program Files (x86)\Common Files\Desura\desura_service.exe [X]
S2 RsMgrSvc; No ImagePath
S2 RzKLService; No ImagePath
S3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-31] (REALiX™)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-06-17] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2014-11-01] (Qualcomm Atheros Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
S3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2010-06-17] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-07-08] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-07-08] (Saitek)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 WinRing0_1_2_0; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-17 20:48 - 2015-07-17 20:48 - 00017329 _____ C:\Users\Graham\Desktop\AdwCleaner[S0].txt
2015-07-17 20:44 - 2015-07-17 20:44 - 00009386 _____ C:\Users\Graham\Desktop\JRT.txt
2015-07-17 20:42 - 2015-07-17 20:42 - 00000000 ____D C:\Users\Graham\AppData\Roaming\3909
2015-07-17 20:28 - 2015-07-17 20:28 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Graham\Downloads\JRT.exe
2015-07-17 20:28 - 2015-07-17 20:28 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Graham\Desktop\JRT.exe
2015-07-17 20:19 - 2015-07-17 20:23 - 00000000 ____D C:\AdwCleaner
2015-07-17 20:18 - 2015-07-17 20:18 - 02248704 _____ C:\Users\Graham\Downloads\AdwCleaner.exe
2015-07-17 20:18 - 2015-07-17 20:18 - 02248704 _____ C:\Users\Graham\Desktop\AdwCleaner.exe
2015-07-17 19:33 - 2015-07-17 19:33 - 00012450 _____ C:\Users\Graham\Downloads\fixlist.txt
2015-07-17 19:00 - 2015-07-17 18:59 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-07-17 18:58 - 2015-07-17 18:58 - 43221600 _____ (Oracle Corporation) C:\Users\Graham\Downloads\jre-8u51-windows-x64.exe
2015-07-17 13:51 - 2015-07-17 13:52 - 00079773 _____ C:\Users\Graham\Desktop\Addition(First scan).txt
2015-07-17 13:49 - 2015-07-17 20:49 - 00019159 _____ C:\Users\Graham\Desktop\FRST.txt
2015-07-17 13:49 - 2015-07-17 13:52 - 00073185 _____ C:\Users\Graham\Desktop\FRST(First Scan).txt
2015-07-17 13:48 - 2015-07-17 20:49 - 00000000 ____D C:\FRST
2015-07-17 13:48 - 2015-07-17 13:48 - 02133504 _____ (Farbar) C:\Users\Graham\Downloads\FRST64.exe
2015-07-17 13:48 - 2015-07-17 13:48 - 02133504 _____ (Farbar) C:\Users\Graham\Desktop\FRST64.exe
2015-07-16 17:50 - 2015-07-16 17:50 - 00001057 _____ C:\Users\Graham\Desktop\MBAM scan.txt
2015-07-16 16:55 - 2015-07-17 20:25 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 16:55 - 2015-07-16 16:56 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-16 16:55 - 2015-07-16 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-16 16:55 - 2015-07-16 16:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-16 16:55 - 2015-07-16 16:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-16 16:55 - 2015-06-18 08:52 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-16 16:55 - 2015-06-18 08:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-16 16:55 - 2015-06-18 08:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-16 16:54 - 2015-07-16 16:55 - 21547816 _____ (Malwarebytes Corporation ) C:\Users\Graham\Downloads\mbam-setup.exe
2015-07-16 16:27 - 2015-07-16 16:27 - 00000000 _____ C:\autoexec.bat
2015-07-16 13:59 - 2015-07-16 14:03 - 00000000 ____D C:\ProgramData\LocalStorage
2015-07-16 13:56 - 2015-07-16 13:56 - 00000000 ____D C:\Users\Graham\.android
2015-07-16 13:52 - 2015-07-16 13:52 - 00003322 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-07-16 13:35 - 2015-07-16 14:33 - 00000000 ____D C:\Users\Graham\AppData\Local\Opera Software
2015-07-16 13:34 - 2015-07-16 14:33 - 00000000 ____D C:\Users\Graham\AppData\Roaming\Opera Software
2015-07-16 13:33 - 2015-07-16 13:33 - 00000000 ____D C:\Users\Graham\Documents\ËѺüÓ°Òô
2015-07-16 13:32 - 2015-07-16 13:32 - 00000000 ____D C:\Users\Graham\AppData\Local\Temp尰
2015-07-16 13:26 - 2015-07-16 15:25 - 00000000 ____D C:\Program Files (x86)\Rising
2015-07-16 13:26 - 2015-07-16 13:27 - 00000000 ____D C:\ProgramData\Rising
2015-07-15 13:51 - 2015-07-15 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-15 13:51 - 2015-07-15 13:51 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-14 20:05 - 2015-07-17 20:24 - 00000728 _____ C:\Windows\setupact.log
2015-07-14 20:05 - 2015-07-17 19:41 - 00279288 _____ C:\Windows\PFRO.log
2015-07-14 20:05 - 2015-07-14 20:05 - 00000000 _____ C:\Windows\setuperr.log
2015-07-14 20:04 - 2015-07-14 20:04 - 00000000 _____ C:\asc_rdflag
2015-07-14 16:21 - 2015-07-14 16:21 - 00000222 _____ C:\Users\Graham\Desktop\War Thunder.url
2015-07-13 19:30 - 2015-07-13 19:30 - 44880750 _____ C:\Users\Graham\Downloads\87336cdecf3604ad01a9cca023b2df6f0fb46165.zip
2015-07-12 16:09 - 2015-07-12 16:09 - 13028864 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 12694808 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 11117808 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 10811392 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 05906536 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 05375448 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-07-12 16:09 - 2015-07-12 16:09 - 00513640 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00444008 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00442880 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00440320 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00432128 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00431104 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00428544 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00410112 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00401512 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00384512 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00330752 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-07-12 16:09 - 2015-07-12 16:09 - 00280680 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00256616 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00187496 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00175104 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00173672 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-07-12 16:09 - 2015-07-12 16:09 - 00116224 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4229.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00101376 _____ C:\Windows\system32\igdde64.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00081408 _____ C:\Windows\SysWOW64\igdde32.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-07-12 16:09 - 2015-07-12 16:09 - 00017082 _____ C:\Windows\system32\iglhxs64.vp
2015-07-12 16:09 - 2015-07-12 16:09 - 00009728 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-07-11 16:20 - 2015-07-11 16:20 - 85735793 _____ C:\Users\Graham\Downloads\Research_and_Development.zip
2015-07-11 16:13 - 2015-07-11 16:16 - 57216921 _____ ( ) C:\Users\Graham\Downloads\RD_17.7.2009_Full_Install.exe
2015-07-06 18:21 - 2015-07-06 18:21 - 00000605 _____ C:\Users\Graham\Desktop\World of Warships.lnk
2015-07-06 18:21 - 2015-07-06 18:21 - 00000000 ____D C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-07-06 18:18 - 2015-07-06 18:18 - 07049832 _____ (Wargaming.net ) C:\Users\Graham\Downloads\WoWS_internet_install_eu.exe
2015-07-06 15:09 - 2015-07-06 15:09 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-06 15:08 - 2015-07-06 15:08 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-07-06 15:07 - 2015-07-06 15:07 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-06 15:07 - 2015-07-06 15:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-06 15:07 - 2015-07-06 15:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-06 15:07 - 2015-07-06 15:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-06 15:07 - 2015-07-06 15:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-06 15:07 - 2015-07-06 15:07 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-06 15:07 - 2015-07-06 15:07 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-07-06 15:06 - 2015-07-06 15:06 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-06 15:06 - 2015-07-06 15:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-06 15:04 - 2015-07-06 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-06 15:04 - 2015-07-06 15:04 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-07-06 15:04 - 2015-07-06 15:04 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-07-06 15:03 - 2015-07-06 15:03 - 00419936 _____ C:\Windows\system32\locale.nls
2015-07-06 15:03 - 2015-07-06 15:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-07-06 15:03 - 2015-07-06 15:03 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-07-06 14:19 - 2015-07-06 14:19 - 00002669 _____ C:\Users\Public\Desktop\Intel® Extreme Tuning Utility.lnk
2015-07-06 14:19 - 2015-07-06 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Extreme Tuning Utility
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____D C:\uninstall
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-07-06 14:18 - 2015-07-06 14:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2015-07-06 14:17 - 2015-07-06 14:17 - 00000000 ____D C:\Users\Graham\Intel
2015-07-06 14:17 - 2015-07-06 14:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-06 14:12 - 2015-07-06 14:12 - 51455984 _____ (Intel Corporation) C:\Users\Graham\Downloads\XTU-Setup-exe.exe
2015-07-01 16:37 - 2015-07-15 13:51 - 00000893 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-07-01 11:59 - 2015-07-17 20:33 - 00000000 ____D C:\Users\Graham\AppData\Local\LogMeIn Hamachi
2015-07-01 11:54 - 2015-07-01 11:55 - 08552448 _____ C:\Users\Graham\Downloads\hamachi.msi
2015-06-30 15:55 - 2015-06-30 15:55 - 00000220 _____ C:\Users\Graham\Desktop\The Ship.url
2015-06-27 14:08 - 2015-06-27 14:08 - 08438949 _____ C:\Users\Graham\Downloads\QuickyBaby Modpack 9.8.1 (V3).zip
2015-06-20 20:52 - 2015-06-20 20:52 - 00000000 ____D C:\Users\Graham\AppData\Local\Introversion
2015-06-20 20:51 - 2015-06-20 20:52 - 00000000 ____D C:\Users\Graham\Downloads\prisonarchitect-alpha28-pc
2015-06-17 13:42 - 2015-06-17 13:42 - 00000000 ____D C:\ProgramData\Sony
2015-06-17 13:42 - 2015-06-17 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-17 20:42 - 2013-03-29 17:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-17 20:40 - 2009-07-14 05:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 20:40 - 2009-07-14 05:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 20:34 - 2011-12-28 19:45 - 00000000 ____D C:\Users\Graham\AppData\Roaming\IObit
2015-07-17 20:34 - 2011-12-28 19:43 - 00000000 ____D C:\ProgramData\IObit
2015-07-17 20:34 - 2011-12-28 19:43 - 00000000 ____D C:\Program Files (x86)\IObit
2015-07-17 20:25 - 2011-08-03 11:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-17 20:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-17 20:23 - 2011-12-25 06:33 - 00000998 _____ C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-17 20:23 - 2011-08-03 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-17 20:13 - 2011-12-25 15:06 - 00000000 ____D C:\Users\Graham\AppData\Roaming\Skype
2015-07-17 20:08 - 2012-06-04 18:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-17 20:04 - 2011-08-03 11:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-17 19:53 - 2012-11-26 19:25 - 00000000 ____D C:\Users\Graham\Desktop\Unused
2015-07-17 19:43 - 2014-01-10 17:04 - 00187392 ___SH C:\Users\Graham\Desktop\Thumbs.db
2015-07-17 19:34 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-17 19:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-17 19:01 - 2011-12-26 10:41 - 00000000 ____D C:\Program Files\Java
2015-07-17 18:59 - 2014-02-02 15:38 - 00000000 ____D C:\ProgramData\Oracle
2015-07-16 17:50 - 2012-10-28 16:17 - 00000000 ____D C:\Users\Graham\AppData\Roaming\GameCenter
2015-07-16 16:23 - 2011-08-03 11:00 - 00002235 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-16 15:56 - 2009-07-14 06:13 - 00783360 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 15:26 - 2009-07-14 05:45 - 04974800 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 14:36 - 2009-07-14 03:34 - 00000537 _____ C:\Windows\win.ini
2015-07-16 14:23 - 2011-12-25 06:33 - 00102976 _____ C:\Users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-16 13:59 - 2011-08-03 11:00 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 13:59 - 2011-08-03 11:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 13:56 - 2011-12-25 06:31 - 00000000 ____D C:\Users\Graham
2015-07-16 13:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-07-16 13:45 - 2011-09-08 07:45 - 01790593 _____ C:\Windows\WindowsUpdate.log
2015-07-16 13:36 - 2014-05-26 16:23 - 00000000 __SHD C:\Users\Graham\AppData\Local\EmieUserList
2015-07-16 13:36 - 2014-05-26 16:23 - 00000000 __SHD C:\Users\Graham\AppData\Local\EmieSiteList
2015-07-16 13:30 - 2012-03-09 20:19 - 00000000 ____D C:\Users\Graham\AppData\Local\Unity
2015-07-16 13:09 - 2012-06-04 18:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 13:09 - 2012-06-04 18:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 13:09 - 2012-06-04 18:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 20:04 - 2014-03-04 08:56 - 83279872 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-07-14 20:04 - 2014-03-04 08:56 - 00466944 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-07-14 20:04 - 2014-03-04 08:56 - 00057344 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2015-07-14 20:04 - 2014-03-04 08:56 - 00024576 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-07-14 16:19 - 2012-06-06 13:06 - 00000000 ____D C:\Users\Graham\AppData\Roaming\SoftGrid Client
2015-07-14 16:17 - 2011-08-03 10:41 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-14 11:44 - 2012-02-06 18:49 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-12 16:09 - 2015-05-31 14:22 - 11245520 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-07-12 16:09 - 2013-03-08 19:09 - 00031984 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-07-12 16:09 - 2012-10-23 22:45 - 09007616 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-07-12 16:09 - 2012-10-23 22:45 - 00064000 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-07-12 16:09 - 2012-10-23 22:44 - 00110592 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-07-12 16:09 - 2011-04-04 18:54 - 12937864 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-07-11 20:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-07-06 22:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2015-07-06 22:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-07-06 22:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-06 18:19 - 2012-10-31 13:32 - 00000000 ____D C:\Games
2015-07-06 14:25 - 2012-12-24 12:48 - 00000000 ____D C:\ProgramData\Intel
2015-07-06 14:18 - 2011-08-03 11:07 - 00000000 ____D C:\Program Files (x86)\Intel
2015-07-06 14:18 - 2011-08-03 10:57 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-27 17:00 - 2014-02-03 17:58 - 00000000 ____D C:\Users\Graham\AppData\Local\Warframe
2015-06-26 16:52 - 2011-08-03 10:45 - 00000000 ____D C:\ProgramData\Skype
2015-06-23 13:30 - 2010-11-21 04:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-17 16:07 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-17 13:42 - 2011-08-03 10:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-17 12:24 - 2015-04-30 20:51 - 00000000 ____D C:\Users\Graham\AppData\Roaming\TS3Client
 
==================== Files in the root of some directories =======
 
2012-02-26 13:41 - 2012-02-26 13:41 - 0000235 _____ () C:\Users\Graham\AppData\Roaming\fixpermissions.bat
2012-01-03 20:02 - 2015-05-10 17:12 - 0007597 _____ () C:\Users\Graham\AppData\Local\Resmon.ResmonCfg
2013-04-22 20:32 - 2013-02-21 20:32 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
C:\Users\Graham\AppData\Local\Temp\Quarantine.exe
C:\Users\Graham\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-15 14:32
 
==================== End of log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Graham at 2015-07-17 20:50:15
Running from C:\Users\Graham\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1887274369-1401611307-3145796470-500 - Administrator - Disabled)
Graham (S-1-5-21-1887274369-1401611307-3145796470-1000 - Administrator - Enabled) => C:\Users\Graham
Guest (S-1-5-21-1887274369-1401611307-3145796470-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1887274369-1401611307-3145796470-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Amnesia - The Dark Descent Demo (HKLM-x32\...\{576CA494-F771-4B10-9AF0-8ED4A7AFB0CC}_is1) (Version: 1.0.1 - Frictional Games)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version:  - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Better Surf Plus (HKLM-x32\...\Better Surf Plus) (Version: 1.1 - Better Surf) <==== ATTENTION
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disney Toontown Online (HKLM-x32\...\Disney Toontown Online) (Version:  - Walt Disney Internet Group)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Estranged: Act I (HKLM-x32\...\Steam App 261820) (Version:  - Alan Edwardes)
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Game Cam 2.6.1.0 (HKLM-x32\...\Game Cam) (Version: 2.6.1.0 - Game Cam Portal, Inc.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version:  - Filip Victor)
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version:  - )
Half-Life Source (HKLM-x32\...\Half-Life Source) (Version:  - )
Half-Life Uplink (HKLM-x32\...\Half-Life Uplink) (Version:  - )
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Hydra VSTi/DXi v1.2 (HKLM-x32\...\SynapseHydra_is1) (Version: 1.2 - Synapse Audio Software)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel Extreme Tuning Utility (HKLM-x32\...\{c39ccdf6-4cad-48b9-87d8-00131589afca}) (Version: 5.2.0.14 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 5.2.0.14 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
IObit Apps Toolbar v21.9 (HKLM-x32\...\{B4827A4D-3E2A-4B1C-82B0-FAD23A22B506}) (Version: 21.9 - Spigot, Inc.) <==== ATTENTION
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.27 - IObit)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lambda Wars Beta (HKLM-x32\...\Steam App 270370) (Version:  - Vortal Storm)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McPixel version 1.0.4 (HKLM-x32\...\McPixel_is1) (Version: 1.0.4 - Sos)
MechWarrior Vengeance (HKLM-x32\...\MechWarrior Vengeance) (Version:  - )
Media Player (HKLM-x32\...\MediaPlayerV1alpha188) (Version: 1.1 - Media Player) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha4141) (Version: 1.1 - Media View) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha8356) (Version: 1.1 - Media View) <==== ATTENTION
Media Watch (HKLM-x32\...\MediaWatchV1home2688) (Version: 1.1 - Media Watch) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MTX (HKLM-x32\...\{6583D00E-0924-4950-8BE9-5D09FE70B333}) (Version: 1.0.0 - mektek.net)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.2 - Power Software Ltd)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Smart Technology Programming Software 7.0.1.12 (HKLM\...\{C745CDDF-A4EA-4448-87ED-D17F83B0EE39}) (Version: 7.0.1.12 - Mad Catz)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Synergy (HKLM-x32\...\Steam App 17520) (Version:  - Synergy Team)
System Requirements Lab CYRI (HKLM-x32\...\{E77DA909-3532-4C95-AFEB-06310E88462A}) (Version: 6.0.3.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Ship (HKLM-x32\...\Steam App 2400) (Version:  - Outerlight Ltd.)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.0.2.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Unity Web Player (HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Universe Sandbox (HKLM-x32\...\Universe Sandbox) (Version:  - )
User's Guide EPSON SX130 Series (HKLM-x32\...\EPSON SX130 Series Useg) (Version:  - )
Walking Dead (HKLM-x32\...\Walking Dead_is1) (Version:  - Martin)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.10 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.5 - win.rar GmbH)
Wondershare Video Editor(Build 3.0.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
WorldPainter 0.7.3 (HKLM\...\4144-4862-0472-7103) (Version: 0.7.3 - pepsoft.org)
WWI Source Beta 1.0 (HKLM-x32\...\WWI Source) (Version: Beta 1.0 - WWI Source Devs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
16-07-2015 13:38:12 16/07/2015
16-07-2015 13:41:11 Restore Operation
17-07-2015 19:34:19 Restore Point Created by FRST
17-07-2015 20:31:24 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-07-17 19:35 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07FB8BCC-4121-47BA-B244-4A7CC8D3EE8B} - System32\Tasks\{2DA54569-A98A-4C87-94F6-EBF1BB25D04E} => C:\Games\Piranha Games\MechWarrior Online\Bin32\MechWarriorOnline.exe
Task: {0D9090E1-C372-428C-BF37-2BB3D753B033} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {171D5E9D-BEEE-4EC1-857E-C36D464BCF6B} - System32\Tasks\{353EC7C1-DDB8-4829-A531-D2284CA3B184} => pcalua.exe -a "C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe" -d "c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead" -c -nosplash -world=empty -mod=@dayz
Task: {45AD5AC6-1429-4C2E-8265-1C8C4420D407} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {519CB08F-2FA2-4890-92FF-4AF93572903A} - System32\Tasks\SmartDefrag_Schedule => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {5C84BA0A-29DF-4D73-9CEE-62A976B414EF} - System32\Tasks\{2A9C88EE-3DB3-48DC-AEFE-BB55AE17DB22} => pcalua.exe -a C:\Users\Graham\Desktop\install_AT2_version_11_FULL.exe -d C:\Users\Graham\Desktop
Task: {6D1F6CF0-F2AB-4D41-AD39-7C8540004AE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {6D715F29-2282-43FA-8A69-19F6B029419E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {70492B50-ED5C-4903-8587-0CE1A4007F54} - System32\Tasks\{B967A8A5-EA65-4FD0-9127-C4FDE95AB554} => pcalua.exe -a "C:\Program Files (x86)\Registry Helper\uninst.exe"
Task: {731EDB3F-C064-47D5-9162-F7879C0105BE} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-03-11] (Intel Corporation)
Task: {9856FF38-152F-48D5-A864-71C811709173} - System32\Tasks\{90587CBD-8EFF-4D4B-A608-E32D813571B7} => pcalua.exe -a "C:\program files (x86)\steam\steamapps\common\left 4 dead 2\bin\addoninstaller.exe" -d "c:\program files (x86)\steam\steamapps\common\left 4 dead 2" -c /register
Task: {9AD92617-F8A6-4FD2-A2DE-9D9DDAB2D8A5} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\PROGRAM FILES (X86)\RISING\RAV\rsdelaylauncher.exe
Task: {A567BE0F-19BE-4F18-876D-F8181BD02275} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A5AFD17C-1733-4E10-8CD6-CE32A6C61F21} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {AB2D16AE-3214-42B8-BF36-736415EA658B} - \Program Manager No Task File <==== ATTENTION
Task: {AFDB45C9-982F-4322-9A4B-7E0010668205} - System32\Tasks\{50F5593E-97ED-4D99-9736-DD7032219BAF} => pcalua.exe -a "C:\Users\Graham\Downloads\dxwebsetup (1).exe" -d C:\Users\Graham\Downloads
Task: {CFFC8A4A-A766-4561-8176-F9BB2CC38642} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {D78C5370-B931-4C76-A423-40F5961DE075} - System32\Tasks\{FAFB831D-01FC-4356-82CE-8B5483FA5D4F} => pcalua.exe -a C:\Users\Graham\Downloads\258.96_desktop_win7_winvista_64bit_english_whql.exe -d C:\Users\Graham\Downloads
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-29 20:19 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2014-04-29 20:19 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2011-12-31 19:29 - 2011-12-15 13:38 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-11-18 16:18 - 2010-11-18 16:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-25 15:23 - 2015-07-03 17:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-03 20:18 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-12-03 20:18 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2014-12-03 20:18 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-04 15:28 - 2015-07-16 01:53 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-25 17:24 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-25 17:24 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-25 17:24 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-25 17:24 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-25 17:24 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-03-25 22:54 - 2015-07-16 01:53 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-07 13:52 - 2015-07-07 21:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2013-03-26 17:16 - 2015-07-03 17:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-07-14 21:53 - 2015-07-13 22:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 21:53 - 2015-07-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4791 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1887274369-1401611307-3145796470-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Facebook Update => "c:\users\graham\appdata\local\facebook\update\facebookupdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe
MSCONFIG\startupreg: NBAgent => "c:\program files (x86)\nero\nero 10\nero backitup\nbagent.exe" /winstart
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
MSCONFIG\startupreg: Teco => "%programfiles%\toshiba\teco\teco.exe" /r
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DD76B88C-933A-4D1D-B2FE-6AC465B3BBCC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F8AAFFDD-CB9D-4576-829B-0F805B7E20BD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A467D23B-AA56-454A-969E-C35E4955B64C}] => (Allow) LPort=2869
FirewallRules: [{DB485AE4-96E8-4217-9156-DED45AFBE9B8}] => (Allow) LPort=1900
FirewallRules: [{5463F49F-7DE1-4B59-ADB9-2E471D291519}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AC98DE6D-FEB7-4934-8B01-5369EFD90205}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9A73F317-722A-4BD7-BEC9-C1911D074BAA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{272749CB-5738-4B6D-B1CE-87CE3C3521B0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6477D4F4-5278-4854-96FA-0E959DA8D4AF}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{1CF5204D-8CDD-48BF-B091-C71055F32893}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4777F8E9-4F0A-4602-8D18-F42614B3F073}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3EAC3485-0504-4305-A90D-08465E3FC065}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FED7496C-5A56-4946-91B3-4BFC9278B2BF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3E6C59D2-FC16-45B0-A20F-24F52733C49D}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{A8F2FBEB-D9F6-4A6A-802A-44393A982834}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3C6E3675-4740-43C1-BEB7-690FF5D6E75C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{D0B054A4-049B-4176-BF1D-8212705F5BA6}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{6D5F9056-B97A-4471-B9F5-FB624DF4AC54}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{177E67A9-7D1E-4703-93DA-31719CF3E533}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{053A5339-9FB4-46BB-A6A3-3F599966F557}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{509D51C1-F5E2-4244-8EB3-7816FD97E4E0}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [TCP Query User{6B60B5B0-1FC7-4B61-A5C6-DADD29A7F16A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{FC9E6593-F13D-4830-BFE4-36FA7E922423}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{007462C4-5728-40EF-8412-CA0A2465CBB5}C:\program files (x86)\steam\steamapps\philcam630\synergy\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\synergy\hl2.exe
FirewallRules: [UDP Query User{511BC8B8-5805-480E-836D-4C697D518635}C:\program files (x86)\steam\steamapps\philcam630\synergy\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\synergy\hl2.exe
FirewallRules: [{ED2DB1F5-2D28-439A-A1E6-DE0EF4F8F93D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\philcam630\synergy\hl2.exe
FirewallRules: [{7381F228-4B68-439D-9272-5B4C54EB5BC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\philcam630\synergy\hl2.exe
FirewallRules: [TCP Query User{2A33351D-3CAA-462B-8EAA-85F58487CCA6}C:\program files (x86)\steam\steamapps\philcam630\half-life 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life 2\hl2.exe
FirewallRules: [UDP Query User{83179AF0-6CB4-4110-BF19-3A919183DC8A}C:\program files (x86)\steam\steamapps\philcam630\half-life 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life 2\hl2.exe
FirewallRules: [{FFE7A20E-ECB3-46D7-9AEB-5C3BDED338A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\counter-strike source\hl2.exe
FirewallRules: [{BBD1D878-E7BC-4FC9-AF02-C5027E40F3D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\counter-strike source\hl2.exe
FirewallRules: [{5B903541-FFE3-45C7-85A0-854C93A9583C}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{758BD9D9-6045-40FB-A1A5-51E2EBA9CE9C}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{2ECC8C52-B006-4ED1-BA79-81D66822095A}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{BD541702-89C5-4DD4-9BC5-20AC328817C7}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [TCP Query User{23DE3B95-0EFF-47CD-85DC-15EF3C6B8C63}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [UDP Query User{942AB918-23AF-44BC-A115-A5D12C275D52}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [TCP Query User{718648B7-D631-4026-90E7-A4AA1A39E6EA}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{0B11BE03-8146-4920-AD31-96A823095238}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{49207669-9F1E-4916-B417-9C518B09EB7D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{B571EB61-A406-4C6D-AE86-AA39FE954F6C}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{6CBB54F5-2DEC-4A50-A302-79C642D73F82}C:\program files (x86)\steam\steamapps\philcam630\half-life 2 deathmatch\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life 2 deathmatch\hl2.exe
FirewallRules: [UDP Query User{8671C75F-08BD-4015-A74B-88A8D731DB50}C:\program files (x86)\steam\steamapps\philcam630\half-life 2 deathmatch\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life 2 deathmatch\hl2.exe
FirewallRules: [TCP Query User{7EF89254-7FFE-446C-BFC3-CF92E534E773}C:\program files (x86)\1clickdownload\1clickdownloader.exe] => (Allow) C:\program files (x86)\1clickdownload\1clickdownloader.exe
FirewallRules: [UDP Query User{75A2CE94-6FB2-4511-933C-15CF9CEFC4B1}C:\program files (x86)\1clickdownload\1clickdownloader.exe] => (Allow) C:\program files (x86)\1clickdownload\1clickdownloader.exe
FirewallRules: [TCP Query User{F03BCF0F-06C3-43A9-BB22-4F85F470B2C9}C:\program files (x86)\steam\steamapps\philcam630\half-life blue shift\hl.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life blue shift\hl.exe
FirewallRules: [UDP Query User{3C8F71DA-E057-4D3C-BD00-611D64C368CF}C:\program files (x86)\steam\steamapps\philcam630\half-life blue shift\hl.exe] => (Allow) C:\program files (x86)\steam\steamapps\philcam630\half-life blue shift\hl.exe
FirewallRules: [{4CF12864-5125-4260-A077-D6AC45AA25CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\philcam630\source sdk base 2007\hl2.exe
FirewallRules: [{2C10A579-3BD9-4DB2-925D-E3CFC224D186}] => (Allow) C:\Program Files (x86)\Steam\steamapps\philcam630\source sdk base 2007\hl2.exe
FirewallRules: [TCP Query User{671D1171-B962-416A-8B13-A64D1E6F468C}C:\program files (x86)\microsoft games\mechwarrior vengeance\mw4.icd] => (Allow) C:\program files (x86)\microsoft games\mechwarrior vengeance\mw4.icd
FirewallRules: [UDP Query User{0657E699-CE37-4A0E-8C27-A90405ACF2EF}C:\program files (x86)\microsoft games\mechwarrior vengeance\mw4.icd] => (Allow) C:\program files (x86)\microsoft games\mechwarrior vengeance\mw4.icd
FirewallRules: [TCP Query User{618A5086-58C5-4615-ACB9-BF31BB6E7E92}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{C55989C6-F3F8-4515-9207-8EA9E3B06705}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{32A644E9-E0AC-44B2-BFF4-1E4900E4279E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{09467E5A-8F63-4FCD-8A72-2A0A1FEAE28E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{19A061A6-259E-442C-90BA-BCFAB51E213A}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe] => (Allow) C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe
FirewallRules: [UDP Query User{BAA4F5A6-9677-40FA-957A-09F196C888A7}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe] => (Allow) C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe
FirewallRules: [TCP Query User{D8F2602E-762F-4313-B3D2-C5386B6BB21A}C:\users\graham\documents\arma 2\expansion\beta\arma2oa.exe] => (Allow) C:\users\graham\documents\arma 2\expansion\beta\arma2oa.exe
FirewallRules: [UDP Query User{A2B2BCDF-9492-415E-8DDF-BCDC13D33F43}C:\users\graham\documents\arma 2\expansion\beta\arma2oa.exe] => (Allow) C:\users\graham\documents\arma 2\expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{4F42982A-D2A9-418D-B07D-56275BA1EB1C}C:\program files (x86)\steam\steamapps\grahamc22\garry's mod beta\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\garry's mod beta\hl2.exe
FirewallRules: [UDP Query User{142E41FE-3DC1-46E0-B1B6-DD72CD9E185F}C:\program files (x86)\steam\steamapps\grahamc22\garry's mod beta\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\garry's mod beta\hl2.exe
FirewallRules: [TCP Query User{50D1601B-ED26-4E17-B3C8-EC55832EEC96}C:\program files (x86)\steam\steamapps\grahamc22\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{57C85D41-4FA6-4581-92ED-F51D9B4844BA}C:\program files (x86)\steam\steamapps\grahamc22\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\team fortress 2\hl2.exe
FirewallRules: [{137A7303-7E1C-4CB5-97E3-90C59BCC8BDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{91CF1152-BCE8-47DF-B79C-0A70DF76766E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{6C97F48B-2871-41CE-9C11-F9F1ECE1AFAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2\arma2.exe
FirewallRules: [{F66392E4-1C97-45A7-83DB-6205DA81662E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2\arma2.exe
FirewallRules: [{7A13903D-4C53-47E4-9404-8A29BE1A7BD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{038490FB-75F5-4132-A9F4-2C835267178B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{C82A1C35-BD4E-441B-BDA9-C306A49174B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{2D603CAC-961B-46A9-B261-1D6FD7CF90C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{BCCB500D-1308-48F7-8B5E-D0743922E231}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
FirewallRules: [{4012665D-99D1-4CAE-8BD0-55BB77B82B27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
FirewallRules: [TCP Query User{756CC918-B705-46C2-93CA-02E596A7D9C6}C:\program files (x86)\mektek.net\mtx\mtx.exe] => (Allow) C:\program files (x86)\mektek.net\mtx\mtx.exe
FirewallRules: [UDP Query User{9C8888CC-0103-4B90-8325-9A4E8F4DBC40}C:\program files (x86)\mektek.net\mtx\mtx.exe] => (Allow) C:\program files (x86)\mektek.net\mtx\mtx.exe
FirewallRules: [TCP Query User{162EE2E4-7507-4250-919B-6EF4AF4FB89E}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe] => (Allow) C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe
FirewallRules: [UDP Query User{CFBD1A3C-444E-4309-8AF2-9F2FEC897ABE}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe] => (Allow) C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe
FirewallRules: [TCP Query User{A4F5E8B5-7997-4712-97ED-D1E9DB382393}C:\program files (x86)\steam\steamapps\grahamc22\source sdk base 2007\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\source sdk base 2007\hl2.exe
FirewallRules: [UDP Query User{4098D436-BC66-421C-A246-0007B33DD2F3}C:\program files (x86)\steam\steamapps\grahamc22\source sdk base 2007\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\source sdk base 2007\hl2.exe
FirewallRules: [TCP Query User{80FF0073-75E1-4A70-B4CA-B5C8148AA9D2}C:\program files (x86)\s.w.a.t. 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\s.w.a.t. 4\content\system\swat4.exe
FirewallRules: [UDP Query User{C132141C-279E-44BD-850F-ECF6F1368187}C:\program files (x86)\s.w.a.t. 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\s.w.a.t. 4\content\system\swat4.exe
FirewallRules: [TCP Query User{3239D1D5-74C9-4B23-9521-54BD657178F3}C:\program files (x86)\steam\steamapps\grahamc22\half-life 2 deathmatch\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\grahamc22\half-life 2 deathmatch\hl2.exe
FirewallRules: [UDP Query User{5A0AB6E3-2ED0-47C4-88A7-8C01C74D3B11}C:\program files (x86)\steam\steamapps\grahamc22\half-life 2 deathmatch\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\grahamc22\half-life 2 deathmatch\hl2.exe
FirewallRules: [{E778A41D-2176-4635-B08C-AB501046CBDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\synergy\hl2.exe
FirewallRules: [{D8A1E6BB-FB43-43F8-B170-38D486D4F1BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\synergy\hl2.exe
FirewallRules: [{0AFFF582-415F-4F29-8273-3402FA4175EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\garrysmod\hl2.exe
FirewallRules: [{EEC11254-8D66-42DA-8E78-C3F170AC9AF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\garrysmod\hl2.exe
FirewallRules: [{4418E35D-1F76-4864-AA62-3A8B880E60C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
FirewallRules: [{4FBFB1DA-B659-4471-866C-38D2D88C37D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{25D5D45B-1D8A-4CA1-9BA9-CD0848353B99}C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{5BC684AA-DA05-43A0-BC56-E2D8A4EC749A}C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{20EF13A0-B4D0-4881-B205-467D40FC3B61}] => (Block) %ProgramFiles% (x86)\Bandicamcrack\bdcam.exe
FirewallRules: [{061A863B-1BF4-4A3F-9659-B75ECA4DEB52}] => (Block) %ProgramFiles% (x86)\Bandicamcrack\bdcam.exe
FirewallRules: [{711BC2BB-C96B-4CB4-8328-E399CEB30EB3}] => (Allow) C:\Program Files (x86)\War Thunder\launcher.exe
FirewallRules: [{3DBE9E2E-AB9B-402D-87AD-24C49D946C76}] => (Allow) C:\Program Files (x86)\War Thunder\launcher.exe
FirewallRules: [TCP Query User{BBA708F5-3B6C-49CF-BE62-9B431C9EE01B}C:\program files (x86)\war thunder\aces.exe] => (Allow) C:\program files (x86)\war thunder\aces.exe
FirewallRules: [UDP Query User{62BB2852-DE9B-406F-8F0C-89A615BC655C}C:\program files (x86)\war thunder\aces.exe] => (Allow) C:\program files (x86)\war thunder\aces.exe
FirewallRules: [{D8593FBB-3653-4EDD-88ED-A86220A7AB8B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5984A462-3EAA-4554-ACCF-67BC829A194D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AA0AC1C0-2B7D-45EB-8F66-D559EBFD5DD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\counter-strike source\hl2.exe
FirewallRules: [{BF51A849-9AE7-4DE1-85C5-1A41B4BB2D57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{9AA696EA-DA06-43F7-82BD-7B11E772658B}C:\program files (x86)\steam\steamapps\grahamc22\source sdk base\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\source sdk base\hl2.exe
FirewallRules: [UDP Query User{76A778B8-8A12-4153-BBB7-6315FD8ED081}C:\program files (x86)\steam\steamapps\grahamc22\source sdk base\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\grahamc22\source sdk base\hl2.exe
FirewallRules: [TCP Query User{D271292B-66CE-4802-858C-CB9AC551317A}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{C093623D-0E72-4971-8A3C-62BB36B3437F}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{7144389F-BC99-48A0-A9A7-23A6A8471BA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\source sdk base 2007\hl2.exe
FirewallRules: [{8A594C59-B816-425A-8172-AD1F6205957B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\source sdk base 2007\hl2.exe
FirewallRules: [{1591A23A-ECE9-4131-AA7B-2FC1D0A94515}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{2C27A25D-DA19-484F-B773-042A988655AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\sourcesdk\bin\SDKLauncher.exe
FirewallRules: [{4738DA61-918E-4752-B63F-79E975FD21A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\grahamc22\sourcesdk\bin\SDKLauncher.exe
FirewallRules: [{EF5FB62B-99DA-4A6D-BBE7-8FB691D980F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{FFC5C9AE-5417-4A93-B40A-17403F2F1414}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{5C49437B-7AA2-4067-91C1-6A40006434E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{38B17B65-E5D0-49F9-8E10-72929E064547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{BEE53DED-A2F2-4DAC-91EE-5A62C7A8AB23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{345A0DCE-008D-4C51-A2C5-6262C40C914D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{82A9E6E0-7D65-4D42-9C4E-E6D291FD69D6}] => (Allow) D:\SteamLibrary\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{BF2B2CFC-2968-445E-A913-DD2390C68363}] => (Allow) D:\SteamLibrary\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C035B161-1DAA-4743-8869-19000F002365}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{0EBE208B-9BF7-41C0-8457-BB41D510E25F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F2EBC9FF-14BF-44B4-8D7F-1066FDB32831}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{287A90AA-1830-41A2-B07E-DE6E825BE909}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{537BDABF-3340-411B-96BA-43BFE202CC2E}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{983CBD38-7A35-40E1-9150-D8F3F6A3549E}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B1FFC528-BC3E-4EB0-A743-CFA4B16BB392}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{07778FF8-C04D-416C-A894-C05CCAD52B65}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{18C5E7A4-2456-4929-A55D-D0E8153899FC}] => (Allow) D:\SteamLibrary\SteamApps\common\Estranged Act I\hl2.exe
FirewallRules: [{4F332834-52CB-4833-BC1F-59928E2A0A6B}] => (Allow) D:\SteamLibrary\SteamApps\common\Estranged Act I\hl2.exe
FirewallRules: [{982202C5-7404-4853-A41A-7D7984E50F31}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{AAEEE902-A79B-48CF-BEF6-808D1AFD340D}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{C0564C93-DF00-46DE-A2D4-A20D9C92DC5C}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{F87B7AE3-6A43-44CB-A5B1-0261168819D7}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{EC62568B-85CF-4D31-A483-BAD367ED8B6D}] => (Allow) D:\SteamLibrary\SteamApps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{006C5016-E576-4F80-A4AC-F7E515508074}] => (Allow) D:\SteamLibrary\SteamApps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{FBBCF9D8-3A6D-4A02-80E3-F2A15E732024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe
FirewallRules: [{85D63EE4-010F-4B56-AE32-EF667BE4C799}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe
FirewallRules: [{435CA06E-D191-4FAD-95EC-BBB563B012A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{50A108E4-41A6-49A9-B10E-758564B492B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{A721AD2F-4101-4CAC-8396-50A343C54C8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{36F6AC45-9371-4018-B9CF-B01D606F666B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{3348789D-5CB7-417C-81DD-D48D6364E3DE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FA2CE76C-0B94-4CF7-A523-5BD8A21D376D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{77FF919F-1CAA-469F-97FE-C2C265FC60A9}D:\world_of_tanks\wotlauncher.exe] => (Allow) D:\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{6BD11B07-5C5E-4102-BA96-2DBD05E59AC7}D:\world_of_tanks\wotlauncher.exe] => (Allow) D:\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{80E88E44-B84B-454E-99E7-B0DFF94C95A2}D:\world_of_tanks\worldoftanks.exe] => (Allow) D:\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{0E93EB82-8B4B-4E16-B6DD-BD55E6215A8D}D:\world_of_tanks\worldoftanks.exe] => (Allow) D:\world_of_tanks\worldoftanks.exe
FirewallRules: [{10DBE40C-0D0A-4AE9-85DF-8B596A45834A}] => (Allow) D:\SteamLibrary\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{99E28C78-80EF-42DB-B4B5-BE5ABDE2DB2A}] => (Allow) D:\SteamLibrary\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [TCP Query User{9F984793-33E5-4A47-BEEC-E209C70B6D54}D:\war thunder\launcher.exe] => (Allow) D:\war thunder\launcher.exe
FirewallRules: [UDP Query User{9CFA41D8-0EBE-48FF-8024-AC51668FD43E}D:\war thunder\launcher.exe] => (Allow) D:\war thunder\launcher.exe
FirewallRules: [TCP Query User{6EC8FF90-B7C4-41E9-96F6-AC9B7521FEAE}D:\war thunder\aces.exe] => (Allow) D:\war thunder\aces.exe
FirewallRules: [UDP Query User{E09C223E-804E-4463-8255-EC4247185BB0}D:\war thunder\aces.exe] => (Allow) D:\war thunder\aces.exe
FirewallRules: [{3CD7F736-3139-43AB-BFA9-2088C704B3E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{3FECB2FE-2133-43DA-9BA5-12C1EAF238D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{54B498D2-C6E1-4A84-A06F-1F821E57B929}] => (Allow) D:\SteamLibrary\SteamApps\common\Lambda Wars\lambdawars.exe
FirewallRules: [{43741737-9EBB-4A1B-867A-B393946C37DA}] => (Allow) D:\SteamLibrary\SteamApps\common\Lambda Wars\lambdawars.exe
FirewallRules: [{90D5469B-1211-413D-B60D-AF67573A3497}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{D882E798-8BA9-47A5-B4BA-9E0C45BBF3C4}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{31C44749-6244-490B-8CD3-F18997CF4906}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{E889F8AA-CFE2-4106-9087-5DBD0D73BFC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{AFD2BFE6-6A43-4D70-9D6F-D15F79C731A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{BABD5139-DD02-469E-A957-5820758354DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{D1BAFB6A-619B-4CCE-A0B6-801186C1847F}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{9A14F2DA-476C-4372-9DCB-5E9AFE96D717}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{B727CF9B-CA2F-474C-B7EB-F27CD331D138}] => (Allow) D:\SteamLibrary\SteamApps\common\The Ship\ship.exe
FirewallRules: [{8AA9433C-3255-438B-9FC7-C9C69AF11094}] => (Allow) D:\SteamLibrary\SteamApps\common\The Ship\ship.exe
FirewallRules: [TCP Query User{F6697358-8B2F-4715-AB33-C0E5C18A4ABC}D:\world_of_warships\wowslauncher.exe] => (Allow) D:\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{3529D5E2-D66A-4B55-84E2-72286367A805}D:\world_of_warships\wowslauncher.exe] => (Allow) D:\world_of_warships\wowslauncher.exe
FirewallRules: [{4F8C9E7B-8EFD-4C0D-BF4D-06C3CC47F17D}] => (Allow) D:\SteamLibrary\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{51EC2340-F347-4C49-9C10-89461774D472}] => (Allow) D:\SteamLibrary\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{55081788-ED1C-4DEE-8B61-8FA544FD7B4C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5735C6E1-0D09-43F9-A9F7-D392DC40A9BA}D:\steamlibrary\steamapps\common\war thunder\aces.exe] => (Allow) D:\steamlibrary\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{A9EDFFD4-699B-4972-944A-14F7800CB25F}D:\steamlibrary\steamapps\common\war thunder\aces.exe] => (Allow) D:\steamlibrary\steamapps\common\war thunder\aces.exe
FirewallRules: [{DDF24900-8DE1-47FD-93DB-9DBDCB7B0234}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{2981D614-EDFD-4013-A0B2-3DCE4AB06A11}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{35CE99DB-75E3-449A-AE5C-4AA9C7DF26B1}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{CCEB11FD-1EF1-406E-9F30-1752E81457B3}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{D0E4B851-EFFD-4FF0-84FB-26EBCE50A830}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{16818B79-8396-4ADD-9A69-B2BD39D6BEE9}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{0174A8F9-DAE9-4734-91FE-0320EE3361E7}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{5404F8EE-15DD-49A0-B036-7884D316AECE}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{85451DDE-D29F-472C-9DF8-27857A9203D1}] => (Allow) C:\Users\Graham\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{354700B9-4B11-42AF-8583-0EF5BBFC0269}] => (Allow) C:\Users\Graham\AppData\Roaming\IQIYI Video\GeePlayer\GpUpdate.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/17/2015 08:26:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2015 07:43:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2015 07:34:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ad995991-24a9-4411-b837-76f4563dd5be}
 
Error: (07/17/2015 01:43:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 06:04:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 06:02:10 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/16/2015 06:02:10 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/16/2015 06:00:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 04:51:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 03:50:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/17/2015 08:33:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/17/2015 08:33:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA HDD SSD Alert Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/17/2015 08:33:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Extreme Tuning Utility Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/17/2015 08:33:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/17/2015 08:33:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ConfigFree Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/17/2015 08:33:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ConfigFree WiMAX Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/17/2015 08:33:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/17/2015 08:33:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/17/2015 08:33:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/17/2015 08:33:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (07/17/2015 08:26:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2015 07:43:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2015 07:34:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ad995991-24a9-4411-b837-76f4563dd5be}
 
Error: (07/17/2015 01:43:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 06:04:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 06:02:10 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/16/2015 06:02:10 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/16/2015 06:00:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 04:51:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 03:50:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 45%
Total physical RAM: 4043.86 MB
Available physical RAM: 2203.54 MB
Total Virtual: 8085.93 MB
Available Virtual: 6331.6 MB
 
==================== Drives ================================
 
Drive c: (WINDOWS) (Fixed) (Total:232.34 GB) (Free:37.8 GB) NTFS
Drive d: (Data) (Fixed) (Total:233.03 GB) (Free:133.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 36578230)
Partition 1: (Active) - (Size=399 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:29 PM

Posted 17 July 2015 - 04:32 PM

Hi,
 

 

Ok...Adwcleaner and JRT removed a lot of stuff including a lot of remnants of uninstalled antivirus programs like - Tencent, Baidu, Rising and AVG.

 Please download the following file => Attached File  fixlist.txt   5.53KB   5 downloads and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for this user, for use on that particular machine.

Let me know how are things after the steps so far.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 grahamc2

grahamc2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 18 July 2015 - 07:09 AM

Ok the fix has seemed to clear the browsers of oursurfing, and system speed and startup are much quicker.  Here is the fixlog as a downloadable file as it is too long to paste into a reply (attached file).Attached File  Fixlog.txt   344.13KB   2 downloads



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:29 PM

Posted 18 July 2015 - 12:38 PM

Hi,

 

It's nice to hear that. However we still have what to do.

 

Please download the following file => Attached File  fixlist.txt   1.92KB   3 downloads and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 18 July 2015 - 12:38 PM.

cXfZ4wS.png


#13 grahamc2

grahamc2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 19 July 2015 - 08:34 AM

Here is the next log:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Graham at 2015-07-19 14:33:26 Run:3
Running from C:\Users\Graham\Desktop
Loaded Profiles: Graham (Available Profiles: Graham & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
Folder: C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Better Surf Plus" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrotherSoft Extreme Toolbar" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4827A4D-3E2A-4B1C-82B0-FAD23A22B506}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerV1alpha188" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha4141" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha8356" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaWatchV1home2688" /f
end
*****************
 
 
========================= Folder: C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles ========================
 
folder not found
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Better Surf Plus" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrotherSoft Extreme Toolbar" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4827A4D-3E2A-4B1C-82B0-FAD23A22B506}" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerV1alpha188" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha4141" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha8356" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaWatchV1home2688" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 14:33:27 ====


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:29 PM

Posted 19 July 2015 - 09:59 AM

Hi,

 

 

Ok, let's check for malware leftovers:

 

 

STEP 1

 

 

Please download ZOEK (by Smeenk) and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection. See here on how to do this.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.

52b6de58f1952-Zoek_Startpagina_5.0.0.0.P

  • In the main box please paste in the following script:

 

createsrpoint;
chromelook;
emptyCHRcache;
firefoxlook;
emptyFFcache;
FFdefaults;
emptyIEcache;
iedefaults;
shortcutfix;
oursurfing;a
oursurfing;z

  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive).
  • Post its content into your next reply.

 

 

STEP 2

 

 

icon_zps423a0d9f.jpg Please download ZHPCleaner (by NicolasCoolman) to your desktop.

  • Double click on ZHPCleaner to run the tool. (Vista/Windows 7/8 users right-click and select Run As Administrator).
  • Please click the Ashampoo_Snap_20140819_13h09m50s_001__zp button.
  • Then press the y3pI4LR.png button.
  • During the scan any open instances of the browsers will be closed automatically.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

 

 

 

Regards.

Georgi


cXfZ4wS.png


#15 grahamc2

grahamc2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 19 July 2015 - 10:36 AM

Looks like the PC speeding back up nicely with all this. Here are the two logs:

 

 

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Graham on 19/07/2015 at 16:11:10.13.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Graham\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
19/07/2015 16:14:48 Zoek.exe System Restore Point Created Successfully.
 
==== Folders Found ======================
 
 
==== Files Found ======================
 
 
==== Registry Search Results for "oursurfing" ======================
 
No instances of string "oursurfing" found.
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.134
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17]
 
Magic Actions for YouTube - Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif
Google Drive - Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Chrome Hotword Shared Module - Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
ClickClean App - Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp
Gmail - Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
YouTube - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype for Chromium - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Gmail - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Startpages ======================
 
C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Preferences
ing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"selectedDestinationId\":\"EPSON SX130 Series\",\"isGcpPromoDismissed\":false,\"marginsType\":null,\"isColorEnabled\":null,\"isDuplexEnabled\":null,\"isHeaderFooterEnabled\":null,\"isLandscapeEnabled\":null,\"isCollateEnabled\":null,\"isCssBackgroundEnabled\":null,\"selectedDestinationOrigin\":\"local\",\"customMargins\":null,\"undefined\":{\"version\":\"1.0\",\"printer\":{\"collate\":{\"default\":true},\"color\":{\"option\":[{\"type\":\"STANDARD_COLOR\",\"is_default\":true},{\"type\":\"STANDARD_MONOCHROME\",\"is_default\":false}]},\"copies\":{\"default\":1},\"duplex\":{\"option\":[{\"type\":\"NO_DUPLEX\",\"is_default\":true},{\"type\":\"LONG_EDGE\",\"is_default\":false}]},\"page_orientation\":{\"option\":[{\"type\":\"PORTRAIT\",\"is_default\":true},{\"type\":\"LANDSCAPE\"}]}}},\"selectedDestinationName\":\"EPSON SX130 Series\"}"}},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://game.heroesandgenerals.com:80,*":{"media-stream-camera":1,"media-stream-mic":1},"http://www.itv.com:80,http://www.itv.com:80":{"geolocation":1,"last_used":{"geolocation":1416761713.76115}},"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"default_content_settings":{},"exit_type":"Normal","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13081710927787885","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"First user","password_manager_groups_for_domains":[6,null,null,null,null,null,4],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"enabled":true},"savefile":{"default_directory":"C:\\Users\\Graham\\Desktop"},"search":{"suggest_enabled":true},"selectfile":{"last_directory":"C:\\Users\\Graham\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13039612384319197"},"spdy":{"servers":["chatenabled.mail.google.com:443","i1.ytimg.com:443","i2.ytimg.com:443","lh5.googleusercontent.com:443","ssl.gstatic.com:443","stats.g.doubleclick.net:443","accounts.youtube.com:443","i4.ytimg.com:443","www.youtube.com:443","accounts.google.com:443","mail-attachment.googleusercontent.com:443","plusone.google.com:443","googleads.g.doubleclick.net:443","www-opensocial.googleusercontent.com:443","ssl.google-analytics.com:443","toolbarqueries.google.com:443","clients2.google.com:443","i3.ytimg.com:443","lh4.googleusercontent.com:443","mail.google.com:443","plus.google.com:443","www.google.com:443","apis.google.com:443","www.googleadservices.com:443","accounts.google.ie:443","ajax.googleapis.com:443","fls.doubleclick.net:443","lh3.googleusercontent.com:443","maps.google.com:443"]},"spellcheck":{"dictionary":"en-US","use_spelling_service":true},"sync":{"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3/G8dGFOz0uG212BVtU6PgAAAAACAAAAAAAQZgAAAAEAACAAAAAebBNYenCTXl+AudBMOC8lTpdME63ot9+TaXqlK+ngOAAAAAAOgAAAAAIAACAAAABhg+kK34Huqf3qDi/kwyqJNU3sHsdpDR8YCqnULskLaEAAAAAMH6KMiablvRa90RMQnuUuWLSwe6DjZUSGc7o+eWmitL5d5Nf3VoEAjmqBqenAKhYRpnLpU+wbG3SmRklP3typQAAAADBNlMwLIr/D1ZDZLtNyhH31fOYlpvnqPVR3Jh5ltmxfn5N6yP7u54P/rTy2k8M5Xx9SWple1tazHNvMXPbmRwM=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13055966588018853","has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":false,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3/G8dGFOz0uG212BVtU6PgAAAAACAAAAAAAQZgAAAAEAACAAAADPmGoyZdTyxiPWYSofCNCvskDWJEj7QA9n3c6PhzpC2wAAAAAOgAAAAAIAACAAAABWxpyIaBxhUW039xWUH0FQwzkOqRmmSDOt9VCMbYIWBlAAAAAab4ftigxbm9BbITQS6SK7hc5XNGs8gNvu5BxVatCsQlQfcr2GSedSJBRgbwBe+66rVI5lEyPSBgrbu3ZUWRUAUbWRGxccv85Z9Dz0lJ279UAAAADC3ijIcUlfmPunx0Qiwep8sZ4HqtkAFQnvejcl+wfwTXtAbf07uTfAVMojP0+j03R3Sj1csTVinXvQ1AExzIdZ","last_synced_time":"13081792269983932","managed_users":true,"passwords":true,"preferences":false,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncG0m7YoQKMim+xvRFYIpH+A==","sessions":true,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"synced_notification":{"enabled_sending_services":["Google+"],"first_run":false,"initialized_sending_services":["Google+"]},"tabs":{"use_vertical_tabs":false},"translate_accepted_count":{"de":1,"en":1,"es":1,"fr":1,"ga":1,"nl":2,"ru":0,"und":1},"translate_blocked_languages":["en"],"translate_denied_count":{"de":0,"en":0,"es":0,"fr":0,"ga":0,"nl":0,"ru":4,"und":0},"translate_last_denied_time":1416556596081.995,"translate_too_often_denied":true,"translate_whitelists":{},"webkit":{"webprefs":{}},"zerosuggest":{"cachedresults":""}}
D75E804A9CEEB64790E3132581C4D6CE2509269DD","coobgpohoikkiipiblmjeljniedjpjpf":"8D146130809A6C88D32F15220881CD15677BE5090B0E42FF6E20068C927A1933","dnhpdliibojhegemfjheidglijccjfmc":"BEC0CC222F6B1798FC625921F99FA5D435C302725FC871C736963B7CC692AE3E","eemcgdkfndhakfknompkggombfjjjeno":"CAA20D92A39C28C0D98B486D8C209027285D174F6CACE867BB08624B43224A39","ennkphjdgehloodpbhlhldgbnhmacadg":"9E6A5CBD52008B343160394D4195802A243A8B45DAB52A16F7FDA96E371F4A96","fopdddcinljmpmioaklghcalngfhbaen":"8BC1840F2D0D83FBDF3557BE7AA0EE92564737B3112FF7D7CDBF1AF7A0B54C22","gfdkimpbcpahaombhbimeihdjnejgicl":"A72ECD57C5B8EC8E0D13585A79F48B1FA3BF054C264F70CCABC68AC1E9279776","kmendfapggjehodndflmmgagdbamhnfd":"D3B57ADABDC161B7A7188F50510FA8AA3E9A2A8D5DF20C928D2AA5FE238A76C5","lccekmodgklaepjeofjdjpbminllajkg":"0C90E9B2611ADD0AAF2DA28A313FB50BABD28004948F3C2F4A4AD3AD9134D743","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"51666381FDB910E997AB5B525B9E52C833301FDB4E33825AFB3C06B1F55AE4EE","mfehgcgbbipciphmccgaenjidiccnmng":"C07F19741054ED0B05C628D994BC776894B65E6D5E445F312226C974EA36C02B","mgndgikekgjfcpckkfioiadnlibdjbkf":"9D340FE8DE4A0F5FE933B5DB1E87E163D6790FC3FDCF704096F848E39DD9F9E5","mhjfbmdgcfjbbpaeojofohoefgiehjai":"6AB160F5746B8D6F6A4015C65F6849462C8BE92EB0D05DEFCB3BD672DB4E1256","nbpagnldghgfoolbancepceaanlmhfmd":"B61E32FF4CD507E23CB4790420EF85B4093EBC1F8636130D74E93DCE39CD0AAA","neajdppkdcdipfabeoofebfddakdcjhd":"29E5B78D49B88631130C950C52F08ACE272C92E5D5273130D5461C3E58FBDDBF","nfengeggddojhakldhlpjdlddgkkjkdd":"0072F1F42B46B67DAE94E532ADBEFFB034B2164B5BB061A4DD638B06C5FE0A00","nfengeggddojhakldhlpjdlddgkkjkddabc":"19A97E7D73317867A8DE21A39E0E030C1E8FE2B0DA42829C9680F851F4F08A39","nfengeggddojhakldhlpjdlddgkkjkddabcabc":"7AF4179D24FC9C5284E069BEB36DBB1A5A1E07F16413D94DE9145CB3A035CC96","nfengeggddojhakldhlpjdlddgkkjkddabcabcabc":"428C678C1E1277C09C35441610A52D50AFCA23081EB1742C19A88253248676E7","nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabc":"6FBA10C1B3CF759F487927C6440FE266E7590AF898FFCA24FE450EF7702DCC4D","nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabc":"F35F7099B3803CB43297DD67EFDE42D6E3241DD15F0E7217A9DBB4EF00040367","nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabc":"8D79B3CC81ED706B460BE4FB583EA9ACA2088BFA121CFCF89867CA3527AE949C","nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabc":"283C46E766681F20D1198C487C6762D8276092A65F5C0B4F30BC83D8DCAFA420","nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabc":"850223DD5F7F567A61F194C94500A03CAF6F0A120CA4A2EFBF94F20BE18D7973","nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabc":"FA68A5BE31F83CBC4ED440B7BCA5C0CEE5FC537D1A5E5D82061BF6663B20BA8E","nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabc":"8CB97D1B92452CF11754269607A500A39AE23A0CF7E4805C7C10DE17B71C533F","nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabc":"3F38F8E720D6992C272D027515C48E59FBD6C539324D0287C17289DF544E4E64","nkeimhogjdpnpccoofpliimaahmaaome":"82942223EF9A45EED5B53164FE507E3F944DBF7613E27A156A6B9739190768BC","nmmhkkegccagdldgiimedpiccmgmieda":"5AAE7834F5965821EC30FE550BEB4D21AFF4702DE5BE4AD3E312C6C45195120D","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"8572E48E26F07F2B035C5FA845946924D879335FEE2A5938A8F4B83A7487E9F6","pdabfienifkbhoihedcgeogidfmibmhp":"A6555C3B7CEB5B3276495D2CC569C240F66B20124F588A6E18FD3396AB3EBFFB","pjkljhegncpnkpknbcohdijeoejaedia":"1840EB8A848D3B4CC64A15F52FC1753FB8EC2E69916892732AB9EF85981DA3D5"}},"google":{"services":{"last_username":"AE03BD7A8965EAEB36CB5848EB44B3D49CA282A1C16DC21D1074671071BF4CED","username":"BFEEBB8F9509166E5F36E9A137E9D4D03806ED1B60105682BF624C4F26E18449"}},"homepage":"B6E5551ACF7EBE834977D545713FEA88C0CF6B9BE4FCA6A8E58593C9A2A0D16C","homepage_is_newtabpage":"4315DA115712ED49822E1B03E540A228567813CB23105521D7CDA730C1B72B46","pinned_tabs":"12ABA6EDA78257617DF5271F4084D7FBBB6CB67EB4E2205DB576D6350FB975BC","prefs":{"preference_reset_time":"20980ABADC00D1BFD9EE257533FD89B19E52E72EACF979C284EFE1A63D21B4C0"},"profile":{"reset_prompt_memento":"C5AD747F873585C577ECDD15F4D6E6461C035890BDE4BC864D7821A25E057880"},"safebrowsing":{"incidents_sent":"76A86796E09436F7E71F016D1595058EDB9195A7C6F2D837747BD46679206F99"},"search_provider_overrides":"593C8C83175F66C45325122640596F029AE4B50FEEA6F6FBC9F3C16FBD92F1D5","session":{"restore_on_startup":"E14116DF707666C42756610CBDADAB8BE528239F16BDE043FA1197D6B152C827","startup_urls":"7A57EF65144F2107BE58970943BAE1AF8C04B449E96C7074EEE7888AAB68F191"},"software_reporter":{"prompt_reason":"41C65907CF5A86C7D43C326993B769EE54F80C3A89134F48C4FA7C76E162B349","prompt_seed":"AB103C8F24A7F525A7084B853B2DD40C61C2BE52A2DAF5E13116FCE7FFF2DB0A","prompt_version":"850B74C8E642A038519520B7D8BBB5545DC275EA464004F96AC0E979D0BD4792"},"sync":{"remaining_rollback_tries":"6B001E1C9047BBD403D6E98624F5A9C71A75DA82F38B5EDA0C5472F25EFE7593"}},"super_mac":"A974171527975FA8E1C0770AA557968750837838EE29507731737B53404D670E"},"session":{"restore_on_startup":4,"startup_urls":["https://www.google.ie/"]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}}
 
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences
"urls_to_restore_on_startup": [ "http://www.google.ie/" ]
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Backup.Old.Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== shortcuts on Users Desktops ======================
 
C:\Users\Graham\Desktop\Computer - Shortcut.lnk -  
C:\Users\Graham\Desktop\Downloads.lnk - C:\Users\Graham\Downloads 
C:\Users\Graham\Desktop\Microsoft Word Starter 2010.lnk - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604090000"
C:\Users\Graham\Desktop\TeamSpeak 3 Client.lnk - D:\TeamSpeak\ts3client_win32.exe 
C:\Users\Graham\Desktop\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe 
C:\Users\Graham\Desktop\World of Warships.lnk - D:\World_of_WarShips\WoWSLauncher.exe 
C:\Users\Graham\Desktop\Unused\Adobe Download Assistant.lnk - C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe 
C:\Users\Graham\Desktop\Unused\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Graham\Desktop\Unused\Epson Easy Photo Print.lnk - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPQuicker.exe 
C:\Users\Graham\Desktop\Unused\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe 
C:\Users\Graham\Desktop\Unused\Crap\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Graham\Desktop\Unused\Crap\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe 
C:\Users\Graham\Desktop\Unused\Crap\IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe 
C:\Users\Graham\Desktop\Unused\Crap\Manual.lnk - C:\Program Files (x86)\TOSHIBA\Manuals\TREXLauncher.exe Manual
C:\Users\Graham\Desktop\Unused\Crap\Microsoft Office 2010.lnk - C:\Toshiba\OfficeLink.cmd 
C:\Users\Graham\Desktop\Unused\Crap\MW4Ed2.lnk - C:\Program Files (x86)\MekTek.net\Mechwarrior Mercenaries - Mektek Mekpak\MW4Ed2.exe 
C:\Users\Graham\Desktop\Unused\Crap\Nero Kwik Media.lnk -  
C:\Users\Graham\Desktop\Unused\Crap\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe 
C:\Users\Graham\Desktop\Unused\Crap\Toshiba Places.lnk -  
C:\Users\Graham\Desktop\Unused\Crap\Toshiba Warranty Registration.lnk - C:\Program Files (x86)\Toshiba\Registration\ToshibaRegistration.exe -desktop
C:\Users\Graham\Desktop\Unused\Crap\User's Guide EPSON SX130 Series.lnk - C:\Program Files (x86)\Epson Software\Epson Manual\EPSON SX130 Series\en\Useg\index.htm 
C:\Users\Graham\Desktop\Unused\School\Act 5 Scene 1 - Shortcut.lnk - G:\2nd yr eng\Act 5 Scene 1.docx 
C:\Users\Graham\Desktop\Unused\School\Act four scene one - Shortcut.lnk - G:\2nd yr eng\Act four scene one.doc 
C:\Users\Graham\Desktop\Unused\School\Act three scene one - Shortcut.lnk - G:\2nd yr eng\Act three scene one.doc 
C:\Users\Graham\Desktop\Unused\School\Act two scene five - Shortcut.lnk - G:\2nd yr eng\Act two scene five.doc 
C:\Users\Guest\Desktop\Bandicam.lnk - C:\Program Files (x86)\Bandicam\bdcam.exe 
C:\Users\Guest\Desktop\Half Life Source.lnk - C:\Program Files (x86)\Half Life 2\Half-Life Source.exe 
C:\Users\Guest\Desktop\Nightmare House 2.lnk -  c:/program files (x86)/steam\steam\games\Nightmare House 2.ico
C:\Users\Guest\Desktop\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe 
C:\Users\Guest\Desktop\Roblox.lnk - C:\Users\Guest\AppData\Local\Roblox\Versions\version-bb07ab23647d4e8a\RobloxPlayerLauncher.exe -browser
 
==== shortcuts on All Users Desktop ======================
 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\Intel® Extreme Tuning Utility.lnk - C:\Windows\Installer\{02874FB3-3E27-4A14-96B8-1562F5A04A31}\PerfTuneIcon.B089625E_E454_492E_B2F2_7E934E4807F0.exe 
C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\League of Legends.lnk - D:\lol.launcher.exe 
C:\Users\Public\Desktop\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe 
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files (x86)\PowerISO\PowerISO.exe 
C:\Users\Public\Desktop\Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe 
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe 
C:\Users\Public\Desktop\World of Tanks.lnk - D:\World_of_Tanks\WoTLauncher.exe 
 
==== shortcuts in Users Start Menu ======================
 
C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - D:\TeamSpeak\ts3client_win32.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk - D:\TeamSpeak\Uninstall.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships\Uninstall World of Warships.lnk - D:\World_of_WarShips\unins000.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships\World of Warships.lnk - D:\World_of_WarShips\WoWSLauncher.exe 
 
==== shortcuts in All Users Start Menu ======================
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Extreme Tuning Utility\Intel® Extreme Tuning Utility.lnk - C:\Windows\Installer\{02874FB3-3E27-4A14-96B8-1562F5A04A31}\PerfTuneIcon.B089625E_E454_492E_B2F2_7E934E4807F0.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /i {B8E7EF80-9719-4EEB-944D-E68D1F3DFA7B} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Uninstall.lnk - C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe -uninst -runfromtemp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - D:\TeamSpeak\ts3client_win64.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk - D:\TeamSpeak\Uninstall.exe 
 
==== shortcuts in Quick Launch ======================
 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\????????.lnk -  
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -  
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 7 (2).lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 7 (3).lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk - C:\Program Files (x86)\Bandicam\bdcam.exe 
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk - C:\Program Files (x86)\Heroes of Newerth\hon.exe 
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk -  
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe 
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Nero BackItUp.lnk - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\BackItUp.exe 
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype .lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe 
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe 
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Graham\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Graham\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on 19/07/2015 at 16:22:17.46 ======================
 
 
 
 

~ ZHPCleaner v2015.7.19.301 by Nicolas Coolman (2015/07/19)
~ Run by Graham (Administrator)  (19/07/2015 16:25:12)
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Graham\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Graham\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (1)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (33)
FOUND file: C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\????????.lnk  [Bad : C:\IQIYI Video\GeePlayer\GeePlayer\GeePlayer.exe]  =>PUP.Optional.IQIYIVideo
FOUND file: C:\Users\Graham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\????????.lnk    =>PUP.Optional.IQIYIVideo
FOUND file: C:\Windows\Prefetch\ABENGINE.EXE-6B1A29C2.pf    =>PUP.Optional.Abengine
FOUND file: C:\Windows\Prefetch\FASTSEARCH_4435.EXE-5E65A398.pf    =>PUP.Optional.FastSearch
FOUND file: C:\Windows\Prefetch\IQIYISETUP_L_SPL004@KB017.EXE-3DC46651.pf    =>PUP.Optional.IQIYIVideo
FOUND file: C:\Windows\Prefetch\OLBPRE.EXE-C6385661.pf    =>PUP.Optional.MyPCBackup
FOUND file: C:\Users\Graham\AppData\LocalLow\mediabarbs\dtx.ini    =>PUP.Optional.BearShare
FOUND file: C:\Users\Graham\AppData\LocalLow\mediabarbs\geodata.xml    =>PUP.Optional.BearShare
FOUND file: C:\Users\Graham\AppData\LocalLow\mediabarbs\geoip.xml    =>PUP.Optional.BearShare
FOUND file: C:\Users\Graham\AppData\LocalLow\mediabarbs\guid.dat    =>PUP.Optional.BearShare
FOUND file: C:\Users\Graham\AppData\LocalLow\mediabarbs\log.txt    =>PUP.Optional.BearShare
FOUND file: C:\Users\Graham\AppData\LocalLow\mediabarbs\preferences.dat    =>PUP.Optional.BearShare
FOUND file: C:\Users\Graham\AppData\LocalLow\mediabarbs\stats.dat    =>PUP.Optional.BearShare
FOUND file: C:\Users\Graham\AppData\LocalLow\mediabarbs\uninstallIE.dat    =>PUP.Optional.BearShare
FOUND file: C:\Users\Graham\AppData\LocalLow\mediabarbs\version.xml    =>PUP.Optional.BearShare
FOUND file: C:\Users\Graham\AppData\LocalLow\mediabarbs\weatherbutton_prefs.xml    =>PUP.Optional.BearShare
FOUND folder: C:\Users\Graham\AppData\LocalLow\mediabarbs\weather  =>PUP.Optional.BearShare
FOUND folder: C:\Users\Graham\AppData\LocalLow\mediabarbs  =>PUP.Optional.BearShare
FOUND file: C:\Users\Guest\AppData\Local\BearShare\Creatives.xml    =>PUP.Optional.BearShare
FOUND file: C:\Users\Guest\AppData\Local\BearShare\Player.swf    =>PUP.Optional.BearShare
FOUND folder: C:\Users\Guest\AppData\Local\BearShare\Artwork  =>PUP.Optional.BearShare
FOUND folder: C:\Users\Guest\AppData\Local\BearShare\CreativesFiles  =>PUP.Optional.BearShare
FOUND folder: C:\Users\Guest\AppData\Local\BearShare\Data  =>PUP.Optional.BearShare
FOUND folder: C:\Users\Guest\AppData\Local\BearShare\IMPictures  =>PUP.Optional.BearShare
FOUND folder: C:\Users\Guest\AppData\Local\BearShare\Partials  =>PUP.Optional.BearShare
FOUND folder: C:\Users\Guest\AppData\Local\BearShare\Temp  =>PUP.Optional.BearShare
FOUND folder: C:\Users\Guest\AppData\Local\CrashRpt\UnsentCrashReports  =>.Legitimate.CrashReports
FOUND folder: C:\Users\Guest\AppData\Local\BearShare  =>PUP.Optional.BearShare
FOUND folder: C:\Users\Guest\AppData\Local\CrashRpt  =>.Legitimate.CrashReports
FOUND folder: C:\Windows\Installer\MSI473E.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSI86B5.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSI9EAA.tmp-  =>Empty
FOUND file: C:\Windows\Installer\{B4827A4D-3E2A-4B1C-82B0-FAD23A22B506}\ARPPRODUCTICON.exe [Flexera Software LLC - InstallShield]  =>PUP.Optional.Dealio
 
 
---\\  Registry ( Key, Value, Data) (3)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.iqiyi.com [221]  =>PUP.Optional.IQIYIVideo
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GeePlayer.exe [C:\IQIYI Video\GeePlayer\GeePlayer\GeePlayer.exe (Not File)]  =>PUP.Optional.IQIYIVideo
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\GeePlayer.exe [C:\IQIYI Video\GeePlayer\GeePlayer\GeePlayer.exe (Not File)]  =>PUP.Optional.IQIYIVideo
 
 
---\\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 69439
~ Items found : 36
~ Items cancelled : 0
~ Items repaired : 0
 
 
End of clean in 7 minutes
===================
ZHPCleaner-[S]-19072015-16_32_54.txt





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users