Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Anti-Exploit not working, SpyShelter won't startup, Chrome keep crashing


  • This topic is locked This topic is locked
44 replies to this topic

#1 CountryGolf

CountryGolf

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 05 September 2015 - 12:26 PM

Hello, I got the following problems in my computer:
 
1. Chrome keeps crashing when launched.
2. SpyShelter won't launch automatically when Windows started. (I already enabled the auto startup setting in SpyShelter). 
3. Keystrokes Encryption in SpyShelter is not working even the option is enabled.
Internet Explorer always crashed after using for 5 minutes.
4. Malwarebytes Anti-Exploit is not protecting any software even enabled.
 
 
Attached please find the FRST.txt and Addition.txt.
 
 
Already completed a scan with MalwareBytes Anti-Malware, Bitdefender Total Security and Adwcleaner. However, no virus was found.
Also tried to reinstall Chrome, however, still not working.
 
Thanks for helping!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by Kelvin (administrator) on KELVIN-XPS (06-09-2015 00:39:05)
Running from C:\Users\Kelvin\AppData\Local\Microsoft\Windows\INetCache\IE\FUFBE0ZS
Loaded Profiles: Kelvin (Available Profiles: Kelvin & sol)
Platform: Windows 8.1 Pro (X64) Language: 中文 (繁體,香港特別行政區)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Datpol) C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Dropbox, Inc.) C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Dropbox, Inc.) C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Datpol) C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1695744 2015-06-23] (Bitdefender)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [414208 2015-07-07] (Code 42 Software, Inc.)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-07] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2015-08-12] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2015-08-12] (VMware, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1855672 2015-08-13] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-29] (Oracle Corporation)
HKLM-x32\...\Run: [FreedomeAutoStart] => C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe [4366376 2015-09-02] (F-Secure Corporation)
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\Run: [Dropbox Update] => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-20] (Dropbox, Inc.)
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Kelvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-08-12] (Safer-Networking Ltd.)
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [876728 2015-08-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\Run: [MOOV Fasta] => C:\Program Files (x86)\MOOV.hk\MOOV Fasta\MoovClient.exe [1101312 2015-09-02] (PCCW Media Limited)
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => No File
ShellIconOverlayIdentifiers: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => No File
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => No File
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => No File
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-08]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-08-12]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-08-17]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2015-09-06]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\sol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\sol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HMA Pro VPN 2.0.lnk [2015-01-03]
ShortcutTarget: HMA Pro VPN 2.0.lnk -> C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe (Privax)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1CE08DE3-371C-4BE8-9DB7-51C05663E091}: [DhcpNameServer] 198.18.25.229
Tcpip\..\Interfaces\{36DEBCE1-70A7-44E0-82BA-AED30D892CC5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CFE0E259-5755-4305-9D7B-AFF10C70A059}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-06-23] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-08] (LastPass)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-06-23] (Bitdefender)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-08] (LastPass)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-06-23] (Bitdefender)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-08] (LastPass)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-06-23] (Bitdefender)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-08] (LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
Handler: WSAMVCUchrome - No CLSID Value

FireFox:
========
FF Plugin: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\PStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\Program Files (x86)\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-08] (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\Windows\system32\itruscert\NPComBrg701.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Cabrilog.com/Cabri 3D -> C:\Program Files (x86)\Cabri\Cabri 3D Plug-in 2.1\bin\npcabri3d.dll [2011-08-23] (Cabrilog S.A.S.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-08] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1007175641-4112103539-228326237-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Kelvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1401100-0-npoctoshape.dll [2014-01-10] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1007175641-4112103539-228326237-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kelvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1007175641-4112103539-228326237-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kelvin\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-06-16] (Octoshape ApS)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-05-08]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-08-13]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR Profile: C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1007175641-4112103539-228326237-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-08-12] (Apple Inc.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-08-07] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-07] (COMODO)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [226584 2014-11-21] (Code 42 Software)
R2 Freedome Service; C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe [365608 2015-09-02] (F-Secure Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-10-30] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-17] (Electronic Arts)
S4 power_activator_service; C:\Program Files\Sandboxie\Sandboxie_Power_Activator_server.exe [2899456 2015-07-29] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2015-08-12] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2015-08-12] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2015-08-12] (Safer-Networking Ltd.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2015-08-12] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2015-08-12] (Secunia)
R2 SpyShelterSrv; C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe [45056 2015-08-09] (Datpol) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12732608 2015-08-12] ()
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1545376 2015-06-23] (Bitdefender)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-08-20] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-08-20] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-08-20] (LG Electronics Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-06-23] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-06-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-06-23] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2015-01-08] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-06-23] (BitDefender LLC)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-08-12] (Secunia)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-08] (Duplex Secure Ltd.)
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys [533768 2015-08-09] (SpyShelter)
R2 SpyshelterFw; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterWFP.sys [104200 2015-08-09] (SpyShelter)
R1 SpyshelterKb; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterKb.sys [254728 2015-08-09] (SpyShelter)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-23] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-12] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-12] (Microsoft Corporation)
S3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2014-10-24] (Wondershare)
R1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [31960 2014-06-03] (XOSLAB.COM)
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 00:35 - 2015-09-06 00:35 - 00000000 ____D C:\AdwCleaner
2015-09-06 00:13 - 2015-09-06 00:13 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-06 00:13 - 2015-09-06 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-03 20:33 - 2015-09-03 20:33 - 00000000 ____D C:\Users\sol\AppData\Roaming\Sun
2015-09-03 20:33 - 2015-09-03 20:33 - 00000000 ____D C:\Users\sol\.oracle_jre_usage
2015-09-02 12:06 - 2015-09-02 12:06 - 00002330 _____ C:\Users\Public\Desktop\Freedome.lnk
2015-09-02 12:06 - 2015-09-02 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedome
2015-09-02 12:05 - 2015-09-02 12:05 - 00000000 ____D C:\Program Files (x86)\F-Secure
2015-09-02 00:30 - 2015-09-02 00:49 - 00003083 _____ C:\Users\Kelvin\Desktop\MOOV Fasta.lnk
2015-09-02 00:30 - 2015-09-02 00:49 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MOOV Fasta
2015-09-02 00:30 - 2015-09-02 00:30 - 00000000 ____D C:\ProgramData\PCCW Media Limited
2015-09-02 00:30 - 2015-09-02 00:30 - 00000000 ____D C:\ProgramData\MOOV.hk
2015-09-02 00:30 - 2015-09-02 00:30 - 00000000 ____D C:\Program Files (x86)\MOOV.hk
2015-08-29 12:52 - 2015-08-29 12:52 - 00000000 _____ C:\Windows\SysWOW64\REN90C0.tmp
2015-08-29 12:50 - 2015-08-29 12:51 - 00000000 ____D C:\Users\Kelvin\.oracle_jre_usage
2015-08-29 12:50 - 2015-08-29 12:50 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Sun
2015-08-26 20:57 - 2015-08-26 20:57 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-20 20:06 - 2015-08-20 20:06 - 00037376 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem64.sys
2015-08-20 20:06 - 2015-08-20 20:06 - 00030720 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag64.sys
2015-08-20 20:06 - 2015-08-20 20:06 - 00020992 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetbus64.sys
2015-08-20 20:06 - 2015-08-20 20:06 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2015-08-20 11:43 - 2015-08-20 11:43 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 11:43 - 2015-08-20 11:43 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-17 21:25 - 2015-08-17 21:25 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\D
2015-08-17 21:25 - 2015-08-17 21:25 - 00000000 ____D C:\D
2015-08-17 21:05 - 2015-08-17 21:05 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DFL
2015-08-17 21:05 - 2015-08-17 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFL
2015-08-17 21:05 - 2015-08-17 21:05 - 00000000 ____D C:\dmd
2015-08-17 21:02 - 2015-08-17 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D
2015-08-15 21:09 - 2015-08-15 21:09 - 06483456 _____ (Tim Kosse) C:\Users\Kelvin\Downloads\FileZilla_3.12.0.2_win64-setup.exe
2015-08-14 00:41 - 2015-08-14 00:41 - 00000000 _____ C:\Windows\SysWOW64\REN59B0.tmp
2015-08-14 00:40 - 2015-08-14 00:40 - 00000000 _____ C:\Windows\SysWOW64\REN46B9.tmp
2015-08-13 23:09 - 2015-08-13 23:09 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Evernote
2015-08-13 23:08 - 2015-08-13 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-08-13 23:08 - 2015-08-13 23:08 - 00000000 ____D C:\Program Files (x86)\Evernote
2015-08-13 23:07 - 2015-08-13 23:07 - 00000000 _____ C:\Users\Kelvin\Downloads\2124.tmp
2015-08-13 22:41 - 2015-08-13 22:43 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-08-13 22:41 - 2015-08-13 22:43 - 00002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-08-13 22:19 - 2015-08-13 22:19 - 00000000 _____ C:\Windows\SysWOW64\REN79C3.tmp
2015-08-13 22:18 - 2015-08-13 22:18 - 00000000 _____ C:\Windows\SysWOW64\REN89F5.tmp
2015-08-13 13:02 - 2015-08-13 13:02 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.lnk
2015-08-13 12:55 - 2015-08-13 12:55 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk
2015-08-13 12:45 - 2015-08-13 12:45 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC 2015.lnk
2015-08-13 12:32 - 2015-08-13 12:32 - 00001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
2015-08-13 12:14 - 2015-08-13 12:14 - 00001242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2015.lnk
2015-08-13 12:11 - 2015-08-13 12:11 - 00001348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Character Animator (Preview).lnk
2015-08-13 11:57 - 2015-08-13 11:57 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk
2015-08-13 11:39 - 2015-08-13 11:39 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
2015-08-13 11:30 - 2015-08-13 11:30 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2015-08-13 11:18 - 2015-08-13 11:18 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-08-13 11:08 - 2015-08-13 21:43 - 00000000 ___RD C:\Users\Kelvin\Creative Cloud Files
2015-08-13 11:08 - 2015-08-13 11:08 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-08-13 11:08 - 2015-08-13 11:08 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-13 11:04 - 2015-08-13 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-13 11:04 - 2015-08-13 11:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-08-13 11:00 - 2015-08-29 12:51 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-13 10:59 - 2015-08-29 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-08-13 10:58 - 2015-08-29 12:52 - 00000000 ____D C:\Program Files\Java
2015-08-13 10:44 - 2015-08-29 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-12 18:11 - 2015-05-21 17:36 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-08-12 18:11 - 2015-05-21 17:35 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-08-12 18:11 - 2015-05-21 17:35 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-08-12 18:10 - 2015-08-12 18:08 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-08-12 18:10 - 2015-08-12 18:08 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-08-12 18:10 - 2015-05-31 07:59 - 00931520 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-08-12 18:10 - 2015-05-31 07:59 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-08-12 18:10 - 2015-05-31 07:59 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-08-12 18:09 - 2015-08-12 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-08-12 18:09 - 2015-08-12 18:09 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-08-12 18:09 - 2015-05-22 08:03 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-08-12 18:08 - 2015-08-12 18:08 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-08-12 18:08 - 2015-08-12 18:08 - 00000000 ____D C:\Program Files (x86)\VMware
2015-08-12 18:01 - 2015-08-12 18:01 - 00001557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-08-12 18:00 - 2015-08-12 18:01 - 00000000 ____D C:\Program Files\Wireshark
2015-08-12 17:55 - 2015-08-12 17:55 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2015-08-12 17:55 - 2015-08-12 17:55 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2015-08-12 17:55 - 2015-08-12 17:55 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2015-08-12 17:55 - 2015-08-12 17:55 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2015-08-12 17:03 - 2015-06-23 13:23 - 00450923 _____ C:\Windows\system32\Drivers\etc\hosts.20150812-170337.backup
2015-08-12 16:39 - 2015-08-12 16:39 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-12 16:39 - 2015-08-12 16:39 - 00987848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-08-12 16:39 - 2015-08-12 16:39 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2015-08-12 16:39 - 2015-08-12 16:39 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2015-08-12 16:37 - 2015-08-12 16:37 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:37 - 2015-08-12 16:37 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:33 - 2015-08-12 16:33 - 00000000 _____ C:\Windows\system32\getservice.txt
2015-08-12 16:32 - 2015-08-12 16:32 - 02046608 _____ (Sysinternals - www.sysinternals.com) C:\Users\Kelvin\Desktop\Procmon.exe
2015-08-12 16:14 - 2015-08-12 16:14 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-08-12 16:14 - 2015-08-12 16:14 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Secunia PSI
2015-08-12 16:13 - 2015-08-12 16:13 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-08-12 16:04 - 2015-08-12 16:04 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 16:04 - 2015-08-12 16:04 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 16:04 - 2015-08-12 16:04 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-12 16:04 - 2015-08-12 16:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 16:04 - 2015-08-12 16:04 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-12 16:04 - 2015-08-12 16:04 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-12 16:04 - 2015-08-12 16:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 16:04 - 2015-08-12 16:04 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 16:04 - 2015-07-17 04:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 16:04 - 2015-07-17 03:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 16:04 - 2015-07-16 08:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 16:04 - 2015-07-16 08:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 16:04 - 2015-07-16 08:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 16:04 - 2015-07-16 08:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 16:04 - 2015-07-14 11:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 16:04 - 2015-07-14 11:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 16:04 - 2015-07-14 03:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 16:04 - 2015-07-14 03:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 16:04 - 2015-07-11 01:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 16:04 - 2015-07-11 01:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 16:04 - 2015-07-11 00:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 16:04 - 2015-07-10 01:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 16:04 - 2015-07-10 00:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 16:04 - 2015-07-02 06:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 16:04 - 2015-07-02 06:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 16:04 - 2015-07-02 05:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 16:04 - 2015-07-02 05:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 15:50 - 2015-08-12 15:50 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-08-12 15:50 - 2015-08-12 15:50 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-08-12 15:50 - 2015-08-12 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-09 21:07 - 2015-08-09 21:07 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Mozilla
2015-08-09 21:03 - 2015-08-09 21:21 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\QuickScan
2015-08-09 20:25 - 2015-08-09 20:38 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-08-09 20:24 - 2015-08-09 20:24 - 00000036 _____ C:\Users\Kelvin\AppData\Local\housecall.guid.cache
2015-08-09 16:43 - 2015-08-09 16:43 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2015-08-09 16:20 - 2015-08-09 17:46 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\SpyShelter
2015-08-09 16:20 - 2015-08-09 16:20 - 00038912 _____ (Datpol) C:\Windows\system32\SpyShelterShellExt.dll
2015-08-09 16:20 - 2015-08-09 16:20 - 00030208 _____ (Datpol) C:\Windows\SysWOW64\SpyShelterShellExt.dll
2015-08-09 16:20 - 2015-08-09 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter
2015-08-09 16:20 - 2015-08-09 16:20 - 00000000 ____D C:\Program Files (x86)\SpyShelter Firewall
2015-08-09 15:12 - 2015-08-09 15:12 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-09 15:12 - 2015-08-09 15:12 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-09 15:12 - 2015-08-09 15:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-09 15:12 - 2015-08-09 15:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-09 15:12 - 2015-08-09 15:12 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-09 12:47 - 2015-08-09 12:47 - 00000000 _____ C:\Users\Kelvin\Downloads\3224.tmp
2015-08-08 17:37 - 2015-08-08 17:38 - 00000000 ____D C:\KVRT_Data
2015-08-07 11:57 - 2015-08-09 13:18 - 00002872 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-08-07 11:57 - 2015-08-07 11:57 - 00003028 _____ C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 00:39 - 2015-05-05 12:20 - 00000000 ____D C:\FRST
2015-09-06 00:36 - 2014-12-31 16:08 - 00000572 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-06 00:34 - 2015-02-08 00:24 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Skype
2015-09-06 00:29 - 2015-05-07 09:16 - 00000000 ____D C:\Users\Kelvin\AppData\Local\CrashDumps
2015-09-06 00:27 - 2015-05-05 12:36 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1007175641-4112103539-228326237-1001
2015-09-06 00:24 - 2014-12-31 16:00 - 01406411 _____ C:\Windows\WindowsUpdate.log
2015-09-06 00:22 - 2015-05-05 10:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-09-06 00:16 - 2014-12-31 16:08 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Google
2015-09-06 00:13 - 2014-12-31 16:08 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-06 00:07 - 2015-07-19 22:02 - 00000590 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001UA1d0c22b9abb7456.job
2015-09-06 00:03 - 2014-12-31 17:42 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\FileZilla
2015-09-06 00:03 - 2014-12-31 16:54 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Notepad++
2015-09-06 00:02 - 2015-07-11 01:28 - 00000000 ____D C:\$Windows.~BT
2015-09-06 00:02 - 2015-05-20 11:57 - 00000590 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001UA.job
2015-09-06 00:02 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-05 23:58 - 2015-01-07 21:12 - 00000000 ___RD C:\Users\Kelvin\Dropbox
2015-09-05 23:58 - 2015-01-07 21:09 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Dropbox
2015-09-05 23:56 - 2015-04-27 21:31 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-05 23:56 - 2014-12-31 16:08 - 00000568 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-05 22:07 - 2015-07-19 22:02 - 00000538 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001Core1d0c22b982743b1.job
2015-09-05 21:30 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-05 01:23 - 2015-05-05 19:51 - 00000080 _____ C:\Users\Kelvin\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-09-05 01:21 - 2014-12-31 16:36 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Adobe
2015-09-04 01:27 - 2014-12-31 16:03 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Packages
2015-09-04 00:35 - 2014-03-18 18:11 - 01175486 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-04 00:35 - 2014-03-18 17:30 - 00189176 _____ C:\Windows\system32\prfh0404.dat
2015-09-04 00:35 - 2014-03-18 17:30 - 00071270 _____ C:\Windows\system32\prfc0404.dat
2015-09-03 21:38 - 2015-05-07 23:59 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1007175641-4112103539-228326237-1004
2015-09-03 20:33 - 2014-12-31 17:57 - 00000000 ____D C:\Users\sol
2015-09-03 20:29 - 2015-01-03 18:24 - 00000000 ____D C:\Users\sol\AppData\Roaming\Dropbox
2015-09-03 20:28 - 2015-05-19 00:09 - 00000000 ____D C:\Users\sol\AppData\Local\CrashDumps
2015-09-03 20:28 - 2014-12-31 17:57 - 00000000 ____D C:\Users\sol\AppData\Roaming\Adobe
2015-09-03 14:47 - 2015-05-05 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-09-03 12:02 - 2015-05-20 11:57 - 00000538 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001Core.job
2015-09-02 12:05 - 2015-03-31 22:03 - 00000000 ____D C:\ProgramData\F-Secure
2015-08-29 12:52 - 2015-01-07 17:10 - 00000000 ____D C:\ProgramData\Oracle
2015-08-29 12:52 - 2015-01-07 17:10 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-29 12:50 - 2014-12-31 16:03 - 00000000 ____D C:\Users\Kelvin
2015-08-29 11:31 - 2014-12-31 16:08 - 00003544 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 11:31 - 2014-12-31 16:08 - 00003308 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 01:24 - 2014-12-31 15:56 - 00000000 ____D C:\Windows\Panther
2015-08-21 10:29 - 2014-12-31 21:56 - 00000000 ____D C:\ProgramData\VMware
2015-08-21 10:29 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-21 10:29 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-21 10:28 - 2013-08-22 22:44 - 05258240 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-21 01:04 - 2013-08-22 21:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-08-20 23:01 - 2014-12-31 16:52 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\vlc
2015-08-20 20:06 - 2014-12-31 22:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-20 13:13 - 2014-12-31 22:15 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-08-20 13:12 - 2015-04-08 19:13 - 00000000 ____D C:\Program Files\Rockstar Games
2015-08-20 11:43 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-17 22:48 - 2014-12-31 17:31 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-17 17:59 - 2014-12-31 21:02 - 00000000 ____D C:\ProgramData\Origin
2015-08-17 17:58 - 2014-12-31 21:02 - 00000000 ____D C:\Program Files (x86)\Origin
2015-08-15 23:31 - 2015-01-03 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-13 23:26 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2015-08-13 22:46 - 2015-01-04 23:53 - 00019350 _____ C:\Windows\system32\debug.log
2015-08-13 22:42 - 2015-05-17 12:10 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-13 22:42 - 2015-03-17 01:34 - 00054944 _____ (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2015-08-13 22:42 - 2015-03-17 01:34 - 00026272 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2015-08-13 22:42 - 2014-12-31 17:52 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-08-13 22:39 - 2014-12-31 16:39 - 00000000 ____D C:\ProgramData\Adobe
2015-08-13 22:39 - 2014-12-31 16:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-13 22:15 - 2014-12-31 21:58 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\VMware
2015-08-13 22:15 - 2014-12-31 21:58 - 00000000 ____D C:\Users\Kelvin\AppData\Local\VMware
2015-08-13 22:11 - 2014-12-31 17:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-13 13:03 - 2014-12-31 17:10 - 00000000 ____D C:\Program Files\Adobe
2015-08-13 12:29 - 2014-12-31 16:03 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Adobe
2015-08-13 11:18 - 2014-12-31 17:32 - 00000000 ____D C:\Users\Kelvin\Documents\Adobe
2015-08-13 11:16 - 2014-12-31 16:38 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-13 11:10 - 2015-02-01 14:16 - 00000000 ____D C:\Program Files\iTunes
2015-08-13 11:10 - 2015-02-01 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-13 11:09 - 2015-03-25 19:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-13 11:08 - 2014-12-31 16:39 - 00000000 ___RD C:\Users\Kelvin\Creative Cloud Files (1)
2015-08-12 18:10 - 2015-05-31 07:58 - 00081088 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll
2015-08-12 18:10 - 2015-05-31 07:58 - 00049856 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2015-08-12 18:10 - 2015-05-31 07:58 - 00048832 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys
2015-08-12 18:10 - 2015-05-31 07:58 - 00028864 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys
2015-08-12 18:10 - 2015-05-21 17:35 - 00085584 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys
2015-08-12 18:09 - 2014-12-31 21:56 - 01184174 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-12 17:53 - 2015-06-16 14:41 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-08-12 17:32 - 2014-03-18 17:30 - 00000000 ____D C:\Windows\system32\Drivers\zh-HK
2015-08-12 17:32 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 17:32 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 17:32 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-12 17:32 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-12 16:38 - 2014-12-31 16:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 16:36 - 2014-12-31 16:29 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 16:22 - 2014-12-31 16:29 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 16:20 - 2014-12-31 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-12 16:19 - 2013-08-22 21:25 - 00000220 _____ C:\Windows\win.ini
2015-08-12 16:14 - 2014-11-28 20:02 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys
2015-08-12 16:13 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 16:13 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 16:04 - 2014-12-31 17:06 - 00004728 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KELVIN-XPS-Kelvin Kelvin-XPS
2015-08-12 16:04 - 2013-08-22 23:38 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 16:04 - 2013-08-22 23:38 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 16:03 - 2015-06-23 21:39 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-12 16:03 - 2015-04-27 21:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-12 15:50 - 2015-04-27 21:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-12 14:00 - 2015-02-08 00:24 - 00000000 ____D C:\ProgramData\Skype
2015-08-09 21:07 - 2014-12-31 23:44 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Mozilla
2015-08-09 16:58 - 2015-05-05 12:44 - 00002024 _____ C:\Windows\Sandboxie.ini
2015-08-09 15:12 - 2015-04-16 01:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-09 15:12 - 2014-12-31 19:23 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-09 12:43 - 2015-01-08 12:17 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2015-08-08 17:50 - 2014-12-31 19:44 - 00000000 ____D C:\Program Files\Bitdefender
2015-08-08 17:39 - 2014-12-31 19:44 - 00000000 ____D C:\ProgramData\Bitdefender

==================== Files in the root of some directories =======

2015-05-08 12:53 - 2015-05-08 12:53 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-01-10 13:25 - 2015-01-10 13:25 - 0000035 _____ () C:\Users\Kelvin\AppData\Roaming\CoreAVC.ini
2015-08-09 20:24 - 2015-08-09 20:24 - 0000036 _____ () C:\Users\Kelvin\AppData\Local\housecall.guid.cache
2015-05-12 21:36 - 2015-05-12 21:36 - 0007627 _____ () C:\Users\Kelvin\AppData\Local\Resmon.ResmonCfg
2015-02-03 18:14 - 2015-02-03 18:14 - 0000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
C:\Users\Kelvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqpwbam.dll
C:\Users\sol\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxf6qct.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-31 21:56

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by Kelvin (2015-09-06 00:39:53)
Running from C:\Users\Kelvin\AppData\Local\Microsoft\Windows\INetCache\IE\FUFBE0ZS
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1007175641-4112103539-228326237-500 - Administrator - Disabled)
Guest (S-1-5-21-1007175641-4112103539-228326237-501 - Limited - Disabled)
Kelvin (S-1-5-21-1007175641-4112103539-228326237-1001 - Administrator - Enabled) => C:\Users\Kelvin
sol (S-1-5-21-1007175641-4112103539-228326237-1004 - Administrator - Enabled) => C:\Users\sol

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

《極速快感世界》 (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
《模擬市民3:前進未來》 (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
《模擬市民3︰華麗舞台》 (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
《戰地風雲3》 (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
ActiveState ActivePython 2.7.8.10 (32-bit) (HKLM-x32\...\{EF34E11A-5977-4234-BCDF-6328CA642BC4}) (Version: 2.7.10 - ActiveState Software Inc.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{06994F91-466E-46FA-B7B5-AA8C265EA9EA}) (Version: 1.4 - Eyeo GmbH)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_1_0) (Version: 19.1.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple 應用程式支援 (32 位元) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple 應用程式支援 (64 位元) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Autodesk 3ds Max 2014 (HKLM\...\Autodesk 3ds Max 2014) (Version: 16.0.420.0 - Autodesk)
Autodesk 3ds Max 2014 (Version: 16.0.420.0 - Autodesk) Hidden
Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk Essential Skills Movies for 3ds Max 2014 64-bit (HKLM\...\{E8814D63-BB76-4C89-A25E-264ECF11D00D}) (Version: 1.2.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.32.600 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (Version: 13.02.15161 - Autodesk) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
Cabri 3D Plug-in 2.1.2 (HKLM-x32\...\cabrilog_cabri3d_plugin_21x_is1) (Version: - Cabrilog S.A.S.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Charles 3.10.2 (HKLM\...\{4E53710D-4995-4D42-B488-3F124D6FE677}) (Version: 3.10.2.1 - XK72 Ltd)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
COMODO Firewall (HKLM\...\{4C5D0B6A-944A-47A6-A2F3-BCB58E05CA5D}) (Version: 8.2.0.4591 - COMODO Security Solutions Inc.)
Construct 2 r200 (HKLM\...\Construct 2_is1) (Version: 1.0.200.0 - Scirra)
CrashPlan (HKLM\...\{0A3C8688-4CBD-4459-AA75-6EE9A548B623}) (Version: 3.7.0 - Code 42 Software)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2604.0 - CyberLink Corp.)
CyberLink PowerDirector 13 Content Pack Essential (HKLM-x32\...\InstallShield_{749B310F-A489-439D-9AEF-1332222F2E04}) (Version: 13 Essential - CyberLink Corp.)
CyberLink PowerDirector 13 Content Pack Premium (HKLM-x32\...\InstallShield_{9B866025-5082-4B88-8A62-F6FBBFCBBBA1}) (Version: 13 Premium - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.6.0 - oldsch00l)
DMD (HKLM-x32\...\DMD) (Version: 2.067.1 - Digital Mars)
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Easy File Locker 1.5 (HKLM-x32\...\Easy File Locker) (Version: 1.5 - XOSLAB.COM)
Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.5.1.0 - Telerik)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Freedome (HKLM-x32\...\F-Secure Freedome) (Version: 1.0.1842.0 - F-Secure Corporation)
Genymotion version 2.5.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.5.0 - Genymobile)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Google 雲端印表機 (HKLM-x32\...\{74AA24E0-AC50-4B28-BA46-9CF05467C9B7}) (Version: 28.0.1489.0 - Google Inc.)
Grand Theft Auto IV - Episodes From Liberty City (HKLM-x32\...\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1) (Version: - )
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
GTR Evolution (HKLM-x32\...\Steam App 8660) (Version: - SimBin)
HMA! Pro VPN 2.8.19.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.19.0 - Privax Ltd)
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Infinite HD™ App (HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
Installer (x32 Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
LastPass (移除) (HKLM-x32\...\LastPass) (Version: - LastPass)
Launcher (Version: 1.0.0 - Square Enix Ltd.) Hidden
LCPD First Response (HKLM-x32\...\LCPD First Response) (Version: 1.0.0.0d - G17 Media)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
LEGO Minifigures Online (HKLM-x32\...\LEGO Minifigures Online_is1) (Version: 1.0.0 - Funcom)
LEGO Racers (HKLM-x32\...\LEGO Racers) (Version: - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
Malwarebytes Anti-Malware 版本 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Midtown Madness 2 (HKLM-x32\...\Midtown Madness 2.0) (Version: - )
Microsoft Monster Truck Madness (HKLM-x32\...\Monster Truck Madness) (Version: - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 (HKLM-x32\...\{a60a492e-b5eb-4218-a9e6-f38d18a7dbaf}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mirror's Edge™ (HKLM-x32\...\{A99CE45B-E8DB-4F8B-B95E-B900BA3822D4}) (Version: 1.0.1.0 - Electronic Arts)
MOOV Fasta (HKLM-x32\...\{0EA6F92F-AB2E-44AB-A9CA-C006F0E4BAA5}) (Version: 1.1.3 - MOOV.hk)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version: - )
Need For Speed World Online (HKLM-x32\...\Need For Speed World Online) (Version: - )
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OpenVPN 2.3.4-I603 (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I603 - )
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.108.1 - proDAD GmbH)
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RACE 07 (HKLM-x32\...\Steam App 8600) (Version: - SimBin)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 434.1 - MIT Media Lab)
Scratch 2 Offline Editor (x32 Version: 255.1 - MIT Media Lab) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15044.7 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15044.7 - Samsung Electronics Co., Ltd.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SOLITON (HKLM-x32\...\SOLITON.B146A943FBD637B68C334022D304CEA226D129B4.1) (Version: 1.2.5 - SOLITON (HK) LIMITED)
SOLITON (x32 Version: 1.2.5 - SOLITON (HK) LIMITED) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyShelter Firewall 10.0 (HKLM\...\SpyshelterInternetSecurity_is1) (Version: 10.0 - Datpol)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWAT 4 - The Stetchkov Syndicate (HKLM-x32\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.)
SWAT 4 (HKLM-x32\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31973 - Sierra Entertainment, Inc.)
SWAT 4 (x32 Version: 1.0.31973 - Sierra Entertainment, Inc.) Hidden
TAP-Windows 9.21.0 (HKLM\...\TAP-Windows) (Version: 9.21.0 - )
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims 4 Update v1.4.83.1010 inc Outdoor Retreat DLC (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims Complete Collection (HKLM-x32\...\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}) (Version: - )
The Sims?3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims?3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims?3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims?3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims?3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims?3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims?3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims?3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims?3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims?3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims?3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims?3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.625.10 - Electronic Arts Inc.)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
TriadWars (HKLM-x32\...\{f40bb465-c3c4-42ac-a360-f64cee75cf4d}) (Version: 1.0.0 - Square Enix Ltd.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TypeScript Power Tool (x32 Version: 1.5.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.5.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.5.3.0 (HKLM-x32\...\{7f54b430-3428-4775-aeae-531e46185ec6}) (Version: 1.5.23115.0 - Microsoft Corporation)
Unity Web Player (HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Unreal Engine (HKLM\...\{B6FCF678-B72A-46E3-B00C-58EC9415AC43}) (Version: 1.1.16.0 - Epic Games, Inc.)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0404-1000-0000000FF1CE}_Office15.PROPLUSR_{0C53C5F8-7856-41E1-8720-37DBBD430C57}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.2 - VMware, Inc)
VMware Workstation (Version: 11.1.2 - VMware, Inc.) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows 驅動程式封裝 - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireshark 1.12.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.6 - The Wireshark developer community, http://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.8-0 - Bitnami)
XnView 2.32 (HKLM-x32\...\XnView_is1) (Version: 2.32 - Gougelet Pierre-e)
末日之戰2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
極速快感 超熱力追緝 (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
極速快感:生存競速 (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
模擬市民 3 世界歷險記 (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
模擬市民 3 夢想起飛 (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
模擬市民3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
模擬市民3 夜店人生 (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
模擬市民3 玩美寵物 (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
模擬市民3 花樣年華 (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
模擬市民3頂級奢華組合 (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1007175641-4112103539-228326237-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

02-09-2015 00:29:01 Installed MOOV Fasta

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-06-23 12:53 - 2015-08-12 17:03 - 00450923 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03A8B7ED-C164-40A6-BD01-E9DB9EF57EFB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-08-12] (Safer-Networking Ltd.)
Task: {0CFB93A6-B9C4-412D-A90F-C65248C467D3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {1FC99C92-FFE7-4351-A698-AA1977B36BB9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {21FFFB8A-AEFB-4025-B4E7-40AFBF6C0425} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-02-09] ()
Task: {291DFDB1-A14B-479F-8252-2EC5FEEF25B2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001Core => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-20] (Dropbox, Inc.)
Task: {2AD5FA43-4502-4DB0-AE4D-824B1AF0AB42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2C498B47-107F-4D04-9C9A-66555DBA6D1F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-08-12] (Safer-Networking Ltd.)
Task: {3E25629C-50A6-41A7-A7CC-319D6DE0D773} - System32\Tasks\{09277848-7C17-4C53-B6E1-36CAAF5B7BC2} => pcalua.exe -a H:\automtm.exe -d H:\
Task: {40FC2DFD-6B1A-47D9-A3E8-482E8111D72B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {49D8C839-AB74-4BBA-9FF2-D20814C690A5} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO)
Task: {5D503A7A-7870-4EAE-8C05-59C5F36300DE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001UA1d0c22b9abb7456 => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-20] (Dropbox, Inc.)
Task: {6783E911-EC6E-42AD-8185-8F899E8FDDA0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KELVIN-XPS-Kelvin Kelvin-XPS => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-08-12] (Microsoft Corporation)
Task: {67CFD7D8-BA4E-465D-B63C-FE02CE6AC924} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001Core1d0c22b982743b1 => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-20] (Dropbox, Inc.)
Task: {6B7E03D6-EE89-40BF-857B-683316EEB746} - System32\Tasks\{47DB90E5-3AEC-4786-8E83-D6E1EEADC943} => Chrome.exe http://ui.skype.com/ui/0/7.1.0.105/x1/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {7B282426-D9BC-4EF0-8AA6-FD3FBD448147} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001UA => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-20] (Dropbox, Inc.)
Task: {8152F559-0F28-46E8-BBD9-B2365D54AEE1} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-KelvinSiu@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {84D676A7-BC98-491C-911A-28E3E9F5A2C9} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {8EB5B94E-B36A-49DC-9DA8-F60EFF8105BE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {90E58C2A-291E-4BF5-AD07-B34A4ED93E49} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-08-12] (Safer-Networking Ltd.)
Task: {97FB4EA5-C0A4-4F11-835F-DA09F7E37DB5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-12] (Microsoft Corporation)
Task: {AFA3EE30-3639-479D-A9AC-31FB3A5FB73A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B9C3797F-178F-458B-A7C1-F5CEE914E271} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {C6D77DAE-D57D-4B60-A101-72B0C26C87AE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C8C48401-35E1-4E53-BA8A-E3EDA97687D5} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe [2015-06-23] (Bitdefender)
Task: {D67C52AC-125E-4832-9C32-77F72FA0CF15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-20] (Piriform Ltd)
Task: {F79DAE47-658F-4D00-AD30-2B48CCAB026B} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001Core.job => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001Core1d0c22b982743b1.job => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001UA.job => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001UA1d0c22b9abb7456.job => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-12-31 19:46 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-12-31 19:46 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-12-31 19:46 - 2014-12-17 14:34 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-12-31 19:46 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-09-04 23:39 - 2015-09-04 23:39 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttpbr.mdl
2015-09-04 23:39 - 2015-09-04 23:39 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttpdsp.mdl
2015-09-04 23:39 - 2015-09-04 23:39 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttpph.mdl
2015-09-04 23:39 - 2015-09-04 23:39 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttprbl.mdl
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-21 00:12 - 2014-11-21 00:12 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2015-07-07 20:47 - 2015-07-07 20:47 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2015-05-31 07:36 - 2015-08-12 18:09 - 12732608 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-29 18:25 - 2015-03-29 18:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 17:49 - 2014-05-12 17:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-08-12 15:50 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-12 15:50 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-12 15:50 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-12 15:50 - 2015-08-12 15:50 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-08-12 15:50 - 2015-08-12 15:50 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-05-31 07:59 - 2015-05-31 07:59 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-05-31 07:36 - 2015-05-31 07:36 - 00194752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-05-31 07:36 - 2015-05-31 07:36 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-05-31 07:36 - 2015-05-31 07:36 - 00388288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-09-05 23:56 - 2015-09-05 23:56 - 00071168 ____N () c:\users\kelvin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqpwbam.dll
2015-03-05 05:45 - 2015-08-05 13:26 - 00012800 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-05 05:45 - 2015-08-05 13:26 - 00779776 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-21 21:06 - 2015-08-05 13:26 - 00056320 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-05 05:45 - 2015-08-05 13:26 - 00012288 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00009728 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\zh_tw\acrotray.cht
2015-09-02 12:06 - 2015-09-02 12:06 - 00732712 _____ () C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\libGLESv2.dll
2015-09-02 12:06 - 2015-09-02 12:06 - 00881704 _____ () C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\platforms\qwindows.dll
2015-09-02 12:06 - 2015-09-02 12:06 - 00049704 _____ () C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\libEGL.dll
2015-09-02 12:06 - 2015-09-02 12:06 - 00024616 _____ () C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\imageformats\qsvg.dll
2015-09-02 12:06 - 2015-09-02 12:06 - 00019496 _____ () C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\QtQuick.2\qtquick2plugin.dll
2015-09-02 12:06 - 2015-09-02 12:06 - 00733736 _____ () C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-02 12:06 - 2015-09-02 12:06 - 00019496 _____ () C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\QtQuick\Window.2\windowplugin.dll
2015-09-02 12:06 - 2015-09-02 12:06 - 00061992 _____ () C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-01 17:35 - 2015-08-13 23:08 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 21121032 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2015-07-01 17:36 - 2015-08-13 23:08 - 00212488 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00988696 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00138776 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00195096 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\Network Inventory 5 Enterprise.xml:Network_Inventory
AlternateDataStreams: C:\Windows\WLXPGSS.SCR:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AdobePDF.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AdobePDFUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aspnet_counters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\btcoinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BtContextMenu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxcap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SpyShelterShellExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmnetbridge.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vnetinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vsgraphicsremoteengine.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vsjitdebugger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aspnet_counters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxcap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SpyShelterShellExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vcamp140.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vmnat.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vmnetdhcp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vsd3dwarpdebug.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vsgraphicsremoteengine.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vsjitdebugger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\btfilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\lgandnetbus64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\lgandnetdiag64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\lgandnetmodem64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\psi_mf_amd64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storvsp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmnetadapter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmnetbridge.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wdcsam64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdNisDrv.sys:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13896365.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13896365.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxp://taobao.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7869 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1007175641-4112103539-228326237-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows 相片檢視器底色圖案.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Network Server.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CrashPlan Tray.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\StartupApproved\Run: => "Octoshape Streaming Services"
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\StartupApproved\Run: => "HCDNClient"
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_90BEE490C5FE33536F56985AC00FCA43"
HKU\S-1-5-21-1007175641-4112103539-228326237-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{3DE31EC9-FE01-4F06-9268-C21B02826DDF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C1C89212-7DE7-4380-B857-FFB6BA7B4085}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6890C243-3CC2-48C0-B2F3-31B50DF0B911}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7DBC8076-70F8-4909-A958-165805CDDE66}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F9C30716-FC30-4ED1-90F2-DB4D3B8B1DEB}] => (Allow) C:\Program Files (x86)\Funcom\LEGO Minifigures Online\Launcher.exe
FirewallRules: [{4A62FFFF-0977-444F-88E1-462C3BC9AAC0}] => (Allow) C:\Program Files (x86)\Funcom\LEGO Minifigures Online\Launcher.exe
FirewallRules: [{4C931437-9F9A-4B8B-9594-E28A16D9CC65}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2200251B-4C78-4E6C-8840-E60E6DDE2689}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E913FE6F-2F13-4D32-8BDE-9996F39EEF55}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2AAE3DB2-C739-4E49-AC77-C750E2CC3BEC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7BCABAA1-5026-468E-AABC-510F9A8F3478}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Rivals\NFS14_x86.exe
FirewallRules: [{A7E4A1F3-1816-43D2-BF56-BC9B9D6C8746}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Rivals\NFS14_x86.exe
FirewallRules: [{9EF0F329-B0FD-4413-9CF2-33C09EB08DE6}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Rivals\NFS14.exe
FirewallRules: [{4321681A-DF56-4292-BFD2-D45D3DE5D33B}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Rivals\NFS14.exe
FirewallRules: [{0F00CED1-645F-4845-A49E-61B5DD1523CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{2BABF616-E587-4EF7-B762-B2D4D5CDBC90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{18E4BA57-643C-4F74-9301-5E9EEBB87675}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{1F7A1793-B0AF-4378-86B8-2D955D49ABBC}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{755EE3D5-C0BD-4E1E-95EB-786F771393DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{06538399-A708-4E5E-8824-B31563818561}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{B807237F-7B9D-445D-924A-DBB194FBA660}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\race 07\SteamProxy.exe
FirewallRules: [{75FE917A-14DC-46BC-93CB-AA1A4527E46B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\race 07\SteamProxy.exe
FirewallRules: [{0F6720D4-17BC-4AAF-8A48-05C09C562E2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\race 07\Config.exe
FirewallRules: [{9AD5B725-D5F1-4DFB-A651-B49E3A98E8AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\race 07\Config.exe
FirewallRules: [{640394A1-9B23-4F29-A16C-8F9BE599A1F0}] => (Allow) C:\Program Files (x86)\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{78F7AC49-3375-42C3-B41B-08244EB90105}] => (Allow) C:\Program Files (x86)\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{55B9FE01-80CC-41D6-8DDE-E85F806F0E46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\race 07\SteamExpansionApp.exe
FirewallRules: [{C8BDD0D0-5E8E-4AE8-A11A-C517654A7821}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\race 07\SteamExpansionApp.exe
FirewallRules: [{1B0022F4-D9DF-4D32-9D6E-237C2CEE313B}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed Hot Pursuit\Launcher.exe
FirewallRules: [{D2DBF522-46FB-499E-A435-DE9E3522E4C3}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed Hot Pursuit\Launcher.exe
FirewallRules: [{0A87BD3B-90AA-4B73-9DE4-4CF9A0902FE0}] => (Allow) C:\Program Files (x86)\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{7566C8D8-1624-4A72-803F-15F106096DEC}] => (Allow) C:\Program Files (x86)\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{C0C5EC84-0574-44A6-A79A-9258491F9AAA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{A3936FA8-C19E-402C-92CC-F2D834F8F285}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{BBD46DF8-53E2-4655-94CF-ECC19C1A2BA4}C:\program files (x86)\funcom\lego minifigures online\lmo.exe] => (Block) C:\program files (x86)\funcom\lego minifigures online\lmo.exe
FirewallRules: [UDP Query User{F6AE1E06-2017-4E86-9939-64C177C415F9}C:\program files (x86)\funcom\lego minifigures online\lmo.exe] => (Block) C:\program files (x86)\funcom\lego minifigures online\lmo.exe
FirewallRules: [{892B0B98-F982-499A-8931-D6971B571B4F}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed Undercover\nfs.exe
FirewallRules: [{8738D338-D747-4528-9949-CB1DF9F3FEB0}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed Undercover\nfs.exe
FirewallRules: [{97F1A9F5-768B-4D19-B7C2-660E6E50D01A}] => (Allow) C:\Users\sol\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{01580594-904E-4C56-8323-B2AD00D015A8}] => (Allow) C:\Users\sol\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{80CD0D69-2E46-43DE-8C24-338B21491803}] => (Allow) C:\Users\sol\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{84FBC062-0950-4B2D-99C3-46B3FE57DBB7}] => (Allow) C:\Users\sol\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D3505490-7BD9-485F-BE36-9BB7D010974D}] => (Allow) C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D7986963-753E-416D-A9A9-36B43F4E0D63}] => (Allow) C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E42EE5A1-0670-4506-958D-72E224F3D8FA}] => (Allow) C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7AC8297F-1D98-402B-AD95-1CD27B604113}] => (Allow) C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E5E96F8F-44C0-496C-B277-FFE0C3859FE8}] => (Allow) C:\Program Files (x86)\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe
FirewallRules: [{D7891A75-5767-4643-8952-4F25EE833129}] => (Allow) C:\Program Files (x86)\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe
FirewallRules: [{FBA7B8A0-FD58-428C-A450-4C4B63DC2DFC}] => (Allow) C:\Program Files (x86)\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe
FirewallRules: [{CB706FE5-D678-4217-AA36-25397EE6F297}] => (Allow) C:\Program Files (x86)\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe
FirewallRules: [{97A9F670-A738-4EF5-BA73-1258F92E4A6F}] => (Allow) C:\Program Files (x86)\Origin Games\Mirrors Edge\Binaries\MirrorsEdge.exe
FirewallRules: [{EF029BDE-9345-43C5-BF7A-6A9A4A925B0A}] => (Allow) C:\Program Files (x86)\Origin Games\Mirrors Edge\Binaries\MirrorsEdge.exe
FirewallRules: [TCP Query User{AA6B8CC4-FC60-4B99-9E23-B5DCEA6A42C5}C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe] => (Block) C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{AD22343E-4D1F-4ED9-9F61-2ECF27F5D471}C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe] => (Block) C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{35688674-A820-48AF-B3EC-0A39257E55B3}C:\program files\epic games\4.6\engine\binaries\win64\ue4editor.exe] => (Block) C:\program files\epic games\4.6\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{B7B4F003-8703-478E-9811-8D4B7552E2FE}C:\program files\epic games\4.6\engine\binaries\win64\ue4editor.exe] => (Block) C:\program files\epic games\4.6\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{4FC5A04B-C23C-4281-8D22-4D2CE764D37E}C:\users\kelvin\documents\unreal projects\realisticrendering\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Block) C:\users\kelvin\documents\unreal projects\realisticrendering\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe
FirewallRules: [UDP Query User{938BF571-9DD3-4BEC-BDB4-706FFF275B56}C:\users\kelvin\documents\unreal projects\realisticrendering\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Block) C:\users\kelvin\documents\unreal projects\realisticrendering\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe
FirewallRules: [TCP Query User{17D7FEB8-7CB2-46EC-A0E1-90488A066723}C:\program files\epic games\4.6\engine\binaries\dotnet\swarmagent.exe] => (Block) C:\program files\epic games\4.6\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{777A227E-E14D-422D-A030-6A71C8C6B81E}C:\program files\epic games\4.6\engine\binaries\dotnet\swarmagent.exe] => (Block) C:\program files\epic games\4.6\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [{3D8BABFB-520B-464F-904B-096E59A31F0F}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{5D33C593-CA40-4DE9-A806-F1281906E858}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{E02EB8A0-D67F-4C19-AE3E-68646E7E4230}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{C57828CC-A829-4D29-803E-BFEF68E4D92A}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{75D01938-CDC3-42F8-871F-5D07F5716669}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{8F531519-8FDA-42AE-8C6C-4004A5B9C6C7}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{088160F3-2665-40AB-80CD-586513E7D3DC}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{12224DFF-943A-4E85-A367-FCAE50E7790D}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{55BB3B4C-08A9-4AB7-8509-D4E3DE210722}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{F3C72BEC-84FB-47FB-8CF2-B6AA668137B3}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [TCP Query User{E8088F20-4F9B-42A0-B3DB-70672EC1C106}C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe] => (Block) C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe
FirewallRules: [UDP Query User{EA5CFB9C-E07A-498D-B610-7E4A7229F221}C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe] => (Block) C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe
FirewallRules: [TCP Query User{44CC296B-6E5E-4ADE-B793-37D96A38D4B2}C:\program files (x86)\sierra\swat 4\content\system\swat4.exe] => (Block) C:\program files (x86)\sierra\swat 4\content\system\swat4.exe
FirewallRules: [UDP Query User{04E653E3-6E13-445F-A334-2ED9903BD7EC}C:\program files (x86)\sierra\swat 4\content\system\swat4.exe] => (Block) C:\program files (x86)\sierra\swat 4\content\system\swat4.exe
FirewallRules: [TCP Query User{74AF2B00-65A2-4913-88DB-9D47A64336D0}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D3212EA5-F69C-4EA7-9315-FABBE46A492A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{52D458CC-07E3-4FF0-8FE8-C85511700E45}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{55A990C4-EFA5-4413-A880-4E1A02191443}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{69491644-6F1D-4176-96A4-062AA989B0E5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{788415DE-EE4E-4F86-9063-65BE906C24AD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B8966E33-EC9C-4906-9E00-EE563A57D467}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{37193902-0D0B-4C00-B993-09F1B4765064}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{15561C87-FE76-45CC-A177-8590F6797B26}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
FirewallRules: [{308D62BF-85C1-4491-A642-511B3D19E188}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
FirewallRules: [{C2202E91-BECF-4BE6-8215-D6BA79B47D0A}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{619B5A7E-F238-4B4F-8067-A9980499BC85}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [TCP Query User{A6273383-B144-410C-909D-7046E57D1CEB}C:\users\kelvin\desktop\thunder\thunder\thunder\program\thunderplatform.exe] => (Block) C:\users\kelvin\desktop\thunder\thunder\thunder\program\thunderplatform.exe
FirewallRules: [UDP Query User{1D5A107C-1BA9-4F5A-AF55-83F07A82B3C6}C:\users\kelvin\desktop\thunder\thunder\thunder\program\thunderplatform.exe] => (Block) C:\users\kelvin\desktop\thunder\thunder\thunder\program\thunderplatform.exe
FirewallRules: [TCP Query User{8FE201FB-C9EB-4FE2-A151-E6C5E46FA585}C:\aria2\aria2c.exe] => (Block) C:\aria2\aria2c.exe
FirewallRules: [UDP Query User{B3B4876C-3D38-40D2-8E09-9B7F9B39D62C}C:\aria2\aria2c.exe] => (Block) C:\aria2\aria2c.exe
FirewallRules: [{852E7708-6216-4588-B892-86CFACFA0DEA}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{612299A8-6337-46DC-A3EC-E8EAF98B0767}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{B954B482-92D8-4610-B9C3-AD1F9854CA39}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EA6044E5-7DC9-4325-B377-BF282C6DDEFC}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{F2BEAE5C-0655-46AA-A3CD-8C64D3342F68}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{F0783E78-56BA-4235-8CF0-66C0B0119E27}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{D34E0C8F-0928-47D2-9DB4-FAE7F15EFD73}C:\users\kelvin\desktop\aliwangwang\aliim.exe] => (Block) C:\users\kelvin\desktop\aliwangwang\aliim.exe
FirewallRules: [UDP Query User{B97CFDAB-91FE-41C8-BBBE-68243C433946}C:\users\kelvin\desktop\aliwangwang\aliim.exe] => (Block) C:\users\kelvin\desktop\aliwangwang\aliim.exe
FirewallRules: [{654BA343-D31F-4EE4-ABA5-A716E9E25561}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{83B78C93-3A81-4D00-BEB4-A72EC9332854}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{0FB48C84-91F6-4DD4-8167-9003986E1C97}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{CC215901-69D4-497C-9DB5-81A131678720}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{3329169C-F43B-4783-973F-377F197003B4}] => (Allow) C:\Program Files (x86)\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{B34CA422-6D87-42D9-8076-9D2AE49CA06D}] => (Allow) C:\Program Files (x86)\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [TCP Query User{2D203CB0-3B90-4F97-9313-65FACCB77D63}C:\program files (x86)\funcom\lego minifigures online\lmo.exe] => (Allow) C:\program files (x86)\funcom\lego minifigures online\lmo.exe
FirewallRules: [UDP Query User{7843370C-AECF-4690-B626-7D5FE4BBA3E7}C:\program files (x86)\funcom\lego minifigures online\lmo.exe] => (Allow) C:\program files (x86)\funcom\lego minifigures online\lmo.exe
FirewallRules: [TCP Query User{66BDFAA9-213D-4317-A76F-16D1652FA83D}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{AF5111EC-A9CA-47C6-8077-3B966C4E8D81}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{7F79AB4C-AAB7-4AFE-94A7-93E7780642E7}C:\users\kelvin\desktop\thunder\thunder\thunder\program\thunderplatform.exe] => (Allow) C:\users\kelvin\desktop\thunder\thunder\thunder\program\thunderplatform.exe
FirewallRules: [UDP Query User{0B3C6433-E3B5-401C-9ABC-CA38047AFE5C}C:\users\kelvin\desktop\thunder\thunder\thunder\program\thunderplatform.exe] => (Allow) C:\users\kelvin\desktop\thunder\thunder\thunder\program\thunderplatform.exe
FirewallRules: [{54E09C89-2C5C-460F-8A80-A5DAD013DEA6}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
FirewallRules: [TCP Query User{2CA369A7-84D7-486E-AE60-8A6C589481CA}C:\users\sol\desktop\lg手指檔案\teamviewer-4.0.5543.exe] => (Block) C:\users\sol\desktop\lg手指檔案\teamviewer-4.0.5543.exe
FirewallRules: [UDP Query User{7AADA146-0984-405E-89D0-615B59D2A19E}C:\users\sol\desktop\lg手指檔案\teamviewer-4.0.5543.exe] => (Block) C:\users\sol\desktop\lg手指檔案\teamviewer-4.0.5543.exe
FirewallRules: [{1D58119D-7917-42C8-91C6-63B267CFFD6E}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{5ED9725E-4523-4A6D-8919-624211048824}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [TCP Query User{835F9B18-6A93-4013-8E94-0826F5357C1D}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [UDP Query User{13BA03AD-D301-4AD1-BA22-4B0420DC86E2}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [{1F2705DF-5DCF-4A87-870A-5D17C7C78FE7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{647E4208-C59D-4715-B367-665113644F9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FB03F94-910B-4D19-908A-2583E0E4DA77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{92222388-B87E-4E9A-BADA-F9982A36C869}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{461B778D-794B-4489-BAC2-0078596FBE1E}C:\users\kelvin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\kelvin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{F39414D6-2908-40E5-8A9B-29BCFDC08D7F}C:\users\kelvin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\kelvin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [TCP Query User{8973EBBA-7BC4-4CC6-8DFC-9B65CA3E9928}C:\program files (x86)\microsoft games\monster truck madness\monster.exe] => (Allow) C:\program files (x86)\microsoft games\monster truck madness\monster.exe
FirewallRules: [UDP Query User{23A9D92D-E274-49CD-905C-047E1F321793}C:\program files (x86)\microsoft games\monster truck madness\monster.exe] => (Allow) C:\program files (x86)\microsoft games\monster truck madness\monster.exe
FirewallRules: [TCP Query User{B30A5899-A3BA-4AFE-AA7A-5B2A00804955}C:\program files (x86)\origin games\need for speed™ rivals\nfs14.exe] => (Allow) C:\program files (x86)\origin games\need for speed™ rivals\nfs14.exe
FirewallRules: [UDP Query User{E86EE7EC-DAF6-45F2-A6C5-99D567132914}C:\program files (x86)\origin games\need for speed™ rivals\nfs14.exe] => (Allow) C:\program files (x86)\origin games\need for speed™ rivals\nfs14.exe
FirewallRules: [TCP Query User{5F21638B-4870-4835-B404-998E09F4C851}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{A900D3BE-8795-4271-9E0B-770C8C56152C}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{8D76BAF6-3D4D-4821-A555-8F3E74FEC74F}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{5664506A-3FED-4DCB-9B50-FDF959C7F4C3}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{55B4392D-D884-4A72-8B81-F16A4BFE1D99}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [UDP Query User{9347F23F-99BF-4F1C-9B7A-F78639262323}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [{2DB12291-07D5-4DB3-AA70-20FE919A5F00}] => (Block) C:\program files\charles\charles.exe
FirewallRules: [{A31C8CC5-79EB-4888-A2ED-B8DBE7B202B0}] => (Block) C:\program files\charles\charles.exe
FirewallRules: [{E7FA983C-9F13-493A-89CB-594A6CD1BCB1}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{D09AF055-4A36-4929-ADA9-048EAD4C90E8}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [TCP Query User{78CD1B21-A203-44D7-A40B-93F51BA4FF73}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [UDP Query User{4A843B04-AEE6-4EEF-84E9-3A78B624CF2A}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [{5A5F4B10-8A16-4A7F-844B-3A575F1F41FC}] => (Block) C:\python27\python.exe
FirewallRules: [{55D5A487-3A84-4B7F-A970-733A59917947}] => (Block) C:\python27\python.exe
FirewallRules: [{44198536-690F-4194-84DD-1E30EBD2EA62}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{108F90DF-1648-4525-88BF-2C7823A8A1AC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{9F3282A0-0B57-4DFC-A8F5-D70E6B31747A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{65268EC0-BBB6-45ED-960F-3409DDB89076}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{0C552971-33EE-40C2-8FA7-B253679D97D2}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{A99ED45B-5428-4773-B732-E95C39270CB6}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{82E4E38F-19BD-4C1C-AA21-AE01DC4B47A8}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{8ADCF943-9F87-4832-8DB2-1C38738CEAF0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{543567FC-6A56-4067-96D9-BB6408011056}] => (Allow) LPort=2869
FirewallRules: [{BCF1F19B-099A-46AF-B056-9E95CF12C8FC}] => (Allow) LPort=1900
FirewallRules: [{86B9D379-2691-49D5-B0C4-081754847C84}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{9BBC3FAF-40FE-4727-B8EB-8370223740B2}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{8DE15C5F-8D93-4A53-9C21-FC3EB7D62E1B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{31D27B08-A1DE-4DBB-972A-ABB009597AC8}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{BDA9B0F6-01F6-4BA4-AB7C-E294D565A940}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E91216CE-AC12-44AE-A1EE-0B02534C7801}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Bluetooth 裝置 (個人區域網路)
Description: Bluetooth 裝置 (個人區域網路)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2015 12:32:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: 磁碟區陰影複製服務錯誤: 在陰影複製提供者 {b5946137-7b9f-4925-af80-51abd60b20d5} 呼叫一個常式時發生錯誤。常式傳回 E_INVALIDARG。
常式詳細資料 GetSnapshot({00000000-0000-0000-0000-000000000000},000000FB575085F0)。


操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:32:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: 磁碟區陰影複製服務錯誤: 在陰影複製提供者 {b5946137-7b9f-4925-af80-51abd60b20d5} 呼叫一個常式時發生錯誤。常式傳回 E_INVALIDARG。
常式詳細資料 GetSnapshot({00000000-0000-0000-0000-000000000000},000000FB575091D0)。


操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:32:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: 磁碟區陰影複製服務錯誤: 在陰影複製提供者 {b5946137-7b9f-4925-af80-51abd60b20d5} 呼叫一個常式時發生錯誤。常式傳回 E_INVALIDARG。
常式詳細資料 GetSnapshot({00000000-0000-0000-0000-000000000000},000000FB575094F0)。


操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:32:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: 磁碟區陰影複製服務錯誤: 在陰影複製提供者 {b5946137-7b9f-4925-af80-51abd60b20d5} 呼叫一個常式時發生錯誤。常式傳回 E_INVALIDARG。
常式詳細資料 GetSnapshot({00000000-0000-0000-0000-000000000000},000000FB57508870)。


操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:32:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: 磁碟區陰影複製服務錯誤: 在陰影複製提供者 {b5946137-7b9f-4925-af80-51abd60b20d5} 呼叫一個常式時發生錯誤。常式傳回 E_INVALIDARG。
常式詳細資料 GetSnapshot({00000000-0000-0000-0000-000000000000},000000FB57508FF0)。


操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:29:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 失敗的應用程式名稱: chrome.exe,版本: 45.0.2454.85,時間戳記: 0x55df881b
失敗的模組名稱: guard32.dll,版本: 8.2.0.4674,時間戳記: 0x55c148a3
例外狀況代碼: 0xc0000409
錯誤位移: 0x000269c9
失敗的處理程序識別碼: 0x3818
失敗的應用程式開始時間: 0xchrome.exe0
失敗的應用程式路徑: chrome.exe1
失敗的模組路徑: chrome.exe2
報告識別碼: chrome.exe3
失敗的套件完整名稱: chrome.exe4
失敗的套件相關應用程式識別碼: chrome.exe5

Error: (09/06/2015 12:28:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 失敗的應用程式名稱: chrome.exe,版本: 45.0.2454.85,時間戳記: 0x55df881b
失敗的模組名稱: guard32.dll,版本: 8.2.0.4674,時間戳記: 0x55c148a3
例外狀況代碼: 0xc0000409
錯誤位移: 0x000269c9
失敗的處理程序識別碼: 0x3828
失敗的應用程式開始時間: 0xchrome.exe0
失敗的應用程式路徑: chrome.exe1
失敗的模組路徑: chrome.exe2
報告識別碼: chrome.exe3
失敗的套件完整名稱: chrome.exe4
失敗的套件相關應用程式識別碼: chrome.exe5

Error: (09/06/2015 12:27:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 失敗的應用程式名稱: chrome.exe,版本: 45.0.2454.85,時間戳記: 0x55df881b
失敗的模組名稱: guard32.dll,版本: 8.2.0.4674,時間戳記: 0x55c148a3
例外狀況代碼: 0xc0000409
錯誤位移: 0x000269c9
失敗的處理程序識別碼: 0x3bb8
失敗的應用程式開始時間: 0xchrome.exe0
失敗的應用程式路徑: chrome.exe1
失敗的模組路徑: chrome.exe2
報告識別碼: chrome.exe3
失敗的套件完整名稱: chrome.exe4
失敗的套件相關應用程式識別碼: chrome.exe5

Error: (09/06/2015 12:25:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: 磁碟區陰影複製服務錯誤: 在陰影複製提供者 {b5946137-7b9f-4925-af80-51abd60b20d5} 呼叫一個常式時發生錯誤。常式傳回 E_INVALIDARG。
常式詳細資料 GetSnapshot({00000000-0000-0000-0000-000000000000},000000E6BD0D2330)。


操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:25:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: 磁碟區陰影複製服務錯誤: 在陰影複製提供者 {b5946137-7b9f-4925-af80-51abd60b20d5} 呼叫一個常式時發生錯誤。常式傳回 E_INVALIDARG。
常式詳細資料 GetSnapshot({00000000-0000-0000-0000-000000000000},000000E6BD0D1610)。


操作:
取得陰影複製內容

內容:
執行內容: Coordinator


System errors:
=============

Microsoft Office:
=========================
Error: (09/06/2015 12:32:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000FB575085F0)

操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:32:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000FB575091D0)

操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:32:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000FB575094F0)

操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:32:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000FB57508870)

操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:32:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000FB57508FF0)

操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:29:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bguard32.dll8.2.0.467455c148a3c0000409000269c9381801d0e7f7f9133134C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\guard32.dll3730cb4c-53eb-11e5-82e9-90b11c928b9d

Error: (09/06/2015 12:28:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bguard32.dll8.2.0.467455c148a3c0000409000269c9382801d0e7f7efd24e98C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\guard32.dll2e0bbaf0-53eb-11e5-82e9-90b11c928b9d

Error: (09/06/2015 12:27:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bguard32.dll8.2.0.467455c148a3c0000409000269c93bb801d0e7f7b299a74dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\guard32.dllf0d83adc-53ea-11e5-82e9-90b11c928b9d

Error: (09/06/2015 12:25:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000E6BD0D2330)

操作:
取得陰影複製內容

內容:
執行內容: Coordinator

Error: (09/06/2015 12:25:56 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000E6BD0D1610)

操作:
取得陰影複製內容

內容:
執行內容: Coordinator


CodeIntegrity:
===================================
Date: 2015-09-06 00:35:07.739
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-06 00:13:22.104
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-06 00:04:43.161
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 23:59:13.860
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 01:34:18.718
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-05 01:24:11.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 01:20:41.852
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-05 00:18:19.690
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-04 23:20:58.772
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-04 01:36:09.478
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 16344.95 MB
Available physical RAM: 11121.91 MB
Total Virtual: 19128.95 MB
Available Virtual: 11524.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:2794 GB) (Free:1479.75 GB) NTFS
Drive i: (USB) (Removable) (Total:29.82 GB) (Free:24.9 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: AB4F028A)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: D92BD9A0)

========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 10 September 2015 - 10:07 AM.


BC AdBot (Login to Remove)

 


m

#2 CountryGolf

CountryGolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 08 September 2015 - 12:13 PM

Anyone can help?



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 10 September 2015 - 10:05 AM

Greetings CountryGolf and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Copy and paste FRST.exe onto your Desktop or download a new version to that location:

Running from C:\Users\Kelvin\AppData\Local\Microsoft\Windows\INetCache\IE\FUFBE0ZS

----------

Does this look familiar to you?
 

Tcpip\..\Interfaces\{1CE08DE3-371C-4BE8-9DB7-51C05663E091}: [DhcpNameServer] 198.18.25.229


----------

Do you recognize any of these?
 

2015-08-17 21:25 - 2015-08-17 21:25 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\D
2015-08-17 21:25 - 2015-08-17 21:25 - 00000000 ____D C:\D
2015-08-17 21:05 - 2015-08-17 21:05 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DFL
2015-08-17 21:05 - 2015-08-17 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFL
2015-08-17 21:05 - 2015-08-17 21:05 - 00000000 ____D C:\dmd
2015-08-17 21:02 - 2015-08-17 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D
2015-09-05 01:23 - 2015-05-05 19:51 - 00000080 _____ C:\Users\Kelvin\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦


Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer because Comodo is causing issues with Chrome.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Comodo Defense+
COMODO Firewall
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => No File
ShellIconOverlayIdentifiers: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => No File
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => No File
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => No File
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Handler: WSAMVCUchrome - No CLSID Value
FF Plugin: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\PStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\Program Files (x86)\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\Windows\system32\itruscert\NPComBrg701.dll [No File]
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin HKU\S-1-5-21-1007175641-4112103539-228326237-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
2015-08-29 12:52 - 2015-08-29 12:52 - 00000000 _____ C:\Windows\SysWOW64\REN90C0.tmp
2015-08-14 00:41 - 2015-08-14 00:41 - 00000000 _____ C:\Windows\SysWOW64\REN59B0.tmp
2015-08-14 00:40 - 2015-08-14 00:40 - 00000000 _____ C:\Windows\SysWOW64\REN46B9.tmp
2015-08-13 23:07 - 2015-08-13 23:07 - 00000000 _____ C:\Users\Kelvin\Downloads\2124.tmp
2015-08-13 22:19 - 2015-08-13 22:19 - 00000000 _____ C:\Windows\SysWOW64\REN79C3.tmp
2015-08-13 22:18 - 2015-08-13 22:18 - 00000000 _____ C:\Windows\SysWOW64\REN89F5.tmp
2015-08-09 12:47 - 2015-08-09 12:47 - 00000000 _____ C:\Users\Kelvin\Downloads\3224.tmp
Task: {3E25629C-50A6-41A7-A7CC-319D6DE0D773} - System32\Tasks\{09277848-7C17-4C53-B6E1-36CAAF5B7BC2} => pcalua.exe -a H:\automtm.exe -d H:\
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Did Comodo uninstall properly?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 CountryGolf

CountryGolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 10 September 2015 - 12:19 PM

Thanks for the reply. I am a bit busy in these few days, I will give you an update on or beofre next monday,



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 10 September 2015 - 01:06 PM

Very good, thanks for letting me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 16 September 2015 - 10:08 AM

Greetings,

Have we been able to make any progress?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 CountryGolf

CountryGolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 17 September 2015 - 01:02 AM

Tcpip\..\Interfaces\{1CE08DE3-371C-4BE8-9DB7-51C05663E091}: [DhcpNameServer] 198.18.25.229   <-- I have no idea what it is.

These are the D-Programming-Language software:

C:\D

C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\D

C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DFL

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFL

C:\dmd

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D




C:\Users\Kelvin\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦   <-- Not really sure what it is.


For removing COMODO, Is it a good idea to remove it? Since I heard the HIPS protection is very useful.



Fixlog.txt content:

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Kelvin (2015-09-17 12:58:21) Run:1
Running from C:\Users\Kelvin\Desktop
Loaded Profiles: Kelvin
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => No File
ShellIconOverlayIdentifiers: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => No File
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => No File
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => No File
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Handler: WSAMVCUchrome - No CLSID Value
FF Plugin: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\PStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\Program Files (x86)\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\Windows\system32\itruscert\NPComBrg701.dll [No File]
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin HKU\S-1-5-21-1007175641-4112103539-228326237-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
2015-08-29 12:52 - 2015-08-29 12:52 - 00000000 _____ C:\Windows\SysWOW64\REN90C0.tmp
2015-08-14 00:41 - 2015-08-14 00:41 - 00000000 _____ C:\Windows\SysWOW64\REN59B0.tmp
2015-08-14 00:40 - 2015-08-14 00:40 - 00000000 _____ C:\Windows\SysWOW64\REN46B9.tmp
2015-08-13 23:07 - 2015-08-13 23:07 - 00000000 _____ C:\Users\Kelvin\Downloads\2124.tmp
2015-08-13 22:19 - 2015-08-13 22:19 - 00000000 _____ C:\Windows\SysWOW64\REN79C3.tmp
2015-08-13 22:18 - 2015-08-13 22:18 - 00000000 _____ C:\Windows\SysWOW64\REN89F5.tmp
2015-08-09 12:47 - 2015-08-09 12:47 - 00000000 _____ C:\Users\Kelvin\Downloads\3224.tmp
Task: {3E25629C-50A6-41A7-A7CC-319D6DE0D773} - System32\Tasks\{09277848-7C17-4C53-B6E1-36CAAF5B7BC2} => pcalua.exe -a H:\automtm.exe -d H:\
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00ExpanDriveExt1" => key removed successfully
HKCR\CLSID\{C955792B-31A0-4791-9DDE-0A9A57411C16} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00ExpanDriveExt2" => key removed successfully
HKCR\CLSID\{C955792C-31A0-4791-9DDE-0A9A57411C16} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AAADesktopTips" => key removed successfully
HKCR\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00ExpanDriveExt1" => key removed successfully
HKCR\Wow6432Node\CLSID\{C955792B-31A0-4791-9DDE-0A9A57411C16} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00ExpanDriveExt2" => key removed successfully
HKCR\Wow6432Node\CLSID\{C955792C-31A0-4791-9DDE-0A9A57411C16} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKCR\PROTOCOLS\Handler\WSAMVCUchrome" => key removed successfully
"HKLM\Software\MozillaPlugins\@iqiyi.com/npclient" => key removed successfully
"HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@alipay.com/NPComBrg701,version=1.0.2011.701" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@xunlei.com/npxluser" => key removed successfully
"HKU\S-1-5-21-1007175641-4112103539-228326237-1001\Software\MozillaPlugins\@xunlei.com/npxluser" => key removed successfully
C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll => not found.
keycrypt => service removed successfully
C:\Windows\SysWOW64\REN90C0.tmp => moved successfully
C:\Windows\SysWOW64\REN59B0.tmp => moved successfully
C:\Windows\SysWOW64\REN46B9.tmp => moved successfully
C:\Users\Kelvin\Downloads\2124.tmp => moved successfully
C:\Windows\SysWOW64\REN79C3.tmp => moved successfully
C:\Windows\SysWOW64\REN89F5.tmp => moved successfully
C:\Users\Kelvin\Downloads\3224.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E25629C-50A6-41A7-A7CC-319D6DE0D773}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E25629C-50A6-41A7-A7CC-319D6DE0D773}" => key removed successfully
C:\Windows\System32\Tasks\{09277848-7C17-4C53-B6E1-36CAAF5B7BC2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09277848-7C17-4C53-B6E1-36CAAF5B7BC2}" => key removed successfully

==== End of Fixlog 12:58:22 ====



System Summary Information attached.



AwdCleaner Log:

# AdwCleaner v5.007 - Logfile created 17/09/2015 at 13:10:04
# Updated 08/09/2015 by Xplode
# Database : 2015-09-15.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Kelvin - KELVIN-XPS
# Running from : C:\Users\Kelvin\Downloads\adwcleaner_5.007.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1022 bytes] ##########



JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 8.1 Pro x64
Ran by Kelvin on 17/09/2015 週四 at 13:22:45.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\SysWOW64\REN3B02.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\REN5FE5.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\REN685E.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\REN7C3F.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\REN8463.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\REN9FA7.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\RENBA1E.tmp



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\thunder network
Successfully deleted: [Folder] C:\Users\Kelvin\Appdata\LocalLow\thunder network
Successfully deleted: [Folder] C:\Users\Public\thunder network



~~~ FireFox

Emptied folder: C:\Users\Kelvin\AppData\Roaming\mozilla\firefox\profiles\1axowso0.default\minidumps [1 files]



~~~ Chrome


[C:\Users\Kelvin\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Kelvin\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Kelvin\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Kelvin\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/09/2015 週四 at 13:54:26.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Computer still looks like the same at this moment and sorry for the late reply.

 

EDIT: Chrome is now working somehow.
 

Attached Files


Edited by CountryGolf, 17 September 2015 - 01:49 AM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 17 September 2015 - 01:50 PM

Greetings,
 

C:\Users\Kelvin\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 <-- Not really sure what it is.

"Translated" from Chinese to English this is what it is:

l Wandaoxianshe ⁲ Yanyangxianqi ⁁ Xitu Shibianyatu ⹴ Tong lao

Make any sense? Also, your System Summary report is in Chinese. Do you have a Chinese version of Windows?

----------

You should only have one Firewall on your computer. I asked for you to uninstall Comodo because of the number of errors related to that program in your log. If you prefer that over Bitdefender you can uninstall Bitdefender, then uninstall and reinstall Comodo.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Tcpip\..\Interfaces\{1CE08DE3-371C-4BE8-9DB7-51C05663E091}: [DhcpNameServer] 198.18.25.229
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 CountryGolf

CountryGolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 19 September 2015 - 04:59 AM

I searched online for the Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦, it looks like a game file for GTA 5 PC, so I guess it's fine?

 

Yes, Windows is installed in Chinese language. Should I change to English and send the System Summary again to you?

 

Fixlog:

 

fixlist content:

*****************
Tcpip\..\Interfaces\{1CE08DE3-371C-4BE8-9DB7-51C05663E091}: [DhcpNameServer] 198.18.25.229
emptytemp:
*****************
 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CE08DE3-371C-4BE8-9DB7-51C05663E091}\\DhcpNameServer => value not found.
EmptyTemp: => 2 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 14:17:14 ====


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 19 September 2015 - 09:04 AM

Hold off on the System Summary in English for now. How is the computer behaving? Any difference?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 CountryGolf

CountryGolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 19 September 2015 - 09:41 AM

Keystrokes Encryption in SpyShelter is still not working even the option is enabled.

And Malwarebytes Anti-Exploit is not protecting any software even enabled. (Also, chrome, ie. adobe reader always crash when I exit the program)



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 19 September 2015 - 01:58 PM

Thank you,

Please do this.

===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 3 in the lower box to Perform only a Deep Scan then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Exporting a Registry Key From the Run Box

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the Run box and press Enter

regedit /e "%userprofile%\desktop\look.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CE08DE3-371C-4BE8-9DB7-51C05663E091}"

  • A look.txt document will be placed on your desktop
  • Copy and past the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Zoek report
  • Look.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 CountryGolf

CountryGolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 20 September 2015 - 12:57 AM

I tried to post the log information, but somehow the forum said I don't have permission to post, 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 20 September 2015 - 02:15 PM

Please attach the files.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 CountryGolf

CountryGolf
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 21 September 2015 - 11:44 AM

Attached.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CE08DE3-371C-4BE8-9DB7-51C05663E091}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"=dword:01e13380
"LeaseObtainedTime"=dword:55facdd7
"T1"=dword:56eb6797
"T2"=dword:579fdae7
"LeaseTerminatesTime"=dword:57dc0157
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpInterfaceOptions"=hex:fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,\
d0,fa,55,2f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,d0,fa,55,2e,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,d0,fa,55,2c,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,66,d0,fa,55,2b,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,66,d0,fa,55,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,\
d0,fa,55,1f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,d0,fa,55,0f,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,d0,fa,55,03,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,66,d0,fa,55,06,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,66,d0,fa,55,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,\
d0,fa,55,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,d0,fa,55,36,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,d0,fa,55,35,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,66,d0,fa,55

Zoek.exe v5.0.0.0 Updated 19-09-2015
Tool run by Kelvin on 20/09/2015 ¶g¤é at 13:15:56.94.
Microsoft Windows 8.1 ±M·~ª© 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Kelvin\Desktop\Photodex\zoek.exe [Scan all users] [Deep Scan]

==== Older Logs ======================

C:\zoek-results2015-09-20-051409.log 83526 bytes

==== Running Processes ======================

C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\CyberGhost 5\Service.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Unchecky\bin\Unchecky_bg.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Users\Kelvin\Desktop\Photodex\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 16345 MB
CPU Info: Intel® Core™ i7-3770 CPU @ 3.40GHz
CPU Speed: 3427.6 MHz
Sound Card: ³â¥z (High Definition Audio ¸Ë |
¼Æ¦ì­µ°T (S/PDIF) (High Definit |
Display Adapters: AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Freedome TAP driver | Freedome TAP driver #2 | Realtek PCIe GBE Family Controller | VirtualBox Host-Only Ethernet Adapter | VMware Virtual Ethernet Adapter for VMnet1 | VMware Virtual Ethernet Adapter for VMnet8
CD / DVD Drives: 1x (H: | ) H: PLDS DVDRWBD DH-12E3S
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 2794.0GB
Hard Disks - Free: C: 1464.0GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | | DELL - 20100118
Time Zone: ¤¤°ê¼Ð·Ç®É¶¡
Motherboard *: Dell Inc. 0NW73C
Country: ­»´ä¯S§O¦æ¬F°Ï
Language: ZHH

==== System Specs (Software) ======================

Anti-Virus: Bitdefender Antivirus On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Bitdefender Antispyware disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Bitdefender Firewall disabled
Default Browser: Google Chrome 45.0.2454.93
Internet Explorer Version: 11.0.9600.18036
Mozilla Firefox version: 40.0.3 (x86 zh-TW)
Google Chrome version: 45.0.2454.93
Adobe Reader version: 15.8.20082.147029
Sun Java version: 1.8.0_60 (32-bit)
Sun Java version: 1.8.0_60 (64-bit)
Flash Player version: 18.0.0.232

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-09-17 12:45:46 0A34066D56D57C0DA73BFFC1E4169FF2 85 ----a-w- C:\Windows\wininit.ini
====== C:\Users\Kelvin\AppData\Local\Temp ====
2015-09-20 03:18:50 68D3EA8E346B632CB8205CA766FFD75A 71168 ----a-w- C:\Users\Kelvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpus18ue.dll
2015-09-19 11:45:26 3CDAF271CFC64DB18F1B6D8BF495EB58 1735000 ----a-w- C:\Users\Kelvin\AppData\Local\Temp\dllnt_dump.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-09-17 06:25:56 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\SysWOW64\REN7142.tmp
2015-09-17 06:24:38 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\SysWOW64\REN419C.tmp
2015-09-09 17:09:54 7A88A2F50CC53DF2DDCA544B4A58F95C 1556992 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2015-09-09 17:09:54 2D2C20DF59F51A8EEA12F3D6DE2E7D9B 1903848 ----a-w- C:\Windows\SysWOW64\msxml6.dll
2015-09-09 17:09:46 F34E095C602E105AAEB5762464A074D8 81920 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2015-09-09 17:09:46 8EBAEAEF19E557506D9C7236281B79F4 124928 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 17:09:46 3EB61DA44BD70A70803CDFFC317C3525 29696 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2015-09-09 17:09:46 0EA1A0514316E500B4B6ABB816DA01DC 721920 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2015-09-09 17:09:45 0C0F9AAF13415DE6C9F73FF7BEF88314 230912 ----a-w- C:\Windows\SysWOW64\InkEd.dll
2015-09-09 17:09:44 FE5CDD0986F845684E866C8A00ABF5B9 749568 ----a-w- C:\Windows\SysWOW64\tdh.dll
2015-09-09 17:09:38 F418F268721B183BB5C42DFA23D9D9C2 359936 ----a-w- C:\Windows\SysWOW64\taskeng.exe
2015-09-09 17:09:38 9FA27757540B4AAD5EDAAEE1E1D33FA9 182784 ----a-w- C:\Windows\SysWOW64\schtasks.exe
2015-09-09 17:09:21 70C34F5CC9B0E51B87C417FB65C120F9 1546752 ----a-w- C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 17:09:20 F3FE4F9CFF9E82DC66963988F8FBC4F1 1097216 ----a-w- C:\Windows\SysWOW64\gdi32.dll
2015-09-09 17:09:20 A81B57D0157AC51C312BADB2D7153252 520192 ----a-w- C:\Windows\SysWOW64\SettingSync.dll
2015-09-09 17:09:20 560120EE098272BF187C9FC470F290FA 2461184 ----a-w- C:\Windows\SysWOW64\authui.dll
2015-09-09 17:09:20 4615D4A2D7990F604130002F48EE0B87 148480 ----a-w- C:\Windows\SysWOW64\shacct.dll
2015-09-09 17:09:03 2EE41D7C3CE1F2574DAF1FA72AD8564B 65600 ----a-w- C:\Windows\SysWOW64\appidapi.dll
2015-09-09 17:08:52 164FE7DB9C7819F2F60A33F9BADD3B99 19856384 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2015-09-09 17:08:49 DA36D4C0F6EF1C3A3FD848BB7A88A728 12857344 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2015-09-09 17:08:47 7FE6E42911FCD9EA43AC111558E794C1 4520448 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2015-09-09 17:08:46 C2CDCD4EFD66AF2DE22EBB1EDAD70A92 2279424 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2015-09-09 17:08:46 9BCDFFECF276DBFB1EC8E2D3DD038E00 1951232 ----a-w- C:\Windows\SysWOW64\wininet.dll
2015-09-09 17:08:46 912A76E83F974A8EE728A109C9905685 504832 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2015-09-09 17:08:46 21FA5416257D628DE9100B22C6F4E011 665600 ----a-w- C:\Windows\SysWOW64\jscript.dll
2015-09-09 17:08:44 DB87011A9EA9E44EB716C472E09921F8 1310720 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2015-09-09 17:08:44 BD197D0865A8C858BB9AB153D5B22EF7 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll
2015-09-09 17:08:44 A030A4D208BB0FEA97702F56A75CE7D2 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 17:08:44 59C13F923C30AE909129C1B28139E32B 327168 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 17:08:44 12051337325500C8E68ADDE4E3706908 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 17:08:43 97B61B2A69D381FB4B354A742D77438A 880128 ----a-w- C:\Windows\SysWOW64\inetcomm.dll
2015-09-09 17:08:43 7282DBD37A639459F907B8C9307D1041 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 17:08:36 F1BB02F06DF4A6D37508A65E0A2EE881 301568 ----a-w- C:\Windows\SysWOW64\atmfd.dll
2015-09-09 17:08:36 78FE64758E3396A13EE8CBE0EF435B32 35840 ----a-w- C:\Windows\SysWOW64\atmlib.dll
2015-09-06 12:59:57 A54F0041A9E15B050F25C463F1DB7449 4 ----a-w- C:\Windows\SysWOW64\ppa_service.rc
2015-09-06 12:59:57 4B4F16CBB54EE6AA420D1D595C90A77C 42496 ----a-w- C:\Windows\SysWOW64\ppa_service.dll
2015-09-06 12:59:57 2CCF58FA69C094E4685E03B91ABFDFC4 368 ----a-w- C:\Windows\SysWOW64\ppa_service.dat
2015-09-06 12:59:57 1F3B07D4BB7F1E0D00D8BC94EBD76D0E 142848 ----a-w- C:\Windows\SysWOW64\ppa_service.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-09-17 06:11:43 3087139B9F3651E57C20FD4B89D55C3E 38912 ----a-w- C:\Windows\Sysnative\SpyShelterShellExt.dll
2015-09-17 06:06:54 16867209706D0098F870BD1FC7973F78 5258240 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2015-09-09 17:09:54 C2840E77C27B5F90F60F5C3CAE8787A7 2531400 ----a-w- C:\Windows\Sysnative\msxml6.dll
2015-09-09 17:09:54 54FCD2135049B5121BD8879E220E773A 2345472 ----a-w- C:\Windows\Sysnative\msxml3.dll
2015-09-09 17:09:52 3F726FF7B1ACC7D5E89940EA5BFF0E61 3705344 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2015-09-09 17:09:47 B4EAB9C15967EBD6E4569734892176D4 136904 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2015-09-09 17:09:47 57220D51A2650FEB323AA9E639714E4B 2240512 ----a-w- C:\Windows\Sysnative\wucltux.dll
2015-09-09 17:09:46 F3F53766701AB4B894DDB4F78D53321D 140288 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2015-09-09 17:09:46 7AB01F304D40674D37CB7E7E8891B429 409088 ----a-w- C:\Windows\Sysnative\WUSettingsProvider.dll
2015-09-09 17:09:46 604010F2534A39FF7E043236FE296BA3 95744 ----a-w- C:\Windows\Sysnative\wudriver.dll
2015-09-09 17:09:46 5AD59ABE70AB621386E6E23A5EE221D1 35840 ----a-w- C:\Windows\Sysnative\wuapp.exe
2015-09-09 17:09:46 5106BAC2B4547B26C4B3A974615D2585 891904 ----a-w- C:\Windows\Sysnative\wuapi.dll
2015-09-09 17:09:45 5AA5D3EE2A87385B6E567D6B48B13A84 268288 ----a-w- C:\Windows\Sysnative\InkEd.dll
2015-09-09 17:09:44 D6457C727572BF4E4189FE04CD49A589 951296 ----a-w- C:\Windows\Sysnative\tdh.dll
2015-09-09 17:09:44 484E3AD4E215A7850B4197A4A6D97134 41984 ----a-w- C:\Windows\Sysnative\UtcResources.dll
2015-09-09 17:09:44 21EDAD8188372C912B7BB9B1C6CB0D38 1633792 ----a-w- C:\Windows\Sysnative\diagtrack.dll
2015-09-09 17:09:44 08079E76DD10DDEC6FA4F92AFF1CD38D 118616 ----a-w- C:\Windows\Sysnative\consent.exe
2015-09-09 17:09:38 E559586B7EA3E1902E6C123098BDBE5B 2819072 ----a-w- C:\Windows\Sysnative\SettingsHandlers.dll
2015-09-09 17:09:38 A21AC8D41E63CF1AA24EBC165AE82C9A 468992 ----a-w- C:\Windows\Sysnative\taskeng.exe
2015-09-09 17:09:38 3151A020E03DDE31AAC49F35C5EFB4DB 1265152 ----a-w- C:\Windows\Sysnative\schedsvc.dll
2015-09-09 17:09:38 2E9E198247BF0E9BD94B42286798A5AC 229376 ----a-w- C:\Windows\Sysnative\schtasks.exe
2015-09-09 17:09:24 C437FBED45D3F2AEBA19CA3A9BA2348D 411455 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml
2015-09-09 17:09:21 FA3A2F366A8D4A2BFE2FBD6BF99D8BD2 2775552 ----a-w- C:\Windows\Sysnative\authui.dll
2015-09-09 17:09:21 D29E5AA3BDB179B68BB80918008B6D55 655872 ----a-w- C:\Windows\Sysnative\SettingSync.dll
2015-09-09 17:09:21 3D50654EB342ED42EDA48F4CD8EF82B1 1728000 ----a-w- C:\Windows\Sysnative\Windows.UI.Immersive.dll
2015-09-09 17:09:20 F5A987C9AE37B5A0E596FD6C61B2786E 194048 ----a-w- C:\Windows\Sysnative\shacct.dll
2015-09-09 17:09:20 6E409D818C6B342544EAE741B1422B85 228864 ----a-w- C:\Windows\Sysnative\profsvc.dll
2015-09-09 17:09:20 1BC82B720076C30643CB04AAEE649A79 1380056 ----a-w- C:\Windows\Sysnative\gdi32.dll
2015-09-09 17:09:18 D2B6D2C64B74277FC27756F9C02FFB5F 63488 ----a-w- C:\Windows\Sysnative\tzsync.exe
2015-09-09 17:09:03 88358135810B9DFD830A9D3A8C3D149A 39936 ----a-w- C:\Windows\Sysnative\appidsvc.dll
2015-09-09 17:09:03 3F44A679845792E68F1A6FDA59309E92 74928 ----a-w- C:\Windows\Sysnative\appidapi.dll
2015-09-09 17:08:52 B73856CE663B16B980D635922B6A5EA6 25188352 ----a-w- C:\Windows\Sysnative\mshtml.dll
2015-09-09 17:08:51 06A02C37847A859E10EACE1A9032387C 14451712 ----a-w- C:\Windows\Sysnative\ieframe.dll
2015-09-09 17:08:48 13FAD8FFBB0E85761B42594FDAE425F7 5923840 ----a-w- C:\Windows\Sysnative\jscript9.dll
2015-09-09 17:08:47 CC4D00C985EC6E0F67EE3CF69FABAC4B 2886144 ----a-w- C:\Windows\Sysnative\iertutil.dll
2015-09-09 17:08:47 096A832FCF5A01003E96DD7FEE45618D 2427392 ----a-w- C:\Windows\Sysnative\wininet.dll
2015-09-09 17:08:46 F6EA92A7954C4BE5916BD791F1B2FA3F 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2015-09-09 17:08:46 9D7B2EBCE72DBF36A8B502ED7FF230A7 817664 ----a-w- C:\Windows\Sysnative\jscript.dll
2015-09-09 17:08:46 1F3DBB57E9EAC4E4BDD4DD523EEAC701 1545728 ----a-w- C:\Windows\Sysnative\urlmon.dll
2015-09-09 17:08:45 C3BBD7A0B4E8E4208E8C88D9D4D0E835 585216 ----a-w- C:\Windows\Sysnative\vbscript.dll
2015-09-09 17:08:45 2ED806192EEB92E963B30B250F946C04 374784 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2015-09-09 17:08:44 F5886DC6A5386A1EC938C93A40554C15 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2015-09-09 17:08:44 C5760EA4180AD13CF49F04D2E806DE8F 1032704 ----a-w- C:\Windows\Sysnative\inetcomm.dll
2015-09-09 17:08:44 B0ED8AEF452E9294E73C0C70BD301A4F 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll
2015-09-09 17:08:44 504D90662FEFEF8EA6E19BFE5C10229C 2126336 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2015-09-09 17:08:43 FCE64E50B3E81A69C1CA767015AA1917 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2015-09-09 17:08:37 452F2B00E71FB1B216957539D15F3159 4175872 ----a-w- C:\Windows\Sysnative\win32k.sys
2015-09-09 17:08:36 BB13532E840F4B6842E789DDA8382FE2 358912 ----a-w- C:\Windows\Sysnative\atmfd.dll
2015-09-09 17:08:36 447B30071910564528542F80343C74CB 44032 ----a-w- C:\Windows\Sysnative\atmlib.dll
====== C:\Windows\Sysnative\drivers =====
2015-09-17 12:49:47 3701D3BF4AC12EAACB1F58847C1D32FC 23568 ----a-w- C:\Windows\Sysnative\drivers\bdelam.sys
2015-09-17 12:49:29 F7F20DFE87C425221D8FCE77C5ED46AC 79192 ----a-w- C:\Windows\Sysnative\drivers\bdvedisk.sys
2015-09-17 12:49:25 A692B4E9773CD0BDCE99DEEB0AB5D3AC 271272 ----a-w- C:\Windows\Sysnative\drivers\avchv.sys
2015-09-17 12:49:25 1B25E559C0AE349206641C9DED74D02F 747120 ----a-w- C:\Windows\Sysnative\drivers\avckf.sys
2015-09-17 12:49:24 9845EF176613C9E325A1CA4B40925F69 1369288 ----a-w- C:\Windows\Sysnative\drivers\avc3.sys
2015-09-17 12:49:17 0B8E8933A6C6B9FE1332072DBFC82620 246040 ----a-w- C:\Windows\Sysnative\drivers\ignis.sys
2015-09-17 12:47:28 FE3D70DE933A481284FCE7D5DB5DCE50 477272 ----a-w- C:\Windows\Sysnative\drivers\trufos.sys
2015-09-17 12:47:28 06BFA49C4D999E93E214DB4E8044DE0B 160032 ----a-w- C:\Windows\Sysnative\drivers\gzflt.sys
2015-09-17 08:47:33 9C3AC71A9934B884FAC567A8807E9C4D 31800 ----a-w- C:\Windows\Sysnative\drivers\revoflt.sys
2015-09-17 07:28:34 ADC443CC21A1685B810C6E8F8959B37E 43664 ----a-w- C:\Windows\Sysnative\drivers\hitmanpro37.sys
2015-09-09 17:09:25 FEA8FC81431AD93F44D5FBFBBF096AA7 118272 -c--a-w- C:\Windows\Sysnative\drivers\bthpan.sys
====== C:\Windows\Tasks ======
2015-09-06 05:43:23 15445A66876E00D81A1935BE5F24D1E4 3414 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater
2015-09-06 05:43:23 122A0F4080B36340BB2FCCC1C05D8B5A 526 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-09-19 11:45:07 -------- d-----w- C:\Program Files\RogueKiller
2015-09-17 12:07:01 -------- d-----w- C:\Program Files\Bitdefender Agent
2015-09-17 08:47:30 -------- d-----w- C:\Program Files\VS Revo Group
======= C:\PROGRA~2 =====
2015-09-19 11:51:27 -------- d-----w- C:\PROGRA~2\Unchecky
2015-09-13 16:06:44 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2015-09-13 16:06:42 -------- d-----r- C:\PROGRA~2\Skype
2015-09-07 17:04:43 -------- d-----w- C:\PROGRA~2\Passcape
2015-09-06 12:53:34 -------- d-----w- C:\PROGRA~2\Elcomsoft Password Recovery
2015-09-06 04:01:47 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service
2015-09-06 03:17:43 -------- d-----w- C:\PROGRA~2\Evernote
2015-09-02 04:05:39 -------- d-----w- C:\PROGRA~2\F-Secure
2015-08-29 04:51:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Kelvin\AppData\Roaming ======
2015-09-19 06:20:42 54F005750EFC0CD3DA4F3FE61047116B 319232 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2015-09-19 04:04:44 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-17 12:49:10 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\Bitdefender
2015-09-17 08:47:44 -------- d-----w- C:\Users\Kelvin\AppData\Local\VS Revo Group
2015-09-08 17:12:45 -------- d-----w- C:\Users\Default\AppData\Roaming\Sun
2015-09-08 17:12:45 -------- d-----w- C:\Users\Default User\AppData\Roaming\Sun
2015-09-07 17:04:46 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Password Recovery
2015-09-03 12:33:56 -------- d-----w- C:\Users\sol\AppData\Roaming\Sun
2015-08-29 04:50:47 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\Sun
====== C:\Users\Kelvin ======
2015-09-19 11:51:29 -------- d-----w- C:\ProgramData\Unchecky
2015-09-19 11:51:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-09-19 11:48:58 435818762F84C20091DCFEB7732314B3 1078576 ----a-w- C:\Users\Kelvin\Downloads\unchecky_setup.exe
2015-09-19 11:47:10 7254B19C4F59D2DC49AFFDCEDC4E4A00 2865192 ----a-w- C:\Users\Kelvin\Downloads\mbae-setup-1.07.1.1015 (1).exe
2015-09-19 11:45:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-09-19 11:43:37 2D500D96C3756E98F0506E601E528795 24671336 ----a-w- C:\Users\Kelvin\Downloads\setup.exe
2015-09-17 13:10:25 33DD127B85DB2B741367FB7F0229C363 24589 ----a-w- C:\ProgramData\1442495418.bdinstall.bin
2015-09-17 13:09:42 AEF86BA208C05C967CA48A2C0A4E7B06 24590 ----a-w- C:\ProgramData\1442495374.bdinstall.bin
2015-09-17 13:08:28 CFDC287593B697973A1569B3E29BE46A 7211024 ----a-w- C:\Users\Kelvin\Downloads\bitdefender_windows_60dae26d-2806-4742-a379-1a772ee17441.exe
2015-09-17 12:50:44 C77784709A32E89C3EA8130CAE5A763C 399289 ----a-w- C:\ProgramData\1442494032.bdinstall.bin
2015-09-17 12:50:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2015-09-17 12:07:01 -------- d-----w- C:\ProgramData\Bitdefender Agent
2015-09-17 08:55:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-09-17 08:47:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-09-17 08:47:33 -------- d-----w- C:\ProgramData\VS Revo Group
2015-09-17 08:46:20 F0D0DD8E42BEBA742C65FF479FE99C8D 11069616 ----a-w- C:\Users\Kelvin\Downloads\RevoUninProSetup.exe
2015-09-17 07:25:26 924DD65B7B66D0785B1FCC25DFB6D568 4079264 ----a-w- C:\Users\Kelvin\Downloads\hmpalert3.exe
2015-09-17 06:32:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter
2015-09-17 06:29:26 7D3D138603BC448A06BB35AC79FEECF9 7807816 ----a-w- C:\Users\Kelvin\Downloads\SpyShelter_Firewall_10.0.0_setup_azo.exe
2015-09-17 06:09:28 BCC76EACAEB0A39E3DF7484F1B9FE50D 7690928 ----a-w- C:\Users\Kelvin\Downloads\fwsetup.exe
2015-09-17 05:05:13 04802BA4B84A5F1767E2FDA37F1CBD4C 1798976 ----a-w- C:\Users\Kelvin\Downloads\JRT.exe
2015-09-17 04:55:09 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Kelvin\Downloads\revosetup.exe
2015-09-13 16:06:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-09 02:48:37 -------- d-----w- C:\Users\Kelvin\.zenmap
2015-09-08 17:12:43 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\.oracle_jre_usage
2015-09-06 12:53:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2015-09-06 12:53:31 -------- d-----w- C:\ProgramData\Elcomsoft Password Recovery
2015-09-06 05:43:09 7254B19C4F59D2DC49AFFDCEDC4E4A00 2865192 ----a-w- C:\Users\Kelvin\Downloads\mbae-setup-1.07.1.1015.exe
2015-09-06 03:18:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-09-05 16:13:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-03 12:33:54 -------- d-----w- C:\Users\sol\.oracle_jre_usage
2015-09-02 15:10:12 -------- d-----w- C:\Windows\serviceprofiles\Localservice\winhttp
2015-09-02 04:06:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedome
2015-08-29 04:50:46 -------- d-----w- C:\Users\Kelvin\.oracle_jre_usage

====== C: exe-files ==
2015-09-19 11:51:28 4E41F80AE740CEE1E1F7B47A3A2CB98C 429304 ----a-w- C:\Program Files (x86)\Unchecky\uninstall.exe
2015-09-19 11:51:27 E7836D47A1C4C15057C396F4E37ABB38 1595640 ----a-w- C:\Program Files (x86)\Unchecky\unchecky.exe
2015-09-19 11:51:27 D29C0DC460F6845833642F916818AAFC 163576 ----a-w- C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
2015-09-19 11:51:27 4DE85CCAD1993358F02B39462159B0A0 401656 ----a-w- C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
2015-09-19 11:45:09 57BA00C2C52376B09393F1200513D374 7345736 ----a-w- C:\Program Files\RogueKiller\RogueKillerCMD.exe
2015-09-19 11:45:09 139ECE274A8A7A8A3F7D5F98A77E41DB 11773512 ----a-w- C:\Program Files\RogueKiller\Updater.exe
2015-09-19 11:45:07 F57611F2D27BE7239C95D80738334AA4 714312 ----a-w- C:\Program Files\RogueKiller\unins000.exe
2015-09-19 11:45:07 CBFF0138B18C0C5A6AD77A1646CE694A 22728776 ----a-w- C:\Program Files\RogueKiller\RogueKiller.exe
2015-09-17 13:41:54 9E919FC6F2B5ED86E4726697136B3F5F 1072720 ----a-w- C:\Program Files (x86)\Google\Update\Install\{62C2BB59-3B96-4BB2-B897-D264CAA90EFB}\45.0.2454.93_45.0.2454.85_chrome_updater.exe
2015-09-17 13:41:54 9E919FC6F2B5ED86E4726697136B3F5F 1072720 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.93\45.0.2454.93_45.0.2454.85_chrome_updater.exe
2015-09-17 12:49:46 F6754839A54834B8AC5CA9C891047860 307864 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\wscfix.exe
2015-09-17 12:49:46 2490323DD9C450FF35E99FA359C7B265 1565976 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
2015-09-17 12:49:46 1040F78B6FE862142ABE3CE46436AFD9 87408 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
2015-09-17 12:49:40 914C0436D373C4D1CB64B342F7FA0BF4 146864 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\support\tools\sysdump.exe
2015-09-17 12:49:40 5D0AF40699F1FF46557D0CA3831EEDFA 675520 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\supporttool.exe
2015-09-17 12:49:40 51F3C09DD600DD4317B1B73F945D0223 26144 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\st_launcher.exe
2015-09-17 12:49:37 36AFC08FC79337C92B87930BC1EC1F94 52304 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\signcheck.exe
2015-09-17 12:49:36 E64386FDE13D0B23C95036667556BBD4 1428968 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\seccenter.exe
2015-09-17 12:49:36 A17D6E23CFF8021D4FC772857CFDCAA7 275368 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\savesettings.exe
2015-09-17 12:49:35 1B26AF8B65BBA61A52E4C5FB00EF3E77 967504 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\productcfg.exe
2015-09-17 12:49:33 EF1960F75E022EAEDC4BCA9D021C4146 938664 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\odscanui.exe
2015-09-17 12:49:33 CFE148AFC9C1326B6E74180B967E9660 816648 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\odsw.exe
2015-09-17 12:49:33 AD92253DF1CDF2CA269016735BFDD215 653896 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\odslv.exe
2015-09-17 12:49:32 E74032D5C5B015A27B0EBB475BD43BF8 43136 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\nativeauth.exe
2015-09-17 12:49:32 B5F2FEE146D6E86823969CA82C0C9B97 607016 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\integratedsupport.exe
2015-09-17 12:49:32 3320073D3DAC237087CC8944200E0D17 27168 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\mitm_install_tool.exe
2015-09-17 12:49:31 C4358CABF54BCB880510B567ED3DFFE5 321176 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\installer\installer.exe
2015-09-17 12:49:31 B8AF968936A2F0108B314782B3AA7365 1140056 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\installer\genptch.exe
2015-09-17 12:49:30 EFD70EFF466215678ACC6797056AE630 434000 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\downloader.exe
2015-09-17 12:49:30 E393E286624EC0067249C206B7ECFC16 36968 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxieimp.exe
2015-09-17 12:49:30 A5940A8E47AA83924AB92273EAFB840B 216640 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\ejectcdtray.exe
2015-09-17 12:49:30 5D2970CB93F8A16044D7CAF0297DE107 392288 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bootlauncher.exe
2015-09-17 12:49:30 5819F4FCD692259539D8CE03E6DA6492 208400 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\certutil.exe
2015-09-17 12:49:30 0907724076039FC2578EE40B4A1F4CCF 972184 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bootoptimizer.exe
2015-09-17 12:49:29 CEA6B70D0FB030952CBDC43332215FA2 723400 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxffimp.exe
2015-09-17 12:49:29 8A9D2C708FA38B5E950C99FB6F305F85 1411976 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
2015-09-17 12:49:29 58FB97682B0BDB86E0A6302D661209A2 1340888 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcon.exe
2015-09-17 12:49:29 4BCB60E939823D5CFF716B131DC2D108 356744 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe
2015-09-17 12:49:28 FCD3E33E6823E4578A94D54874C594BC 30264 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdtkexec.exe
2015-09-17 12:49:28 CDF8AAE4912E89EEF904B23E28797094 1238424 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdtpwiz.exe
2015-09-17 12:49:27 C9A759F46E5B830C9D210CBB06769A9F 846512 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdsubwiz.exe
2015-09-17 12:49:27 496C863D272253D38FB17006F053A95B 380440 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdreinit.exe
2015-09-17 12:49:26 C521027256C7B31DA5389FA528581D95 34896 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdlaunch.exe
2015-09-17 12:49:26 6DEE1455A5C56F3804F35657724473B7 1147808 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdfvwiz.exe
2015-09-17 12:49:25 E9E5C947309D83D27E84C778F20FDE4C 780592 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdfvcl.exe
2015-09-17 12:49:25 A0B510554A44B259EB238D70CFFA8643 84824 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\avchvinst.exe
2015-09-17 12:49:25 509609CDFA67C56A1E7E2FA1DB47D31F 25120 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\avinfo.exe
2015-09-17 12:49:25 29DC1CCAFD8285BF0ABF7CACB7690B26 1677704 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
2015-09-17 12:49:24 7BAC919EA9F034DBF3DD38D0097C5904 21504 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\atkblayout.exe
2015-09-17 12:49:23 C1F85775DDA836B0A0FB99849295F0DD 286680 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\obkagent.exe
2015-09-17 12:49:23 576ED54795D66582B18A3E43513B8823 804800 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\obkch.exe
2015-09-17 12:49:21 09DA2799D7ECD1FE6241BED92F236E4B 3118144 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\obk.exe
2015-09-17 12:49:20 EB1C4D164AC1C6B94A7B77834B31E1AC 319664 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdreinit.exe
2015-09-17 12:49:20 80224B0821D46B4FD92196C6CDDE7DEB 901608 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdsubwiz.exe
2015-09-17 12:49:20 279648118887416B242DA24A6196893D 583856 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwtxffimp.exe
2015-09-17 12:49:20 00053FA3EFF80CD3C2275448FF1D9E27 277416 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwtxapps.exe
2015-09-17 12:49:19 C705E6C5CC740D417616F8758234F69A 906776 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdfvcl.exe
2015-09-17 12:49:19 9A5E8745013F6132A666261301D4FA45 47256 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\agentcontroller.exe
2015-09-17 12:49:18 3AB5835185C3B8D3AE739606A861653F 585416 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\about.exe
2015-09-17 12:49:17 B8AF9F0424F32BF856547FE1432E2C56 71248 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\setloadorder.exe
2015-09-17 12:49:12 BC72EEA3B04E302EF6ED6D718E8D297A 74000 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\driverctrl.exe
2015-09-17 12:49:12 40AE67FF0E16D4AF1E58449938131F2B 50768 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\deloeminfs.exe
2015-09-17 12:48:58 A2258F60781619C26F29959608811E51 85384 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\bdrescue\bdrinstall.exe
2015-09-17 12:47:37 C1F3FE6AF61F4ADC31CBF56129682C53 51376 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\gc.exe
2015-09-17 12:47:11 DFB7B2969ACB4E1C83A5750D2BCE4242 330784 ------w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\bd_w8_systemfolder.exe
2015-09-17 12:47:11 5BE97BE813A159C122FC6E875AA254B2 367136 ------w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\bd_w8_commonfilesfolder.exe
2015-09-17 12:47:11 12655D1F81C3FADBF7E6CF65C2966324 611640 ------w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\bd_w8_programfilesfolder.exe
2015-09-17 12:47:10 E5F759F7B678E958FCB757494D363E57 460544 ------w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\bd_systemfolder.exe
2015-09-17 12:47:10 A42F25A891532163F409F4667BE4711C 4278704 ------w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\bd_localization.exe
2015-09-17 12:47:10 4A550E55CAE32897B108E6E389EBB243 306552 ------w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\bd_localization_appdata.exe
2015-09-17 12:47:09 0EE8E6D5BE2A4F3323E0718F1D842877 13318064 ------w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\bd_commonfilesfolder.exe
2015-09-17 12:47:08 BEA23634BD9D142D2F8967493A1CE899 7961120 ------w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\threatscanner.exe
2015-09-17 12:47:08 570FBFBBD6A516AAE1A7C512BD90CE94 91789248 ------w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\bd_programfilesfolder.exe
2015-09-17 12:47:08 5529453AA03F801055C2F59BC81515A8 601304 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\antiphishing.exe
2015-09-17 12:47:07 0CD8634C71DAF6242A11B9D5E541CD79 139695400 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\pluginsx64.exe
2015-09-17 12:47:06 31FD0C5A0928BFA7DDE28F25ECFBAFA0 60624848 ------w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\bdrescue.exe
2015-09-17 12:47:06 238CB871076D32EB16A4AC3F04260A6A 568912 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\setuplauncher.exe
2015-09-17 12:47:05 921516A3E10A2489E4629C00CB9ADB6E 586416 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\installer.exe
2015-09-17 12:07:06 FCCCF22675271D134421E53994B95286 510720 ----a-w- C:\Program Files\Bitdefender Agent\installer\installer.exe
2015-09-17 12:07:05 DEFEE31B72749FBB03DFF793AF006FFA 5115416 ----a-w- C:\Program Files\Bitdefender Agent\installer\agentpackage.exe
2015-09-17 12:07:02 72C137C9E14DE8C4233C1DD6075AA076 823840 ----a-w- C:\Program Files\Bitdefender Agent\ProductAgentService.exe
2015-09-17 12:07:02 2F2E2268605E508696639E305A01296F 1025184 ----a-w- C:\Program Files\Bitdefender Agent\ProductAgentUI.exe
2015-09-17 12:07:01 EB1C4D164AC1C6B94A7B77834B31E1AC 319664 ----a-w- C:\Program Files\Bitdefender Agent\bdreinit.exe
2015-09-17 12:07:01 C206277572803A155C17D12F36659D93 2865800 ----a-w- C:\Program Files\Bitdefender Agent\BDSubWiz.exe
2015-09-17 08:47:33 C1E5BFBDAB6B3439BBF3E8CDADD4A4A9 3689000 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe
2015-09-17 08:47:33 04EFED15350A230218D3884C95C1931F 7151696 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe
2015-09-17 08:47:32 7F3B3ABA994FBFCC90FF8FED64111CDB 81360 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoCmd.exe
2015-09-17 08:47:31 F3E59ABD3B54A71BEE309488FC9EBCB4 16403488 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
2015-09-17 08:47:30 5B6AC5186FB9EEC654C96E5FEE3D5034 1262083 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe
2015-09-17 06:32:23 F66F76FAB54700C00056071D24E85344 45056 ----a-w- C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe
2015-09-17 06:32:21 C82220A88C35F6E5260222C97D2901C9 1177952 ----a-w- C:\Program Files (x86)\SpyShelter Firewall\unins000.exe
2015-09-17 06:26:16 690AF437F5510F75826D2FAA558A5302 10372696 ----a-w- C:\$Windows.~BT\Sources\setupprep.exe
2015-09-17 06:25:01 F52607E7F53DA8FE1C4A3C1F11CE2AE7 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\java-rmi.exe
2015-09-17 06:25:01 F3D19B026E09B8150D9FF40D537C8F2A 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmid.exe
2015-09-17 06:25:01 EF442149A0502661D49628A66A69F33C 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\policytool.exe
2015-09-17 06:25:01 E7ABC6445E6A2F1EDE5F8BB082ECEEA1 30304 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jabswitch.exe
2015-09-17 06:25:01 D50189686D9D144CB4EC807652640FC0 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\ktab.exe
2015-09-17 06:25:01 C4B3393396204E759E6EDFF92A9CAA50 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\tnameserv.exe
2015-09-17 06:25:01 BC66611222047778694C7650B7814978 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javacpl.exe
2015-09-17 06:25:01 B5AA17A9ACE57080909B9CB47CD74C39 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\kinit.exe
2015-09-17 06:25:01 A4D1AC4078F1A819ECECC546F64907A1 190560 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\java.exe
2015-09-17 06:25:01 9A474C07C5242EF2AE12FF6BF387F334 273504 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
2015-09-17 06:25:01 8B09EF707CE0895D5478300CC2CE90DB 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmiregistry.exe
2015-09-17 06:25:01 8516D08420A7AB22A9B722FAF631E320 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssvagent.exe
2015-09-17 06:25:01 76BD4372DD5C5A316F64D562C2404BF8 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\orbd.exe
2015-09-17 06:25:01 6790CB3F51E280A2A3EEAA3C5BD58EFF 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\keytool.exe
2015-09-17 06:25:01 5E1561548895218973EB5C833D96BD60 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
2015-09-17 06:25:01 56C175D9B0D7EE7D1DA92B8D8A12772A 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\servertool.exe
2015-09-17 06:25:01 547F9D4CB6FAAC8E941F1689D5555CDB 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jjs.exe
2015-09-17 06:25:01 4E022C0940633A9538892CB26B65BD0D 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe
2015-09-17 06:25:01 46AD9258E9B6EA56AFC8723CEFDF8425 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\pack200.exe
2015-09-17 06:25:01 235015745A6A6FE26BCDA8F227C9132B 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\klist.exe
2015-09-17 06:25:01 0CFCEE90C8711D4DEAD9EC7046918A45 77920 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2launcher.exe
2015-09-15 17:36:13 FAC17E42199598C0352B9F5DC2EFFC85 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe
2015-09-15 17:36:13 77352A5A0833B1CA3B771148DA535CB6 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateWebPlugin.exe
2015-09-15 17:36:13 61A77DDEF5E8D85E8B0955C4E5127B39 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateBroker.exe
2015-09-15 17:36:12 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateSetup.exe
2015-09-15 17:36:11 E337785DA1958E9AB02DDB2369EF46E8 307016 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
2015-09-15 17:36:11 BFDCC0375C492C524E78647CEED3F77D 130888 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateComRegisterShell64.exe
2015-09-15 17:36:11 A72BB48D9014A7D7C05F02F595F52D60 245576 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
2015-09-15 17:36:11 053EEEE1ABAE53F044F1E386E22AE525 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdate.exe
2015-09-15 17:36:04 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files (x86)\Google\Update\Install\{868DF164-EEFF-4AB3-981E-EF46BFE9B0AE}\GoogleUpdateSetup.exe
2015-09-15 17:36:04 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.15\GoogleUpdateSetup.exe
=== C: other files ==
2015-09-17 12:49:47 3701D3BF4AC12EAACB1F58847C1D32FC 23568 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdelam.sys
2015-09-17 12:49:31 06BFA49C4D999E93E214DB4E8044DE0B 160032 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\gzflt.sys
2015-09-17 12:49:29 F7F20DFE87C425221D8FCE77C5ED46AC 79192 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdvedisk.sys
2015-09-17 12:49:29 67B520F8D5B60B60086D7CAF8640D002 36279 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\bdwtecr.crx
2015-09-17 12:49:25 A692B4E9773CD0BDCE99DEEB0AB5D3AC 271272 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\avchv.sys
2015-09-17 12:49:25 1B25E559C0AE349206641C9DED74D02F 747120 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\avckf.sys
2015-09-17 12:49:24 9845EF176613C9E325A1CA4B40925F69 1369288 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2016\avc3.sys
2015-09-17 12:49:17 0B8E8933A6C6B9FE1332072DBFC82620 246040 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\ignis.sys
2015-09-17 12:49:12 92BB54D75E76E9B69F9D7F271F0B6FCB 120704 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
2015-09-17 12:49:12 923E8216382E2F64EC8AADBA3C2CFFEE 107008 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
2015-09-17 12:47:06 FE3D70DE933A481284FCE7D5DB5DCE50 477272 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\trufos.sys
2015-09-17 12:47:05 06BFA49C4D999E93E214DB4E8044DE0B 160032 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\gzflt.sys
2015-09-17 08:59:11 A9CF2C6CB4A83ACB3CF58C333879ABA0 187464 ----a-w- C:\Program Files\Sandboxie\SbieDrv.sys
2015-09-17 08:47:34 9C41DE96339224A51AB950A3E74FBDA4 28 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\reg_lp.bat
2015-09-17 08:47:33 9C3AC71A9934B884FAC567A8807E9C4D 31800 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\revoflt.sys
2015-09-17 06:25:01 5F7B14A65C88D4AEB0E3DF49C6A0941F 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\ffjcext.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1007175641-4112103539-228326237-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"
"Dropbox Update"="C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"Octoshape Streaming Services"="C:\Users\Kelvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe -inv:bootrun"
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"vmware-tray.exe"="C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"FreedomeAutoStart"="C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe -m"
"Malwarebytes Anti-Exploit"="C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"
"Dropbox Update"="C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"Octoshape Streaming Services"="C:\Users\Kelvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe -inv:bootrun"
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrashPlanTray"="C:\Program Files\CrashPlan\CrashPlanTray.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Bdagent"="C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]


==== Startup Folders ======================

2015-03-11 10:56:13 1190 ----a-w- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2015-08-16 17:52:51 1143 ----a-w- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
2015-09-05 16:08:46 1128 ----a-w- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
2015-01-03 10:27:48 1181 ----a-w- C:\Users\sol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2015-01-03 11:06:27 2079 ----a-w- C:\Users\sol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HMA Pro VPN 2.0.lnk
2015-05-08 04:53:28 2122 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [06/09/2015 13:43]
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001Core.job --a-------- C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [20/05/2015 11:57]
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001Core1d0c22b982743b1.job --a-------- C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [20/05/2015 11:57]
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001UA.job --a-------- C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [20/05/2015 11:57]
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001UA1d0c22b9abb7456.job --a-------- [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 11:31]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 11:31]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8" [C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001Core" [C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001Core1d0c22b982743b1" [C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001UA" [C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1007175641-4112103539-228326237-1001UA1d0c22b9abb7456" [C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Private Internet Access Startup" ["C:\Program Files\pia_manager\pia_manager.exe"]
"C:\Windows\SysNative\tasks\{47DB90E5-3AEC-4786-8E83-D6E1EEADC943}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"bdwteff@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff" [11/09/2015 20:24]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"bdwteff@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff" [11/09/2015 20:24]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\1axowso0.default
- HTTPS-Everywhere - %ProfilePath%\extensions\https-everywhere@eff.org
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\1axowso0.default
EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash
06DBB13F22F34314D8FB57D1139EBB67 - C:\Users\Kelvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
DDC4B753983AF90EEDA7360C16D4D39A - C:\Users\Kelvin\AppData\Roaming\Mozilla\plugins\npoctoshape.dll - Octoshape Streaming Services


==== Chromium Look ======================

Google Chrome Version: 45.0.2454.93

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dhhejlifdlcgcmogbggeomfodgklfaem - No path found[]
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
hdokiejnpimakedhajhdlcegeplioahd - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

User-Agent Switcher for Chrome - Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg
Photo Zoom for Facebook - Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi
EditThisCookie - Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
HTTPS Everywhere - Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp
AdBlock - Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
TinEye Reverse Image Search - Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl
LastPass - Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Google Drive App Launcher - Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Flashcontrol - Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
Chrome Web Store Payments - Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Privacy Badger - Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp
Adobe Acrobat - Create PDF - sol\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
Bitdefender Wallet - sol\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih
AdBlock - sol\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
LastPass - sol\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Google Drive App Launcher - sol\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Chrome Web Store Payments - sol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [FreedomeAutoStart] "C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe" -m
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Kelvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe"
O4 - Startup: Dropbox.lnk = Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O8 - Extra context menu item: LastPass - file://C:\Users\Kelvin\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass ªí³æ¦Û°Ê¶ñ¼g - file://C:\Users\Kelvin\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Â^¨ú URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Â^¨ú¼v¹³ - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Â^¨ú®ÑÅÒ - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Â^¨ú¦¹­¶­± - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Â^¨ú¿ï¨ú¶µ¥Ø - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: ·s°O¨Æ - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.KELVIN-XPS
O15 - Trusted Zone: http://*.localhost
O15 - Trusted Zone: http://*.taobao.com
O15 - ESC Trusted Zone: http://*.KELVIN-XPS
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFE0E259-5755-4305-9D7B-AFF10C70A059}: NameServer = 192.168.0.16
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {4A40A47A-2A54-48BE-A5C9-1098175C6C6C} - (no file)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\AppReadiness.dll,-1000 (AppReadiness) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\appxdeploymentserver.dll,-1 (AppXSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Bonjour ªA°È (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%windir%\system32\bisrv.dll,-100 (BrokerInfrastructure) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\BthHFSrv.dll,-103 (BthHFSrv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: CrashPlan Backup Service (CrashPlanService) - Code 42 Software - C:\Program Files\CrashPlan\CrashPlanService.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @combase.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\das.dll,-100 (DeviceAssociationService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (DeviceInstall) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\UtcResources.dll,-3001 (DiagTrack) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\DeviceSetupManager.dll,-1000 (DsmSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (Eaphost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (EventLog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fhsvc.dll,-101 (fhsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: F-Secure Freedome Service (Freedome Service) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Google§ó·s ªA°È (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google§ó·s ªA°È (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: iPod ªA°È (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\GeofenceMonitorService.dll,-1 (lfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\lsm.dll,-1001 (LSM) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ncasvc.dll,-3009 (NcaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ncbservice.dll,-500 (NcbService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\NcdAutoSetup.dll,-100 (NcdAutoSetup) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofmsvc.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-200 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll,-1 (PrintNotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Product Agent Service (ProductAgentService) - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - CyberLink - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @combase.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\System32\ScDeviceEnum.dll,-100 (ScDeviceEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\System32\smphost.dll,-102 (smphost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyShelterSrv - Datpol - C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\svsvc.dll,-101 (svsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\SystemEventsBrokerServer.dll,-1001 (SystemEventsBroker) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\TimeBrokerServer.dll,-1001 (TimeBroker) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-801 (vmicguestinterface) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-101 (vmicheartbeat) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-201 (vmickvpexchange) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-601 (vmicrdv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-301 (vmicshutdown) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-401 (vmictimesync) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-501 (vmicvss) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\SysWOW64\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\SysWOW64\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wcmsvc.dll,-4097 (Wcmsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wephostsvc.dll,-100 (WEPHOSTSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiarpc.dll,-2 (WiaRpc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (WlanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wlidsvc.dll,-100 (wlidsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\workfolderssvc.dll,-102 (workfolderssvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%SystemRoot%\system32\WSService.dll,-103 (WSService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 20/09/2015 ¶g¤é at 13:32:53.82 ======================

Attached Files


Edited by Oh My!, 21 September 2015 - 08:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users