Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected W/ Fake BSOD


  • This topic is locked This topic is locked
5 replies to this topic

#1 I NEED YOU

I NEED YOU

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 05 October 2015 - 05:55 PM

I deleted a recently downloaded application after malware bytes scanned and said that my pc was back to normal, and now  a fake BSOD with a china number pops up. My pc automatically shuts down after 10 minutes and I can't avoid this, someone please help me, I have a screenshot below 

I RECIEVE : 

" 0x000000CE DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS

 

" CLUSTER ERRORS DETECTED" HARD DRIVE MAY NOT WORK PROPERLY

 

BSOD: ERROR 777 Failure Operating System

Host: BLUE SCREEN ERROR 0X000000CE

 

IN Gold*

Data exposed to risk:

credit card or banking details

Email account passwords

Facebook, Skype, AOL & other chat logs

Photos Documents & Saved Computer Files

Blocked INternet Access

 

Please contact Windows Support Center for Further Assistance 

( USA & Canada ) Toll Free 1-800-406-8501Toll Free 1-800-406-8051

 

FRST SCAN: 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015

Ran by rocke_000 (administrator) on BENNYDAWG (05-10-2015 18:41:23)
Running from C:\Users\rocke_000\Downloads
Loaded Profiles: rocke_000 (Available Profiles: rocke_000)
Platform: Windows 8.1 Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(NVIDIA Corporation) C:\Users\rocke_000\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Dxtory Software) C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe
(BitTorrent Inc.) C:\Users\rocke_000\AppData\Roaming\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(© 2015 Microsoft Corporation) C:\Users\rocke_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
() C:\ProgramData\DataFile\Downloads\DV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\rocke_000\AppData\Roaming\SSN\ssn.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(BitTorrent Inc.) C:\Users\rocke_000\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe
(BitTorrent Inc.) C:\Users\rocke_000\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe
(BitTorrent Inc.) C:\Users\rocke_000\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google) C:\Users\rocke_000\AppData\Local\Temp\B387.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\SrTasks.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-17] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2900560 2015-10-01] (Valve Corporation)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53753984 2015-07-18] (Skype Technologies S.A.)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-09] (Electronic Arts)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [uTorrent] => C:\Users\rocke_000\AppData\Roaming\uTorrent\uTorrent.exe [1821536 2015-09-27] (BitTorrent Inc.)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9981584 2014-11-10] ()
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [GoogleChromeAutoLaunch_6E35F0077D5F9EA8F24424B750FF46CB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-23] (Google Inc.)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [BingSvc] => C:\Users\rocke_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247144 2009-11-13] (TomTom)
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [Save Serp Now] => C:\Users\rocke_000\AppData\Roaming\SSN\updssn.exe [26112 2014-11-21] ()
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [DV] => C:\ProgramData\DataFile\Downloads\DV.exe [277504 2015-09-04] ()
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\MountPoints2: {5a4c9d9d-5c71-11e3-be9c-94de80248a93} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\MountPoints2: {5a4c9e25-5c71-11e3-be9c-94de80248a93} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\MountPoints2: {641876fc-bd51-11e4-bf8a-94de80248a93} - "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\rocke_000\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\rocke_000\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\rocke_000\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\rocke_000\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\rocke_000\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\rocke_000\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hudl Remotes.lnk [2013-08-18]
ShortcutTarget: Hudl Remotes.lnk -> C:\Program Files (x86)\Hudl\Hudl Remotes\HudlRemotes.exe (Hudl)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\rocke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk [2013-11-09]
ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{C64D7767-CAC5-4F70-A763-A3EADEC83E2E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C64D7767-CAC5-4F70-A763-A3EADEC83E2E}: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
Internet Explorer:
==================
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SK2M_FRPage
SearchScopes: HKLM-x32 -> DefaultScope {AD4BB8D9-6E10-43C6-B736-527CD2F575BE} URL = 
SearchScopes: HKU\S-1-5-21-1419771028-2711009181-792879645-1002 -> DefaultScope {AD4BB8D9-6E10-43C6-B736-527CD2F575BE} URL = 
SearchScopes: HKU\S-1-5-21-1419771028-2711009181-792879645-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2BDF&PC=SK2B&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1419771028-2711009181-792879645-1002 -> {61CF75BE-04DE-4774-ADFF-3034AC4DDE31} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-10] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-10] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\rocke_000\AppData\Roaming\Mozilla\Firefox\Profiles\86ws440n.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-08-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-11-22] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-11-29] (Pando Networks)
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2014-10-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1419771028-2711009181-792879645-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\rocke_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-09] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1419771028-2711009181-792879645-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-11-29] (Pando Networks)
FF Extension: Bing Search - C:\Users\rocke_000\AppData\Roaming\Mozilla\Firefox\Profiles\86ws440n.default\Extensions\bingsearch.full@microsoft.com [2015-07-28]
 
Chrome: 
=======
CHR Profile: C:\Users\rocke_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\rocke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rocke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR HKLM-x32\...\Chrome\Extension: [chbahmpboddgndmkcmjdcebbipllabim] - C:\Program Files (x86)\CursorMania_7l Chrome Extension\bar\CursorMania@mindspark.com.gen1 <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 123MediaStreamer; C:\Program Files (x86)\123CopyDVDPlatinum 2013\MediaStreamerService.exe [47616 2013-07-24] (Microsoft) [File not signed]
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-10] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-07-11] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [174112 2014-10-31] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-17] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-07-17] (Hi-Rez Studios) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation)
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-26] () [File not signed]
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-03] (Kinetic Jump Software, LLC) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-09] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-12-25] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ElgatoGC656Y; C:\Windows\System32\Drivers\ElgatoGC656.sys [94440 2014-07-07] (UB658)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-11-19] ()
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
R3 kinonivd; C:\Windows\system32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows ® Win 7 DDK provider)
R3 KINONI_Wave; C:\Windows\system32\drivers\kinonivad.sys [23040 2013-02-26] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-05 18:41 - 2015-10-05 18:41 - 00026053 _____ C:\Users\rocke_000\Downloads\FRST.txt
2015-10-05 18:40 - 2015-10-05 18:41 - 00000000 ____D C:\FRST
2015-10-05 18:40 - 2015-10-05 18:40 - 02193920 _____ (Farbar) C:\Users\rocke_000\Downloads\FRST64.exe
2015-10-05 18:40 - 2015-10-05 18:40 - 00001957 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-10-05 18:40 - 2015-10-05 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-10-05 18:40 - 2015-10-05 18:40 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-10-04 09:30 - 2015-10-04 09:50 - 00000460 _____ C:\WINDOWS\Tasks\TechUtilities.job
2015-10-04 09:30 - 2015-10-04 09:30 - 02288624 _____ (Seven Servos Software Pvt Ltd. ) C:\Users\rocke_000\Downloads\TechUtilities_setup.exe
2015-10-04 09:30 - 2015-10-04 09:30 - 00003180 _____ C:\WINDOWS\System32\Tasks\TechUtilities
2015-10-04 09:30 - 2015-10-04 09:30 - 00000000 ____D C:\ProgramData\TechUtilities64
2015-10-04 09:00 - 2015-10-04 09:00 - 00003110 _____ C:\WINDOWS\System32\Tasks\{9641BB4D-F634-4553-B6A5-E02650DCF2D1}
2015-10-01 21:23 - 2015-10-01 21:23 - 00002872 _____ C:\WINDOWS\System32\Tasks\GEGTD1
2015-10-01 21:23 - 2015-10-01 21:23 - 00000358 _____ C:\WINDOWS\Tasks\GEGTD1.job
2015-10-01 21:23 - 2015-10-01 21:23 - 00000000 ____D C:\Users\rocke_000\AppData\Local\Geckofx
2015-10-01 21:23 - 2015-10-01 21:23 - 00000000 ____D C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
2015-10-01 21:23 - 2015-08-08 21:35 - 00000282 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-10-01 21:22 - 2015-10-04 09:03 - 00000000 ____D C:\ProgramData\DataFile
2015-10-01 21:22 - 2015-10-01 21:23 - 00000000 ____D C:\Users\rocke_000\AppData\Roaming\SSN
2015-10-01 21:22 - 2015-10-01 21:22 - 00000010 _____ C:\Users\Public\Documents\test.txt
2015-10-01 21:22 - 2015-10-01 21:22 - 00000000 ____D C:\Program Files (x86)\execnowait
2015-10-01 21:21 - 2015-10-01 21:21 - 00000008 _____ C:\END
2015-10-01 21:20 - 2015-10-01 22:36 - 00000000 ____D C:\Program Files (x86)\S5
2015-10-01 21:20 - 2015-10-01 21:20 - 00000000 ____D C:\Users\rocke_000\AppData\Roaming\c
2015-10-01 21:20 - 2015-10-01 21:20 - 00000000 ____D C:\ProgramData\u4c
2015-10-01 21:20 - 2015-10-01 21:20 - 00000000 ____D C:\Program Files (x86)\taskvmx
2015-10-01 21:18 - 2015-10-01 21:18 - 00000000 ____D C:\Users\rocke_000\Downloads\Adobe Photoshop CS4 Full Version Free Download__2764_il4216
2015-10-01 21:17 - 2015-10-01 21:17 - 00879836 _____ C:\Users\rocke_000\Downloads\Adobe Photoshop CS4 Full Version Free Download__2764_il4216.rar
2015-09-28 21:11 - 2015-09-28 21:37 - 610979709 _____ C:\Users\rocke_000\Documents\REVIEWZ.mp4
2015-09-27 10:11 - 2015-10-05 18:38 - 00000000 ____D C:\Users\rocke_000\AppData\LocalLow\uTorrent
2015-09-23 22:13 - 2015-09-23 22:13 - 00000121 ____H C:\Users\rocke_000\Downloads\.~lock.Sabal Emerson Questions.docx#
2015-09-20 20:51 - 2015-09-20 20:51 - 01890139 _____ C:\Users\rocke_000\Downloads\Images_for_Analysis_zip.zip
2015-09-14 18:53 - 2015-10-05 18:38 - 00003496 _____ C:\WINDOWS\System32\Tasks\gg_uac_daemon_rocke_000
2015-09-10 21:35 - 2015-09-10 21:35 - 16829823 _____ C:\Users\rocke_000\Downloads\Attachments_2015910.zip
2015-09-08 19:35 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-08 19:35 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-08 19:35 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-08 19:35 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-08 19:35 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-08 19:35 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-08 19:35 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-08 19:35 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-08 19:35 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-08 19:35 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-08 19:35 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-08 19:35 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-08 19:34 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-08 19:34 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-08 19:34 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-08 19:34 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-08 19:34 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-08 19:34 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-08 19:34 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-08 19:34 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-08 19:34 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-08 19:34 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-08 19:34 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-08 19:34 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-08 19:34 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-08 19:34 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-08 19:34 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-08 19:34 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-08 19:34 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-08 19:34 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-08 19:34 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-08 19:34 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-08 19:34 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-08 19:34 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-08 19:34 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-08 19:34 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-08 19:34 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-08 19:34 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-08 19:34 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-08 19:34 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-08 19:34 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-08 19:34 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-08 19:34 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-08 19:34 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-08 19:34 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-08 19:34 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-08 19:34 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-08 19:34 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-08 19:34 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-08 19:34 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-08 19:34 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-08 19:34 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-08 19:33 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-08 19:33 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-08 19:33 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-08 19:33 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-08 19:33 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-08 19:33 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-08 19:33 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-08 19:33 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-08 19:33 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-08 19:33 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-08 19:33 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-08 19:33 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-08 19:33 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-08 19:33 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-08 19:33 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-08 19:33 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-08 19:33 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 19:33 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-08 19:33 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-08 19:33 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-08 19:33 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-08 19:33 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-08 19:33 - 2015-07-13 15:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-08 19:33 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-08 19:33 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-08 19:33 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-08 19:33 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-05 18:40 - 2013-11-19 19:21 - 02092312 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-05 18:38 - 2015-04-01 21:18 - 00001962 _____ C:\WINDOWS\System32\Tasks\{FEC9B24E-6FC6-4106-B2A9-5DBE356C0664}
2015-10-05 18:38 - 2015-03-10 17:48 - 00002470 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-05 18:38 - 2015-01-24 09:14 - 00002612 _____ C:\WINDOWS\System32\Tasks\RunTool
2015-10-05 18:38 - 2013-11-19 19:43 - 00000000 ___DO C:\Users\rocke_000\SkyDrive
2015-10-05 18:38 - 2013-11-10 11:04 - 00000000 ____D C:\Users\rocke_000\AppData\Roaming\uTorrent
2015-10-05 18:38 - 2013-08-19 22:29 - 00002634 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-05 18:38 - 2013-08-09 22:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-05 18:37 - 2015-08-08 20:32 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-05 18:31 - 2013-09-30 00:10 - 00913650 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-05 18:25 - 2013-08-22 10:46 - 00421573 _____ C:\WINDOWS\setupact.log
2015-10-05 18:24 - 2013-11-19 19:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-05 18:24 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-05 18:24 - 2013-08-19 22:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-04 10:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-04 10:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-04 09:55 - 2013-08-09 22:36 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1419771028-2711009181-792879645-1002
2015-10-04 09:49 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-04 09:15 - 2013-08-09 22:35 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-04 09:14 - 2013-11-19 19:48 - 00003802 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A11AD14B-E514-468B-BAE4-DE8D0DEE2C28}
2015-10-04 09:05 - 2013-09-30 00:02 - 01268278 _____ C:\WINDOWS\PFRO.log
2015-10-04 08:59 - 2013-10-08 22:19 - 00000000 ____D C:\Users\rocke_000\AppData\Roaming\Skype
2015-10-04 08:59 - 2013-10-08 22:19 - 00000000 ____D C:\ProgramData\Skype
2015-10-01 22:39 - 2013-08-09 22:41 - 00244224 ___SH C:\Users\rocke_000\Desktop\Thumbs.db
2015-10-01 22:37 - 2015-08-29 10:39 - 00001228 _____ C:\Users\rocke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCXRPC3.lnk
2015-10-01 22:37 - 2015-08-23 20:00 - 00002150 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-10-01 22:37 - 2015-08-08 20:31 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-01 22:37 - 2015-04-14 19:47 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-01 22:37 - 2015-04-13 19:53 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-01 22:37 - 2015-04-13 19:53 - 00002068 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-01 22:37 - 2015-03-07 23:23 - 00001151 _____ C:\Users\Public\Desktop\Game Capture HD.lnk
2015-10-01 22:37 - 2015-02-25 22:55 - 00001055 _____ C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2015-10-01 22:37 - 2015-02-21 18:30 - 00000947 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-10-01 22:37 - 2015-02-07 12:12 - 00001766 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-01 22:37 - 2014-12-10 20:51 - 00002266 _____ C:\Users\Public\Desktop\BlackShot Launcher.lnk
2015-10-01 22:37 - 2014-12-06 12:42 - 00001858 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-10-01 22:37 - 2014-07-12 00:33 - 00002489 _____ C:\Users\Public\Desktop\GameVox.lnk
2015-10-01 22:37 - 2014-07-08 19:48 - 00001211 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2015-10-01 22:37 - 2014-07-07 12:56 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2015-10-01 22:37 - 2014-07-06 09:50 - 00001439 _____ C:\Users\rocke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fl_Studio_11_Signature_Bundle_With_Crack_Download_By_Mediafire.lnk
2015-10-01 22:37 - 2014-07-04 13:24 - 00002797 _____ C:\Users\Public\Desktop\GECK Script Editor.lnk
2015-10-01 22:37 - 2014-04-12 20:27 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-01 22:37 - 2014-04-12 20:27 - 00001160 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-01 22:37 - 2014-04-05 16:11 - 00001175 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-10-01 22:37 - 2014-02-02 20:00 - 00001357 _____ C:\Users\Public\Desktop\DayZ Commander.lnk
2015-10-01 22:37 - 2014-01-28 14:35 - 00001196 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2015-10-01 22:37 - 2014-01-25 21:35 - 00001619 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2015-10-01 22:37 - 2013-12-25 11:11 - 00001394 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-10-01 22:37 - 2013-12-25 00:50 - 00000992 _____ C:\Users\Public\Desktop\Origin.lnk
2015-10-01 22:37 - 2013-12-15 13:18 - 00002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-10-01 22:37 - 2013-12-15 13:18 - 00001469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-10-01 22:37 - 2013-12-15 13:18 - 00001385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-10-01 22:37 - 2013-11-30 18:50 - 00001175 _____ C:\Users\Public\Desktop\123CopyDVDPlatinum 2013.lnk
2015-10-01 22:37 - 2013-11-29 18:18 - 00001258 _____ C:\Users\rocke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2015-10-01 22:37 - 2013-11-19 19:41 - 00001425 _____ C:\Users\rocke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-01 22:37 - 2013-11-19 19:28 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-01 22:37 - 2013-11-18 19:18 - 00002500 _____ C:\Users\rocke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
2015-10-01 22:37 - 2013-10-06 15:02 - 00001106 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2015-10-01 22:37 - 2013-09-29 11:49 - 00001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-10-01 22:37 - 2013-08-11 02:33 - 00002047 _____ C:\Users\Public\Desktop\Wirecast.lnk
2015-10-01 22:37 - 2013-08-10 16:09 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-01 22:37 - 2013-08-10 02:51 - 00000563 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-10-01 22:37 - 2013-08-09 22:56 - 00000918 _____ C:\Users\Public\Desktop\Steam.lnk
2015-10-01 22:37 - 2013-08-09 22:36 - 00002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-01 22:36 - 2015-08-29 00:49 - 00001119 _____ C:\Users\rocke_000\Desktop\MEGAsync.lnk
2015-10-01 22:36 - 2015-08-23 22:12 - 00002855 _____ C:\Users\rocke_000\Desktop\notepad++.lnk
2015-10-01 22:36 - 2015-02-21 22:01 - 00000970 _____ C:\Users\rocke_000\Desktop\Fallout Mod Manager.lnk
2015-10-01 22:36 - 2014-12-13 11:51 - 00002566 _____ C:\Users\rocke_000\Desktop\Notepad++ - Shortcut.lnk
2015-10-01 22:36 - 2014-07-20 17:55 - 00002431 _____ C:\Users\rocke_000\Desktop\GTA San Andreas SinglePlayer.lnk
2015-10-01 22:36 - 2014-07-20 17:55 - 00002419 _____ C:\Users\rocke_000\Desktop\GTA San Andreas MultiPlayer.lnk
2015-10-01 22:36 - 2014-07-06 23:05 - 00001769 _____ C:\Users\rocke_000\Desktop\Play COD4 MultiPlayer.lnk
2015-10-01 22:36 - 2014-07-06 14:53 - 00000910 _____ C:\Users\rocke_000\Desktop\µTorrent.lnk
2015-10-01 22:36 - 2014-07-04 14:21 - 00001134 _____ C:\Users\rocke_000\Desktop\Cheat Engine 6.4 (64-bit).lnk
2015-10-01 22:36 - 2014-07-04 12:47 - 00000992 _____ C:\Users\rocke_000\Desktop\PDF Reader for Windows 8.lnk
2015-10-01 22:36 - 2014-04-05 11:30 - 00002063 _____ C:\Users\rocke_000\Desktop\FL Studio 11.lnk
2015-10-01 22:36 - 2014-01-28 19:39 - 00000954 _____ C:\Users\rocke_000\Desktop\Open Broadcaster Software.lnk
2015-10-01 22:36 - 2014-01-09 20:01 - 00001033 _____ C:\Users\rocke_000\Desktop\Mumble.lnk
2015-10-01 22:36 - 2013-12-20 14:18 - 00001205 _____ C:\Users\rocke_000\Desktop\Dxtory.lnk
2015-10-01 22:36 - 2013-12-15 13:18 - 00001316 _____ C:\Users\rocke_000\Desktop\Windows Live Movie Maker.lnk
2015-10-01 22:36 - 2013-11-05 13:42 - 00001014 _____ C:\Users\rocke_000\Desktop\Audacity.lnk
2015-10-01 22:36 - 2013-09-29 12:22 - 00001183 _____ C:\Users\rocke_000\Desktop\Paint.NET.lnk
2015-10-01 22:36 - 2013-08-22 02:52 - 00001190 _____ C:\Users\rocke_000\Desktop\Task Manager.lnk
2015-10-01 22:36 - 2013-08-10 16:38 - 00004201 _____ C:\Users\rocke_000\Desktop\Minecraft.lnk
2015-10-01 21:40 - 2015-02-18 22:17 - 00000000 ____D C:\Users\rocke_000\AppData\Local\Steam
2015-10-01 21:35 - 2013-08-10 17:02 - 00000000 ____D C:\Users\rocke_000\AppData\Local\CrashDumps
2015-09-29 20:21 - 2013-11-19 19:25 - 00000000 ____D C:\Users\rocke_000
2015-09-28 22:23 - 2013-08-10 16:02 - 03713536 ___SH C:\Users\rocke_000\Downloads\Thumbs.db
2015-09-28 20:55 - 2015-03-08 18:06 - 00000000 ____D C:\Users\rocke_000\Desktop\Vids
2015-09-21 20:40 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-17 22:39 - 2015-09-01 21:57 - 00000000 ____D C:\Users\rocke_000\Desktop\Luke's Beats
2015-09-17 21:10 - 2013-08-09 22:35 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 21:10 - 2013-08-09 22:35 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 21:10 - 2013-08-09 22:35 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-15 20:36 - 2013-08-13 22:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-14 21:18 - 2014-11-29 20:18 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2014-11-29 20:18 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-13 20:38 - 2013-08-09 22:35 - 00000000 ____D C:\Users\rocke_000\AppData\Local\Google
2015-09-10 21:26 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-10 19:55 - 2013-08-22 10:44 - 00389512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 19:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-08 20:29 - 2013-09-29 23:58 - 00000000 ____D C:\Program Files\Windows Journal
 
==================== Files in the root of some directories =======
 
2013-10-13 21:11 - 2013-10-13 21:11 - 0083243 _____ () C:\Users\rocke_000\AppData\Roaming\icarus-dxdiag.xml
2013-09-16 19:35 - 2014-01-21 17:17 - 0020988 _____ () C:\Users\rocke_000\AppData\Roaming\net.telestream.wirecast.xml
2013-08-11 22:10 - 2013-08-11 23:11 - 0007168 _____ () C:\Users\rocke_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-28 15:37 - 2013-12-28 15:37 - 0004967 _____ () C:\ProgramData\uxxadbmu.rlu
 
Some files in TEMP:
====================
C:\Users\rocke_000\AppData\Local\Temp\brakieamoudoibfs_amobl_setup.exe
C:\Users\rocke_000\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-05 18:35
 
==================== End of FRST.txt ============================
 
Additional : 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by rocke_000 (2015-10-05 18:44:23)
Running from C:\Users\rocke_000\Downloads
Windows 8.1 Single Language (X64) (2013-11-19 23:41:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1419771028-2711009181-792879645-500 - Administrator - Disabled)
Guest (S-1-5-21-1419771028-2711009181-792879645-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1419771028-2711009181-792879645-1006 - Limited - Enabled)
rocke_000 (S-1-5-21-1419771028-2711009181-792879645-1002 - Administrator - Enabled) => C:\Users\rocke_000
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
µTorrent (HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\uTorrent) (Version: 3.4.5.41162 - BitTorrent Inc.)
123CopyDVDPlatinum (HKLM-x32\...\123CopyDVDPlatinum 2013) (Version: 2013 - Bling Software Ltd.)
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Advanced XML Converter 2.45 (HKLM-x32\...\Advanced XML Converter) (Version: 2.45 - HiBase Group)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.5 - Microsoft Corporation) Hidden
AppLifeSetup (x32 Version: 1.0.0 - Microsoft) Hidden
ArcSoft ShowBiz (x32 Version: 5.0.1.420 - ArcSoft) Hidden
Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (HKLM-x32\...\Browsersafeguard) (Version:  - Browsersafeguard) <==== ATTENTION
Build Tools - amd64 (Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Chivalry: Medieval Warfare Beta (HKLM-x32\...\Steam App 232210) (Version:  - )
CursorMania Toolbar Chrome Extension (HKLM-x32\...\CursorMania_7l Chrome Extension Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
DevExpress Components 14.1 (HKLM-x32\...\DevExpress Components 14.1) (Version: 14.1.8.14322 - Developer Express Inc.)
Digital DJ Pro 1.7.0 (HKLM-x32\...\Digital DJ Pro) (Version: 1.7.0 - The Mixxx Team)
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dxtory version 2.0.119 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.119 - Dxtory Software)
Easy Tune 6 B12.1018.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1018.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Elgato Game Capture HD (HKLM-x32\...\{C7089E0B-0CE3-47C7-8D09-62A01862A5BD}) (Version: 2.10.60.867 - Elgato Systems GmbH)
Entity Framework 6.1.3 Tools  for Visual Studio 2013 (HKLM-x32\...\{D5170452-84D1-4725-AD9C-F9ECFD0A9E9F}) (Version: 12.0.40302.0 - Microsoft Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Documents Opener (HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Free Documents Opener) (Version: 1.0 - Free Documents Opener)
Free Instagram Downloader (HKLM-x32\...\{0BF469D0-0A84-439A-B889-F94734EE2250}) (Version: 1.2.1.0 - iWesoft)
Game Capture HD v2.3.3.38 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.38 - Elgato Systems)
Game Capture HD60 v2.1.1.3 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.3 - Elgato Systems)
GameVox 0.15.49 (HKLM-x32\...\{061b245a-a669-44d1-9077-cfe41cacde41}) (Version: 0.15.49 - GameVox LLC)
GameVox 0.15.49 (x32 Version: 0.15.49 - GameVox LLC) Hidden
Garena - BlackShot (HKLM-x32\...\BlackShot) (Version: 2.221 - Garena Online Pte Ltd.)
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GECK - Papyrus Script Editor (HKLM-x32\...\{B9E47B50-231B-4565-A779-369E27B871D4}) (Version: 1.15.0000 - Pavel Torgshov - DieHard)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hudl Remotes (HKLM-x32\...\{1FB28008-209D-4CBF-B66B-47F73EDDF944}_is1) (Version: 1.1.0 - Hudl)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
iVIDI Plugin 1.3 (HKLM-x32\...\iVIDI Plugin) (Version: 1.3 - iVIDI Plugin, Inc.) <==== ATTENTION
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KinoniDrivers 2.8.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.8.1 - Kinoni)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Memory Profiler (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 3 (HKLM-x32\...\{1ef771b4-b774-439e-a015-23dec292d9a4}) (Version: 12.0.30723.0 - Microsoft Corporation)
Microsoft Visual Studio Premium 2013 with Update 5 (HKLM-x32\...\{ce58ff11-4556-4926-a114-852df5746bb2}) (Version: 12.0.40629 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Nation Toolbar (HKLM-x32\...\Nation Toolbar) (Version: 1.0.17 - Blucora Inc)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.2 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.13.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.13.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 355.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
OutfoxTV (HKLM-x32\...\OutfoxTV) (Version:  - OutfoxTV)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Reader for Windows 8 (HKLM\...\PDF Reader for Windows_is1) (Version:  - PDFLogic Corporation)
PowerShellIntegration.Notifications (x32 Version: 2.6.0.0 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Release Management for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
ShowBiz (HKLM-x32\...\InstallShield_{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 5.0.1.420 - ArcSoft)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
SkypeTalking 0.9.6 (HKLM-x32\...\SkypeTalking_is1) (Version: 0.9.6 - Hrvoje Katić)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TomTom HOME 2.7.3.1894 (HKLM-x32\...\TomTom HOME) (Version: 2.7.3.1894 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony)
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
Visual Studio 2013 Update 5 (KB2829760) (HKLM-x32\...\{17551f85-1d1c-4142-a83f-bbd18a3522c2}) (Version: 12.0.40629 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Webcam Screen Video Capture Free 7.3.2 (HKLM-x32\...\Webcam Screen Video Capture Free_is1) (Version:  - SoftPerk Co., Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wirecast (HKLM-x32\...\{37C5DF8F-C877-4B87-AEF8-7771749B4A3D}) (Version: 4.3.0 - Telestream, Inc.)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
Xfire 2.0 (HKLM-x32\...\{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1) (Version: 2.0 - Xfire, Inc.)
Xfire Codec (remove only) (HKLM-x32\...\XfireCodec) (Version:  - )
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1419771028-2711009181-792879645-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
 
==================== Restore Points =========================
 
13-09-2015 20:18:08 Windows Update
21-09-2015 20:38:46 Windows Update
29-09-2015 21:41:40 Scheduled Checkpoint
04-10-2015 08:58:23 Removed WinPCOptimizer.
05-10-2015 18:38:55 Chrome Cleanup Tool
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-10-05 18:40 - 00000284 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 eset.com
127.0.0.1 jotti.org
127.0.0.1 onlinelinkscan.com
127.0.0.1 avast.com
127.0.0.1 bitdefender.com
127.0.0.1 virus-scan.bullguard.com
127.0.0.1 online.drweb.com
127.0.0.1 superantispyware.com
127.0.0.1 kaspersky.co.in
0.0.0.1 mssplus.mcafee.com
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {082CBEB8-D964-49D5-9D85-067589ECA092} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {3316E27B-9AF2-4DD8-8A96-39C677057005} - \SMW_UpdateTask_Time_323331383034343036362d2d55506c2a5a55576c412334 -> No File <==== ATTENTION
Task: {3607EFCA-9822-447D-BD76-1D40CAEA6A24} - System32\Tasks\{9641BB4D-F634-4553-B6A5-E02650DCF2D1} => Chrome.exe http://ui.skype.com/ui/0/7.8.0.102/en/go/help.faq.installer?LastError=1618
Task: {3FA8E4A2-839D-43D1-A18C-1366E42B259C} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {508288F4-F4F3-4F10-AB05-E44614F2286A} - System32\Tasks\GEGTD1 => C:\ProgramData\KeyStream\KeyStream.exe <==== ATTENTION
Task: {589DBBD8-84A4-49B2-9274-4D17B608CFD7} - System32\Tasks\{FEC9B24E-6FC6-4106-B2A9-5DBE356C0664} => pcalua.exe -a "C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe" -c /u /UserID=32100e27-7020-431b-b0a5-36347042227c /SourceID=bettersoftware_hamachi /ImplementationID=browsersafeguard-rockettab
Task: {6CE14BE7-72A0-414C-8140-DBB934AC1109} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {8EAF9952-7166-4A07-A7C1-A41E69E8A055} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8F63B19B-4768-4CF2-9145-6252EB731974} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {A0D389ED-C0A7-4003-885B-79143FDDF5D8} - System32\Tasks\RunTool => C:\Users\rocke_000\AppData\Local\32100e27-7020-431b-b0a5-36347042227c\sysad.exe <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C5C81B66-145B-4CBD-B7EB-57858B4980CB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {CB4FBD32-3BE4-4DDA-86A1-0478A26D5CC2} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D6A93090-83DC-4AE4-B083-009D93902D71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {DA929D8C-DE8A-470A-B5BD-5C04B020761F} - System32\Tasks\gg_uac_daemon_rocke_000 => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2014-11-10] ()
Task: {F849E2D2-1A68-4562-B593-FC41E434914B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {FAEB1BFF-C758-40CE-BA42-224E28E656EA} - \Inst_Rep -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GEGTD1.job => 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe-t1C:\Program Files\TechUtilities\TechUtilities.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-11-19 19:21 - 2015-08-07 00:34 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-26 11:34 - 2013-02-26 11:34 - 00525312 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
2013-12-25 18:55 - 2013-12-25 18:56 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\Users\rocke_000\AppData\Local\MEGAsync\ShellExtX64.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00056464 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2014-11-10 23:52 - 2014-11-10 23:52 - 09981584 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
2015-10-01 21:22 - 2015-09-04 10:46 - 00277504 _____ () C:\ProgramData\DataFile\Downloads\DV.exe
2014-11-21 08:53 - 2014-11-21 08:53 - 00033792 _____ () C:\Users\rocke_000\AppData\Roaming\ssn\ssn.exe
2013-01-23 09:06 - 2013-01-23 09:06 - 00147456 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll
2013-01-23 09:06 - 2013-01-23 09:06 - 03703808 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll
2013-01-23 09:06 - 2013-01-23 09:06 - 00224256 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll
2014-05-01 10:15 - 2014-05-01 10:15 - 00463360 _____ () C:\Users\rocke_000\AppData\Local\MEGAsync\ShellExtX32.dll
2015-08-23 19:48 - 2015-08-17 19:31 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00560784 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2013-07-01 11:20 - 2015-09-21 16:01 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-04 19:18 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-05 19:35 - 2015-10-01 20:13 - 02422864 _____ () C:\Program Files (x86)\Steam\video.dll
2014-12-04 19:18 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2014-12-04 19:18 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-09-13 16:33 - 2015-09-23 20:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-13 16:33 - 2015-09-23 20:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-13 16:33 - 2015-09-23 20:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-13 16:33 - 2015-09-23 20:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-13 16:33 - 2015-09-23 20:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-26 17:46 - 2015-10-01 20:13 - 00704080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-12 20:04 - 2012-11-12 20:04 - 00072192 _____ () C:\Program Files (x86)\Telestream\Wirecast\filters\WirecastVirtualCamera.ax
2015-09-28 19:24 - 2015-09-23 22:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-28 19:24 - 2015-09-23 22:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00111760 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00040592 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2014-11-11 06:59 - 2014-11-11 06:59 - 00034960 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00058512 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00094352 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00494224 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00032400 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00177808 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00381072 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00191632 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 04:52 - 2012-02-22 04:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2014-11-10 23:53 - 2014-11-10 23:53 - 00226960 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00113296 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00965264 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00062096 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 04:52 - 2012-02-22 04:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00231568 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2014-11-11 04:25 - 2014-11-11 04:25 - 00961168 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00199824 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00162448 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 02948240 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00072848 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00023696 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 01552528 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 01:42 - 2013-02-01 01:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00963216 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00252048 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00033424 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00523920 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2014-11-10 23:53 - 2014-11-10 23:53 - 00075408 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2014-04-21 16:00 - 2014-04-21 16:00 - 03378688 _____ () C:\Users\rocke_000\AppData\Roaming\ssn\mozjs.dll
2013-07-15 17:32 - 2015-09-29 19:31 - 45009800 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-11-10 23:52 - 2014-11-10 23:52 - 00605328 _____ () C:\Program Files (x86)\Garena Plus\UpdateEx.exe
2014-11-10 23:52 - 2014-11-10 23:52 - 00044176 _____ () C:\Program Files (x86)\Garena Plus\Zip7Module.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\rocke_000\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\rocke_000\Downloads\chance.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Hudl Remotes.lnk"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\StartupApproved\StartupFolder: => "Xfire.lnk"
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\StartupApproved\Run: => "msnmsgr"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3F69B58E-AC8F-47B2-B186-ED8B04389E41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1A2559D5-BE3B-4D01-BC92-E3ED8A3852A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{28EBD4E3-579B-4652-840B-A1A57743760F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9794420C-1B5E-426F-A960-F15141FDB7C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{701B3059-33CE-426E-8606-8F283412D583}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{1E47A3FC-88F9-456E-8ECD-FDBA1F5C2088}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{B272B8F0-E58E-41C1-A696-50E28C1C3FD4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{189D42D5-3FCE-4EAE-9C7C-13299BACBBAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{1916350C-7193-4746-84D3-C8514D756268}] => (Allow) C:\Users\rocke_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{20FFAEB1-47E4-4B75-A22A-2BA73018191B}] => (Allow) C:\Users\rocke_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{103916B6-F4A9-46D3-BC63-E2D7C82B26FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{03482D12-0EA8-469A-9939-0400901F2493}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FFC7E4FF-0A08-4FE1-85B4-5192ADC6DFD1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{66E21AC7-7CF6-47E4-B412-49E4498FBD34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7C79C25D-8E80-47EC-B037-00F6F1834520}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{34B0B18F-8649-4D69-839D-3191A601B919}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{DAE7DB16-C460-472F-952C-93B55506CA90}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\blacklightretribution\Blacklight Retribution.exe
FirewallRules: [{43ACA9A6-CE50-496A-83C6-B150AAE19CFB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\blacklightretribution\Blacklight Retribution.exe
FirewallRules: [{13565923-F4F7-4FD0-BD31-A8B1A3F59A83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{76CBFB70-6A78-49C2-A157-917AD16353DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5D8C4214-37A7-465C-9894-BF53BC2E3F64}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A8B2BD02-0D1E-4146-A2B1-0734BF5D45EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3715DC6A-0C75-4162-B340-0AA3BE5768F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{46ED311F-9876-4472-9265-ACDD8E2AFC04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{EB041D7B-669F-4645-8C95-DD81425A5FB4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{67FD67A3-A173-464A-8BA8-A09B99CC0D95}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{81475D7E-168A-409B-84AA-AA1A5BC42471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{DD4FD2BF-0433-495A-96DC-E804C6120DED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{780CC523-1275-4EF2-BCD1-03F7CFA7C098}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{225B2A48-DA6B-4CE4-9AA7-E7A005655DD1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BC0A8AAB-EBEA-4EBE-8127-842872EDDBD4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B3DC487B-A0E1-4309-AE9C-FB079B9C39B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3E59AF7A-47F1-4D5C-9196-5CC9A4B95A85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{A3E5FCD1-3931-4CCE-9D8C-AD87465063CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{630C337D-D3DE-46C7-BBD4-1D1372B6B885}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{932ACBD5-E3B9-491D-B4ED-A4D43C75E8DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6B3EA58F-E95B-4A7D-80D0-996C6A7E1EB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E524D714-7180-4D42-BB85-66235D38CE01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E28F1ABE-D740-4A36-B8D1-3C0FF52366D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{1EF287BF-DFED-4FD3-8F94-3F41B2D4B7D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{27F53213-5094-49F1-819F-6415C9D87229}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{063601E5-C435-4652-99E0-3784F80A0272}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{7A630493-5872-4E93-BA9D-D15E03874861}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{681674EE-DBC5-44AF-8EFF-2E20321DF037}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F73B21D-D360-4DF9-805A-0932F197C294}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{320B9ECC-1E6B-4304-BED8-4140C8B7BCA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B9DB9BD6-F373-44EE-915D-5CEC161D05B0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{12562034-DABF-4AFE-B0E5-5A81C5EFD3DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9F871046-B135-4E16-826D-401FAEDD60CB}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{84D12814-752A-446A-A38D-ADEA3803745E}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{2434723F-0533-434B-B656-F77B5DAA016A}] => (Allow) C:\Nexon\Combat Arms\NMService.exe
FirewallRules: [{79A54792-ABEC-4A20-9EF7-32FBFB97CAD0}] => (Allow) C:\Nexon\Combat Arms\NMService.exe
FirewallRules: [{D0E39656-553D-44EC-94E7-8ADEB22A36BD}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{601066B2-F3A5-4F9A-B323-C1ACF532CDCE}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{9D8B268D-B566-4F3E-A35D-0543CB004B06}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F0062432-76FB-46C6-959E-860977403649}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{44EF6BF9-4FA2-487E-9A5C-8A033D1F5867}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{2F76CF5A-1566-4DBD-9CA0-DCBA462C6AA4}] => (Allow) C:\Program Files (x86)\123CopyDVDPlatinum 2013\helper.exe
FirewallRules: [{A0C66957-447C-44FD-B992-7069A7C9E883}] => (Allow) C:\Program Files (x86)\123CopyDVDPlatinum 2013\helper.exe
FirewallRules: [{8EAFB50B-3526-4D19-942C-19CF1AF6458C}] => (Allow) C:\Program Files (x86)\123CopyDVDPlatinum 2013\123CopyDVDPlatinum.exe
FirewallRules: [{221F22D4-B9DE-429A-9235-3ED13205A9D4}] => (Allow) C:\Program Files (x86)\123CopyDVDPlatinum 2013\123CopyDVDPlatinum.exe
FirewallRules: [{310833BA-459B-4D6C-BE8B-A5FA4835A93C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{09001E14-0537-4CD9-B540-DB87E72E039A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{222812D7-CF25-43B4-AE7B-B2BE59958098}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8F30E0B1-99B1-4D90-A141-232ADBEBFFB7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1B41E452-6DAF-4B40-AA87-0BF967049476}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EAB8821D-64FC-4F3A-BD22-E72E06FD18E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E0098898-3379-469B-A2B3-27C7EDC6AFFA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0B89F855-80A1-486B-B5A5-4B7E6F347839}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{213B4C3C-391F-4232-82A5-162E777CBB53}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A80CCB43-B3DD-4F6A-9E2E-5E6A1EE11E72}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{43E7D033-4F9A-4A37-99A1-A316D033318A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9F59F733-E959-485B-B594-654D3781B02F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FE9C7803-6CB6-4002-9697-3BF00D956562}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4D650922-69BA-4F91-8383-69E273E3750E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7623CF96-B7A2-4AB9-BD1F-2625B7377D0F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{CA5DBDBA-C10E-491A-8043-5E5D0B11CF48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{5FF97387-A3B0-4B41-9AF0-4966F0C0BC5E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B70C3C04-6308-4138-BB52-1AC069D35EFA}] => (Allow) LPort=2869
FirewallRules: [{085FC369-98D7-4878-8FB4-0D4D752E0091}] => (Allow) LPort=1900
FirewallRules: [{C8D09A0F-B448-4716-A527-33F360F855E9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{66D51377-B6F6-4E76-B495-0D7095BA8392}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9229B023-DE10-4841-9CC3-340BCB07B251}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D1CAD871-40A7-4389-B47D-E3BBED6B3DF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B0AAB079-10A6-42D1-B048-3E610565CE27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{454AC9D6-4490-4C04-8F9D-9DFA4B39AEE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B02B6BAC-1A0F-4B47-B91C-F524B5262E02}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{E11B0C12-C1F2-4BDB-ADAA-A4D3ED7055F6}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{92FCFC4B-0962-4DC8-964E-F228FABFCE17}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{748F457D-CA93-4380-86FB-C3D8834ABEB0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6E16E4C9-19BE-42DF-8471-4F0DC8B2E73B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1BCDEEE1-8B99-479D-BBB1-74553B528F18}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{654239ED-B822-4CC7-B3A4-553DF1ADCF37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{66D93EBD-3028-4D58-BFB9-E54FD3AD3BFE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{9DFF379B-8896-46A3-A16F-0C2B87ABFA11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{C54BD615-5BD7-4853-8580-46D56B9F0539}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{5DA2A30D-BF41-4DA8-AA32-52F50C413466}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{958FE067-EE87-43BC-8E74-7CE2F426A617}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{F37D6B84-BF13-4302-A3E7-99D7BAF0D28F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{D86526DF-95A1-4FDB-93C9-DA20B30D7E67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{6C34CB99-A2BE-4164-9663-F66EA9123F9A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{C85AA9CF-73EF-4F6E-8F8C-301283E9517B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{CB8C2279-CC93-4F1A-BDD5-E262D883E2B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{668A2D11-EFBD-4B94-8C4B-839A6301796D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{B2AF0FD5-F46D-4951-84FF-C8724F7EC5C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{8A2B8576-7623-4BF6-A0F9-EA7418697EDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{58FB4D23-02A3-40AB-8E06-ADF0E98BEB4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{CD47B703-6DF3-45F1-B868-A55C7FDF1433}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{43256F6F-8F57-45E1-BF4F-41AD9E11859C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{52F6F377-4303-4D64-998B-595464F102F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{683781F1-3D67-427B-B40D-4C75210DA9E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{C343275E-38A5-460D-B041-CEEC5E918E65}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{051AAB84-A380-4E84-9E6D-E497390456F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{F4E26BC8-7854-43E4-9BF1-B159BF233A34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{17383CC0-46F7-4BDC-86A0-A282B4FFD516}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{88676719-5D92-4367-BBD5-9117BD43B81F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{5DB825B5-5F5A-464E-82DE-C38EA8F5FDAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{124C482D-1D3D-4286-ADB2-8BF4F130C164}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{F6AB257F-BE6F-4E85-A0BB-57C0389AB3A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{A68194D3-0A08-41BF-A3E4-047D71599C9C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{78BAE575-494C-46A2-92D4-2E7927C9C705}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{020BD66D-A897-48E8-B731-023782E69388}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{D175B31F-F1EE-4CF3-BBD9-C5A6F838B67B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{7D2096E4-83F3-4EDD-9D9E-1AF1ACE94C4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{F32DA8C3-68ED-457F-A066-6C40834717A7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5AAD8567-19D6-4D68-AB78-CF88BBEC1E99}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FCB95D56-F794-47C8-9B17-A2858B1C7AFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A93AEBF9-6AC9-45C0-B1B9-46095F8D1022}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5C8439C9-5294-45F6-AB63-D71F6FAEB9B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1A88E436-629B-4DF8-A271-B81744C1CD84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{3CBB29C8-F1F5-4230-9C20-639BF130222B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{91C5B0FA-79E7-42EA-AEB7-279709C57520}C:\program files (x86)\hudl\hudl remotes\hudlremotes.exe] => (Allow) C:\program files (x86)\hudl\hudl remotes\hudlremotes.exe
FirewallRules: [UDP Query User{9FA31B39-FDBB-4BE7-9AB5-74D94115481B}C:\program files (x86)\hudl\hudl remotes\hudlremotes.exe] => (Allow) C:\program files (x86)\hudl\hudl remotes\hudlremotes.exe
FirewallRules: [TCP Query User{5FE0FA05-D82D-4925-8774-C8B3A5702C64}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3977358E-8959-4A8B-9A05-3D5619CBB7E1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7F1C23F5-A9BF-4AD9-9C8C-2DAF7842B787}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{89C7631C-8925-49F9-B7DB-5CD151FE35EF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B833AE05-546C-46A5-90DE-257B29F18DFC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{CF4F42EC-8C82-4937-9AA0-AD2FE50F1776}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{EC916406-6D26-470F-AAD3-12CCF1957E89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{81B856CE-D989-46D0-8958-D400CF0178A9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{3D10D2CC-57FC-4B79-A17A-B64000572E40}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4EDDEB40-ABF4-4354-BDC6-BB6ED173CC54}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{819394B5-D574-4837-8C94-623E8B83BC51}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{2BE1C9A5-D50F-455E-92C7-F7AAF5D2E0A3}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{289ECF57-3BB1-440E-96FD-F0D2D4DDC8F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{78054C82-B08A-4262-8E76-5DC0FB9FBC21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{67228BCF-8DFA-4BCE-9380-E6BE9B0E09C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe
FirewallRules: [{54A5A02E-0C62-4937-AA93-FA92B1A3F656}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe
FirewallRules: [{1AAAB185-2067-48A6-B4B0-80B2360E0E58}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{1A9BFFEB-F0C3-4807-9F7F-29ADEE85081B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{DAFA2321-70A2-461A-8BFA-E72C3F5F72FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Democracy 3\Democracy3.exe
FirewallRules: [{DEEBDB95-64B7-4B4A-A7C1-C5669CF607E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Democracy 3\Democracy3.exe
FirewallRules: [{4DB201C6-038A-4427-9BB7-AF2021E9DFE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rustlauncher.exe
FirewallRules: [{0A4B3186-4578-40A4-B9F0-0BB45E4CB7D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rustlauncher.exe
FirewallRules: [{C366D17B-8CFD-4A3C-9BE9-15927B620617}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{74EA224E-B3A3-4FFA-996A-7203804E72A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{38813861-7809-4877-92CA-230355283FE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{9C86D081-2842-44F5-97FF-F7994FAE3CEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{2248E99E-703A-440E-9C4F-42532E7913C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfarebeta\ChivLauncher.exe
FirewallRules: [{49B6DBD4-45F9-4FF1-BACD-8B467F070A6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfarebeta\ChivLauncher.exe
FirewallRules: [{DEC69083-7440-49BB-BAB4-0F2087EDC2A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{52C701B7-82BA-4261-AFEE-99C0C7A1711F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{1E8E9697-3BF7-4340-88B6-EDE100C1DDB3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{A66FEA83-F087-4E1D-943F-B7D4A53099E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{79CCD2BB-85C5-4708-9C50-ABDEC5036980}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{C1296DC6-6156-4810-A257-AB2470874251}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{778D43CF-950D-4630-A8CD-EEC99E68476E}] => (Allow) C:\Users\rocke_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{15427315-F30B-4A4C-8618-FC113C3230A4}] => (Allow) C:\Users\rocke_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B58B4386-FBAA-4842-940F-DA79893CCBC0}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{F13EDF44-BAFC-4AEF-B5F7-EC4880B75A8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{7CD9A35D-2FD3-47E8-A5AF-E141F925F02E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{FADDAFD7-A399-4523-8AD2-4A03AEB512AE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{690A4D7B-AD25-4AC5-A5C2-9E387E832C94}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E11941DE-56AF-49E9-B30E-196F0B7B22E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{6BA54282-0A0F-424C-B12F-D98EF7056FDB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [TCP Query User{5CB9AE03-98C5-4309-9919-CC5C41A396BE}C:\games\call of duty modern warfare\iw3mp.exe] => (Allow) C:\games\call of duty modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{6DD380DF-888C-4F2E-B38A-24BB698D2CB7}C:\games\call of duty modern warfare\iw3mp.exe] => (Allow) C:\games\call of duty modern warfare\iw3mp.exe
FirewallRules: [{50F6721C-B26E-47C6-9C02-B07A0D507579}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{06162E76-7891-44B0-81AE-415C0CF918C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [TCP Query User{49D2944D-E10A-4A3B-B9E6-A5612FFEDCC3}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2C19FCA1-9E40-4156-89A7-FD5C3BD94416}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{294A6600-B6E3-4144-BCBE-8AC9CC526EB4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfarebeta\Binaries\Win64\CMW.exe
FirewallRules: [{6DEEF6B8-E529-4457-A9DB-C291ED22E1A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfarebeta\Binaries\Win64\CMW.exe
FirewallRules: [{29EC2E2F-C7BF-4052-9CFF-9B55D043CD75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfarebeta\Binaries\Win32\CMW.exe
FirewallRules: [{CB0FB820-EA17-4FB1-98D8-72AE02CB1435}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfarebeta\Binaries\Win32\CMW.exe
FirewallRules: [{B7CCF34D-3853-4D46-91DC-50565F25FB77}] => (Allow) LPort=5055
FirewallRules: [{FFA398DA-1F16-4C4E-BDBF-0C410252149E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{F3DAC04F-5E86-44FF-B141-7166AEFC1E3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{AA0298E6-2DCD-46A3-9811-8A517BBEB50D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{03E8653C-41C5-474E-B463-180359D0F7AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{7723023E-B938-4393-95D3-80D75AAF07EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{BCA429F5-A8AF-4464-9B2D-4B98178CB2E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{96CC2407-82FF-4CD6-B6C7-312E0A3D64D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{A48C12AB-F588-478D-9C7E-52F0A7CEAD06}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{8D501386-502C-4281-928B-3BCC1FBE9903}] => (Allow) C:\Users\rocke_000\Downloads\Blackshot_GarenaPlus_Installer.exe
FirewallRules: [{4BC595A8-99F1-45EF-8D55-2DEF2254CE7B}] => (Allow) C:\Users\rocke_000\Downloads\Blackshot_GarenaPlus_Installer.exe
FirewallRules: [{EB9B593C-2C4F-4438-AE4F-1B994D5BEB79}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{BCE9EE0B-D962-4AF2-9D80-6A66D8C5C649}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [TCP Query User{BAD1560C-DDB0-4DEF-8D5A-970304ED28C3}C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe] => (Allow) C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe
FirewallRules: [UDP Query User{5C6CC9B4-6594-4D65-84D4-142475917F42}C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe] => (Allow) C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe
FirewallRules: [TCP Query User{DDCCB46B-DA7A-45B5-B8AA-954B291C569E}C:\users\rocke_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rocke_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{FF652E8A-B0BD-4036-9FA3-D4D3CA0A8282}C:\users\rocke_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rocke_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{81698117-AD30-4D0D-A797-09627A694921}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{1EEC7742-A72E-49BD-8499-C948CE401225}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{A3E83662-4720-465F-9139-14052CD7F78D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{71138D22-E4AB-4950-93D7-FDD58F76A733}C:\users\rocke_000\downloads\call of duty modern warfare 3 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 3\iw5mp.exe] => (Allow) C:\users\rocke_000\downloads\call of duty modern warfare 3 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [UDP Query User{AE620AF4-C37B-4843-929C-819D8CD32B80}C:\users\rocke_000\downloads\call of duty modern warfare 3 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 3\iw5mp.exe] => (Allow) C:\users\rocke_000\downloads\call of duty modern warfare 3 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [TCP Query User{5658AEED-845B-41E2-810B-D6C3EAF338F2}C:\users\rocke_000\downloads\call of duty modern warfare 3 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 3\iw5sp.exe] => (Allow) C:\users\rocke_000\downloads\call of duty modern warfare 3 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [UDP Query User{EB2CDA27-114D-49A9-9806-C06822F235D3}C:\users\rocke_000\downloads\call of duty modern warfare 3 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 3\iw5sp.exe] => (Allow) C:\users\rocke_000\downloads\call of duty modern warfare 3 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{83E90A02-E72B-4DFF-B671-3119FCF6FDAF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{AF782C86-4DA7-4FBB-888B-D81090E820FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{440DD383-2138-4C8B-94C5-1434ECE8BCED}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D30502D6-7858-4AF6-83AC-4BA6BD4B852B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{02937BA0-AD0E-4C57-B1E7-21CF7F315250}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{48B5A5F4-E89C-44A1-A7EA-2EAF294CAA1E}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{8AD1C12C-7AFE-4ADB-9FDB-696EDB6EF652}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{576CE0B8-2E4C-407A-A9D0-4D3E0E4A1039}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{6FC0128F-62BF-4002-A1E6-B59833C3F163}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{44C7C9E5-F9F5-4A44-9383-7E415412269A}] => (Allow) C:\Program Files (x86)\123CopyDVDPlatinum 2013\123CopyDVDPlatinum.exe
FirewallRules: [{2AA5289E-51D2-4C90-9F7F-7E1AEAB2BDEA}] => (Allow) C:\Program Files (x86)\123CopyDVDPlatinum 2013\123CopyDVDPlatinum.exe
FirewallRules: [{87429B70-1A30-4746-B536-FE65926FFB4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{94F50416-0EB1-494A-BDD9-69008A280587}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{07545A6C-15F7-4206-81B5-344A7AF642D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{2742EACA-0DBB-4F24-A02D-A61674282607}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{D4C16A65-7CA3-49E3-9EAD-48F5940D439B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{34B9AEF7-490A-4522-9800-C130A3B9AAF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{88F1C2C8-5E85-446D-9235-52EBC2FA64A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D141E716-5384-4400-B420-80DDE669F95C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2A08F459-9758-48C4-B5BB-0D4B2C4C102B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{430864FB-F730-47DE-84EA-D5E9FFA22583}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [{EFE7D8E6-5155-45E1-AACC-2AAC66E231C4}] => (Allow) LPort=12292
FirewallRules: [{5E213D1D-1DC1-4ACD-BF03-43E2640527B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9AF87A04-5C3B-4890-892C-F5F5D78A731B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5EE3CBDD-BA87-4691-AA31-76CFC7BD856F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{04DF7A20-64BF-4B18-ADBB-F7C95FBD02E6}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敮浴杮睜湩敮浴杮攮數
FirewallRules: [{504ADC24-9ECB-4D48-BF22-195BC0CFAF92}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敮浴杮牜獥睴湩敮浴杮攮數
FirewallRules: [{182B6C82-59EB-4394-A562-F995DB9E3E04}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敮浴杮睜湩敮浴杮⹟硥e
FirewallRules: [{14969E3C-3C76-4A4F-9967-F60B91C6A294}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敮浴杮牜獥睴湩敮浴杮⹟硥e
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/05/2015 06:27:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (10/04/2015 09:53:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (10/04/2015 09:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (10/04/2015 09:29:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/04/2015 09:09:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (10/04/2015 09:06:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/04/2015 09:00:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a34
 
Start Time: 01d0fea3f4080c72
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: e8383d16-6a97-11e5-8008-94de80248a93
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (10/01/2015 10:41:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (10/01/2015 10:39:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/01/2015 10:37:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
 
System errors:
=============
Error: (10/04/2015 10:01:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.
 
Error: (10/04/2015 09:40:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.
 
Error: (10/04/2015 09:18:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.
 
Error: (10/01/2015 10:50:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.
 
Error: (10/01/2015 10:37:31 PM) (Source: DCOM) (EventID: 10005) (User: BENNYDAWG)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (10/01/2015 10:37:31 PM) (Source: DCOM) (EventID: 10005) (User: BENNYDAWG)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (10/01/2015 10:37:24 PM) (Source: DCOM) (EventID: 10005) (User: BENNYDAWG)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (10/01/2015 10:37:17 PM) (Source: DCOM) (EventID: 10005) (User: BENNYDAWG)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (10/01/2015 10:37:13 PM) (Source: DCOM) (EventID: 10005) (User: BENNYDAWG)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (10/01/2015 10:37:13 PM) (Source: DCOM) (EventID: 10005) (User: BENNYDAWG)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8120 Eight-Core Processor 
Percentage of memory in use: 34%
Total physical RAM: 8189.53 MB
Available physical RAM: 5374.17 MB
Total Virtual: 9469.53 MB
Available Virtual: 6445.45 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:926.19 GB) (Free:113.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1ACEE9D7)
Partition 1: (Active) - (Size=450 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=926.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.9 GB) - (Type=27)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:27 AM

Posted 07 October 2015 - 10:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove the programs in bold using the Add/Remove Programs applet.

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BrowserSafeguard with RocketTab (HKLM-x32\...\Browsersafeguard) (Version: - Browsersafeguard) <==== ATTENTION
CursorMania Toolbar Chrome Extension (HKLM-x32\...\CursorMania_7l Chrome Extension Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
iVIDI Plugin 1.3 (HKLM-x32\...\iVIDI Plugin) (Version: 1.3 - iVIDI Plugin, Inc.) <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\ProgramData\DataFile\Downloads\DV.exe
() C:\Users\rocke_000\AppData\Roaming\SSN\ssn.exe
(Google) C:\Users\rocke_000\AppData\Local\Temp\B387.exe
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [Save Serp Now] => C:\Users\rocke_000\AppData\Roaming\SSN\updssn.exe [26112 2014-11-21] ()
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [DV] => C:\ProgramData\DataFile\Downloads\DV.exe [277504 2015-09-04] ()
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File
SearchScopes: HKLM-x32 -> DefaultScope {AD4BB8D9-6E10-43C6-B736-527CD2F575BE} URL =
SearchScopes: HKU\S-1-5-21-1419771028-2711009181-792879645-1002 -> DefaultScope {AD4BB8D9-6E10-43C6-B736-527CD2F575BE} URL =
SearchScopes: HKU\S-1-5-21-1419771028-2711009181-792879645-1002 -> {61CF75BE-04DE-4774-ADFF-3034AC4DDE31} URL =
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [No File]
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [chbahmpboddgndmkcmjdcebbipllabim] - C:\Program Files (x86)\CursorMania_7l Chrome Extension\bar\CursorMania@mindspark.com.gen1 <not found>
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
C:\ProgramData\DataFile\Downloads\DV.exe
C:\Users\rocke_000\AppData\Roaming\SSN\
C:\Program Files\OutfoxTV
C:\ProgramData\KeyStream
C:\Users\rocke_000\AppData\Local\32100e27-7020-431b-b0a5-36347042227c
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {3316E27B-9AF2-4DD8-8A96-39C677057005} - \SMW_UpdateTask_Time_323331383034343036362d2d55506c2a5a55576c412334 -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {508288F4-F4F3-4F10-AB05-E44614F2286A} - System32\Tasks\GEGTD1 => C:\ProgramData\KeyStream\KeyStream.exe <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {A0D389ED-C0A7-4003-885B-79143FDDF5D8} - System32\Tasks\RunTool => C:\Users\rocke_000\AppData\Local\32100e27-7020-431b-b0a5-36347042227c\sysad.exe <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {FAEB1BFF-C758-40CE-BA42-224E28E656EA} - \Inst_Rep -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GEGTD1.job =>

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#3 I NEED YOU

I NEED YOU
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 10 October 2015 - 06:18 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:10-10-2015
Ran by rocke_000 (2015-10-10 19:12:18) Run:1
Running from C:\Users\rocke_000\Downloads\FRST-OlderVersion
Loaded Profiles: rocke_000 (Available Profiles: rocke_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\ProgramData\DataFile\Downloads\DV.exe
() C:\Users\rocke_000\AppData\Roaming\SSN\ssn.exe
(Google) C:\Users\rocke_000\AppData\Local\Temp\B387.exe
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [Save Serp Now] => C:\Users\rocke_000\AppData\Roaming\SSN\updssn.exe [26112 2014-11-21] ()
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\...\Run: [DV] => C:\ProgramData\DataFile\Downloads\DV.exe [277504 2015-09-04] ()
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File
SearchScopes: HKLM-x32 -> DefaultScope {AD4BB8D9-6E10-43C6-B736-527CD2F575BE} URL =
SearchScopes: HKU\S-1-5-21-1419771028-2711009181-792879645-1002 -> DefaultScope {AD4BB8D9-6E10-43C6-B736-527CD2F575BE} URL =
SearchScopes: HKU\S-1-5-21-1419771028-2711009181-792879645-1002 -> {61CF75BE-04DE-4774-ADFF-3034AC4DDE31} URL =
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [No File]
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [chbahmpboddgndmkcmjdcebbipllabim] - C:\Program Files (x86)\CursorMania_7l Chrome Extension\bar\CursorMania@mindspark.com.gen1 <not found>
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
C:\ProgramData\DataFile\Downloads\DV.exe
C:\Users\rocke_000\AppData\Roaming\SSN\
C:\Program Files\OutfoxTV
C:\ProgramData\KeyStream
C:\Users\rocke_000\AppData\Local\32100e27-7020-431b-b0a5-36347042227c
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {3316E27B-9AF2-4DD8-8A96-39C677057005} - \SMW_UpdateTask_Time_323331383034343036362d2d55506c2a5a55576c412334 -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {508288F4-F4F3-4F10-AB05-E44614F2286A} - System32\Tasks\GEGTD1 => C:\ProgramData\KeyStream\KeyStream.exe <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {A0D389ED-C0A7-4003-885B-79143FDDF5D8} - System32\Tasks\RunTool => C:\Users\rocke_000\AppData\Local\32100e27-7020-431b-b0a5-36347042227c\sysad.exe <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {FAEB1BFF-C758-40CE-BA42-224E28E656EA} - \Inst_Rep -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GEGTD1.job =>
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\DataFile\Downloads\DV.exe => No running process found
C:\Users\rocke_000\AppData\Roaming\SSN\ssn.exe => No running process found
C:\Users\rocke_000\AppData\Local\Temp\B387.exe => No running process found
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV => value removed successfully
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Save Serp Now => value removed successfully
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\Software\Microsoft\Windows\CurrentVersion\Run\\DV => value removed successfully
"C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL" => Value data removed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1419771028-2711009181-792879645-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1419771028-2711009181-792879645-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{61CF75BE-04DE-4774-ADFF-3034AC4DDE31}" => key removed successfully
HKCR\CLSID\{61CF75BE-04DE-4774-ADFF-3034AC4DDE31} => key not found. 
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@popularscreensavers.com/Plugin" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\chbahmpboddgndmkcmjdcebbipllabim" => key removed successfully
EagleX64 => service removed successfully
xhunter1 => service removed successfully
C:\ProgramData\DataFile\Downloads\DV.exe => moved successfully
C:\Users\rocke_000\AppData\Roaming\SSN => moved successfully
"C:\Program Files\OutfoxTV" => File/Folder not found.
"C:\ProgramData\KeyStream" => File/Folder not found.
C:\Users\rocke_000\AppData\Local\32100e27-7020-431b-b0a5-36347042227c => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3316E27B-9AF2-4DD8-8A96-39C677057005}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3316E27B-9AF2-4DD8-8A96-39C677057005}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323331383034343036362d2d55506c2a5a55576c412334 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{508288F4-F4F3-4F10-AB05-E44614F2286A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{508288F4-F4F3-4F10-AB05-E44614F2286A}" => key removed successfully
C:\WINDOWS\System32\Tasks\GEGTD1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GEGTD1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0D389ED-C0A7-4003-885B-79143FDDF5D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0D389ED-C0A7-4003-885B-79143FDDF5D8}" => key removed successfully
C:\WINDOWS\System32\Tasks\RunTool => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunTool" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAEB1BFF-C758-40CE-BA42-224E28E656EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAEB1BFF-C758-40CE-BA42-224E28E656EA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found. 
Task: C:\WINDOWS\Tasks\GEGTD1.job => => not found.


#4 I NEED YOU

I NEED YOU
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 10 October 2015 - 06:32 PM

I ran adware but didn't reset chrome. I know how I got infected with it, so if I don't reset my browser and just never download from there again will I be alright?



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:27 AM

Posted 11 October 2015 - 08:09 AM


I ran adware but didn't reset chrome. I know how I got infected with it, so if I don't reset my browser and just never download from there again will I be alright?


If Chrome is working OK there is no need to reset it.


and just never download from there again will I be alright

Download from where?

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:27 AM

Posted 17 October 2015 - 08:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users