Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS keeps changing to 127.0.0.1


  • This topic is locked This topic is locked
6 replies to this topic

#1 Kaicar

Kaicar

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 26 November 2015 - 08:43 AM

Hello, I have had this problem for about 2-3 weeks and I have tried everything I can think of. I cannot connect to google chrome or any online browser, yet my Skype is still working and can connect just fine. I can set the DNS to "obtain DNS server address automaticallly" and I will be able to connect for a few minutes, then it will automatically switch back to the 127.0.0.1 DNS. I realise that it is most likely a virus, but I have already tried using Norton 360, and MalwareBytes to remove the virus and have run 4 scans on MalwareBytes. It found over 600 things wrong with my computer the first time and removed all of them, yet no change. The other scans detected nothing. I have no idea how to remove this and fix the solution.
 
Any help would be hugely appreciated.
 
Thank you.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:44 AM

Posted 26 November 2015 - 11:07 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Kaicar

Kaicar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 26 November 2015 - 11:38 AM

Hello, thanks for the reply.

 

I did as said and ran the scan and here are my results:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 02
Ran by Kai (administrator) on KAI-PC (26-11-2015 16:29:12)
Running from C:\Users\Kai\Desktop
Loaded Profiles: Kai (Available Profiles: Kai)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files (x86)\PenWes\Penwes.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\ns.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\ns.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\loggingserver.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(McAfee Inc.) C:\Program Files\McAfee\Real Protect\RealProtect.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hotger) C:\Users\Kai\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.exe
(Spotify Ltd) C:\Users\Kai\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Flux Software LLC) C:\Users\Kai\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Elgato Systems GmbH) C:\Program Files (x86)\Elgato\GameCapture\GameCapture.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2569616 2015-10-08] ()
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-05-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11324368 2015-10-07] (Micro-Star INT'L CO., LTD.)
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [1710448 2015-11-19] (McAfee Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\Run: [Google Update] => C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\Run: [Flvto Youtube Downloader] => C:\Users\Kai\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.exe [494592 2015-01-28] (Hotger)
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\Run: [Spotify Web Helper] => C:\Users\Kai\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-12] (Spotify Ltd)
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\Run: [AvgUpdater0615tb] => C:\ProgramData\Avg_Update_0615tb\0615tb_{61AD9651-D24D-44B7-A7CD-C8EEE17EDE25}.exe  /SETINFO /CMPID=0615tb /INFORETRY=2
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\Run: [Google Photos Backup] => C:\Users\Kai\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3787080 2015-10-13] (Google, Inc)
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\Run: [f.lux] => C:\Users\Kai\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-09-20] (Google Inc.)
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\MountPoints2: {84c97c08-d0c1-11e1-95a4-806e6f6e6963} - D:\setup\rsrc\Autorun.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{21818883-4527-4215-9F96-110DA78A6B8E}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{2F757580-D2A7-426B-803E-D104504D215E}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{47AA509C-692E-49AC-B8FC-90252AD8CE5C}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{4E774CD2-1F89-4116-96E4-301698E2A319}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{57BA31BA-D14A-49D4-A64F-4A5D268026AF}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{79A6E748-879E-46C1-877D-A816693DE83B}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{90FF0027-DE1F-4BB4-B694-BA0EAEF6ED91}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9DAA3F92-E5D2-4A2C-AA4D-360156B23221}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{9DAA3F92-E5D2-4A2C-AA4D-360156B23221}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{F17146B1-6B5C-456E-B3AD-9C435F2F7564}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{F2BB9FA5-AD08-4610-9788-F6269F1BC985}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{F2BB9FA5-AD08-4610-9788-F6269F1BC985}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKLM -> {61FAC4CF-BBC1-54A3-0689-73E1AC1DE22E} URL = 
SearchScopes: HKU\S-1-5-21-1352275449-1334618009-3794797507-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={A35D7952-0204-406E-B5B1-B7EAE069BC59}&mid=8b5ed6b05c3847d0bd8e81ac0f2ef01d-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=fp011&coid=avgtbdisfp&cmpid=0915tb&pr=sa&d=2014-04-21 00:27:40&v=18.8.0.179&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2013-05-22] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2015-05-04] (PasswordBox, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-10] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.9.0.231\AVG SafeGuard toolbar_toolbar.dll [2015-10-08] (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2013-05-22] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-10] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2013-05-22] (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2013-05-22] (McAfee, Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.9.0.231\AVG SafeGuard toolbar_toolbar.dll [2015-10-08] (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2013-05-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2013-05-22] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2013-05-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2013-05-22] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.9.0\ViProtocol.dll [2015-10-08] (AVG Secure Search)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll [2012-07-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-12-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.9.0\\npsitesafety.dll [No File]
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-10] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-05-22] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\npSSOAxCtrlForPTLogin.dll [2013-01-25] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-12-19] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1352275449-1334618009-3794797507-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kai\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1352275449-1334618009-3794797507-1001: @talk.google.com/O1DPlugin -> C:\Users\Kai\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1352275449-1334618009-3794797507-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Kai\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-1352275449-1334618009-3794797507-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Kai\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-1352275449-1334618009-3794797507-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-21] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Kai\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kai\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-06-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFPlgn [2015-11-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Turn Off the Lights) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-08-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Profile: C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Google Docs) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]
CHR Extension: (YouTube) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Google Sheets) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (SiteAdvisor) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-14]
CHR Extension: (Skype Click to Call) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (VisualBee V.11) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oiffmnkajgkhjjchngmajlomfdhfjdma [2015-01-14] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3287810&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Newtab) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2015-01-14] [UpdateUrl: hxxp://update.speedial.com/addons/mysearchdial-ch.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-11-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-11-17]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-06-26]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
StartMenuInternet: Google Chrome.PCYKHFCSB43L43O4AUKKTQKJCA - C:\Users\Kai\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-05-05] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [192000 2009-09-02] (IVT Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [23504 2014-12-25] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2013-02-12] (Hi-Rez Studios) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1779664 2015-10-07] (Micro-Star INT'L CO., LTD.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe [282016 2015-07-16] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S2 PenWesController; C:\Program Files (x86)\Penwes\PenwesService.exe [1515008 2013-10-19] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-13] ()
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)
R2 vToolbarUpdater18.9.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe [1862032 2015-10-08] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()
S2 N360; "C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\diMaster.dll" /prefetch:1
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [297160 2015-05-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-11-13] (Symantec Corporation)
S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [36872 2009-06-17] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2009-06-17] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47880 2009-08-28] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-08-26] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [34440 2009-08-26] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows ® Server 2003 DDK provider)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605040.018\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-26] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20151125.001\IDSvia64.sys [767224 2015-11-13] (Symantec Corporation)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-08-26] (IVT Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151125.038\ENG64.SYS [138488 2015-11-17] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151125.038\EX64.SYS [2148080 2015-11-17] (Symantec Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-11-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 TBPanel; no ImagePath
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [17032 2009-08-26] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [43912 2009-08-28] (IVT Corporation.)
S3 EtronHub3; System32\Drivers\EtronHub3.sys [X]
S3 EtronXHCI; System32\Drivers\EtronXHCI.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-26 16:29 - 2015-11-26 16:30 - 00039011 _____ C:\Users\Kai\Desktop\FRST.txt
2015-11-26 16:28 - 2015-11-26 16:29 - 00000000 ____D C:\FRST
2015-11-26 16:26 - 2015-11-26 16:26 - 02348544 _____ (Farbar) C:\Users\Kai\Desktop\FRST64.exe
2015-11-25 23:58 - 2015-11-25 23:57 - 746464736 _____ C:\Users\Kai\Desktop\My Great Game - My Great Capture - 2015-11-25 11-50-57 (1).mp4
2015-11-22 14:48 - 2015-11-22 14:48 - 00204564 _____ C:\Windows\system32\cc_20151122_144745.reg
2015-11-20 22:01 - 2015-11-20 22:01 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-19 18:28 - 2015-11-19 18:28 - 00000000 ____D C:\Program Files (x86)\stinger
2015-11-19 18:21 - 2015-11-19 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-11-19 18:21 - 2015-11-19 18:25 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-18 19:51 - 2015-11-18 19:51 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2015-11-17 16:06 - 2015-11-18 19:43 - 00002299 _____ C:\Users\Public\Desktop\Norton Security.LNK
2015-11-17 16:02 - 2015-11-18 19:44 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2015-11-17 16:02 - 2015-11-18 19:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-11-17 16:02 - 2015-11-17 16:02 - 00000000 ____D C:\Program Files (x86)\Norton Security
2015-11-17 15:33 - 2015-11-17 15:33 - 00000000 ____D C:\ProgramData\Lavasoft
2015-11-17 15:33 - 2015-11-17 15:33 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-15 20:23 - 2015-10-29 17:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-15 20:23 - 2015-10-29 17:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-15 20:23 - 2015-10-29 17:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-15 20:23 - 2015-10-29 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-15 20:23 - 2015-10-29 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-15 20:23 - 2015-10-29 17:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-15 20:23 - 2015-10-29 17:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-15 20:23 - 2015-10-17 18:15 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-15 20:23 - 2015-10-17 18:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-15 20:23 - 2015-10-17 18:10 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-15 20:23 - 2015-10-17 18:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-15 20:23 - 2015-10-17 18:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-15 20:23 - 2015-10-17 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-15 20:23 - 2015-10-17 18:04 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-15 20:23 - 2015-10-17 18:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-15 20:23 - 2015-10-17 17:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-15 20:23 - 2015-10-17 17:48 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-15 20:23 - 2015-10-17 17:48 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-15 20:23 - 2015-10-17 17:48 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-15 20:23 - 2015-10-17 17:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-15 20:23 - 2015-10-17 17:48 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-15 20:23 - 2015-10-17 17:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-15 20:23 - 2015-10-17 17:48 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-15 20:23 - 2015-10-17 17:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-15 20:23 - 2015-10-17 17:48 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-15 20:23 - 2015-10-17 17:47 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-15 20:23 - 2015-10-17 17:46 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-15 20:23 - 2015-10-17 17:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-15 20:23 - 2015-10-17 17:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-15 20:23 - 2015-10-17 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-15 20:23 - 2015-10-17 17:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-15 20:23 - 2015-10-17 16:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-15 20:23 - 2015-10-17 16:45 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-15 20:23 - 2015-10-17 16:45 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-15 20:23 - 2015-09-23 13:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-15 20:23 - 2015-09-23 13:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-15 20:23 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 22:06 - 2015-11-11 22:06 - 00000000 ____D C:\Users\Kai\Desktop\Grace 2
2015-11-11 21:52 - 2015-11-21 14:26 - 00000000 ____D C:\Users\Kai\Desktop\Grace
2015-11-05 20:33 - 2015-11-11 19:03 - 00000000 ____D C:\Users\TEMP
2015-11-05 20:33 - 2015-09-20 19:00 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google
2015-11-05 20:33 - 2014-05-29 11:29 - 00000000 ____D C:\Users\TEMP\AppData\Local\Overwolf
2015-11-05 20:33 - 2013-03-20 15:23 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2015-11-05 20:33 - 2013-02-01 16:33 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software
2015-11-05 20:33 - 2013-01-29 11:24 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2015-11-05 20:33 - 2010-11-21 07:16 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2015-10-28 17:22 - 2015-10-29 14:26 - 00000000 ___RD C:\Users\Kai\Documents\MEGAsync
2015-10-28 17:22 - 2015-10-28 17:43 - 00000000 ____D C:\Users\Kai\Documents\MEGAsync Downloads
2015-10-28 17:20 - 2015-10-28 17:20 - 00000000 ____D C:\Users\Kai\AppData\Local\Mega Limited
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-26 16:28 - 2009-07-14 03:20 - 00000000 ____D C:\Windows
2015-11-26 16:27 - 2012-07-19 15:27 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Skype
2015-11-26 16:16 - 2013-07-07 00:11 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1352275449-1334618009-3794797507-1001UA.job
2015-11-26 16:08 - 2014-02-18 19:49 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1352275449-1334618009-3794797507-1001UA.job
2015-11-26 15:59 - 2014-04-17 20:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-26 15:55 - 2012-10-24 13:57 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{83C4E66D-598A-46EB-B7F1-5CEFEDB7DE5C}
2015-11-26 15:54 - 2012-09-04 16:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-26 15:46 - 2012-07-19 16:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-26 13:30 - 2009-07-14 04:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-26 13:30 - 2009-07-14 04:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-26 13:13 - 2014-04-14 11:17 - 00005063 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2015-11-26 13:13 - 2014-02-05 18:05 - 00000374 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2015-11-26 13:13 - 2014-02-05 18:05 - 00000372 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2015-11-26 13:13 - 2012-09-04 16:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-26 13:13 - 2009-09-07 14:42 - 00000943 _____ C:\Windows\SysWOW64\bscs.ini
2015-11-26 13:13 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-26 13:12 - 2012-07-18 10:42 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-26 00:15 - 2015-09-20 17:59 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-11-26 00:05 - 2012-07-20 11:07 - 00000000 ____D C:\Users\Kai\AppData\Local\CrashDumps
2015-11-24 20:32 - 2013-02-10 16:13 - 00000000 ____D C:\Users\Kai\Documents\Homework Kai
2015-11-24 18:47 - 2013-11-21 22:03 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2015-11-20 22:59 - 2013-10-20 18:21 - 00000000 ____D C:\ProgramData\APN
2015-11-20 22:59 - 2013-04-27 13:55 - 00000000 ____D C:\ProgramData\Birowsey22saave
2015-11-20 22:59 - 2013-03-10 22:14 - 00000000 ____D C:\Users\Kai\AppData\Local\Flvto Youtube Downloader
2015-11-20 22:01 - 2014-04-17 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-20 22:01 - 2014-04-17 20:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-20 01:39 - 2013-07-07 00:11 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1352275449-1334618009-3794797507-1001Core.job
2015-11-20 00:40 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-11-19 18:29 - 2013-04-09 08:17 - 00000000 ____D C:\Program Files\McAfee
2015-11-19 18:03 - 2014-12-17 16:01 - 00000000 ____D C:\Users\Kai\AppData\Local\LogMeIn Hamachi
2015-11-18 19:44 - 2015-08-18 11:07 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-11-17 20:04 - 2015-08-18 11:07 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-11-17 20:04 - 2015-08-18 11:07 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-11-17 16:06 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-17 16:06 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2015-11-17 16:02 - 2012-07-19 13:16 - 00000000 ____D C:\ProgramData\Norton
2015-11-17 15:53 - 2015-02-07 20:36 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2015-11-17 15:36 - 2013-02-25 20:15 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-17 15:36 - 2013-02-25 20:15 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-11-17 15:36 - 2012-11-07 17:59 - 00000000 ____D C:\Users\Kai\AppData\Roaming\LavasoftStatistics
2015-11-16 19:09 - 2009-07-14 04:45 - 05166064 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-16 19:05 - 2010-11-21 07:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-16 19:04 - 2012-10-03 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-11-16 19:04 - 2012-10-03 17:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-16 18:21 - 2012-07-24 13:46 - 00766336 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-15 22:36 - 2013-08-15 02:02 - 00000000 ____D C:\Windows\system32\MRT
2015-11-15 22:21 - 2012-07-30 11:09 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-15 15:05 - 2012-07-19 12:07 - 00000000 ____D C:\Users\Kai
2015-11-15 15:00 - 2015-04-04 16:45 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-15 15:00 - 2014-04-14 11:23 - 00000000 ____D C:\Users\Kai\AppData\Local\bluesoleil
2015-11-15 15:00 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-15 15:00 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2015-11-15 15:00 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-12 11:51 - 2013-01-01 11:39 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-11-11 22:17 - 2015-03-30 10:44 - 00000000 ____D C:\Users\Kai\Desktop\iPhone Pics
2015-11-11 20:46 - 2012-07-19 16:29 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 20:46 - 2012-07-19 16:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 20:46 - 2012-07-19 16:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 19:41 - 2012-07-19 15:26 - 00000000 ____D C:\ProgramData\Skype
2015-11-11 19:17 - 2015-10-02 15:57 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-11-11 19:17 - 2015-08-18 11:07 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-11-11 19:17 - 2015-08-18 10:58 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-11-11 19:17 - 2015-02-17 16:36 - 00000000 ____D C:\Users\Kai\AppData\Local\Hotger
2015-11-11 19:17 - 2014-10-25 13:22 - 00000000 ____D C:\Users\Kai\Documents\The Lord of the Rings Online
2015-11-11 19:17 - 2014-02-09 12:21 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Spotify
2015-11-11 19:17 - 2014-02-09 12:21 - 00000000 ____D C:\Users\Kai\AppData\Local\Spotify
2015-11-11 19:17 - 2012-07-19 17:14 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-11 19:17 - 2012-07-19 16:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-11-11 19:17 - 2012-07-19 15:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-06 22:06 - 2012-07-20 14:10 - 00000000 ____D C:\Users\Kai\AppData\Local\ElevatedDiagnostics
2015-11-01 13:50 - 2013-02-20 15:07 - 00000000 ____D C:\Users\Kai\Documents\YouTubeDownloads
2015-10-29 22:05 - 2014-01-06 11:57 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Adobe
2015-10-29 21:51 - 2015-02-01 16:56 - 00000000 ____D C:\Users\Kai\AppData\Local\Adobe
2015-10-28 23:07 - 2012-07-19 13:36 - 00000000 ____D C:\Users\Kai\AppData\Roaming\.minecraft
 
==================== Files in the root of some directories =======
 
2014-11-02 16:57 - 2014-11-02 16:57 - 0000132 _____ () C:\Users\Kai\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-06-13 22:43 - 2014-06-13 22:53 - 0000098 _____ () C:\Users\Kai\AppData\Roaming\LauncherSettings_live.cfg
2013-02-04 18:23 - 2013-02-04 18:23 - 0703117 _____ () C:\Users\Kai\AppData\Roaming\technic-launcher.jar
2014-06-13 22:24 - 2014-06-13 22:24 - 0008144 _____ () C:\Users\Kai\AppData\Roaming\TheHunterSettings_live.bin
2014-06-13 22:21 - 2014-06-13 22:21 - 0000039 _____ () C:\Users\Kai\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-10-23 19:43 - 2014-10-23 20:27 - 0000600 _____ () C:\Users\Kai\AppData\Roaming\winscp.rnd
2012-10-23 20:21 - 2014-10-23 20:17 - 0008704 _____ () C:\Users\Kai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 21:12 - 2012-08-10 21:12 - 0000058 _____ () C:\Users\Kai\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-10-23 19:28 - 2014-10-23 19:42 - 0000600 _____ () C:\Users\Kai\AppData\Local\PUTTY.RND
2013-01-28 10:40 - 2013-01-28 10:40 - 0004670 _____ () C:\Users\Kai\AppData\Local\recently-used.xbel
2012-08-03 11:24 - 2012-08-03 11:24 - 0000017 _____ () C:\Users\Kai\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Kai\AppData\Local\Temp\devcon64.exe
C:\Users\Kai\AppData\Local\Temp\dsp_ipp.dll
C:\Users\Kai\AppData\Local\Temp\DVDChangeDisc.exe
C:\Users\Kai\AppData\Local\Temp\HitmanPro.exe
C:\Users\Kai\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Kai\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kai\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kai\AppData\Local\Temp\nvStInst.exe
C:\Users\Kai\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kai\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Kai\AppData\Local\Temp\tmpE3F8.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-01 14:53
 
==================== End of FRST.txt ============================
 
 
 
Addition Text:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02
Ran by Kai (2015-11-26 16:30:50)
Running from C:\Users\Kai\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-19 12:07:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1352275449-1334618009-3794797507-500 - Administrator - Disabled)
Guest (S-1-5-21-1352275449-1334618009-3794797507-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1352275449-1334618009-3794797507-1003 - Limited - Enabled)
Kai (S-1-5-21-1352275449-1334618009-3794797507-1001 - Administrator - Enabled) => C:\Users\Kai
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)
4K Video Downloader 3.4 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.4.3.1485 - Open Media LLC)
ACP Application (Version: 2.15.20.0015 - Advanced Micro Devices, Inc.) Hidden
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.41 - Lavasoft)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{8F62BC70-DBB4-802D-1E1E-13630D9BA4D2}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 12.0.4000.108 - AVG Technologies)
AVG PC TuneUp (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.9.0.231 - AVG Technologies)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - )
Bluesoleil 5.4.277.0 (HKLM\...\{FBBAB883-0BEE-4744-8062-281B213ADC1E}) (Version: 5.4.277.0 - IVT Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® - World at War™ (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision)
Call of Duty® - World at War™ (x32 Version: 1.0 - Activision) Hidden
Call of Duty® - World at War™ 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War™ 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty® - World at War™ 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War™ 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty® - World at War™ 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War™ 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty® - World at War™ 1.5 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War™ 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty® - World at War™ 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War™ 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty® - World at War™ 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War™ 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Color Suite v11.0.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.0.4 - Red Giant, LLC)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version:  - Techland)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.88 - NCH Software)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DIY DataRecovery iRecover (HKLM-x32\...\iRecover_is1) (Version: 6.1 - DIY DataRecovery.nl)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Easy Tune 6 B11.1206.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.1206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Elgato Game Capture HD (HKLM-x32\...\{BB6E10AB-CB79-463F-9548-B7DCEDC3BF28}) (Version: 1.42.24.539 - Elgato Systems GmbH)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EXPERTool 7.21 (HKLM-x32\...\MySSID_is1) (Version:  - Gainward Co., Ltd)
f.lux (HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\Flux) (Version:  - )
Facebook Messenger 2.1.4801.0 (HKLM-x32\...\{823ECDD2-E8E9-4E46-AB97-44516A27288E}) (Version: 2.1.4801.0 - Facebook)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
ffdshow v1.1.4369 [2012-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4369.0 - )
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.6.0 - Hotger)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
GenArts Sapphire Plug-ins 7.03 for After Effects and Compatible (HKLM\...\GenArts Sapphire AE_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Photos Backup (HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\Google Photos Backup) (Version: 1.1.1.259 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Gyazo 2.0.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc. & Toshiyuki Masui)
HandBrake 0.9.9 (HKLM-x32\...\HandBrake) (Version: 0.9.9 - )
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JC2-MP version 0.0.11 (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.11 - )
join.me (HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\JoinMe) (Version: 1.10.1.255 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LEGO Racers (HKLM-x32\...\LEGO Racers) (Version:  - )
Magic Bullet Looks Vegas (HKLM-x32\...\Magic Bullet Looks Vegas) (Version:  - )
Magic Bullet Suite 32-bit (HKLM-x32\...\InstallShield_{A93C9142-A903-4038-884C-F4F34D44ACB6}) (Version: 11.1.1 - Red Giant Software)
Magic Bullet Suite 32-bit (x32 Version: 11.1.1 - Red Giant Software) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.1 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.4.1 - Red Giant Software) Hidden
MAGIX Movie Edit Pro MX (HKLM-x32\...\MAGIX_MSI_Videodeluxe18) (Version: 11.0.0.38 - MAGIX AG)
MAGIX Movie Edit Pro MX (x32 Version: 11.0.0.38 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\{9BCEBB5D-D92C-4EF3-AE32-F5DAECEADC70}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{C37B96E2-7167-498F-8EFB-E8D75A952485}) (Version: 7.0.1.27 - MAGIX AG)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.168 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MP3 Skype recorder (HKLM-x32\...\{78A8FADA-B8DF-4AA4-AED7-C91EE58EB7E9}) (Version: 4.6.1.0 - Alexander Nikiforov)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 4.0.0.08 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.009 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-9817a0d4-e5eb-45cb-8232-f3cf6acd2462) (Version:  - Epic Games, Inc.)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.5.12.11 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.3.7.2735 - Electronic Arts, Inc.)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PenWes [11186] (HKLM-x32\...\Penwes) (Version:  - ) <==== ATTENTION
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PhoneClean 3.4.0 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 3.4.0 - iMobie Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Prototype (HKLM-x32\...\Steam App 10150) (Version:  - Radical Entertainment)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Arctosa (HKLM-x32\...\{2D9C81F2-CF30-47F9-860E-58DACF92ABC9}) (Version: 1.00.0000 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6511 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.7.26.0 - Red Giant, LLC)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Speedshifter (HKLM-x32\...\Speedshifter) (Version: 4.0.0 - UNKNOWN)
Speedshifter (x32 Version: 4.0.0 - UNKNOWN) Hidden
SpinTires Tech Demo (June 060613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
Spotify (HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
Supraball (HKLM-x32\...\Supraball) (Version:  - Supra Games Gbr)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{8F3B3E8F-2F4A-445D-B6BC-9CB45AF4C5E3}) (Version: 2.2.1.0 - Husdawg, LLC)
Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea, Co.LTD)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10.1 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Lord of the Rings Online™ v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.)
theHunter (HKLM-x32\...\Steam App 253710) (Version:  - Expansive Worlds)
Trapcode Starglow (HKLM-x32\...\Trapcode Starglow) (Version:  - )
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)
Trapcode Suite 64-bit (Version: 12.1.3 - Red Giant) Hidden
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - )
Twixtor 5, After Effects-compatible plugin set (HKLM-x32\...\Twixtor 5, After Effects-compatible plugin set) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 11.0 (64-bit) (HKLM\...\{7DA57CC0-029B-11E2-A4C0-F04DA23A5C58}) (Version: 11.0.701 - Sony)
Vegas Pro 12.0 (64-bit) (HKLM\...\{7963F870-6575-11E2-A4D9-F04DA23A5C58}) (Version: 12.0.486 - Sony)
VIS (HKLM-x32\...\VIS) (Version:  - ) <==== ATTENTION
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
XSplit (HKLM-x32\...\{DAA18A0D-A57C-4611-B135-46EA06990E7D}) (Version: 1.2.1303.0101 - SplitMediaLabs)
XSplit Gamecaster (HKLM-x32\...\{7CBDC2CD-F5C7-4DD3-91C8-1E4D68924955}) (Version: 1.9.1409.2308 - SplitmediaLabs)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1352275449-1334618009-3794797507-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Kai\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1352275449-1334618009-3794797507-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kai\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
19-11-2015 18:01:21 Removed LogMeIn Hamachi
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2013-09-08 20:40 - 00000921 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 65.52.240.48 
127.0.0.1 activation.cloud.techsmith.com 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0914CC97-232E-45D5-BB7D-314D328E07C3} - \Funmoods -> No File <==== ATTENTION
Task: {10BF91DA-53C5-43ED-8070-C6031934EDDD} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2013-11-20] ()
Task: {1A8A034E-0F65-43FC-B759-CCBBFC130BB9} - System32\Tasks\{66CD8DD5-AACB-4C74-A485-277BBC67A913} => pcalua.exe -a "C:\Users\Kai\Desktop\Twixtor Sony Vegas Pro 11\Twixtor5.11OFXInstall.exe" -d "C:\Users\Kai\Desktop\Twixtor Sony Vegas Pro 11"
Task: {1DB4B096-F066-4B3E-9AF4-48ED8211078B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3075D678-F4B7-43A7-BD32-4234DCD3FFA6} - System32\Tasks\{02E83319-2329-4EC2-8DBE-AB112D04EEF2} => pcalua.exe -a "C:\Users\Kai\Desktop\TwixtorOFX Vegas\Twixtor5.11OFXInstall.exe" -d "C:\Users\Kai\Desktop\TwixtorOFX Vegas"
Task: {36C13A2B-A9E4-4D54-A9EF-28F28259AB42} - System32\Tasks\Google Updater and Installer => C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {41DC3624-8B24-4719-9724-06F169DC5EC8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {45FAB800-2740-4695-B33B-89D955761483} - System32\Tasks\{137AEF25-9091-4D1D-B12B-0D8015997EAB} => pcalua.exe -a "C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Task: {497C463E-0DC1-4741-8B59-54444A142D44} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {4D4BB925-B937-4A1D-A446-50ECAC3D243F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {4D7DCB5C-4F30-43E2-9E2B-954F8E184185} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5736C871-6FE1-4ECB-A6C4-749494F6F32B} - System32\Tasks\{94E74959-EC87-4748-A2DE-FF2BED5A10C1} => pcalua.exe -a C:\Users\Kai\AppData\Local\Temp\~vis0000\vcredist_x64.exe -d C:\Users\Kai\AppData\Local\Temp\~vis0000 -c /q:a
Task: {5BB0D639-1B71-4704-B8FF-1FD583A3990E} - System32\Tasks\AVG-Secure-Search-Update_0214b_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {633A4886-6659-44E3-AE87-68E88BE46FB5} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {6BB6D324-5417-4FF2-986F-8F7E7B4F5FCD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {744E9B07-C92D-48D6-AD9F-56E21096C91D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {76944AF1-6F93-47F4-90A4-DC0589709DC2} - System32\Tasks\PC Cleaner Pro Update Job => C:\ProgramData\PC Cleaners\PCCleaners.exe <==== ATTENTION
Task: {77F86267-DA51-4C00-AAC6-578681DC93AF} - System32\Tasks\{6532AD10-547E-4DCC-AC0E-8EB70349F26A} => pcalua.exe -a D:\CDSETUP.EXE -d D:\
Task: {7D744892-2216-4100-97FB-47D880956CDF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe
Task: {7FE9C6AA-D3D8-4D8D-B64C-4C28265C97DE} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {8D05B77E-DA6E-462F-A5FC-DAC36269A886} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {8F571A36-0E6C-406C-A6D6-FE814F4A04D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1352275449-1334618009-3794797507-1001UA => C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A2A42630-D609-4585-A43E-A6C268C2260E} - System32\Tasks\{8E32B96B-0AC1-481E-8F1D-71661B67C8CE} => pcalua.exe -a C:\Users\Kai\Desktop\Downloads\HSB4b-full.exe -d C:\Users\Kai\Desktop\Downloads
Task: {A8DA02A9-DE8E-4548-B213-DE4D7C364375} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {AE9F726C-005D-4986-8616-B9BBD54C2586} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {BB3318A0-C2F0-4817-A213-FE47B30EEDCC} - System32\Tasks\PenWes => C:\Program Files (x86)\PenWes\penwes.exe [2013-10-30] () <==== ATTENTION
Task: {BBBDBBD9-0825-41DF-B43F-8829EC8B6051} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1352275449-1334618009-3794797507-1001UA => C:\Users\Kai\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {C49E3BA7-DF5A-4B4F-A467-6C4105DF62B6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1352275449-1334618009-3794797507-1001Core => C:\Users\Kai\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {C782FF7E-9086-42EF-86BF-988095E339C1} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {D922D60D-AD06-4322-83B4-037D30D12CA5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {DCDE2EDB-1D5C-4550-9AD5-A5DBB9197FD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DFE3A9D3-AF5F-4871-B777-3530C10FA497} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe
Task: {E626F925-3104-41C2-846E-F86292134766} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1352275449-1334618009-3794797507-1001Core => C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E6BE4BEC-E969-4000-9190-82854D2AC623} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {E7ECDA6B-39F7-4B9A-9C72-45D4E95CB854} - System32\Tasks\{1C52FC61-3A89-4780-B162-7E14F1DFB9E0} => pcalua.exe -a C:\Users\Kai\Desktop\Downloads\WM9Codecs.exe -d C:\Users\Kai\Desktop\Downloads
Task: {F20584C6-9625-4EDE-A3EC-4EA926B70BDC} - System32\Tasks\AVG-Secure-Search-Update_0214b_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {F208A756-FF21-44B2-9720-1676D95321AF} - System32\Tasks\{1FA53388-F819-4C88-9569-737CFCA6338D} => pcalua.exe -a C:\Users\Kai\Desktop\Downloads\InstallIW4M.exe -d C:\Users\Kai\Desktop\Downloads
Task: {F7CF535A-DD33-4277-B873-030372FABC4D} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2012-08-23] (AVG)
Task: {FEB5B117-E376-47F1-AC4B-1E593AD6F079} - System32\Tasks\{13041278-E820-4739-BEF7-A8D7B743383A} => pcalua.exe -a "C:\Users\Kai\Desktop\Screen Capturee\Capture.exe" -d "C:\Users\Kai\Desktop\Screen Capturee"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1352275449-1334618009-3794797507-1001Core.job => C:\Users\Kai\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1352275449-1334618009-3794797507-1001UA.job => C:\Users\Kai\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1352275449-1334618009-3794797507-1001Core.job => C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1352275449-1334618009-3794797507-1001UA.job => C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-09-02 08:46 - 2009-09-02 08:46 - 00022016 _____ () C:\Windows\System32\BsTrace.dll
2013-02-19 10:34 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2009-09-02 08:46 - 2009-09-02 08:46 - 00022016 _____ () C:\Windows\system32\BsTrace.dll
2008-03-07 12:54 - 2008-03-07 12:54 - 17892352 _____ () C:\Windows\system32\BsLangInDepRes.dll
2014-05-01 19:29 - 2014-05-01 19:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-10-30 23:46 - 2013-10-30 23:46 - 01710592 _____ () C:\Program Files (x86)\PenWes\penwes.exe
2013-03-23 17:13 - 2013-10-13 09:44 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-10-08 18:21 - 2015-10-08 18:21 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\loggingserver.exe
2009-09-02 08:46 - 2009-09-02 08:46 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2015-09-22 16:15 - 2015-10-08 18:21 - 02569616 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2009-09-02 08:43 - 2009-09-02 08:43 - 00114808 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll
2015-10-20 09:39 - 2005-07-18 12:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2014-05-14 16:45 - 2014-05-14 16:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2015-10-08 18:21 - 2015-10-08 18:21 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\log4cplusU.dll
2015-08-08 09:55 - 2015-07-24 04:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-04-30 07:55 - 2012-04-30 07:55 - 08358400 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2012-04-30 07:55 - 2012-04-30 07:55 - 00151040 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
2012-04-30 07:55 - 2012-04-30 07:55 - 01152512 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2012-04-30 07:55 - 2012-04-30 07:55 - 00333824 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2012-04-30 07:55 - 2012-04-30 07:55 - 00026112 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2009-09-02 08:48 - 2009-09-02 08:48 - 00144384 _____ () C:\Windows\system32\BsProfilefunc.dll
2014-10-16 09:15 - 2014-10-16 09:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 16:41 - 2014-05-24 16:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 16:41 - 2014-05-24 16:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-11-12 21:00 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-12 21:00 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-12 21:00 - 2015-11-07 04:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
2014-06-20 07:32 - 2014-06-20 07:32 - 00236512 _____ () C:\Program Files (x86)\Elgato\GameCapture\GameCapture.XmlSerializers.dll
2013-12-03 09:16 - 2013-12-03 09:16 - 00774144 _____ () C:\Program Files (x86)\Elgato\GameCapture\CFLite.dll
2013-12-03 09:20 - 2013-12-03 09:20 - 01128448 _____ () C:\Program Files (x86)\Elgato\GameCapture\DotNetOpenAuth.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\Kai\Local Settings:7AOEiKryNmBcN8sH6WB3WD
AlternateDataStreams: C:\Users\Kai\Local Settings:8J3LuOfQ1SF06Z6xpBoDeea
AlternateDataStreams: C:\Users\Kai\AppData\Local:7AOEiKryNmBcN8sH6WB3WD
AlternateDataStreams: C:\Users\Kai\AppData\Local:8J3LuOfQ1SF06Z6xpBoDeea
AlternateDataStreams: C:\Users\Kai\AppData\Local\0zMNgDHJovo4e2Z:DxNmhCB15RbUMLGlg8bF2On
AlternateDataStreams: C:\Users\Kai\AppData\Local\Application Data:7AOEiKryNmBcN8sH6WB3WD
AlternateDataStreams: C:\Users\Kai\AppData\Local\Application Data:8J3LuOfQ1SF06Z6xpBoDeea
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\...\sony.com -> sony.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1352275449-1334618009-3794797507-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BrowserDefendert => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: vToolbarUpdater15.3.0 => 2
MSCONFIG\Services: WSWNDA3100 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Arctosa => "C:\Program Files (x86)\Razer\Arctosa\razerhid.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Kai\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GAINWARD => C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SearchProtect => C:\Users\Kai\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_MX\TrayServer_en.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Wallpaper Changer => C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{70C928D1-40BD-4491-9F33-C13E1FCFAB65}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{43C89ABE-B42F-4984-8020-EE0BF98EF355}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{50FB708A-8DE1-47B5-9A52-D2A6D22CDDFE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2B32EDEF-C830-4480-A4D3-032085922001}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69AFDF8E-01C3-40F9-8BDD-0D05E5CF4BF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05DA80B1-A7D0-4D02-A61C-8A3053D73C5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2961EB86-1F51-4EC5-82C3-D454550420CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2B72021-4790-4993-9467-1C11228C89BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BAB5C4F4-C53F-43CB-BD18-B706569B3501}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{F3EA8E45-8D41-407C-AA9E-9E9FBD16D324}C:\users\kai\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kai\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D6BE0A33-77EC-4EF4-9F79-20FCA1B9D915}C:\users\kai\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kai\appdata\roaming\spotify\spotify.exe
FirewallRules: [{938CD065-AF3D-43C2-9F4D-FC1886B78EA4}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{8ABDA897-4C0E-418F-9D36-3D234FAB3327}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [TCP Query User{EF2AD3AA-958F-4F60-BBAD-CA1B315A999F}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{BD66E3B8-A518-4FA0-B2E9-B4305D75D5FF}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [TCP Query User{B8638555-4CC3-4065-B851-00E65D3449D8}C:\program files\sony\vegas pro 12.0\vegas120.exe] => (Allow) C:\program files\sony\vegas pro 12.0\vegas120.exe
FirewallRules: [UDP Query User{2579395E-8E4F-4B60-AB8F-BEF057BCAEA8}C:\program files\sony\vegas pro 12.0\vegas120.exe] => (Allow) C:\program files\sony\vegas pro 12.0\vegas120.exe
FirewallRules: [TCP Query User{B7758E41-E5AC-438B-8BE3-520C5A3B3FD9}C:\users\kai\appdata\local\iw4m\iw4m.dat] => (Allow) C:\users\kai\appdata\local\iw4m\iw4m.dat
FirewallRules: [UDP Query User{761B67AA-C3E8-4E2F-AB5A-970BD02F237A}C:\users\kai\appdata\local\iw4m\iw4m.dat] => (Allow) C:\users\kai\appdata\local\iw4m\iw4m.dat
FirewallRules: [{C3BB35FA-4B75-4565-8B9E-6BFD81FA89F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prototype\prototypef.exe
FirewallRules: [{E0CC891C-DE14-4F80-906A-6A4287279C2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prototype\prototypef.exe
FirewallRules: [{4FF2C6B4-94C1-4975-944D-533C5A08DEA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{2F513332-6014-45B9-B74A-0A0F0673E66B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{054FC24B-9DB9-4E60-A891-40845921E4BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas Ultimate Edition Trailer\smp.exe
FirewallRules: [{0FADE49F-7F45-493F-84AF-3192EF196E1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas Ultimate Edition Trailer\smp.exe
FirewallRules: [{873D8457-5340-44C4-AEA9-7D74A14285AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe
FirewallRules: [{2CB9A80A-3B05-48D6-BE85-98342C5334A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe
FirewallRules: [{6812C55E-A76B-406E-9058-C5A1388299EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{5550868B-AF12-4FC4-BF3F-AC28E462ED72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{40782ABB-6BDA-4D0D-BEC1-8E77D9E4773F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\driver san francisco trailer\smp.exe
FirewallRules: [{CAEAED3C-E385-4919-B115-EB90FD755D4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\driver san francisco trailer\smp.exe
FirewallRules: [{267A2D4A-3F7E-47C5-9B29-41EA2F877F1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{6E76BCC4-2CC2-4896-9430-A49751E24004}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{3BBB17F8-0D77-4B02-95F9-4C758A5A5B45}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{93D18578-2C3B-47FA-B221-7F5EECFFE81A}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{421EEAB8-D310-49D5-AFD0-289E535574DC}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{BE506DDF-7E20-458F-9C03-2E21249B6E84}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{BAEAF8A1-A277-4346-B3AB-1347E20897D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{C9A675A2-3739-4DFF-8260-CF13B4BE6887}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{39DF1593-FBE5-4109-91D0-EAE8F8EBB2E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{7844717A-48BD-4D81-886B-38B7FC2CAC00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{2FFF58AD-9CA6-4099-B327-1B91D743CFEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{2D6F277D-2076-45DB-90C5-681398FFC444}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{1F48AB9C-D23C-4FFE-AA4A-461108496571}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{AB9E7DDF-3777-49FA-9A27-68D5F77ADD89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{BBC8B490-3317-4967-B3C8-034963DC29DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1D7F62B8-44E2-4E65-A984-E8E46BFFFA2E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2B2235E1-6736-4628-A95C-3DE32F9F906E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F43A0D53-45F9-4964-A719-E5AF2527C866}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{63F51884-3269-499D-82EF-52E352B4C81A}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{51E4C3EE-1CAA-40D8-9C4B-2CD3C6CC887B}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{0B901329-B233-4015-936C-D554B32F4845}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B2D4AD9E-9167-46A9-8AC5-B85AF73308B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{660FB2FD-F986-4C36-969A-C5F28D9E7A5E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{00A4062D-4795-4F38-899B-54ACEA731382}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BDAC1413-4F41-46DA-A950-3F98617E9C08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{29322C18-4C70-4F19-BDAE-DF1500AB23CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EFA2FB81-42F8-4032-B882-7AC946009916}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{61BCC4C0-3CF0-400F-88DD-5DFD2E1FD323}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{79D60053-4579-48FB-9479-DD7D7AF40BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B91F380C-994F-428E-99D8-5F92AEF7D1C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{70E2F9ED-D7CE-49EC-A26E-91B49102100E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{93A952BF-2166-46C8-9DD1-515C90FFFA68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BF1D8674-B966-4E5B-813D-61F1CD18293F}] => (Allow) c:\users\kai\appdata\roaming\tencent\call of duty online\teniodl\teniodl.exe
FirewallRules: [{D735A43A-68A8-4F82-BD55-729973D190FF}] => (Allow) c:\users\kai\appdata\roaming\tencent\call of duty online\teniodl\teniodl.exe
FirewallRules: [{FC1300EE-EB5F-424D-821F-85841B59AD3F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CBFDD371-39BB-4F10-B7EA-6215CAE957B5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6CD79D0C-FFA8-4E57-85A8-4D835899C2F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{ACEC5DEB-59FF-4499-81A3-DA3610528E79}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{09D5FBEE-B9D9-4411-A1B7-7DDC93C1871C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{6F3BDAC7-283C-4B4D-883F-6117A792108B}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{2E8FCE71-BA15-4D0C-ABD3-2E70AD31F222}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{C33A182B-D4B5-4FA8-BA30-3D0C301192D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1D5271C7-B57E-4999-9F32-00A4D4A457ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B8A03566-EE9C-4EFF-A156-3780DB585B0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\hdfresco\garrysmod\hl2.exe
FirewallRules: [{7E4F9F4D-2D41-4BBD-BBE1-1D9E8C2DBD00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\hdfresco\garrysmod\hl2.exe
FirewallRules: [{61172B0A-46C2-4FA5-BD53-BDB9A7156B6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7DF78A6D-9089-4F78-ABB1-7C60DF95725C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{97C6B9C8-D474-4D07-8620-0FF94179303F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{36A654B1-D82F-4818-AFF9-8F6E00F2EA37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A4FCC3B4-809F-47AE-A39C-BC5A1B44AF13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\hdfresco\garrysmod\hl2.exe
FirewallRules: [{5CF6D79A-F1C7-47A6-8476-1B48AF0B1E94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\hdfresco\garrysmod\hl2.exe
FirewallRules: [{65C450FB-3233-465B-96BD-0705A9D6EBA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{808C55EF-31B7-4D10-8CB9-B4396A72444A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [TCP Query User{934530B5-57FD-421E-8BF7-F015BD43F63C}C:\program files\adobe\adobe after effects cc\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc\support files\afterfx.exe
FirewallRules: [UDP Query User{E086A8C9-FFD8-4C8A-A1C7-976A1577A34A}C:\program files\adobe\adobe after effects cc\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc\support files\afterfx.exe
FirewallRules: [TCP Query User{4E49B42D-0B21-4184-806A-E69DA1DF495F}C:\program files\adobe\adobe after effects cc\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe] => (Allow) C:\program files\adobe\adobe after effects cc\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe
FirewallRules: [UDP Query User{0AFA14BC-04A1-41C9-B65D-2F33087BA025}C:\program files\adobe\adobe after effects cc\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe] => (Allow) C:\program files\adobe\adobe after effects cc\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe
FirewallRules: [{F4BC18F9-9D58-43B2-9DC9-EAB58A3252D7}] => (Allow) C:\Program Files (x86)\PenWes\penwes.exe
FirewallRules: [{6843963C-415E-408E-B3C3-0849BA6335A3}] => (Allow) C:\Program Files (x86)\PenWes\penwes.exe
FirewallRules: [{6A64058C-A2EC-4685-909E-C559903C2392}] => (Allow) C:\Program Files (x86)\PenWes\PenWesService.exe
FirewallRules: [{8821AFEB-6211-4FAC-A62B-2807E444DC09}] => (Allow) C:\Program Files (x86)\PenWes\PenWesService.exe
FirewallRules: [{A5F21BE6-88C2-4D3A-A2A7-B450509189E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{317F52A2-AC31-4F18-BEFA-D8FF9E0EB3D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{CE3FBDAD-BC32-4926-81F8-3A3E41A31E70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{691F3047-7D4F-48D9-B3DE-8B4B350F3996}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{308B6143-F983-494B-B6DE-5A216F2F0A76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{C32971B5-40D7-4445-86B7-806BC5174DBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{B9200991-6CB1-4FED-819B-EABCCB1D409E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{2316D59E-FC35-415C-8157-53284929A239}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{A03C6B34-886D-4D69-9ACC-F96A7954536F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{295C62FF-E539-45E7-AB60-4DA676233825}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{7203043E-166B-433F-A945-D1250DDD9E3A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BD79E0A5-E60C-4B1B-B7E1-D63214E23929}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B0491B4B-6CDF-4247-B8F4-DAC7FF25B1B9}] => (Allow) LPort=8317
FirewallRules: [{4095255C-7958-486A-BBAF-DB7818D4F99D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ.exe
FirewallRules: [{BF362D5B-64EF-4843-9741-F1827E6CA76E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ.exe
FirewallRules: [{49BD0919-853A-4C9C-A05A-F951B564814A}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{604FD756-9161-4468-9811-472B53A02565}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [TCP Query User{DCF4623C-0E06-435C-AC62-613E3671072A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{859A240E-0DB2-44F7-8879-90B7ACDFAD5D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{F4DB5B9D-FB1D-43B9-BB2C-CA503E479FEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{198B3848-C8EC-4DBD-B4BC-4F138DCF7ADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{E1C8BD77-DA05-474D-9CE5-1365F2937FD7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AEA991EF-4328-4DCB-889E-12E5CEE80A5E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AD7CB160-4D56-4478-9BC8-87E2645B0043}] => (Allow) C:\Users\Kai\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{6D4075D6-6682-4B69-9147-EF9CE91F0A5C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{54686318-3204-449D-808C-C51E47FEC0D8}] => (Allow) LPort=2869
FirewallRules: [{96D7D03D-0DB5-46D1-86E3-E99F2F06E22C}] => (Allow) LPort=1900
FirewallRules: [{FFA27E23-3C66-4AD4-BDE2-6DE80B6A69F3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5C7104A5-6D48-4BBF-A340-DC800AD1EC2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{16053F96-F995-41C4-BB46-BDA13DD9846D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{DB008DF7-F008-4FD4-AE1E-BCCD0057E9C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{2CAA34D5-49A0-44FC-9B99-3627379AA78B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{4049D79E-105E-4CA9-A6B1-3A3215BB0B62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{3EEE8B68-DC64-4695-86F0-12AC619E6A24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{9E6CB4AA-8BDA-42AD-88DB-6484BC0CA4CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{902ABE00-A93E-453E-948F-334A781DAC2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{C611746C-653D-4966-ABBA-F3CCA1345C32}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{48FAFC52-F572-4B20-9D78-1F97B5FD22D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{7EA2EDD8-5440-46C4-A0DE-B01D60AEED66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{571856D4-2A63-4A05-B0A4-EE679C8784F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{68327D05-EA7D-45B7-ACB0-45CC0563C6C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7289BAFF-6971-4B25-B73E-CF4060D35B92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0097A13A-E533-4A48-AE9B-E49E9FCA865F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8A18976F-BB19-4BA9-A899-D0E03CDF87D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{55516FA4-C452-46D5-BCA4-94CECD58675E}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{2DA4E28A-45C2-41A6-B4B4-9B715FA9C02E}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{58EAD4CB-827F-4654-A12C-A21E73B137A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{23D09ACC-4576-4AE3-BE49-36681A70CE9C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{BFC57003-F644-4ECF-AFCB-5BAF9FD860B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8E95A2AF-B697-4B1B-B2B0-23D58ACA712B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C7E99B1-09C2-4CBD-B4B5-CA8CB50BDB85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{F35C52F4-A745-4144-A615-BC9BBC76B633}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [TCP Query User{9C7980EB-5456-42D2-8D20-8BD5505DB69D}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{15EB4654-9431-4399-A8EC-AF78FFA95AA2}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{42416273-9CB0-4BF3-882B-A2F68172AB27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{EC102129-974C-4BCE-B982-6D5D07A11548}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{DBB49EF8-0984-4FCB-A2ED-084169E01FAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: N360 Settings Manager
Description: N360 Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ccSet_N360
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/26/2015 01:14:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/26/2015 00:05:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018
Faulting module name: ntdll.dll, version: 6.1.7601.19018, time stamp: 0x560a0083
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x39a8
Faulting application start time: 0xwmprph.exe0
Faulting application path: wmprph.exe1
Faulting module path: wmprph.exe2
Report Id: wmprph.exe3
 
Error: (11/25/2015 07:46:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GameCapture.exe version 1.42.24.539 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 135c
 
Start Time: 01d127b9377ebdde
 
Termination Time: 47
 
Application Path: C:\Program Files (x86)\Elgato\GameCapture\GameCapture.exe
 
Report Id: 331e4179-93ad-11e5-a152-001583647fb0
 
Error: (11/25/2015 07:39:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/24/2015 04:41:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/23/2015 05:57:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/22/2015 02:08:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/21/2015 03:26:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/21/2015 02:24:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/20/2015 11:07:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/26/2015 03:24:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/26/2015 03:24:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/26/2015 03:16:20 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/26/2015 03:16:20 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/26/2015 02:07:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (11/26/2015 02:02:26 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/26/2015 02:02:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/26/2015 01:14:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/26/2015 01:13:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ccSet_N360
iSafeKrnlMon
SBRE
 
Error: (11/26/2015 01:13:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton 360 service failed to start due to the following error: 
%%2
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 62%
Total physical RAM: 8154.11 MB
Available physical RAM: 3094.26 MB
Total Virtual: 16306.43 MB
Available Virtual: 10197.64 MB
 
==================== Drives ================================
 
Drive c: (WIN7_OS) (Fixed) (Total:931.51 GB) (Free:91.83 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7E4285C0)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:44 AM

Posted 26 November 2015 - 12:08 PM

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    PenWes [11186]
    Strongvault Online Backup
    VIS
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Kaicar

Kaicar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 26 November 2015 - 05:36 PM

I uninstalled PenWes fine, but it wont let me uninstall VIS as it says on the first step "Running the application's uninstaller failed! Possible invalid uninstall command!" Aswell as this, Strongvault Online Backup does not show up with my other programs so I am not sure how to uninstall it.



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:44 AM

Posted 27 November 2015 - 02:00 PM

Please proceed with the next steps. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:44 AM

Posted 02 December 2015 - 07:11 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users