Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win32/Varpes.J!plock and associated problems on Win 7


  • This topic is locked This topic is locked
14 replies to this topic

#1 Hypatia415

Hypatia415

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 08 December 2015 - 06:06 PM

I have a Windows 7 machine that was just infected with Trojan:Win32/Varpes.J!plock.  The first symptoms were that a number of programs reported that DNSAPI.dll was missing (Chrome, Origin, etc) and in the lower right corner, there was a message saying that this version of Windows 7 was not genuine (but it is).  I also received a message that two helper dll's were missing: NETIOHLP.DLL and NSHIPSEC.DLL.

 

Windows Security Essentials reports it is in the file C:\Windows\system32\DNSAPI.dll.  When I clicked the button to remove the file, I received the error 0x800704ec The program is blocked by group policy.  I tried to remove it manually, but got the same error.

 

I already have MBAM, but it wouldn't start because of the DNSAPI.dll error.  I tried to reinstall with the latest version, but during the installation process got the error: Runtime error Could not call proc. 

 

I got and ran Farbar and attached the two txt files.

Thanks in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 PM

Posted 09 December 2015 - 02:25 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please remove these programs in bold via the Control Panel > Programs and Features applet.

AllPCOptimizer (HKLM-x32\...\{20A647C6-0C59-42A7-B3B4-1E95674496BB}) (Version: 1.00.0000 - All PC Optimizer)
Compatible Web Directory (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Compatible Web Directory) <==== ATTENTION
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version: - Compete Inc.) <==== ATTENTION
Copy Network Card (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Copy Network Card) <==== ATTENTION
GamesDesktop 025.005010169 (HKLM-x32\...\gmsd_us_005010169_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: - CMI Limited) <==== ATTENTION
shopperz (HKLM-x32\...\{96E472E1-A6EE-46A1-8D61-A70A03ED050E}) (Version: 2.0.0.480 - shopperz) <==== ATTENTION
SwiftSearch 1.10.0.25 (HKLM-x32\...\SwiftSearch_1.10.0.25) (Version: 1.10.0.25 - SwiftSearch) <==== ATTENTION
YTD Video Downloader 4.8.9
(HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION

The following are optional. If you wish to use Best Buy to by products leave them alone.

Best Buy pc app (HKU\S-1-5-21-2133040787-3344251579-4125002376-1019\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs
() C:\Program Files\shopperz071220151935\DhviSucbuj.exe
() C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp
() C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp
() C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp
() C:\Program Files\shopperz071220151935\Voelpagc.exe
(SS) C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe
() C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp
(Ratio Applications) C:\ProgramData\SFwXCaP\HAKqVaOxJ.exe
() C:\Program Files\shopperz071220151935\Hulkokcos.EXE
() C:\Users\Rachel\AppData\Roaming\VOPackage\VOPackage.exe
() C:\Program Files\shopperz071220151935\Loqym.exe
() C:\Program Files\shopperz071220151935\Raabbi.exe
() C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe
() C:\Program Files\shopperz071220151935\Raabbi64.exe
() C:\Program Files\shopperz071220151935\csrcc.exe
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Rachel\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_us_005010169] => C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe [4337840 2015-12-07] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk [2015-12-07]
ShortcutTarget: AllPCoptimizer.exe.lnk -> C:\Windows\Installer\{20A647C6-0C59-42A7-B3B4-1E95674496BB}\NewShortcut1_4CA89A60165741188EC12DF8484E49A4.exe (Flexera Software LLC)
Startup: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-07]
ShortcutTarget: SmartWeb.lnk -> C:\Users\admin\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2133040787-3344251579-4125002376-1019\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: shopperz071220151935 -> {A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} -> C:\Program Files\shopperz071220151935\Umynp64.dll [2015-12-07] ()
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: shopperz071220151935 -> {A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} -> C:\Program Files\shopperz071220151935\Umynp.dll [2015-12-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF HKLM\...\Firefox\Extensions: [{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}] - C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi
FF Extension: shopperz071220151935 - C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi [2015-12-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}] - C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi
R3 4F4D6D60-CF60-4C65-8FB0-663AB21B46FC; C:\Program Files\shopperz071220151935\Loqym.exe [252240 2015-12-07] () [File not signed]
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-12-07] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-12-07] (ConsumerInput)
R3 csrcc; C:\Program Files\shopperz071220151935\csrcc.exe [1515856 2015-12-07] () [File not signed]
R2 DybsyqJulby; C:\Program Files\shopperz071220151935\DhviSucbuj.exe [178512 2015-12-07] () [File not signed]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [0 2015-09-05] () <==== ATTENTION (zero byte File/Folder)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [0 2015-09-05] () <==== ATTENTION (zero byte File/Folder)
R2 HAKqVaOxJ; C:\ProgramData\SFwXCaP\HAKqVaOxJ.exe [3000288 2015-12-07] (Ratio Applications)
R2 hidekoqe; C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp [142336 2015-10-13] () [File not signed]
R3 Hulkokcos; C:\Program Files\shopperz071220151935\Hulkokcos.exe [2030416 2015-12-07] () [File not signed]
R2 nyneryxo; C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp [134656 2015-12-07] () [File not signed]
R2 roqenufe; C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp [307200 2015-12-07] () [File not signed]
R2 shopperz071220151935 Updater; C:\Program Files\shopperz071220151935\Voelpagc.exe [150864 2015-12-07] () [File not signed]
R2 swsesrvc_1.10.0.25; C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe [301648 2015-09-22] (SS)
R2 woforemu; C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp [337920 2015-12-07] () [File not signed]
R2 byjigogi; C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs [X]
R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-12-07] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-12-07] (Cherimoya Ltd)
S3 LEP960Y; C:\Windows\System32\DRIVERS\LEP960.sys [3773952 2015-08-07] (Lenovo Inc.)
R1 swsedrvr_vt_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys [61304 2015-09-22] (SS)
U0 avc3; no ImagePath
S3 lgccm; system32\DRIVERS\lgccmx64.sys [X]
S3 LGELTEADBus; system32\DRIVERS\LGELTEADBus.sys [X]
S3 LGELTEADmdm; system32\DRIVERS\LGELTEADmdm.sys [X]
S3 LGELTEADMux; system32\DRIVERS\LGELTEADMux.sys [X]
S3 LGELTEADNdis; system32\DRIVERS\LGELTEADNdis.sys [X]
S3 LGELTEADprt; system32\DRIVERS\LGELTEADprt.sys [X]
S2 SCWFPFilter; system32\DRIVERS\WFPFilter.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
Task: {1FEE2927-F50F-42C8-ABDD-3EE0021904C6} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Rachel\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {31E9AD90-C8A2-4719-A2CE-0B5ACB07E273} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {91D2A79D-5FCD-472C-B50E-0C9AD17AA528} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-12-07] (ConsumerInput) <==== ATTENTION
Task: {98A8CF9E-C3CE-4DE4-B859-71B002397FF8} - System32\Tasks\Xhdoxha => C:\Program Files\shopperz071220151935\Bhdajm.bat [2015-12-07] () <==== ATTENTION
Task: {A10214E7-E18A-45AD-906A-B7DF212F0B4B} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-12-07] (ConsumerInput) <==== ATTENTION
Task: {ABA2BBA7-4E41-484F-84D1-DE1DE9227D8F} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {C8A9AFFC-9B27-49CB-A9B6-60B83246865B} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {F2FE3125-4E97-484F-8018-2DDC4BB04D18} - System32\Tasks\Pool Browser2 => Rundll32.exe "C:\Users\Rachel\AppData\Local\Pool Browser\{ACD4922F-8530-27D0-A7C1-76A7895BE21E}\tygllzpm.dll",#1
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
2015-12-07 14:42 - 2015-12-07 14:42 - 00334336 _____ () C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs
2015-12-07 15:30 - 2015-12-07 15:30 - 00178512 _____ () C:\Program Files\shopperz071220151935\DhviSucbuj.exe
2015-10-13 05:20 - 2015-10-13 05:20 - 00142336 _____ () C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp
2015-12-07 16:12 - 2015-12-07 16:12 - 00134656 _____ () C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp
2015-12-07 16:12 - 2015-12-07 16:12 - 00307200 _____ () C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp
2015-12-07 10:38 - 2015-12-07 16:22 - 00150864 _____ () C:\Program Files\shopperz071220151935\Voelpagc.exe
2015-12-07 16:12 - 2015-12-07 16:12 - 00337920 _____ () C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp
2015-12-07 15:30 - 2015-12-07 15:30 - 02030416 _____ () C:\Program Files\shopperz071220151935\Hulkokcos.exe
2015-12-07 16:11 - 2015-12-07 16:11 - 00744178 _____ () C:\Users\Rachel\AppData\Roaming\VOPackage\VOPackage.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 00252240 _____ () C:\Program Files\shopperz071220151935\Loqym.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 00356688 _____ () C:\Program Files\shopperz071220151935\Raabbi.exe
2015-12-07 16:25 - 2015-12-07 05:05 - 04337840 _____ () C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 00407376 _____ () C:\Program Files\shopperz071220151935\Raabbi64.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 01515856 _____ () C:\Program Files\shopperz071220151935\csrcc.exe
AlternateDataStreams: C:\ProgramData\Microsoft:jeD6uzzuvm4dLfzL5g
AlternateDataStreams: C:\ProgramData\Microsoft:LgQzWmi6UbvWoNrSc
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
DNS Servers: Media is not connected to internet.
Windows Firewall is disabled.
FirewallRules: [TCP Query User{72CBFF0D-6741-4CE2-A0E9-438F9BDF8AB5}C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe] => (Allow) C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe
FirewallRules: [UDP Query User{B56BBEAA-A372-4019-9FC6-A59AD9B783F1}C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe] => (Allow) C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe
C:\Program Files (x86)\GUTA8BD.tmp
C:\Program Files (x86)\GUTE485.tmp
C:\Users\Kai\AppData\Local\Temp\{4D45BA06-BF67-4399-94CB-610FB53A9CF3}-44.0.2403.157_44.0.2403.155_chrome_updater.exe
C:\Users\Rachel\AppData\Local\Temp\amisetup2489__15940.exe
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Rachel\AppData\Local\Temp\nvStInst.exe
C:\Users\Rachel\AppData\Local\Temp\oprun22796.exe
C:\Users\Rachel\AppData\Local\Temp\oprun4302.exe
C:\Users\Rachel\AppData\Local\Temp\SpOrder.dll
C:\Users\Rowan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Rowan\AppData\Local\Temp\SkypeSetup.exe
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F
C:\Program Files\shopperz071220151935
C:\Program Files (x86)\SwiftSearch_1.10.0.25
C:\ProgramData\SFwXCaP
C:\Users\Rachel\AppData\Roaming\VOPackage
C:\Program Files (x86)\gmsd_us_005010169
C:\Users\Rachel\AppData\Local\SmartWeb
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk
C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\drivers\bsdriver.sys
C:\Windows\System32\drivers\cherimoya.sys
C:\Windows\System32\DRIVERS\LEP960.sys
C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please run the Farbar Recovery Scan Tool. Enter DNSAPI.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

===

This is a very bad infection.
Execute the instructions in the order listed.

If at any time you need advice please ask.

#3 Hypatia415

Hypatia415
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 09 December 2015 - 03:15 PM

When trying to remove shopperz, I got the following error in a window that is titled "nsislog":

The File 'C:\Users\admin\AppData\Local\Temp\shopperz071220151935_installer_C:\Users\admin\AppData\Local\Temp\nsi401E.tmp\_HELPER_DLL_.txt' couldn't be open to write the data.

 

The virus was caught when another user was logged in, so maybe it really wants a file that's located in the AppData of that user.

 

When I click OK, the error window message just popped up again about 5 times.  After that it disappeared and shopperz was gone from the program list.

 

I didn't see the Best Buy programs in the programs list.

 

Here's the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by admin (2015-12-09 12:59:59) Run:1
Running from G:\
Loaded Profiles: admin & Rowan (Available Profiles: admin & Mcx1-ASUS-LAPTOP & Rowan & Kai & Rachel & Classic .NET AppPool & www.leaningtreestudio.com & DefaultAppPool & ASP.NET v4.0)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs
() C:\Program Files\shopperz071220151935\DhviSucbuj.exe
() C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp
() C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp
() C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp
() C:\Program Files\shopperz071220151935\Voelpagc.exe
(SS) C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe
() C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp
(Ratio Applications) C:\ProgramData\SFwXCaP\HAKqVaOxJ.exe
() C:\Program Files\shopperz071220151935\Hulkokcos.EXE
() C:\Users\Rachel\AppData\Roaming\VOPackage\VOPackage.exe
() C:\Program Files\shopperz071220151935\Loqym.exe
() C:\Program Files\shopperz071220151935\Raabbi.exe
() C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe
() C:\Program Files\shopperz071220151935\Raabbi64.exe
() C:\Program Files\shopperz071220151935\csrcc.exe
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Rachel\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_us_005010169] => C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe [4337840 2015-12-07] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk [2015-12-07]
ShortcutTarget: AllPCoptimizer.exe.lnk -> C:\Windows\Installer\{20A647C6-0C59-42A7-B3B4-1E95674496BB}\NewShortcut1_4CA89A60165741188EC12DF8484E49A4.exe (Flexera Software LLC)
Startup: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-07]
ShortcutTarget: SmartWeb.lnk -> C:\Users\admin\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2133040787-3344251579-4125002376-1019\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: shopperz071220151935 -> {A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} -> C:\Program Files\shopperz071220151935\Umynp64.dll [2015-12-07] ()
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: shopperz071220151935 -> {A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} -> C:\Program Files\shopperz071220151935\Umynp.dll [2015-12-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF HKLM\...\Firefox\Extensions: [{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}] - C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi
FF Extension: shopperz071220151935 - C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi [2015-12-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}] - C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi
R3 4F4D6D60-CF60-4C65-8FB0-663AB21B46FC; C:\Program Files\shopperz071220151935\Loqym.exe [252240 2015-12-07] () [File not signed]
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-12-07] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-12-07] (ConsumerInput)
R3 csrcc; C:\Program Files\shopperz071220151935\csrcc.exe [1515856 2015-12-07] () [File not signed]
R2 DybsyqJulby; C:\Program Files\shopperz071220151935\DhviSucbuj.exe [178512 2015-12-07] () [File not signed]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [0 2015-09-05] () <==== ATTENTION (zero byte File/Folder)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [0 2015-09-05] () <==== ATTENTION (zero byte File/Folder)
R2 HAKqVaOxJ; C:\ProgramData\SFwXCaP\HAKqVaOxJ.exe [3000288 2015-12-07] (Ratio Applications)
R2 hidekoqe; C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp [142336 2015-10-13] () [File not signed]
R3 Hulkokcos; C:\Program Files\shopperz071220151935\Hulkokcos.exe [2030416 2015-12-07] () [File not signed]
R2 nyneryxo; C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp [134656 2015-12-07] () [File not signed]
R2 roqenufe; C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp [307200 2015-12-07] () [File not signed]
R2 shopperz071220151935 Updater; C:\Program Files\shopperz071220151935\Voelpagc.exe [150864 2015-12-07] () [File not signed]
R2 swsesrvc_1.10.0.25; C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe [301648 2015-09-22] (SS)
R2 woforemu; C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp [337920 2015-12-07] () [File not signed]
R2 byjigogi; C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs [X]
R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-12-07] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-12-07] (Cherimoya Ltd)
S3 LEP960Y; C:\Windows\System32\DRIVERS\LEP960.sys [3773952 2015-08-07] (Lenovo Inc.)
R1 swsedrvr_vt_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys [61304 2015-09-22] (SS)
U0 avc3; no ImagePath
S3 lgccm; system32\DRIVERS\lgccmx64.sys [X]
S3 LGELTEADBus; system32\DRIVERS\LGELTEADBus.sys [X]
S3 LGELTEADmdm; system32\DRIVERS\LGELTEADmdm.sys [X]
S3 LGELTEADMux; system32\DRIVERS\LGELTEADMux.sys [X]
S3 LGELTEADNdis; system32\DRIVERS\LGELTEADNdis.sys [X]
S3 LGELTEADprt; system32\DRIVERS\LGELTEADprt.sys [X]
S2 SCWFPFilter; system32\DRIVERS\WFPFilter.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
Task: {1FEE2927-F50F-42C8-ABDD-3EE0021904C6} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Rachel\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {31E9AD90-C8A2-4719-A2CE-0B5ACB07E273} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {91D2A79D-5FCD-472C-B50E-0C9AD17AA528} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-12-07] (ConsumerInput) <==== ATTENTION
Task: {98A8CF9E-C3CE-4DE4-B859-71B002397FF8} - System32\Tasks\Xhdoxha => C:\Program Files\shopperz071220151935\Bhdajm.bat [2015-12-07] () <==== ATTENTION
Task: {A10214E7-E18A-45AD-906A-B7DF212F0B4B} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-12-07] (ConsumerInput) <==== ATTENTION
Task: {ABA2BBA7-4E41-484F-84D1-DE1DE9227D8F} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {C8A9AFFC-9B27-49CB-A9B6-60B83246865B} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {F2FE3125-4E97-484F-8018-2DDC4BB04D18} - System32\Tasks\Pool Browser2 => Rundll32.exe "C:\Users\Rachel\AppData\Local\Pool Browser\{ACD4922F-8530-27D0-A7C1-76A7895BE21E}\tygllzpm.dll",#1
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
2015-12-07 14:42 - 2015-12-07 14:42 - 00334336 _____ () C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs
2015-12-07 15:30 - 2015-12-07 15:30 - 00178512 _____ () C:\Program Files\shopperz071220151935\DhviSucbuj.exe
2015-10-13 05:20 - 2015-10-13 05:20 - 00142336 _____ () C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp
2015-12-07 16:12 - 2015-12-07 16:12 - 00134656 _____ () C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp
2015-12-07 16:12 - 2015-12-07 16:12 - 00307200 _____ () C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp
2015-12-07 10:38 - 2015-12-07 16:22 - 00150864 _____ () C:\Program Files\shopperz071220151935\Voelpagc.exe
2015-12-07 16:12 - 2015-12-07 16:12 - 00337920 _____ () C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp
2015-12-07 15:30 - 2015-12-07 15:30 - 02030416 _____ () C:\Program Files\shopperz071220151935\Hulkokcos.exe
2015-12-07 16:11 - 2015-12-07 16:11 - 00744178 _____ () C:\Users\Rachel\AppData\Roaming\VOPackage\VOPackage.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 00252240 _____ () C:\Program Files\shopperz071220151935\Loqym.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 00356688 _____ () C:\Program Files\shopperz071220151935\Raabbi.exe
2015-12-07 16:25 - 2015-12-07 05:05 - 04337840 _____ () C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 00407376 _____ () C:\Program Files\shopperz071220151935\Raabbi64.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 01515856 _____ () C:\Program Files\shopperz071220151935\csrcc.exe
AlternateDataStreams: C:\ProgramData\Microsoft:jeD6uzzuvm4dLfzL5g
AlternateDataStreams: C:\ProgramData\Microsoft:LgQzWmi6UbvWoNrSc
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
DNS Servers: Media is not connected to internet.
Windows Firewall is disabled.
FirewallRules: [TCP Query User{72CBFF0D-6741-4CE2-A0E9-438F9BDF8AB5}C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe] => (Allow) C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe
FirewallRules: [UDP Query User{B56BBEAA-A372-4019-9FC6-A59AD9B783F1}C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe] => (Allow) C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe
C:\Program Files (x86)\GUTA8BD.tmp
C:\Program Files (x86)\GUTE485.tmp
C:\Users\Kai\AppData\Local\Temp\{4D45BA06-BF67-4399-94CB-610FB53A9CF3}-44.0.2403.157_44.0.2403.155_chrome_updater.exe
C:\Users\Rachel\AppData\Local\Temp\amisetup2489__15940.exe
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Rachel\AppData\Local\Temp\nvStInst.exe
C:\Users\Rachel\AppData\Local\Temp\oprun22796.exe
C:\Users\Rachel\AppData\Local\Temp\oprun4302.exe
C:\Users\Rachel\AppData\Local\Temp\SpOrder.dll
C:\Users\Rowan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Rowan\AppData\Local\Temp\SkypeSetup.exe
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F
C:\Program Files\shopperz071220151935
C:\Program Files (x86)\SwiftSearch_1.10.0.25
C:\ProgramData\SFwXCaP
C:\Users\Rachel\AppData\Roaming\VOPackage
C:\Program Files (x86)\gmsd_us_005010169
C:\Users\Rachel\AppData\Local\SmartWeb
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk
C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\drivers\bsdriver.sys
C:\Windows\System32\drivers\cherimoya.sys
C:\Windows\System32\DRIVERS\LEP960.sys
C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs => No running process found
C:\Program Files\shopperz071220151935\DhviSucbuj.exe => No running process found
C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp => No running process found
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp => No running process found
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp => No running process found
C:\Program Files\shopperz071220151935\Voelpagc.exe => No running process found
C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe => No running process found
C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp => No running process found
C:\ProgramData\SFwXCaP\HAKqVaOxJ.exe => No running process found
C:\Program Files\shopperz071220151935\Hulkokcos.EXE => No running process found
C:\Users\Rachel\AppData\Roaming\VOPackage\VOPackage.exe => No running process found
C:\Program Files\shopperz071220151935\Loqym.exe => No running process found
C:\Program Files\shopperz071220151935\Raabbi.exe => No running process found
C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe => No running process found
C:\Program Files\shopperz071220151935\Raabbi64.exe => No running process found
C:\Program Files\shopperz071220151935\csrcc.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010169 => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => key removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk => not found.
C:\Windows\Installer\{20A647C6-0C59-42A7-B3B4-1E95674496BB}\NewShortcut1_4CA89A60165741188EC12DF8484E49A4.exe => not found.
C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => moved successfully
C:\Users\admin\AppData\Local\SmartWeb\SmartWebHelper.exe => not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2133040787-3344251579-4125002376-1019\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => key not found. 
HKCR\CLSID\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => key not found. 
HKCR\Wow6432Node\CLSID\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => value removed successfully
C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi => not found.
FF Extension: shopperz071220151935 - C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi [2015-12-07] [not signed] => not found
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => value removed successfully
4F4D6D60-CF60-4C65-8FB0-663AB21B46FC => service removed successfully
consumerinput_update => service not found.
consumerinput_updatem => service not found.
csrcc => service removed successfully
DybsyqJulby => service not found.
gupdate => service removed successfully
gupdatem => service removed successfully
HAKqVaOxJ => service removed successfully
hidekoqe => service not found.
Hulkokcos => service removed successfully
nyneryxo => service removed successfully
roqenufe => service removed successfully
shopperz071220151935 Updater => service not found.
swsesrvc_1.10.0.25 => service not found.
woforemu => service not found.
byjigogi => service removed successfully
bsdriver => service not found.
cherimoya => Unable to stop service.
cherimoya => service removed successfully
LEP960Y => service removed successfully
swsedrvr_vt_1_10_0_25 => Unable to stop service.
swsedrvr_vt_1_10_0_25 => service removed successfully
avc3 => service removed successfully
lgccm => service removed successfully
LGELTEADBus => service removed successfully
LGELTEADmdm => service removed successfully
LGELTEADMux => service removed successfully
LGELTEADNdis => service removed successfully
LGELTEADprt => service removed successfully
SCWFPFilter => service removed successfully
SR => service removed successfully
srservice => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FEE2927-F50F-42C8-ABDD-3EE0021904C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FEE2927-F50F-42C8-ABDD-3EE0021904C6}" => key removed successfully
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{31E9AD90-C8A2-4719-A2CE-0B5ACB07E273}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31E9AD90-C8A2-4719-A2CE-0B5ACB07E273}" => key removed successfully
C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91D2A79D-5FCD-472C-B50E-0C9AD17AA528} => key not found. 
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98A8CF9E-C3CE-4DE4-B859-71B002397FF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98A8CF9E-C3CE-4DE4-B859-71B002397FF8}" => key removed successfully
C:\Windows\System32\Tasks\Xhdoxha => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Xhdoxha" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A10214E7-E18A-45AD-906A-B7DF212F0B4B} => key not found. 
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ABA2BBA7-4E41-484F-84D1-DE1DE9227D8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABA2BBA7-4E41-484F-84D1-DE1DE9227D8F}" => key removed successfully
C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8A9AFFC-9B27-49CB-A9B6-60B83246865B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8A9AFFC-9B27-49CB-A9B6-60B83246865B}" => key removed successfully
C:\Windows\System32\Tasks\0 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2FE3125-4E97-484F-8018-2DDC4BB04D18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2FE3125-4E97-484F-8018-2DDC4BB04D18}" => key removed successfully
C:\Windows\System32\Tasks\Pool Browser2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pool Browser2" => key removed successfully
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => not found.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => not found.
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs => moved successfully
C:\Program Files\shopperz071220151935\DhviSucbuj.exe => moved successfully
"C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp" => not found.
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp => moved successfully
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp => moved successfully
"C:\Program Files\shopperz071220151935\Voelpagc.exe" => not found.
C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp => moved successfully
C:\Program Files\shopperz071220151935\Hulkokcos.exe => moved successfully
C:\Users\Rachel\AppData\Roaming\VOPackage\VOPackage.exe => moved successfully
C:\Program Files\shopperz071220151935\Loqym.exe => moved successfully
C:\Program Files\shopperz071220151935\Raabbi.exe => moved successfully
"C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe" => not found.
C:\Program Files\shopperz071220151935\Raabbi64.exe => moved successfully
C:\Program Files\shopperz071220151935\csrcc.exe => moved successfully
C:\ProgramData\Microsoft => ":jeD6uzzuvm4dLfzL5g" ADS removed successfully.
C:\ProgramData\Microsoft => ":LgQzWmi6UbvWoNrSc" ADS removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully
HKU\.DEFAULT\Software\Classes\exefile => key not found. 
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-19\Software\Classes\exefile => key not found. 
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-20\Software\Classes\exefile => key not found. 
DNS Servers: Media is not connected to internet. => Error: No automatic fix found for this entry.
Windows Firewall is disabled. => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{72CBFF0D-6741-4CE2-A0E9-438F9BDF8AB5}C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B56BBEAA-A372-4019-9FC6-A59AD9B783F1}C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe => value removed successfully
C:\Program Files (x86)\GUTA8BD.tmp => moved successfully
C:\Program Files (x86)\GUTE485.tmp => moved successfully
C:\Users\Kai\AppData\Local\Temp\{4D45BA06-BF67-4399-94CB-610FB53A9CF3}-44.0.2403.157_44.0.2403.155_chrome_updater.exe => moved successfully
C:\Users\Rachel\AppData\Local\Temp\amisetup2489__15940.exe => moved successfully
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPISvr.exe => moved successfully
C:\Users\Rachel\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Rachel\AppData\Local\Temp\oprun22796.exe => moved successfully
C:\Users\Rachel\AppData\Local\Temp\oprun4302.exe => moved successfully
C:\Users\Rachel\AppData\Local\Temp\SpOrder.dll => moved successfully
C:\Users\Rowan\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Rowan\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F => moved successfully
C:\Program Files\shopperz071220151935 => moved successfully
"C:\Program Files (x86)\SwiftSearch_1.10.0.25" => not found.
C:\ProgramData\SFwXCaP => moved successfully
C:\Users\Rachel\AppData\Roaming\VOPackage => moved successfully
"C:\Program Files (x86)\gmsd_us_005010169" => not found.
C:\Users\Rachel\AppData\Local\SmartWeb => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk" => not found.
"C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk" => not found.
"C:\Program Files (x86)\Consumer Input" => not found.
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe => moved successfully
"C:\Windows\system32\drivers\bsdriver.sys" => not found.
C:\Windows\System32\drivers\cherimoya.sys => moved successfully
C:\Windows\System32\DRIVERS\LEP960.sys => moved successfully
"C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys" => not found.
EmptyTemp: => 23.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:02:09 ====
 
 
I already have MBAM, but I tried to install from the link you gave me (I had to download it from a different computer, put it on a USB, then bring it over to the infected computer.  I got this error in a window titled Setup: Runtime Error (at 97:137): Could not call proc.  The infected computer lost internet capability when the virus hit.  I think it's the DNSAPI.DLL problem.
 
So that's where I am right now.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 PM

Posted 10 December 2015 - 08:49 AM

Best Buy pc app (HKU\S-1-5-21-2133040787-3344251579-4125002376-1019\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden


Unhide files/folders Windows 7.
How To:
http://windows.microsoft.com/en-ca/windows/show-hidden-files#show-hidden-files=windows-7

Can you see it now?
<<<>>>


You are running the Farbar tool from your G:\ drive which may be your Flash drive.

Copy the Farbar tool on the Desktop of the Infected computer.
Copy also the Fixlist.txt you have created to that folder also.
Run the Farbar tool from your Destop and click the fix button.

post a fresh FRST log for my review.

===

Your DNSAPI.DLL was compromised.
I need you to run The Farbar tool again from your Desktop and search for all the versions you have on your computer.
If a good copy is found I will give you a fix.

Please run the Farbar Recovery Scan Tool. Enter DNSAPI.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

===

You should also try to run the AdwCleaner tool.
Download it using a good computer.
Copy the File to the Desktop of the compromised computer and run it by cleaning everything that will be found.
Post the log for my review.

#5 Hypatia415

Hypatia415
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 10 December 2015 - 03:13 PM

Sorry, still can't see the Best Buy Apps.  :(

 

Here's the Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by admin (2015-12-10 09:33:14) Run:2
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & Mcx1-ASUS-LAPTOP & Rowan & Kai & Rachel & Classic .NET AppPool & www.leaningtreestudio.com & DefaultAppPool & ASP.NET v4.0)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs
() C:\Program Files\shopperz071220151935\DhviSucbuj.exe
() C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp
() C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp
() C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp
() C:\Program Files\shopperz071220151935\Voelpagc.exe
(SS) C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe
() C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp
(Ratio Applications) C:\ProgramData\SFwXCaP\HAKqVaOxJ.exe
() C:\Program Files\shopperz071220151935\Hulkokcos.EXE
() C:\Users\Rachel\AppData\Roaming\VOPackage\VOPackage.exe
() C:\Program Files\shopperz071220151935\Loqym.exe
() C:\Program Files\shopperz071220151935\Raabbi.exe
() C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe
() C:\Program Files\shopperz071220151935\Raabbi64.exe
() C:\Program Files\shopperz071220151935\csrcc.exe
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Rachel\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_us_005010169] => C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe [4337840 2015-12-07] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk [2015-12-07]
ShortcutTarget: AllPCoptimizer.exe.lnk -> C:\Windows\Installer\{20A647C6-0C59-42A7-B3B4-1E95674496BB}\NewShortcut1_4CA89A60165741188EC12DF8484E49A4.exe (Flexera Software LLC)
Startup: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-07]
ShortcutTarget: SmartWeb.lnk -> C:\Users\admin\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2133040787-3344251579-4125002376-1019\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: shopperz071220151935 -> {A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} -> C:\Program Files\shopperz071220151935\Umynp64.dll [2015-12-07] ()
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: shopperz071220151935 -> {A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} -> C:\Program Files\shopperz071220151935\Umynp.dll [2015-12-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF HKLM\...\Firefox\Extensions: [{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}] - C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi
FF Extension: shopperz071220151935 - C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi [2015-12-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}] - C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi
R3 4F4D6D60-CF60-4C65-8FB0-663AB21B46FC; C:\Program Files\shopperz071220151935\Loqym.exe [252240 2015-12-07] () [File not signed]
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-12-07] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-12-07] (ConsumerInput)
R3 csrcc; C:\Program Files\shopperz071220151935\csrcc.exe [1515856 2015-12-07] () [File not signed]
R2 DybsyqJulby; C:\Program Files\shopperz071220151935\DhviSucbuj.exe [178512 2015-12-07] () [File not signed]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [0 2015-09-05] () <==== ATTENTION (zero byte File/Folder)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [0 2015-09-05] () <==== ATTENTION (zero byte File/Folder)
R2 HAKqVaOxJ; C:\ProgramData\SFwXCaP\HAKqVaOxJ.exe [3000288 2015-12-07] (Ratio Applications)
R2 hidekoqe; C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp [142336 2015-10-13] () [File not signed]
R3 Hulkokcos; C:\Program Files\shopperz071220151935\Hulkokcos.exe [2030416 2015-12-07] () [File not signed]
R2 nyneryxo; C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp [134656 2015-12-07] () [File not signed]
R2 roqenufe; C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp [307200 2015-12-07] () [File not signed]
R2 shopperz071220151935 Updater; C:\Program Files\shopperz071220151935\Voelpagc.exe [150864 2015-12-07] () [File not signed]
R2 swsesrvc_1.10.0.25; C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe [301648 2015-09-22] (SS)
R2 woforemu; C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp [337920 2015-12-07] () [File not signed]
R2 byjigogi; C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs [X]
R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-12-07] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-12-07] (Cherimoya Ltd)
S3 LEP960Y; C:\Windows\System32\DRIVERS\LEP960.sys [3773952 2015-08-07] (Lenovo Inc.)
R1 swsedrvr_vt_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys [61304 2015-09-22] (SS)
U0 avc3; no ImagePath
S3 lgccm; system32\DRIVERS\lgccmx64.sys [X]
S3 LGELTEADBus; system32\DRIVERS\LGELTEADBus.sys [X]
S3 LGELTEADmdm; system32\DRIVERS\LGELTEADmdm.sys [X]
S3 LGELTEADMux; system32\DRIVERS\LGELTEADMux.sys [X]
S3 LGELTEADNdis; system32\DRIVERS\LGELTEADNdis.sys [X]
S3 LGELTEADprt; system32\DRIVERS\LGELTEADprt.sys [X]
S2 SCWFPFilter; system32\DRIVERS\WFPFilter.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
Task: {1FEE2927-F50F-42C8-ABDD-3EE0021904C6} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Rachel\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {31E9AD90-C8A2-4719-A2CE-0B5ACB07E273} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {91D2A79D-5FCD-472C-B50E-0C9AD17AA528} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-12-07] (ConsumerInput) <==== ATTENTION
Task: {98A8CF9E-C3CE-4DE4-B859-71B002397FF8} - System32\Tasks\Xhdoxha => C:\Program Files\shopperz071220151935\Bhdajm.bat [2015-12-07] () <==== ATTENTION
Task: {A10214E7-E18A-45AD-906A-B7DF212F0B4B} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-12-07] (ConsumerInput) <==== ATTENTION
Task: {ABA2BBA7-4E41-484F-84D1-DE1DE9227D8F} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {C8A9AFFC-9B27-49CB-A9B6-60B83246865B} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {F2FE3125-4E97-484F-8018-2DDC4BB04D18} - System32\Tasks\Pool Browser2 => Rundll32.exe "C:\Users\Rachel\AppData\Local\Pool Browser\{ACD4922F-8530-27D0-A7C1-76A7895BE21E}\tygllzpm.dll",#1
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
2015-12-07 14:42 - 2015-12-07 14:42 - 00334336 _____ () C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs
2015-12-07 15:30 - 2015-12-07 15:30 - 00178512 _____ () C:\Program Files\shopperz071220151935\DhviSucbuj.exe
2015-10-13 05:20 - 2015-10-13 05:20 - 00142336 _____ () C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp
2015-12-07 16:12 - 2015-12-07 16:12 - 00134656 _____ () C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp
2015-12-07 16:12 - 2015-12-07 16:12 - 00307200 _____ () C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp
2015-12-07 10:38 - 2015-12-07 16:22 - 00150864 _____ () C:\Program Files\shopperz071220151935\Voelpagc.exe
2015-12-07 16:12 - 2015-12-07 16:12 - 00337920 _____ () C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp
2015-12-07 15:30 - 2015-12-07 15:30 - 02030416 _____ () C:\Program Files\shopperz071220151935\Hulkokcos.exe
2015-12-07 16:11 - 2015-12-07 16:11 - 00744178 _____ () C:\Users\Rachel\AppData\Roaming\VOPackage\VOPackage.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 00252240 _____ () C:\Program Files\shopperz071220151935\Loqym.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 00356688 _____ () C:\Program Files\shopperz071220151935\Raabbi.exe
2015-12-07 16:25 - 2015-12-07 05:05 - 04337840 _____ () C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 00407376 _____ () C:\Program Files\shopperz071220151935\Raabbi64.exe
2015-12-07 10:38 - 2015-12-07 16:22 - 01515856 _____ () C:\Program Files\shopperz071220151935\csrcc.exe
AlternateDataStreams: C:\ProgramData\Microsoft:jeD6uzzuvm4dLfzL5g
AlternateDataStreams: C:\ProgramData\Microsoft:LgQzWmi6UbvWoNrSc
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
DNS Servers: Media is not connected to internet.
Windows Firewall is disabled.
FirewallRules: [TCP Query User{72CBFF0D-6741-4CE2-A0E9-438F9BDF8AB5}C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe] => (Allow) C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe
FirewallRules: [UDP Query User{B56BBEAA-A372-4019-9FC6-A59AD9B783F1}C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe] => (Allow) C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe
C:\Program Files (x86)\GUTA8BD.tmp
C:\Program Files (x86)\GUTE485.tmp
C:\Users\Kai\AppData\Local\Temp\{4D45BA06-BF67-4399-94CB-610FB53A9CF3}-44.0.2403.157_44.0.2403.155_chrome_updater.exe
C:\Users\Rachel\AppData\Local\Temp\amisetup2489__15940.exe
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Rachel\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Rachel\AppData\Local\Temp\nvStInst.exe
C:\Users\Rachel\AppData\Local\Temp\oprun22796.exe
C:\Users\Rachel\AppData\Local\Temp\oprun4302.exe
C:\Users\Rachel\AppData\Local\Temp\SpOrder.dll
C:\Users\Rowan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Rowan\AppData\Local\Temp\SkypeSetup.exe
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F
C:\Program Files\shopperz071220151935
C:\Program Files (x86)\SwiftSearch_1.10.0.25
C:\ProgramData\SFwXCaP
C:\Users\Rachel\AppData\Roaming\VOPackage
C:\Program Files (x86)\gmsd_us_005010169
C:\Users\Rachel\AppData\Local\SmartWeb
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk
C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\drivers\bsdriver.sys
C:\Windows\System32\drivers\cherimoya.sys
C:\Windows\System32\DRIVERS\LEP960.sys
C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs => No running process found
C:\Program Files\shopperz071220151935\DhviSucbuj.exe => No running process found
C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp => No running process found
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp => No running process found
C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp => No running process found
C:\Program Files\shopperz071220151935\Voelpagc.exe => No running process found
C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe => No running process found
C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp => No running process found
C:\ProgramData\SFwXCaP\HAKqVaOxJ.exe => No running process found
C:\Program Files\shopperz071220151935\Hulkokcos.EXE => No running process found
C:\Users\Rachel\AppData\Roaming\VOPackage\VOPackage.exe => No running process found
C:\Program Files\shopperz071220151935\Loqym.exe => No running process found
C:\Program Files\shopperz071220151935\Raabbi.exe => No running process found
C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe => No running process found
C:\Program Files\shopperz071220151935\Raabbi64.exe => No running process found
C:\Program Files\shopperz071220151935\csrcc.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010169 => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key not found. 
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key not found. 
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key not found. 
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key not found. 
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key not found. 
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key not found. 
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key not found. 
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key not found. 
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key not found. 
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key not found. 
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk => not found.
C:\Windows\Installer\{20A647C6-0C59-42A7-B3B4-1E95674496BB}\NewShortcut1_4CA89A60165741188EC12DF8484E49A4.exe => not found.
C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => not found.
C:\Users\admin\AppData\Local\SmartWeb\SmartWebHelper.exe => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-2133040787-3344251579-4125002376-1019\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found. 
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found. 
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => key not found. 
HKCR\CLSID\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => key not found. 
HKCR\Wow6432Node\CLSID\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => value not found.
C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi => not found.
FF Extension: shopperz071220151935 - C:\Program Files\shopperz071220151935\Firefox\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2}.xpi [2015-12-07] [not signed] => not found
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{A2C5F7CF-DA01-41E3-86C2-009C26AA44D2} => value not found.
4F4D6D60-CF60-4C65-8FB0-663AB21B46FC => service not found.
consumerinput_update => service not found.
consumerinput_updatem => service not found.
csrcc => service not found.
DybsyqJulby => service not found.
gupdate => service not found.
gupdatem => service not found.
HAKqVaOxJ => service not found.
hidekoqe => service not found.
Hulkokcos => service not found.
nyneryxo => service not found.
roqenufe => service not found.
shopperz071220151935 Updater => service not found.
swsesrvc_1.10.0.25 => service not found.
woforemu => service not found.
byjigogi => service not found.
bsdriver => service not found.
cherimoya => service not found.
LEP960Y => service not found.
swsedrvr_vt_1_10_0_25 => service not found.
avc3 => service not found.
lgccm => service not found.
LGELTEADBus => service not found.
LGELTEADmdm => service not found.
LGELTEADMux => service not found.
LGELTEADNdis => service not found.
LGELTEADprt => service not found.
SCWFPFilter => service not found.
SR => service not found.
srservice => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FEE2927-F50F-42C8-ABDD-3EE0021904C6} => key not found. 
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31E9AD90-C8A2-4719-A2CE-0B5ACB07E273} => key not found. 
C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91D2A79D-5FCD-472C-B50E-0C9AD17AA528} => key not found. 
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98A8CF9E-C3CE-4DE4-B859-71B002397FF8} => key not found. 
C:\Windows\System32\Tasks\Xhdoxha => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Xhdoxha => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A10214E7-E18A-45AD-906A-B7DF212F0B4B} => key not found. 
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABA2BBA7-4E41-484F-84D1-DE1DE9227D8F} => key not found. 
C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8A9AFFC-9B27-49CB-A9B6-60B83246865B} => key not found. 
C:\Windows\System32\Tasks\0 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2FE3125-4E97-484F-8018-2DDC4BB04D18} => key not found. 
C:\Windows\System32\Tasks\Pool Browser2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pool Browser2 => key not found. 
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => not found.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => not found.
"C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\knsi1545.tmpfs" => not found.
"C:\Program Files\shopperz071220151935\DhviSucbuj.exe" => not found.
"C:\Users\Rachel\AppData\Local\11EE8380-1449505463-81E0-3050-14DAE919946F\qnsc727A.tmp" => not found.
"C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\hnsy4449.tmp" => not found.
"C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F\jnsy2EA5.tmp" => not found.
"C:\Program Files\shopperz071220151935\Voelpagc.exe" => not found.
"C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F\snsiD9C4.tmp" => not found.
"C:\Program Files\shopperz071220151935\Hulkokcos.exe" => not found.
"C:\Users\Rachel\AppData\Roaming\VOPackage\VOPackage.exe" => not found.
"C:\Program Files\shopperz071220151935\Loqym.exe" => not found.
"C:\Program Files\shopperz071220151935\Raabbi.exe" => not found.
"C:\Program Files (x86)\gmsd_us_005010169\gmsd_us_005010169.exe" => not found.
"C:\Program Files\shopperz071220151935\Raabbi64.exe" => not found.
"C:\Program Files\shopperz071220151935\csrcc.exe" => not found.
"C:\ProgramData\Microsoft" => ":jeD6uzzuvm4dLfzL5g" ADS not found.
"C:\ProgramData\Microsoft" => ":LgQzWmi6UbvWoNrSc" ADS not found.
HKU\.DEFAULT\Software\Classes\.exe => key not found. 
HKU\.DEFAULT\Software\Classes\exefile => key not found. 
HKU\S-1-5-19\Software\Classes\.exe => key not found. 
HKU\S-1-5-19\Software\Classes\exefile => key not found. 
HKU\S-1-5-20\Software\Classes\.exe => key not found. 
HKU\S-1-5-20\Software\Classes\exefile => key not found. 
DNS Servers: Media is not connected to internet. => Error: No automatic fix found for this entry.
Windows Firewall is disabled. => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{72CBFF0D-6741-4CE2-A0E9-438F9BDF8AB5}C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B56BBEAA-A372-4019-9FC6-A59AD9B783F1}C:\users\rowan\appdata\roaming\hotspot shield\bin\cmw_srv.exe => value not found.
"C:\Program Files (x86)\GUTA8BD.tmp" => not found.
"C:\Program Files (x86)\GUTE485.tmp" => not found.
"C:\Users\Kai\AppData\Local\Temp\{4D45BA06-BF67-4399-94CB-610FB53A9CF3}-44.0.2403.157_44.0.2403.155_chrome_updater.exe" => not found.
"C:\Users\Rachel\AppData\Local\Temp\amisetup2489__15940.exe" => not found.
"C:\Users\Rachel\AppData\Local\Temp\nvSCPAPI.dll" => not found.
"C:\Users\Rachel\AppData\Local\Temp\nvSCPAPI64.dll" => not found.
"C:\Users\Rachel\AppData\Local\Temp\nvSCPAPISvr.exe" => not found.
"C:\Users\Rachel\AppData\Local\Temp\nvStInst.exe" => not found.
"C:\Users\Rachel\AppData\Local\Temp\oprun22796.exe" => not found.
"C:\Users\Rachel\AppData\Local\Temp\oprun4302.exe" => not found.
"C:\Users\Rachel\AppData\Local\Temp\SpOrder.dll" => not found.
"C:\Users\Rowan\AppData\Local\Temp\i4jdel0.exe" => not found.
"C:\Users\Rowan\AppData\Local\Temp\SkypeSetup.exe" => not found.
"C:\Program Files (x86)\11EE8380-1449529914-81E0-3050-14DAE919946F" => not found.
"C:\Program Files\shopperz071220151935" => not found.
"C:\Program Files (x86)\SwiftSearch_1.10.0.25" => not found.
"C:\ProgramData\SFwXCaP" => not found.
"C:\Users\Rachel\AppData\Roaming\VOPackage" => not found.
"C:\Program Files (x86)\gmsd_us_005010169" => not found.
"C:\Users\Rachel\AppData\Local\SmartWeb" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk" => not found.
"C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk" => not found.
"C:\Program Files (x86)\Consumer Input" => not found.
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" => not found.
"C:\Windows\system32\drivers\bsdriver.sys" => not found.
"C:\Windows\System32\drivers\cherimoya.sys" => not found.
"C:\Windows\System32\DRIVERS\LEP960.sys" => not found.
"C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys" => not found.
EmptyTemp: => 21.5 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:33:34 ====
 
Here's the Search log:
 
Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by admin (2015-12-10 09:46:33)
Running from C:\Users\admin\Desktop
Boot Mode: Normal
 
================== Search Files: "DNSAPI.dll" =============
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
[2011-05-03 23:24][2011-05-03 23:24] 0270336 ____A (Microsoft Corporation) 1F79F611109C2B97260B68FD6B4FC7DD [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
[2011-05-03 23:24][2011-05-03 23:24] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
[2011-02-18 12:49][2010-11-20 05:18] 0270336 ____A (Microsoft Corporation) 59DF156711A76BCB993253EC6C9BBF41 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
[2011-05-03 23:24][2011-05-03 23:24] 0357888 ____A (Microsoft Corporation) DCC0888655823103F19EF8FFD330080D [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
[2011-05-03 23:24][2011-05-03 23:24] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2011-02-18 12:49][2010-11-20 06:26] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01 [File is digitally signed]
 
C:\Windows\System32\dnsapi.dll
[2011-05-03 23:24][2015-12-07 16:27] 0357888 ____A () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
====== End of Search ======
 
Here's the Adwcleaner log:
 
# AdwCleaner v5.024 - Logfile created 10/12/2015 at 12:19:39
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : admin - ASUS-LAPTOP
# Running from : C:\Users\admin\Desktop\adwcleaner_5.024.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\Tarma Installer
[-] Folder Deleted : C:\ProgramData\TVTime
[-] Folder Deleted : C:\ProgramData\79B49DAA8B09E4120C6AFFB9DA4A0D51
[-] Folder Deleted : C:\Users\admin\AppData\Local\TVTime
[-] Folder Deleted : C:\Users\admin\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\Rachel\AppData\Local\SearchModule
[-] Folder Deleted : C:\Users\Rachel\AppData\Local\Consumer Input
[-] Folder Deleted : C:\Users\Rachel\AppData\Local\11EE8380-1449504769-81E0-3050-14DAE919946F
[-] Folder Deleted : C:\Users\Rachel\AppData\LocalLow\SmartWeb
[-] Folder Deleted : C:\Users\Rachel\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[-] Folder Deleted : C:\Users\Rowan\AppData\Local\TVTime
[-] Folder Deleted : C:\Users\Rowan\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Rowan\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Rowan\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Rowan\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
[-] File Deleted : C:\Users\Rowan\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
[-] File Restored : C:\Windows\SysWOW64\dnsapi.dll
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EA6B67D-A746-454A-AAEE-24779F0FDFFD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A9CB151-D7B7-462B-89C5-FCC28FA456C2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42019058-BB4B-4CBE-A0AF-218BF23C730B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7C49F69C-5572-4D29-9279-FA9D3419DA1A}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6905B37C-735D-455A-89C5-4DD8BEA9DE78}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2985D26-6CBA-4E65-8F90-F55D2D9A9138}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0EA6B67D-A746-454A-AAEE-24779F0FDFFD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A9CB151-D7B7-462B-89C5-FCC28FA456C2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42019058-BB4B-4CBE-A0AF-218BF23C730B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7C49F69C-5572-4D29-9279-FA9D3419DA1A}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\iLividSRTB
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TVTime
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E960C70B-8CC3-4C8D-9D6F-3B20492055FD}
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0246A4FE-2534-4A23-B434-D976D5FE4B6B} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{0246A4FE-2534-4A23-B434-D976D5FE4B6B} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{0246A4FE-2534-4A23-B434-D976D5FE4B6B} [NameServer]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Rowan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Rowan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Rowan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www.yahoo.com
[-] [C:\Users\Rowan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : homepage-web.com
[-] [C:\Users\Rowan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : kristal-audio-engine.en.softonic.com
[-] [C:\Users\Rowan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://us.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type=avastbcl
[-] [C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.homepage-web.com
[-] [C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : homepage-web.com
[-] [C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8368 bytes] ##########
 
 
When the computer rebooted, I wasn't having the DNSAPI.DLL errors popping up all over the place, but the Windows not being genuine notices are becoming vehement.
 
By the way, thanks for all your help with this.
 


#6 Hypatia415

Hypatia415
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 10 December 2015 - 06:51 PM

Hey nasdaq,

 

Since the last reboot (after AdwCleaner), I have an unclosable window (it has no "X") that's taking up the majority of the screen.  It doesn't look legit with its grammar errors, non-capitalization of "windows" and the 1-800 banner across the bottom.  It reads, "! Validate Copy of Your Windows License! You might be a victim of software counterfeiting.  You may not be able to use this PC without completing the activation.  To acquire a genuine copy of license please click on "Update Now".  If you receive any error please contact free windows [sic] technical support.  Toll Free 1-800-406-8501Toll Free 1-800-406-8501Toll Free 1-800-406-8501Toll Free"

 

I have not clicked "Update Now".

 

Awaiting further instructions.  One of which, I hope, is to troll whoever is on the other side of that 1-800 number.

 

Thanks,

Hyp415



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 PM

Posted 11 December 2015 - 09:46 AM

Open your Task Manager (CTRL+ALT+DEL) and find out if you have a process that is unknown to you and stop it.
If not sure please note it and let me know the name(s) that are suspicious to you.

===

There was a lot of information to check and I may have missed something.

Please run the Farbar tool one more time and post a fresh FRST log.
I will also need to see a fresh Addition.txt file. To create it make sure you place a check mark on the "Create an Additionl.txt" .

Edited by nasdaq, 11 December 2015 - 09:47 AM.


#8 Hypatia415

Hypatia415
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 11 December 2015 - 12:20 PM

No problem, there _was_ a lotta stuff.

 

The suspicious window disappeared when I killed the process "Windi.exe".

 

I might be able to run MBAM now that Adwcleaner restored a dnsapi.dll.  Chrome works again.  Should I try that?  

 

Windows Security Essentials just popped up with a file it didn't like seeing: Trojan: Win64/Patched.AZ.gen!dll

 

Running Farbar now will post the scan log when it gets done.



#9 Hypatia415

Hypatia415
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 11 December 2015 - 12:29 PM

Here is the Addition txt, the other log in the next post.  I received a "post too long" error when I tried to post both at once.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by admin (2015-12-11 10:18:45)
Running from C:\Users\admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-11-25 23:21:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-2133040787-3344251579-4125002376-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2133040787-3344251579-4125002376-500 - Administrator - Disabled)
Guest (S-1-5-21-2133040787-3344251579-4125002376-501 - Limited - Disabled)
Kai (S-1-5-21-2133040787-3344251579-4125002376-1020 - Limited - Enabled) => C:\Users\Kai
Mcx1-ASUS-LAPTOP (S-1-5-21-2133040787-3344251579-4125002376-1010 - Limited - Enabled) => C:\Users\Mcx1-ASUS-LAPTOP
Rachel (S-1-5-21-2133040787-3344251579-4125002376-1021 - Administrator - Enabled) => C:\Users\Rachel
Rowan (S-1-5-21-2133040787-3344251579-4125002376-1019 - Limited - Enabled) => C:\Users\Rowan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Air Brawl (HKLM-x32\...\Steam App 375600) (Version:  - LandFall Games)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Antichamber (HKLM\...\UDK-60f710c6-06e1-4046-b876-00e10eeb480a) (Version:  - Epic Games, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version:  - )
Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version:  - Bohemia Interactive)
ArtRage 4 Demo (HKLM-x32\...\ArtRage 4 Demo 4.5.2.0) (Version: 4.5.2.0 - Ambient Design)
ArtRage 4 Demo (Version: 4.5.2.0 - Ambient Design) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.8 - ASUS)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2000764110.48.56.3025634 - Audible, Inc.)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk Download Manager (HKLM-x32\...\{C897D9EC-13C6-4A22-ABF7-33F2126A7DB6}) (Version: 3.0.8.0 - Autodesk, Inc.)
Autodesk Maya 2015 SP2 (HKLM\...\Autodesk Maya 2015 SP2) (Version: 15.2.1633.0 - Autodesk)
Autodesk Maya 2015 SP4 (HKLM\...\Autodesk Maya 2015 SP4) (Version: 15.4.1973.0 - Autodesk)
Autodesk Maya LT 2015 SP1 (HKLM\...\Autodesk Maya LT 2015 SP1) (Version: 15.11.529.0 - Autodesk)
AVS Audio Converter 7.3 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
AVS Audio Editor 7.3 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
AVS Audio Recorder version 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version:  - Online Media Technologies Ltd.)
AVS Document Converter 2.3.2 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.3.2.233 - Online Media Technologies Ltd.)
AVS DVD Copy 4.1.2.283 (HKLM-x32\...\AVS DVD Copy_is1) (Version:  - Online Media Technologies Ltd.)
AVS Image Converter 2.3.3.249 (HKLM-x32\...\AVS Image Converter_is1) (Version: 2.3.3.249 - Online Media Technologies Ltd.)
AVS Media Player 4.2.3.106 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.1.144 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.1.144 - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.2 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 9.0 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.2.166 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Azure Resource Manager Tools (VS 2013) - v1.0 (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.5.21104.1601 - Microsoft Corporation) Hidden
AzureTools.Notifications.VwdExpress (x32 Version: 2.4.20730.1601 - Microsoft Corporation) Hidden
Bad Rats (HKLM-x32\...\Steam App 34900) (Version:  - Invent4 Entertainment)
Baldur's Gate Enhanced Edition (HKLM-x32\...\Baldur's Gate Enhanced Edition) (Version: 0.2.6.2 - Beamdog)
Baldur's Gate II (HKLM-x32\...\Baldur's Gate II_is1) (Version:  - GOG.com)
Baldur's Gate II Enhanced Edition (HKLM-x32\...\Baldur's Gate II Enhanced Edition) (Version: 0.2.8.0 - Beamdog)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Black Mesa (HKLM-x32\...\Steam App 362890) (Version:  - )
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.73 - Blender Foundation)
Blood Bowl: Legendary Edition (HKLM-x32\...\Steam App 58520) (Version:  - Cyanide Studio)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Bulletstorm (HKLM-x32\...\Steam App 99810) (Version:  - People Can Fly)
Child of Light (HKLM-x32\...\Steam App 256290) (Version:  - Ubisoft Montréal)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cloud Deployment Project for Microsoft Visual Studio 2013 - v1.0 (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Cloud Storage Studio (HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\...\8ff36c7a59c0ced2) (Version: 2011.8.11.0 - Cerebrata Software Private Limited)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
Cumulative Update for Workflow Manager 1.0 (KB2799754)LDR (HKLM-x32\...\Cumulative Update for Workflow Manager 1.0 (KB2799754)LDR) (Version: 2.0.20922.0 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dawn of War - Dark Crusade Mod Tools 1.20 (HKLM-x32\...\Dawn of War - Dark Crusade Mod Tools_is1) (Version:  - Relic Entertainment / THQ Canada Inc.)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Rising 2 (HKLM-x32\...\Steam App 45740) (Version:  - Capcom Vancouver)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Divine Divinity (HKLM-x32\...\Divine Divinity_is1) (Version:  - GOG.com)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Dungeons and Dragons - Dragonshard (HKLM-x32\...\GOGPACKDNDDRAGONSHARD_is1) (Version: 2.0.0.10 - GOG.com)
Emily is Away (HKLM-x32\...\Steam App 417860) (Version:  - Kyle Seeley)
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.2.0.3 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.0.3 Alpha - ETS2MP Team)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FeedForAll v2.0 (HKLM-x32\...\FeedForAll v2.0) (Version:  - )
Final DOOM (HKLM-x32\...\Steam App 2290) (Version:  - id Software)
Five Nights at Freddy's 4 (HKLM-x32\...\Steam App 388090) (Version:  - Scott Cawthon)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Freedom Force (HKLM-x32\...\Steam App 8880) (Version:  - Irrational Games)
Fresco Logic USB3.0 Host Controller (HKLM\...\{17F94DA8-CB07-4BD8-A6DB-E53A1CC5C433}) (Version: 3.5.73.0 - Fresco Logic Inc.)
GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version:  - YoYo Games Ltd.)
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version:  - Valve)
Homeworld Remastered Collection (HKLM-x32\...\Steam App 244160) (Version:  - Gearbox Software)
Hotline Miami 2: Wrong Number (HKLM-x32\...\Steam App 274170) (Version:  - Dennaton Games)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
IIS URL Rewrite Module 2 (HKLM\...\{EB675D0A-2C95-405B-BEE8-B42A65D23E11}) (Version: 7.2.2 - Microsoft Corporation)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Inno Setup version 5.5.5 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.5 - jrsoftware.org)
Install Finalizer (x32 Version: 2.5.21104.1601 - Microsoft Corporation) Hidden
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{C7B40C35-85AE-4303-9EEA-1A1EA779664D}) (Version: 1.0.2.0518 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)
Keep Talking and Nobody Explodes (HKLM-x32\...\Steam App 341800) (Version:  - Steel Crate Games)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version:  - Tripwire Interactive)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Legend of Grimrock (HKLM-x32\...\Legend of Grimrock_is1) (Version:  - GOG.com)
Lenovo Y Gaming Surround Sound Headset (HKLM-x32\...\{4AE965C9-5221-4FB9-8551-089326C19576}) (Version: 2.0.2.14 - Lenovo)
LightSwitchPublishToolKitCore (x32 Version: 1.7.50720.1602 - Microsoft) Hidden
Live SDK (HKLM-x32\...\{0DFFA3CE-5399-4D4B-9CDD-2BF5C65D7FD5}) (Version: 5.0.3069.1128 - Microsoft Corporation)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
LUFTRAUSERS (HKLM-x32\...\Steam App 233150) (Version:  - Vlambeer)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Master Levels for DOOM II (HKLM-x32\...\Steam App 9160) (Version:  - id Software)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
METAL SLUG 3 (HKLM-x32\...\Steam App 250180) (Version:  - DotEmu)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET and Web Frameworks 2012.2 (HKLM-x32\...\{71a40c60-27c2-443a-b7c7-6e4f3aad1d5a}) (Version: 2.1.20219.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update (HKLM-x32\...\{FC909837-27D0-4FB4-8653-00F63EB70D74}) (Version: 3.0.20406.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 (HKLM-x32\...\{ea411dc1-f74d-476e-b431-e90a3c4b552e}) (Version: 4.0.20713.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.Net Web Frameworks 5.1 Security Update (KB2994397) (HKLM-x32\...\{94F716A3-CBBA-4005-9516-1C4267DDB824}) (Version: 5.1.20821 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools (HKLM-x32\...\{A879B90E-B62C-4DA4-9C3F-79A1A6CFAAF9}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages 2 (HKLM-x32\...\{cb29be6c-39c4-493e-9da7-d585d5353714}) (Version: 2.0.20715.0 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.4.1 (HKLM\...\{6D8BD3DF-0EA4-4BB1-AA57-0BBA9A804E24}) (Version: 2.4.6499.5 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.5 (HKLM\...\{A46322D1-A353-4F9A-8DA1-C58401E33639}) (Version: 2.5.6496.10 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.5 (HKLM\...\Microsoft Azure Compute Emulator - v2.5) (Version: 2.5.6496.10 - Microsoft Corporation)
Microsoft Azure HDInsight Tools for Visual Studio (HKLM-x32\...\{C6943238-E5DA-412D-850E-54181E5B4B65}) (Version: 1.0.0000.0 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.4 (HKLM\...\{D6B04ED9-386E-4157-AF50-64A43700FADC}) (Version: 2.4.0724.110 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.5 (HKLM\...\{22F9A831-CA56-4406-85FE-47FFB0472804}) (Version: 2.5.1024.161 - Microsoft Corporation)
Microsoft Azure Quickstarts (HKLM-x32\...\{06747CB9-4E28-3164-A1C5-F7FD307F08B5}) (Version: 1.5.0 - Microsoft Corporation)
Microsoft Azure Storage Tools - v3.0.0 (HKLM-x32\...\{870D4E4E-1BE7-42E7-9655-E7792290FCB4}) (Version: 3.0.0.0 - Microsoft Corporation)
Microsoft Azure Tools for Microsoft Visual Studio 2013 - v2.4 (HKLM-x32\...\{59c9b964-1162-4063-886e-8410aa0fcbc8}) (Version: 2.4.20730.1601 - Microsoft Corporation)
Microsoft Azure Tools for Microsoft Visual Studio 2013 - v2.5 (HKLM-x32\...\{4be5d1d6-933d-4058-853b-047ed1258fc4}) (Version: 2.5.21104.1601 - Microsoft Corporation)
Microsoft Exchange Web Services Managed API 2.0 (HKLM-x32\...\{6EE9E2DF-2CD7-4952-A649-95DEA8697BD8}) (Version: 15.0.516.14 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.30816.0) (Version: 4.0.30816.0 - Microsoft Corporation)
Microsoft Expression Blend 4 Add-in for Adobe FXG Import (HKLM-x32\...\{EFBBD030-48F0-43B3-A8AD-789894DAD0B5}) (Version: 1.0.20817.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone 7 (HKLM-x32\...\{69E11501-75F7-4ACE-8103-52513DDCFE26}) (Version: 2.0.20901.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone OS 7.1 (HKLM-x32\...\{12B8E200-99CC-4203-A8D1-4145FC4D0192}) (Version: 2.0.30816.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version:  - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Hive ODBC Driver (HKLM\...\{AC9970E8-7F55-4F50-A6D3-2BC041589904}) (Version: 1.0.5.5 - Microsoft Corporation)
Microsoft Hive ODBC Driver (HKLM-x32\...\{7A580208-9E61-47FD-9AEB-DDDAA67CF0F6}) (Version: 1.0.5.5 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft NuGet for Visual Studio 2010 (HKLM-x32\...\{22B4F250-F40C-4E59-9800-E4AE88C35CFC}) (Version: 2.0.30625.9003 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft Office Developer Tools for Visual Studio 2012 ENU (HKLM-x32\...\{11a5e71f-e0d4-46b6-9fba-e5d0fc6149d0}) (Version: 11.0.60226.0 - Microsoft Corporation)
Microsoft Office Developer Tools for Visual Studio 2013 - November 2014 Update (HKLM-x32\...\{ac415136-ae46-4301-b23e-6559062bfa7b}) (Version: 12.0.31105.0 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-0081-0409-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Press Training Kit Exam Prep Suite 70-515 (HKLM-x32\...\{BEDF6879-CE7B-4F0A-9D06-A9BD67DB634E}) (Version: 1.0.0 - MeasureUp)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SharePoint Designer 2013 - en-us (HKLM\...\SPDRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft Silverlight Tools for Visual Studio 2010 (HKLM-x32\...\{558358E5-E4F3-4374-BA1D-26FF39EF87D9}) (Version: 10.0.30319.400 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{E016AA48-A21B-4728-9BD0-E3AAE23BEE5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{7FE9A69F-6D91-4E2E-86B5-E2EB27AE6041}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20905.0) (HKLM-x32\...\{23A3E3F8-91B4-4C5A-9E69-6747CF6D426B}) (Version: 11.1.20905.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41025.0) (HKLM-x32\...\{6793668D-6A81-4DCC-8034-ACF44E84B1D0}) (Version: 12.0.41025.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools (HKLM-x32\...\{86b4d378-8e43-49f9-b42d-f2141c6244cf}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools 2013 (HKLM-x32\...\{2768bca6-2ff2-4cb2-b6fc-654f7b5d6af0}) (Version: 12.0.41025.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20905.0) (HKLM-x32\...\{D2964C0D-477B-4914-B791-1D80E61E85E6}) (Version: 11.1.20905.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Store Download Manager (HKLM-x32\...\{2C019AC0-E2E1-4E63-8113-87F9D44EAF07}) (Version: 2.9.4919.1 - Microsoft Corporation)
Microsoft Streets & Trips 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.18.2200 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2013 Tools for Unity (HKLM-x32\...\{7AFB9B82-13AA-4BE2-9FAC-B9962DB74762}) (Version: 1.9.8.0 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{6dff50d0-3bc3-4a92-b724-bf6d6a99de4f}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Web Deploy 2.0 (HKLM\...\{5134B35A-B559-4762-94A4-FD4918977953}) (Version: 2.0.1070 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft Web Publish - Visual Studio 2010 (HKLM-x32\...\{0D54E146-3FA4-4AB8-9A23-AC9598730278}) (Version: 1.0.30810.0 - Microsoft Corporation)
Microsoft WebMatrix 3 (HKLM-x32\...\{4C1CB8FA-89A5-476A-89B6-C69BDC668A9F}) (Version: 2.0.1932 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 Refresh (HKLM-x32\...\XNA Game Studio 4.0) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{89690B51-2E21-4E93-914E-F9CAC5B24A84}) (Version: 1.4.0.0 - Microsoft Corporation)
Mind: Path to Thalamus Enhanced Edition (HKLM-x32\...\Steam App 296070) (Version:  - Carlos Coronado)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MINERVA: Metastasis (HKLM-x32\...\Steam App 235780) (Version:  - Adam Foster)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mixamo Fuse version 1.3.0 (HKLM-x32\...\{CF744422-9FA0-44E9-86E4-B4FCF1A0D56A}_is1) (Version: 1.3.0 - Mixamo)
Mortal Kombat Kollection (HKLM-x32\...\Steam App 205350) (Version:  - NetherRealm Studios, High Voltage)
Mount Your Friends (HKLM-x32\...\Steam App 296470) (Version:  - Stegersaurus Software Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Game Long Name (HKLM\...\UDK-1f2a1c88-2064-4317-a665-b2a7dd1e8e95) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-530d21a0-bdb8-4bb9-a39e-562439b7f624) (Version:  - Epic Games, Inc.)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 6.0.0.74 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
NVIDIA 3D Vision Driver 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version:  - The Men Who Wear Many Hats)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 RC Design-Time - PTB (x32 Version: 11.0.50816 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 RC x64 Hosting Support - PTB (Version: 11.0.50816 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 RC x86 Hosting Support - PTB (x32 Version: 11.0.50816 - Microsoft Corporation) Hidden
Painkiller Hell & Damnation (HKLM-x32\...\Steam App 214870) (Version:  - The Farm 51)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PixelJunk Eden (HKLM-x32\...\Steam App 105800) (Version:  - Q-Games, Ltd.)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Project Zomboid Demo (HKLM-x32\...\Steam App 264910) (Version:  - Indie Stone Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
Quake (HKLM-x32\...\Steam App 2310) (Version:  - id Software)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version:  - Capcom)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
Rodina Demo (HKLM-x32\...\Steam App 316050) (Version:  - Elliptic Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Salt Demo (HKLM-x32\...\Steam App 327870) (Version:  - Lavaboots Studios)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version:  - Croteam)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{DC528101-617D-4E9F-B131-F8F8C52E649B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{3C578F10-F74F-4655-B2A6-9F88A6C415E8}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SharePoint Client Components (HKLM\...\{95150001-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4481.1505 - Microsoft Corporation)
SharePoint Client Components (HKLM\...\{95150003-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4641.1002 - Microsoft Corporation)
SharePoint Client Components (HKLM\...\{95160002-1163-0409-1000-0000000FF1CE}) (Version: 16.0.3104.1200 - Microsoft Corporation)
Shelter 2 (HKLM-x32\...\Steam App 275100) (Version:  - Might and Delight)
SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version:  - Yacht Club Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Simple Media Player 1.0 (HKLM-x32\...\Simple Media Player) (Version: 1.0 - Simple Media Player)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SOMA (HKLM-x32\...\Steam App 282140) (Version:  - Frictional Games)
SonicWALL Global VPN Client (HKLM\...\{2B0BD3DD-EF7E-43EE-AC58-061E412BFFEF}) (Version: 4.7.3 - SonicWALL)
Source Multiplayer Dedicated Server (HKLM-x32\...\Steam App 310) (Version:  - Valve)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
Space Hulk (HKLM-x32\...\Steam App 242570) (Version:  - Full Control Studios)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
SPOT Device Updater 1.4 (HKLM-x32\...\7719-3473-4526-5852) (Version: 1.4 - Spot LLC)
Sprite Lamp (HKLM-x32\...\Steam App 316830) (Version:  - Snake Hill Games)
Spriter Pro (HKLM-x32\...\Steam App 332360) (Version:  - BrashMonkey)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
StarMade (HKLM-x32\...\Steam App 244770) (Version:  - Schine, GmbH)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subnautica (HKLM-x32\...\Steam App 264710) (Version:  - Unknown Worlds Entertainment)
Substance Painter version 0.10.2 (HKLM\...\{410F5B6E-A29C-4F43-9DE3-44A1357D6AF5}_is1) (Version: 0.10.2 - Allegorithmic)
Super Amazing Wagon Adventure (HKLM-x32\...\Steam App 250500) (Version:  - sparsevector)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.43.0 - Synaptics Incorporated)
Synergy (HKLM-x32\...\Steam App 17520) (Version:  - Synergy Team)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TexturePacker (HKLM\...\{3BE3B3E2-0E1E-4203-BC0C-D6453C5E92B2}) (Version: 3.5.3 - code-and-web.de)
The Beginner's Guide (HKLM-x32\...\Steam App 303210) (Version:  - Everything Unlimited Ltd.)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Complete Ultima VII (HKLM-x32\...\The Complete Ultima VII_is1) (Version:  - GOG.com)
THE KING OF FIGHTERS XIII STEAM EDITION (HKLM-x32\...\Steam App 222940) (Version:  - SNK Playmore)
The Old City: Leviathan (HKLM-x32\...\Steam App 297350) (Version:  - PostMod Softworks)
The Park (HKLM-x32\...\Steam App 402020) (Version:  - Funcom)
The Ship (HKLM-x32\...\Steam App 2400) (Version:  - Outerlight Ltd.)
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version:  - Outerlight Ltd.)
The Ship Tutorial (HKLM-x32\...\Steam App 2430) (Version:  - Outerlight)
The Ultimate DOOM (HKLM-x32\...\Steam App 2280) (Version:  - id Software)
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
Torchlight (HKLM-x32\...\Steam App 41500) (Version:  - Runic Games, Inc.)
Toribash (HKLM-x32\...\Steam App 248570) (Version:  - Nabi Studios)
TortoiseSVN 1.7.11.23600 (64 bit) (HKLM\...\{6B13A3F1-F66A-42FB-9E62-98952D582187}) (Version: 1.7.23600 - TortoiseSVN)
TowerFall Ascension (HKLM-x32\...\Steam App 251470) (Version:  - Matt Thorson)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ultima Second Trilogy (HKLM-x32\...\Ultima Second Trilogy_is1) (Version:  - GOG.com)
Ultima Trilogy (HKLM-x32\...\Ultima Trilogy_is1) (Version:  - GOG.com)
Ultima Underworld 1 and 2 (HKLM-x32\...\GOGPACKULTIMAUNDERWORLD1AND2_is1) (Version: 2.0.0.19 - GOG.com)
Ultima VIII - Pagan (HKLM-x32\...\Ultima VIII - Pagan_is1) (Version:  - GOG.com)
Under the Ocean (HKLM-x32\...\Steam App 227720) (Version:  - Near Enough Games)
Undertale (HKLM-x32\...\Steam App 391540) (Version:  - tobyfox)
Uninstall Finalizer (x32 Version: 2.2.11003.1601 - Microsoft Corporation) Hidden
Uninstall Finalizer (x32 Version: 2.3.20320.1602 - Microsoft Corporation) Hidden
Uninstall Finalizer (x32 Version: 2.4.20730.1601 - Microsoft Corporation) Hidden
Uninstall Finalizer (x32 Version: 2.5.21104.1601 - Microsoft Corporation) Hidden
Unreal Development Kit: 2012-07 (HKLM\...\UDK-5b8e96f0-5573-4fab-9a8a-fc792a72fe40) (Version:  - Epic Games, Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Viscera Cleanup Detail (HKLM-x32\...\Steam App 246900) (Version:  - RuneStorm)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU (HKLM-x32\...\{D25C502E-FF51-424C-8C38-8596FE47D0CD}) (Version: 4.0.8482.1 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20789 (HKLM-x32\...\{49c53021-7c66-4b0b-b842-9b878d2f0e0f}) (Version: 1.0.9200.20789 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.13w3 - Wacom Technology Corp.)
Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version:  - Relic)
Warhammer 40,000: Dawn of War – Dark Crusade (HKLM-x32\...\Steam App 4580) (Version:  - Relic)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version:  - Relic Entertainment)
Warhammer 40,000: Dawn of War – Soulstorm (HKLM-x32\...\Steam App 9450) (Version:  - Relic)
Warhammer 40,000: Dawn of War – Winter Assault (HKLM-x32\...\Steam App 9310) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic)
WCF Data Services 5.0 (for OData v3) CHS Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) CHT Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) DEU Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) ESN Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) FRA Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) ITA Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) JPN Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) KOR Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) RUS Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (OData v3) (HKLM-x32\...\{016ec3ab-f652-4ebb-ab86-63d598fd3749}) (Version: 5.0.50403.0 - Microsoft Corporation)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services SDK for Windows Phone (HKLM-x32\...\{6F33C2E2-5E02-4344-90BC-ED55C48341D2}) (Version: 4.7.6.0 - Microsoft Corporation)
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 CHS Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 CHT Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 DEU Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 ESN Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 FRA Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 ITA Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 JPN Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 KOR Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 RUS Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Azure Authoring Tools - June 2012 Release (HKLM\...\{646A1C52-6194-4992-8D21-8D9E42AE820A}) (Version: 1.7.30602.1703 - Microsoft Corporation)
Windows Azure Authoring Tools - October 2012 Release (HKLM\...\{8748EE66-A92C-472A-805A-A86C41D22848}) (Version: 1.8.31351.1533 - Microsoft Corporation)
Windows Azure Authoring Tools - v2.0 (HKLM\...\{62B64BEE-182F-4B1D-8D92-905FA8737AFE}) (Version: 2.0.6493.2 - Microsoft Corporation)
Windows Azure Authoring Tools - v2.2 (HKLM\...\{863C94A6-E432-4C88-9C68-FB668AE66621}) (Version: 2.2.6492.2 - Microsoft Corporation)
Windows Azure Authoring Tools - v2.3 (HKLM\...\{CA53F7A1-A71D-4C7F-ABD2-7BDD26FE0D74}) (Version: 2.3.6491.3 - Microsoft Corporation)
Windows Azure Libraries for .NET – October 2012 (HKLM\...\{72934D7D-3379-497D-8FA4-1E28D21AFA20}) (Version: 1.8 - Microsoft Corporation)
Windows Azure Libraries for .NET – v2.0 (HKLM\...\{33540558-5647-4ED7-8682-62CE971CEE62}) (Version: 2.0 - Microsoft Corporation)
Windows Azure Libraries for .NET – v2.2 (HKLM\...\{0DCF275C-3D88-48CC-B374-ACA7365EF966}) (Version: 2.2.0924.200 - Microsoft Corporation)
Windows Azure Libraries for .NET – v2.3 (HKLM\...\{C0591F2A-45AD-4189-86A7-C2B1DF3D148D}) (Version: 2.3.0424.070 - Microsoft Corporation)
Windows Azure Libraries for .NET 1.7 – June 2012 (HKLM\...\{AED07B87-975F-4F60-B7C9-38B8596C6531}) (Version: 1.7 - Microsoft Corporation)
Windows Azure PowerShell - December 2013 (HKLM-x32\...\{9E43EB1E-81BA-4A2C-A5A7-63F34FAB05D2}) (Version: 0.7.2 - Microsoft Corporation)
Windows Azure Storage Emulator - v3.4 (HKLM-x32\...\Windows Azure Storage Emulator - v3.4) (Version: 3.4.6848.0 - Microsoft Corporation)
Windows Azure Tools for LightSwitch for Visual Studio 2012 - June 2012 (HKLM-x32\...\{92c9d85d-d28d-4b99-a2ec-fa692441aa31}) (Version: 1.7.50720.1602 - Microsoft Corporation)
Windows Azure Tools for Microsoft LightSwitch for Visual Studio 2012 - v2.0 (HKLM-x32\...\{76423e2f-1a2d-4859-ba02-fcfe8405e929}) (Version: 2.0.60328.1603 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2012 - June 2012 SP1 (HKLM-x32\...\{540cc2f4-4f11-47be-8ebb-e665ed4e9d01}) (Version: 1.7.50716.1601 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2012 - v2.0 (HKLM-x32\...\{f41037c2-b163-40b7-8aeb-95997a5b87b8}) (Version: 2.0.60409.1601 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2012 - v2.2 (HKLM-x32\...\{c8fb43b0-1ecf-4a7b-930a-1a77e3c10be0}) (Version: 2.2.11003.1601 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2013 - v2.3 (HKLM-x32\...\{7223ffe5-5cbb-45ca-8aa3-a455015ab1cf}) (Version: 2.3.20320.1602 - Microsoft Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (04/10/2013 2.5.0.1) (HKLM\...\315219591F441B80092CEC436A54F33710A49880) (Version: 04/10/2013 2.5.0.1 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (04/16/2014 2.5.1.2) (HKLM\...\1AB75C502CCA4F9854A6E2152370CA7865D789BE) (Version: 04/16/2014 2.5.1.2 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (05/10/2011 2.4.0.0) (HKLM\...\1F97AD589D40EC37AF848A540DFD9A0A662F7EAA) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (05/10/2011 2.4.0.0) (HKLM\...\8751DB371004DC10847CB5D366A319631EA4E3EA) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (12/13/2012 2.4.0.0) (HKLM\...\02AD34F29D32C048B03F694998ED36AD51FD3A5E) (Version: 12/13/2012 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (12/30/2013 2.5.0.6) (HKLM\...\26D26416B8357FF24D75947D73C90B67147A59B5) (Version: 12/30/2013 2.5.0.6 - Cambridge Silicon Radio Ltd.)
Windows Identity Foundation SDK 4.0 (HKLM-x32\...\{0BD0F49E-C5B3-4FE0-A792-DCD61AEE93CF}) (Version: 6.1.7600.16436 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows Phone Emulator x64 - ENU (HKLM\...\{C9AEABC2-1DD6-3280-9A1A-11E1E8D34AAD}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU) (Version: 10.1.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU (HKLM-x32\...\{A721BC43-E63E-3531-B1BF-6A405F9530BD}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Assemblies (HKLM-x32\...\{9E2F2BAC-A9FD-35BC-B8E0-253FEBED0F9B}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0 (HKLM-x32\...\{A4CC18F6-DB05-4B03-B724-4128322FA85F}) (Version: 4.0.30901.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.0 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
World Machine 2.3 Basic Edition (HKLM-x32\...\World Machine2Basic) (Version:  - )
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd.)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools 2012 для работы с приложениями (x64), версия-кандидат - RUS (Version: 11.0.50816 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools 2012 для работы с приложениями (x86), версия-кандидат - RUS (x32 Version: 11.0.50816 - Microsoft Corporation) Hidden
Языковой пакет для среды разработки набора средств Microsoft Visual Studio Tools 2012 для работы с приложениями, версия-кандидат - RUS (x32 Version: 11.0.50816 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
08-12-2015 03:14:54 Scheduled Checkpoint
09-12-2015 07:43:23 Windows Update
09-12-2015 12:39:53 Removed AllPCOptimizer.
09-12-2015 13:00:00 Restore Point Created by FRST
10-12-2015 03:00:13 Windows Update
10-12-2015 09:33:15 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2014-10-07 20:53 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.wavybrain.local
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {17367301-93C7-4BA4-8A87-36672886E8EE} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe [2010-07-29] ()
Task: {22337BE1-5684-49C6-8CFD-E16D9F50D984} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)
Task: {253DEA72-7F5A-47FD-B874-A21EBAA3C1C6} - System32\Tasks\{CA41FDDE-7411-46B9-B8C3-048F2E3BF9B5} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {284B3803-2AD9-40F5-B40C-FA02DA5CF154} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ASUS-Laptop-wes ASUS-Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-10-13] (Microsoft Corporation)
Task: {28978BCD-4643-4333-B7CF-8FAF4C8BEF95} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2133040787-3344251579-4125002376-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {28FC9706-C022-42CF-9F1A-10AA4818F372} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3A8496FC-4F34-4E69-8C7D-DDF51D6617DA} - System32\Tasks\{C0E09F2B-AD84-4E00-B19A-A64B9BDD8AFF} => pcalua.exe -a "C:\Users\wes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S35ZGF8Z\ffasetup.exe" -d D:\Users\wes\Desktop
Task: {402C48F9-636F-4F1E-AE2C-DC367A811D9F} - System32\Tasks\Pool Browser => Rundll32.exe "C:\Users\Rachel\AppData\Local\Pool Browser\{ACD4922F-8530-27D0-A7C1-76A7895BE21E}\PoolBrowser.dll",#1
Task: {4D41A8AF-59AE-4D06-912F-4FE434100611} - System32\Tasks\{DFB90CDB-06BA-4C8B-A810-70D8EF06F132} => pcalua.exe -a "C:\Users\wes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79B0YC3B\silverlight4_tools.exe" -d D:\Users\wes\Desktop
Task: {5AA2FC59-5F6F-4EC3-A9E2-BDBA59653A44} - System32\Tasks\4516 => C:\Windows\system32\wscript.exe [2013-10-11] (Microsoft Corporation) <==== ATTENTION
Task: {5C07F048-56F7-4170-A076-D4D896FF2048} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6E87597A-AC21-45F8-B504-A045073A97C7} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {78280E71-DCD8-441A-8330-7AA9518BC144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7C997131-E116-4773-8484-85557E177617} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.)
Task: {86D2734F-F0A6-4255-87F0-017C6D2F0002} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {884875D0-9450-4845-B1FA-A0BB5762811C} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-ASUS-LAPTOP => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {89AEF186-57FA-4614-9444-01CFF278EAF4} - System32\Tasks\{2251C11D-6171-418F-AA6D-F5AB74F8112F} => pcalua.exe -a C:\PROGRA~2\NotePage\FEEDFO~1\UNWISE.EXE -c C:\PROGRA~2\NotePage\FEEDFO~1\INSTALL.LOG
Task: {920243F9-B0E6-4EBB-A730-D0C5F21F8C4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-11] (Adobe Systems Incorporated)
Task: {966B25A8-A409-4613-8206-DDCF3DFC878A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {9D175F12-E012-4180-8FCE-478836422F27} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-13] (Microsoft Corporation)
Task: {ADE5CCB0-743A-40E1-9B01-2EE5ED91F78F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2133040787-3344251579-4125002376-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B64F7DDD-E106-4A1F-A86D-2EF3C53AF33A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {EEB745D6-C1F9-4CBA-8C50-D28E9D8C2A53} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {F3B50258-E9B4-40DF-A308-27BFE4846934} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2133040787-3344251579-4125002376-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {F5843276-90B5-4E41-B9CF-F1B317E3202F} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-24 12:31 - 2015-11-13 23:06 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-25 20:45 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-27 22:13 - 2015-10-28 07:26 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-10-30 06:17 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2012-12-12 20:37 - 2012-12-12 20:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2015-10-27 11:45 - 2011-02-25 16:07 - 00204800 ____N () C:\Windows\SysWOW64\ExMgr.exe
2015-10-27 16:09 - 2014-01-21 15:40 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
2015-08-02 09:44 - 2015-07-07 15:26 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-04-19 21:41 - 2014-12-04 19:27 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-04-19 21:41 - 2014-12-04 19:27 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-11-24 12:32 - 2015-11-15 20:35 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-27 11:45 - 2015-08-10 17:13 - 00090112 ____N () C:\Windows\SysWOW64\ExSrv.dll
2015-10-27 16:09 - 2014-01-21 15:40 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll
2015-07-24 13:03 - 2015-10-05 09:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-07-24 13:03 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-07-24 13:03 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-07-24 13:03 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-07-24 13:03 - 2015-11-09 19:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2015-07-24 13:03 - 2015-09-23 17:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-07-24 13:03 - 2015-09-23 17:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-07-24 13:03 - 2015-09-23 17:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-07-24 13:03 - 2015-09-23 17:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-07-24 13:03 - 2015-09-23 17:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-07-24 13:03 - 2015-11-09 19:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-24 13:03 - 2015-11-03 15:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-12-10 12:32 - 2014-12-04 19:27 - 00104328 _____ () C:\Users\admin\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2015-10-30 06:17 - 2015-09-01 05:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-12 19:30 - 2012-12-12 19:30 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-07-24 13:03 - 2015-10-08 15:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hulkokcos => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\...\youtube.com -> hxxp://www.youtube.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{FA217E1C-6083-472A-A376-67E5188FE195}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe
FirewallRules: [UDP Query User{08FAE9AB-8912-486C-9505-E718CE6D37C8}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe
FirewallRules: [{B0BD5746-FAB9-4B30-8C38-598E7B9AD06F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{238BBB6E-425F-45D3-B40F-DEB651145A26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1512A7B8-9841-4A00-A283-519984670CA9}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{B0AA50A9-C9C2-4CAB-8D43-39D66A9D44AC}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BF2D042A-F597-45B3-9C63-DFA8B85AB5D4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{9F641BE3-3094-46D7-B27F-A55DE0837551}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{B8122010-DF2D-4231-BC24-4A1EC905660C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{51FB28DA-E74C-4A63-8DCB-143C0EC8381E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{2FAA9303-2A79-4630-BBFE-E2F3462CE8A2}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{1EF507ED-AC29-4A5F-B31A-60C7CD7884B1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{45F287D1-6AAC-4645-871E-48AE1A97069F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{DA615FBC-0C16-4B2C-B433-955B2CF03CDA}E:\steam\steamapps\common\dawn of war gold\w40k.exe] => (Block) E:\steam\steamapps\common\dawn of war gold\w40k.exe
FirewallRules: [UDP Query User{A929AF04-6E9C-4A59-A664-EBA162E491C0}E:\steam\steamapps\common\dawn of war gold\w40k.exe] => (Block) E:\steam\steamapps\common\dawn of war gold\w40k.exe
FirewallRules: [TCP Query User{5FDA02E2-51E1-442F-9D54-8B6A58EC7BDE}C:\program files (x86)\telerik\radcontrols for asp.net ajax q1 2011\live demos\startexamples.exe] => (Block) C:\program files (x86)\telerik\radcontrols for asp.net ajax q1 2011\live demos\startexamples.exe
FirewallRules: [UDP Query User{2ECA077F-E474-4529-8055-4E55021C1925}C:\program files (x86)\telerik\radcontrols for asp.net ajax q1 2011\live demos\startexamples.exe] => (Block) C:\program files (x86)\telerik\radcontrols for asp.net ajax q1 2011\live demos\startexamples.exe
FirewallRules: [TCP Query User{DB1764EC-0E3E-4AF5-901A-649FD05E4C95}C:\program files (x86)\telerik\radcontrols for silverlight q1 2011 sp1\demos\examples.web\startexamples.exe] => (Block) C:\program files (x86)\telerik\radcontrols for silverlight q1 2011 sp1\demos\examples.web\startexamples.exe
FirewallRules: [UDP Query User{44931777-83E5-46A8-A80C-94DCF316D207}C:\program files (x86)\telerik\radcontrols for silverlight q1 2011 sp1\demos\examples.web\startexamples.exe] => (Block) C:\program files (x86)\telerik\radcontrols for silverlight q1 2011 sp1\demos\examples.web\startexamples.exe
FirewallRules: [TCP Query User{50972428-3789-435F-8295-5ADA41F987F6}C:\program files\windows azure emulator\emulator\devfabric\dfagent.exe] => (Allow) C:\program files\windows azure emulator\emulator\devfabric\dfagent.exe
FirewallRules: [UDP Query User{CC3EECDC-EB72-4C35-9247-AE5C08CB965C}C:\program files\windows azure emulator\emulator\devfabric\dfagent.exe] => (Allow) C:\program files\windows azure emulator\emulator\devfabric\dfagent.exe
FirewallRules: [{050BC19B-2CAD-4E3A-86C7-200A5C847833}] => (Allow) E:\StarCraft II\StarCraft II.exe
FirewallRules: [{F221B5B2-C20E-4576-9368-7228B84E512F}] => (Allow) E:\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{E8BDCA80-8795-4D0D-9A13-DF9DCDC6A79C}E:\starcraft ii\support\blizzarddownloader.exe] => (Allow) E:\starcraft ii\support\blizzarddownloader.exe
FirewallRules: [UDP Query User{DCB0DD53-B7E6-48B2-B8AF-3943534BD888}E:\starcraft ii\support\blizzarddownloader.exe] => (Allow) E:\starcraft ii\support\blizzarddownloader.exe
FirewallRules: [TCP Query User{D52B2B00-703E-4375-ADA4-63441432CC69}E:\starcraft ii\versions\base19679\sc2.exe] => (Allow) E:\starcraft ii\versions\base19679\sc2.exe
FirewallRules: [UDP Query User{7DB9A754-29DE-47BC-B816-DF2C547A4742}E:\starcraft ii\versions\base19679\sc2.exe] => (Allow) E:\starcraft ii\versions\base19679\sc2.exe
FirewallRules: [TCP Query User{576D97C8-F81E-4FC1-878A-FC65677B9F9D}E:\steam\steamapps\uglytruth\half-life deathmatch source\hl2.exe] => (Allow) E:\steam\steamapps\uglytruth\half-life deathmatch source\hl2.exe
FirewallRules: [UDP Query User{E7F3A6E0-7843-43BE-9147-93CFA9499F8D}E:\steam\steamapps\uglytruth\half-life deathmatch source\hl2.exe] => (Allow) E:\steam\steamapps\uglytruth\half-life deathmatch source\hl2.exe
FirewallRules: [{E9014C54-A9BF-4E7A-9774-3E91E6D5B9BA}] => (Allow) E:\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe
FirewallRules: [{9712EA32-ACEF-4073-AD1F-33905A8BDF10}] => (Allow) E:\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe
FirewallRules: [{8BD00F8C-0D8D-4689-B25A-795359CAAFD2}] => (Allow) E:\Steam\steamapps\common\warhammer 40,000 space marine\SpaceMarine.exe
FirewallRules: [{788A576C-036B-40E7-9AD3-C7BF292E8B0A}] => (Allow) E:\Steam\steamapps\common\warhammer 40,000 space marine\SpaceMarine.exe
FirewallRules: [{AA40E719-EBE1-4CE8-BD46-711FF9CC134F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1C657BCC-8165-46B6-9750-E4A48EC07518}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{56237816-464D-4EED-839C-FD0D43BEB542}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{6289270E-3C8B-40DE-B8CB-E826081DD3BB}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe] => (Block) C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe
FirewallRules: [UDP Query User{9C7488E6-4150-4A33-B784-89A86A3B8C1C}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe] => (Block) C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe
FirewallRules: [TCP Query User{9DFD05B5-7591-4684-88CB-4B0A699588B4}E:\starcraft ii\versions\base21029\sc2.exe] => (Allow) E:\starcraft ii\versions\base21029\sc2.exe
FirewallRules: [UDP Query User{E87B1E76-F615-4911-B5BA-D040FAED3C80}E:\starcraft ii\versions\base21029\sc2.exe] => (Allow) E:\starcraft ii\versions\base21029\sc2.exe
FirewallRules: [TCP Query User{A7EB06F5-1996-411D-B39B-985BB3F8F328}C:\torque\torque 3d 1.2\my projects\fps tutorial\game\fps tutorial.exe] => (Allow) C:\torque\torque 3d 1.2\my projects\fps tutorial\game\fps tutorial.exe
FirewallRules: [UDP Query User{DC1B6440-210B-4546-9542-E7288258C3AE}C:\torque\torque 3d 1.2\my projects\fps tutorial\game\fps tutorial.exe] => (Allow) C:\torque\torque 3d 1.2\my projects\fps tutorial\game\fps tutorial.exe
FirewallRules: [TCP Query User{C95CA49C-96CA-4486-B946-11430E5F026A}C:\users\wes\appdata\local\microsoft\windows\temporary internet files\content.ie5\k5m2ljio\diablo-iii-8370-enus-installer-downloader.exe] => (Allow) C:\users\wes\appdata\local\microsoft\windows\temporary internet files\content.ie5\k5m2ljio\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [UDP Query User{A4226916-F1D8-4595-A82F-CDA0A341C2E8}C:\users\wes\appdata\local\microsoft\windows\temporary internet files\content.ie5\k5m2ljio\diablo-iii-8370-enus-installer-downloader.exe] => (Allow) C:\users\wes\appdata\local\microsoft\windows\temporary internet files\content.ie5\k5m2ljio\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [{91AC953D-E4AA-402D-84D0-F78CA7BE2663}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{E9A7ABCC-3E71-4D25-860E-8025C8018DBB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{36D8319F-EF56-41B5-819C-CA2E908FE708}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{0C094FE2-A863-4093-8D32-7601B0BC26A9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [TCP Query User{186A7044-FB4C-4851-ACEF-4CA4CE3F529C}D:\qspacehulk\qspacehulk.exe] => (Allow) D:\qspacehulk\qspacehulk.exe
FirewallRules: [UDP Query User{1096CD6C-E94F-4295-AC32-91A4E05824B8}D:\qspacehulk\qspacehulk.exe] => (Allow) D:\qspacehulk\qspacehulk.exe
FirewallRules: [{BEDC0010-19A3-4759-BB91-0FE3B1BEA9DE}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{D5DF15B3-4A89-43C6-A716-66232A9CBACF}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{93574CE8-6FCC-46DE-A09F-D5E6C433C1FD}] => (Allow) C:\Users\wes\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A7554F9A-1E8B-4267-ABF5-49D7389C9253}] => (Allow) C:\Users\wes\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{2BEAA76D-0D73-4272-BC69-91AED0A3A94E}C:\programdata\battle.net\agent\agent.976\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.976\agent.exe
FirewallRules: [UDP Query User{C1815165-E510-4543-B376-13A3FCC518EB}C:\programdata\battle.net\agent\agent.976\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.976\agent.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{B6563CB2-C9DE-4A8D-AAC3-894A2EF4B837}D:\users\wes\documents\mygames\mygame\mygame.exe] => (Block) D:\users\wes\documents\mygames\mygame\mygame.exe
FirewallRules: [UDP Query User{6ABEB42F-83ED-4FFB-9D93-989E422574CF}D:\users\wes\documents\mygames\mygame\mygame.exe] => (Block) D:\users\wes\documents\mygames\mygame\mygame.exe
FirewallRules: [{B52205C9-052F-4C2D-92AA-69EC6858AD9F}] => (Allow) C:\Users\wes\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{679A1CF8-A926-497F-BFFB-F0A5862831F4}] => (Allow) C:\Users\wes\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{0969A7EC-1931-432D-A5D4-E1161BE83A2F}C:\users\wes\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\wes\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1542802A-999C-4900-A99C-1A9D7F6CAE00}C:\users\wes\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\wes\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{6977A567-9ADD-4138-AFAD-9FA0D90AA873}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [UDP Query User{88DED315-42D1-4039-8438-A4E4F87AE905}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [TCP Query User{F67A4E6D-564D-48F4-9BEF-828E4149CB56}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe] => (Allow) C:\program files (x86)\turbine\ddo unlimited\dndclient.exe
FirewallRules: [UDP Query User{A9CE2300-007F-4301-A919-B9BC7461B263}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe] => (Allow) C:\program files (x86)\turbine\ddo unlimited\dndclient.exe
FirewallRules: [{F9FE4560-F063-4A91-B0AD-296DEA2AE9BB}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{3153FB22-E5BE-493F-AF76-AC54A8366DF6}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{C387E3EB-7AF8-43E7-8CFB-92C4E787C19C}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{33366544-73E8-476F-8C44-335A948A6058}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [TCP Query User{5505E27A-D41F-4370-BE98-2D848E5B3208}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [UDP Query User{3E15FAB3-48C0-4D9D-8914-7E292CED0F37}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [TCP Query User{08C2691E-B2C1-4BB8-9B2F-5B09102965E5}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{5F67FE28-8803-4CE3-B817-D4EC18E97CCD}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{361B2C22-8761-4E4E-BAA4-61596B474BB8}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [UDP Query User{D7B9120C-BADE-44DC-A7E4-33D7119EDA4A}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [{0EE4D34D-F65B-4996-82AA-DD63339B783F}] => (Allow) E:\Steam\steamapps\common\torchlight\Torchlight.exe
FirewallRules: [{1C4773C8-B8FB-4A6F-AB6B-64F0C64ACA8E}] => (Allow) E:\Steam\steamapps\common\torchlight\Torchlight.exe
FirewallRules: [TCP Query User{C5BEEA0C-4A8E-4353-ADCE-00F0B38B9819}E:\hon\hon.exe] => (Allow) E:\hon\hon.exe
FirewallRules: [UDP Query User{C69AF8C7-0A1D-4DEB-A7C9-AC0F14A7DE7B}E:\hon\hon.exe] => (Allow) E:\hon\hon.exe
FirewallRules: [{EEB8EAD5-8A18-4185-947B-94F6CDAC5E9B}] => (Allow) E:\Steam\steamapps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{D8DE42AD-C3E9-4432-96D4-4C8EBA77C735}] => (Allow) E:\Steam\steamapps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{45356E44-C72E-4B40-AD7B-3ABEB918E3CE}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{9A3CC5F4-29D4-4E7D-BA78-B41D58317706}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [TCP Query User{69D69EBF-7BF2-4FB2-AC70-8E5FB3C9C286}E:\gog.com\nox\game.exe] => (Block) E:\gog.com\nox\game.exe
FirewallRules: [UDP Query User{917061FE-1E96-4AB8-B56E-9FA209F8F385}E:\gog.com\nox\game.exe] => (Block) E:\gog.com\nox\game.exe
FirewallRules: [TCP Query User{B487854A-497F-4D2E-8BF5-A3A8FF476F07}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{E7BFE7C3-D9A4-445F-B2D6-D1CA7B339231}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [TCP Query User{A32385EE-59AB-4FF7-8F20-119FB25FCF3B}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{A7D1258F-7117-44C4-BCB0-626301719ACA}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{825650B0-3B39-4C4A-BEEE-6B3BE72CE6D0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4412EDDC-1101-480C-9B7B-F1C1A2BFCD3F}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{0680B110-84A6-4602-B2FF-D851A0D40B50}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{77E2EDD0-B72A-4D01-B99E-DA3BEDD87A7D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{1D50902E-2250-4034-90E2-BC2E11E11E8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{18DCEBEA-F9E1-4A3F-9979-224FAEF8D368}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [TCP Query User{A6A62CA9-86F8-4E04-8A2A-89FA47951C24}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{762AA4CE-2720-4E14-9A7B-57FDA7C78DE9}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{B66B70C2-BBFA-4C40-B899-6DD09BD66482}C:\program files (x86)\unity\editor\unity.exe] => (Block) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{DE5B6346-BA63-4863-BE4F-6AF43ED51DC0}C:\program files (x86)\unity\editor\unity.exe] => (Block) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [TCP Query User{46FB6286-76DA-475C-845B-3F67DE848F3A}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Block) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{57298D06-D3BF-4BD0-B1DC-8CC8D3F8063A}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Block) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [{F4721887-D676-47D8-9904-1271902F7AF9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{AADE5C3D-9D4D-4FFF-8980-8C6F79E934A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [TCP Query User{91CD2921-2678-4E4F-8AF3-FB2B8411372B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{27AA70BC-B397-45E3-87A9-44AF94DA0AEF}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{945A5EA3-FC0D-41C1-B694-225F0E52561F}C:\udk\udk-2012-03\binaries\win32\udk.exe] => (Allow) C:\udk\udk-2012-03\binaries\win32\udk.exe
FirewallRules: [UDP Query User{3B4F0921-E767-4911-A3A6-2C51B70ED7D4}C:\udk\udk-2012-03\binaries\win32\udk.exe] => (Allow) C:\udk\udk-2012-03\binaries\win32\udk.exe
FirewallRules: [TCP Query User{A909E732-CF06-41C7-BB2D-A1B7CD42AF0D}C:\udk\udk-2012-03\binaries\win64\udk.exe] => (Allow) C:\udk\udk-2012-03\binaries\win64\udk.exe
FirewallRules: [UDP Query User{280CC376-7CC5-43AC-A20B-12ED67A71A5B}C:\udk\udk-2012-03\binaries\win64\udk.exe] => (Allow) C:\udk\udk-2012-03\binaries\win64\udk.exe
FirewallRules: [TCP Query User{CC27E6A9-9D3F-4CA0-A7C7-021147C5CCA6}C:\udk\udk-2012-07\binaries\win32\udk.exe] => (Allow) C:\udk\udk-2012-07\binaries\win32\udk.exe
FirewallRules: [UDP Query User{92CD6A78-11C0-42EA-8EAE-D13BA4EA6C1F}C:\udk\udk-2012-07\binaries\win32\udk.exe] => (Allow) C:\udk\udk-2012-07\binaries\win32\udk.exe
FirewallRules: [TCP Query User{28802101-0059-42A9-822A-75B0F84BD35B}C:\udk\udk-2012-07\binaries\win64\udk.exe] => (Allow) C:\udk\udk-2012-07\binaries\win64\udk.exe
FirewallRules: [UDP Query User{750A9A23-9E4E-48DF-B43A-AEC4E37153C7}C:\udk\udk-2012-07\binaries\win64\udk.exe] => (Allow) C:\udk\udk-2012-07\binaries\win64\udk.exe
FirewallRules: [{D747B41F-2F1F-48F0-BEAB-7F316F1B0D58}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{7526E4F5-AC53-43B3-8F7B-22719095502D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{3BA1E12C-3FFE-4977-AE6B-1F9E8992B73D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{943C5812-C3AD-4281-A9C8-E179FCC5EF79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{D3CE9F9D-47AC-4298-ACCC-22AABE234D54}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{60DEB4A6-C965-4B12-BD11-0933292473AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [TCP Query User{A1F64F72-65C6-494A-A1A4-46B54C9EB42D}E:\steam\steamapps\common\dead island\deadislandgame.exe] => (Block) E:\steam\steamapps\common\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{45674D1C-A678-43F9-AE71-5E4C00E33C01}E:\steam\steamapps\common\dead island\deadislandgame.exe] => (Block) E:\steam\steamapps\common\dead island\deadislandgame.exe
FirewallRules: [TCP Query User{A4CCCF12-9448-4676-BB69-167B2892E490}E:\steam\steamapps\common\dawn of war 2\dow2.exe] => (Block) E:\steam\steamapps\common\dawn of war 2\dow2.exe
FirewallRules: [UDP Query User{50276C3F-A05B-4A92-98F1-1720DCAFEE21}E:\steam\steamapps\common\dawn of war 2\dow2.exe] => (Block) E:\steam\steamapps\common\dawn of war 2\dow2.exe
FirewallRules: [{144DA28A-2C75-4331-83D8-B91AD17C758B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{CC982ECD-53FF-4057-8318-0F30968D0989}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{5BAC7FEA-3A6A-4F68-ABAE-DF1BD443DB62}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{AA9C196A-C30D-45D9-8C3E-805DB4342182}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [TCP Query User{0DD5E4F0-09BA-4608-8724-304DB75B3F0F}C:\softimage\softimage_mod_tool_7.5\application\bin\xsi.exe] => (Allow) C:\softimage\softimage_mod_tool_7.5\application\bin\xsi.exe
FirewallRules: [UDP Query User{7448105A-F699-4F09-9371-248FD21AD58B}C:\softimage\softimage_mod_tool_7.5\application\bin\xsi.exe] => (Allow) C:\softimage\softimage_mod_tool_7.5\application\bin\xsi.exe
FirewallRules: [TCP Query User{057EB98E-2FD2-4FAE-BBE8-E8F0A927E919}C:\program files\microsoft sdks\windows azure\emulator\devfabric\dfagent.exe] => (Allow) C:\program files\microsoft sdks\windows azure\emulator\devfabric\dfagent.exe
FirewallRules: [UDP Query User{F471C4C1-88A5-4350-841D-6D871AADDAA3}C:\program files\microsoft sdks\windows azure\emulator\devfabric\dfagent.exe] => (Allow) C:\program files\microsoft sdks\windows azure\emulator\devfabric\dfagent.exe
FirewallRules: [TCP Query User{3ED68313-B95F-4968-9B6F-5E50F9E10383}C:\program files (x86)\telerik\kendo ui trial q2 2012\wrappers\aspnetmvc\examples\startexamples.exe] => (Allow) C:\program files (x86)\telerik\kendo ui trial q2 2012\wrappers\aspnetmvc\examples\startexamples.exe
FirewallRules: [UDP Query User{6054DD6A-1E77-46E8-9AE3-75F3421FADEB}C:\program files (x86)\telerik\kendo ui trial q2 2012\wrappers\aspnetmvc\examples\startexamples.exe] => (Allow) C:\program files (x86)\telerik\kendo ui trial q2 2012\wrappers\aspnetmvc\examples\startexamples.exe
FirewallRules: [{47F5D6D8-3DE1-4B3A-9041-584B4BAD988C}] => (Allow) E:\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe
FirewallRules: [{C89A6B80-0951-4981-9AE8-72C70DFCD13E}] => (Allow) E:\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe
FirewallRules: [TCP Query User{094A4A97-CE9C-4EF6-9C7D-1CA003B4D9B2}C:\program files (x86)\unity4\editor\unity.exe] => (Allow) C:\program files (x86)\unity4\editor\unity.exe
FirewallRules: [UDP Query User{422B6695-DEE2-4023-A7D2-C7A00E841497}C:\program files (x86)\unity4\editor\unity.exe] => (Allow) C:\program files (x86)\unity4\editor\unity.exe
FirewallRules: [TCP Query User{D501A23A-C0D8-4C78-8D78-FF5E3023D0AD}C:\udk\udk-2012-10\binaries\win32\udk.exe] => (Allow) C:\udk\udk-2012-10\binaries\win32\udk.exe
FirewallRules: [UDP Query User{DFE1DE77-9B0D-4354-8714-6995A53EB6D1}C:\udk\udk-2012-10\binaries\win32\udk.exe] => (Allow) C:\udk\udk-2012-10\binaries\win32\udk.exe
FirewallRules: [TCP Query User{2C26EE43-FAA9-41DE-B57E-543F97A84C0D}E:\steam\steamapps\uglytruth\team fortress 2\hl2.exe] => (Allow) E:\steam\steamapps\uglytruth\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{9E655CFE-62BA-4529-919E-6382173E49DD}E:\steam\steamapps\uglytruth\team fortress 2\hl2.exe] => (Allow) E:\steam\steamapps\uglytruth\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{8D57F62F-5661-4D44-B373-51BA6F827F0A}E:\udk\custom\binaries\swarmagent.exe] => (Block) E:\udk\custom\binaries\swarmagent.exe
FirewallRules: [UDP Query User{BE6DF36E-FCD3-4F76-B8D2-CC9F507C4CAF}E:\udk\custom\binaries\swarmagent.exe] => (Block) E:\udk\custom\binaries\swarmagent.exe
FirewallRules: [{AFA58B63-9C11-483C-8E79-EB2854576BAD}] => (Allow) E:\Steam\steamapps\common\dawn of war 2\DOW2.exe
FirewallRules: [{441EDDFF-50CC-4CB5-8C24-707D2EE8683E}] => (Allow) E:\Steam\steamapps\common\dawn of war 2\DOW2.exe
FirewallRules: [{4BA223A0-CFEC-4B66-B1C3-41442F1D8CDE}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\Streaming-Video-Recorder.exe
FirewallRules: [{030F0461-51A2-494B-9C70-14E3AECA3882}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\StreamingVideoRecorder.exe
FirewallRules: [{9976AA5E-4A08-41D0-9A3C-E41CDBCA3D8A}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{EED6D62F-4E74-48BF-8ED6-5CABC649E136}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [TCP Query User{8142768F-560E-4E7C-A247-80A2217519EA}E:\udk\custom\binaries\win32\udk.exe] => (Allow) E:\udk\custom\binaries\win32\udk.exe
FirewallRules: [UDP Query User{15160E98-7A49-4CF5-8809-ABBC6043B1BC}E:\udk\custom\binaries\win32\udk.exe] => (Allow) E:\udk\custom\binaries\win32\udk.exe
FirewallRules: [TCP Query User{4DC1DAD0-434E-4AB6-A3A8-E9F3A6A0748D}C:\users\wes\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\wes\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E4337A1A-088F-4FB4-AB83-0AB46EC84538}C:\users\wes\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\wes\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F667A4CB-B049-4EF0-B75C-6E8126E2277F}C:\program files\autodesk\maya2013\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2013\bin\maya.exe
FirewallRules: [UDP Query User{5DEECADB-0E65-4ACE-AF31-000EF814DA6A}C:\program files\autodesk\maya2013\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2013\bin\maya.exe
FirewallRules: [TCP Query User{4FA8EAF1-39BA-4570-802E-F8F6B539497C}E:\udk\udk-2012-10\binaries\swarmagent.exe] => (Allow) E:\udk\udk-2012-10\binaries\swarmagent.exe
FirewallRules: [UDP Query User{2A33C609-918C-458B-A7CF-CAFDD52F11E3}E:\udk\udk-2012-10\binaries\swarmagent.exe] => (Allow) E:\udk\udk-2012-10\binaries\swarmagent.exe
FirewallRules: [{FDFA6577-342D-46C2-AF5C-B87B56E56DB2}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{3D3BD583-4DA6-4A95-A319-AA46A5652A3D}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{0EE049C4-EC00-4994-B269-1FB371E22462}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{FAF681F2-B082-43D9-8FF4-68D395902628}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{FB4085D7-15D9-469B-8346-E761ACB6924E}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\3dsmax.exe
FirewallRules: [{0C720BC7-2E95-4200-83B0-3CAF44E46159}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\3dsmax.exe
FirewallRules: [TCP Query User{3B8375EE-2C66-4BB2-A321-08388D03B6CD}E:\udk\udk-2012-10\binaries\win64\udk.exe] => (Allow) E:\udk\udk-2012-10\binaries\win64\udk.exe
FirewallRules: [UDP Query User{FD4C544A-C630-4327-B55C-8007ED3E0691}E:\udk\udk-2012-10\binaries\win64\udk.exe] => (Allow) E:\udk\udk-2012-10\binaries\win64\udk.exe
FirewallRules: [TCP Query User{1E9D74C1-B075-4E02-BADD-D662F060FFB5}C:\users\wes\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\wes\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{BA64F92B-F940-4C17-856A-0B955B16454B}C:\users\wes\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\wes\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{0B7A9F57-682C-4535-8108-B89CB9966C55}C:\program files\autodesk\maya2013\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2013\bin\maya.exe
FirewallRules: [UDP Query User{BE99DBFB-A4B7-4BC4-83B2-2AEF99F79C59}C:\program files\autodesk\maya2013\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2013\bin\maya.exe
FirewallRules: [{D747F478-8464-4281-90E1-402BE44C2DB9}] => (Allow) E:\Steam\steamapps\common\blood bowl legendary edition\BB_LE.exe
FirewallRules: [{2BF0476A-5A52-40B5-B733-4122DDB46405}] => (Allow) E:\Steam\steamapps\common\blood bowl legendary edition\BB_LE.exe
FirewallRules: [{48A94149-5359-42C0-B0EF-FF1A3F307E7C}] => (Allow) E:\Steam\steamapps\uglytruth\sourcesdk\bin\SDKLauncher.exe
FirewallRules: [{862D6EE9-2792-474C-82B0-7FC1D4DA8062}] => (Allow) E:\Steam\steamapps\uglytruth\sourcesdk\bin\SDKLauncher.exe
FirewallRules: [{C9EFBC4E-9EE8-4375-BF70-C68CCD237D8F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{62ABEAEB-7B33-4651-A280-E7886EB1F43C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [TCP Query User{A755E992-4479-4CAF-92DC-F28073896631}E:\baldur's gate enhanced edition\bgee.exe] => (Allow) E:\baldur's gate enhanced edition\bgee.exe
FirewallRules: [UDP Query User{272F5FDA-557D-4E53-81EE-B15563587923}E:\baldur's gate enhanced edition\bgee.exe] => (Allow) E:\baldur's gate enhanced edition\bgee.exe
FirewallRules: [TCP Query User{FFA68D34-5674-48F0-8FE6-1C5E3F0F35E9}E:\baldur's gate enhanced edition\bgee.exe] => (Allow) E:\baldur's gate enhanced edition\bgee.exe
FirewallRules: [UDP Query User{041AFE17-7FD1-4664-A3D9-9205107537D0}E:\baldur's gate enhanced edition\bgee.exe] => (Allow) E:\baldur's gate enhanced edition\bgee.exe
FirewallRules: [{15604223-FA40-49B9-B81F-153108EBFE56}] => (Allow) E:\Steam\steamapps\common\Spellforce 2 - Faith in Destiny\Docs\SF2_FiD_Manual.pdf
FirewallRules: [{72E39D9F-E9D2-4AB4-B841-80CA4DA19CDB}] => (Allow) E:\Steam\steamapps\common\Spellforce 2 - Faith in Destiny\Docs\SF2_FiD_Manual.pdf
FirewallRules: [{E8DDF076-5C43-4F2B-8F9E-A81CA807866C}] => (Allow) E:\Steam\steamapps\common\Spellforce 2 - Faith in Destiny\Docs\MapEditorFirstSteps.pdf
FirewallRules: [{94339FB8-C2EB-41E9-B77A-647B2A89CC8A}] => (Allow) E:\Steam\steamapps\common\Spellforce 2 - Faith in Destiny\Docs\MapEditorFirstSteps.pdf
FirewallRules: [{A7193A22-5B1F-4FE2-BE64-DA378D8F8CD7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{235D7742-54CE-4E09-82EE-3F67EA60AB27}] => (Allow) E:\Steam\steamapps\common\Spellforce 2 - Faith in Destiny\SpellForce2FaithinDestiny.exe
FirewallRules: [{7FC4A6D5-A03E-4F78-9F99-1DDF794BE5EE}] => (Allow) E:\Steam\steamapps\common\Spellforce 2 - Faith in Destiny\SpellForce2FaithinDestiny.exe
FirewallRules: [{8019BAE4-284B-4DD7-9764-BA7690904D59}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{96B233ED-E6D2-4575-A46B-F5BE63802D0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{49895A80-5C6C-437F-AB6A-5BE9589F7EBC}] => (Allow) E:\Steam\steamapps\common\Freedom Force\fforce.exe
FirewallRules: [{F94D385B-CA06-49C3-80EC-A23C48BD81AA}] => (Allow) E:\Steam\steamapps\common\Freedom Force\fforce.exe
FirewallRules: [{3549868A-4306-4B50-AC94-9C038512142D}] => (Allow) E:\Steam\steamapps\common\blood bowl legendary edition\BB_LE.exe
FirewallRules: [{6808B4A2-B550-4EBF-9748-D13E901AF4F0}] => (Allow) E:\Steam\steamapps\common\blood bowl legendary edition\BB_LE.exe
FirewallRules: [{62F0F863-5ECD-46AA-A530-5BC156A6EC2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{73CC8262-3140-4500-A87F-7B108A00162F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{5574B20B-339E-4D4F-BE4A-8B66F7176685}] => (Allow) E:\UDK\UDK-2013-02\Binaries\Win32\UDK.exe
FirewallRules: [{BC2A4CBC-B285-4B84-B168-17510024353F}] => (Allow) E:\UDK\UDK-2013-02\Binaries\Win32\UDK.exe
FirewallRules: [{9D7D1E63-465A-4C2A-A6F7-679841958169}] => (Allow) E:\UDK\UDK-2013-02\Binaries\Win64\UDK.exe
FirewallRules: [{2E746C80-99BA-467E-AF01-C8336DB0B107}] => (Allow) E:\UDK\UDK-2013-02\Binaries\Win64\UDK.exe
FirewallRules: [{A46D91B5-8273-4E5E-8E5E-168D8EC659CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{6FEACDD3-2B85-4791-9138-00A9B4A19A1A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{BC6FE67C-757C-4F2E-AC48-2A46DF69173F}] => (Allow) E:\Steam\steamapps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{68CD289C-6E7A-457E-9A60-1FD8F165E20D}] => (Allow) E:\Steam\steamapps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{05781203-1E7B-4773-882B-941DE0AF7486}] => (Allow) E:\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{3353D0DA-BB97-4863-87FD-5B0EAF7D1B23}] => (Allow) E:\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{287477BA-3CBF-4E20-912D-A0ED23C6D157}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{6200469B-560F-48FA-B84E-15B8E006F416}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{D979D3BC-3F52-4BC9-ABB1-8B6CF8455BB8}] => (Allow) E:\Steam\steamapps\common\dawn of war gold\W40k.exe
FirewallRules: [{19257453-84B7-4026-A80C-E2C4996C42C7}] => (Allow) E:\Steam\steamapps\common\dawn of war gold\W40k.exe
FirewallRules: [{64C04A95-6E10-45E6-9C2E-A7123E359D3A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{BCA61B69-3B6C-43F9-AAEE-03DE87CDD67D}] => (Allow) E:\Steam\steamapps\uglytruth\source sdk base 2007\hl2.exe
FirewallRules: [{32B24126-F294-4BC7-9BF5-B72024A2DC06}] => (Allow) E:\Steam\steamapps\uglytruth\source sdk base 2007\hl2.exe
FirewallRules: [{31BFBC2C-31F4-4FF2-816D-D2F46276CD5E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{A5270AEC-A058-412C-82BF-80E9FD034756}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{03EBEA47-411F-4B70-ACCC-5D2071098DC4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{832C1CDC-7AE6-4EA4-9559-0222DF30122E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{EBB16B2C-4FCB-4189-A823-21B4A56667AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{E0B92053-A8B2-4AC9-AA80-C8EA64D1FD65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{6DA51A8B-AA93-4D13-A9DC-C5B5B62BE236}] => (Allow) E:\Steam\steamapps\common\dawn of war gold\W40kWA.exe
FirewallRules: [{89961569-ECC3-4A7D-AA42-FEC8F7F8EC5A}] => (Allow) E:\Steam\steamapps\common\dawn of war gold\W40kWA.exe
FirewallRules: [{9A1FF303-FB25-43B9-B8A9-1D4BB4C92E9C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{56DBD570-D857-4492-89D5-9DAD6A2F71F3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{69B590C7-3DD5-4FA7-AB2E-0043C75631A8}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{2537749F-23CD-406B-9EB2-FA7FB1E3EE68}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{2A9E9C09-A068-42F1-8885-C3B7BB06B739}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{817FA9CD-838A-4B6C-8520-4C7FD054DB64}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{571165F4-6E51-4902-9932-9D1B393AABD6}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{530C0AFC-4D7D-4410-AB33-6B664ED92D79}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{C581B31E-0007-4E49-B5BE-76BC3E868A25}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{9112BB6E-AD9B-4B9C-A72A-921E1FFD6BEB}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{B85E65D2-870B-4B31-A2C0-4F620A1707BE}] => (Allow) E:\UDK\UDK-2013-07\Binaries\Win32\UDK.exe
FirewallRules: [{D946969B-BAD7-4241-8595-C8101F49B5EE}] => (Allow) E:\UDK\UDK-2013-07\Binaries\Win32\UDK.exe
FirewallRules: [{5768686D-D332-4214-A85C-D490ADEFCF2D}] => (Allow) E:\UDK\UDK-2013-07\Binaries\Win64\UDK.exe
FirewallRules: [{7CE14432-154B-4CD2-91AB-79BB338C6F09}] => (Allow) E:\UDK\UDK-2013-07\Binaries\Win64\UDK.exe
FirewallRules: [{9D6799F7-3989-4969-9DDA-6F7CD9BFF8FE}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{98A59011-96E3-4BCE-BB0F-064D6E048795}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{74DD306E-1B5E-4F4A-8F12-F21566E0E4FB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{46C84D9E-6346-46BC-A62E-57F014BB67A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{6DF353F9-33AF-49AA-88DC-73BBDCD176AC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C3D62253-C830-4FE1-A7D6-50537B604440}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6C65532E-3FF8-46FE-8411-506CD145C96F}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{10AB7FA9-EDE6-4191-B37A-92358FA139AC}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{3620CF66-8E10-457C-8076-F2C1E067808C}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{27A949FD-4EE4-4721-9A22-4616BE0D5E1D}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{1C1E95E8-B3BC-4653-B9B3-B6536A8965A5}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{F853F473-F8A8-4575-A70A-96B2D16985DC}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{3426C5A5-1EC6-4CCF-A7B1-841AD370F580}] => (Allow) E:\Steam\steamapps\common\Space Hulk\game.exe
FirewallRules: [{E4095470-9A1D-478E-AC36-1C855C26E76D}] => (Allow) E:\Steam\steamapps\common\Space Hulk\game.exe
FirewallRules: [{10CC8FFA-7686-41DC-B4D2-1C43A042DE27}] => (Allow) E:\Steam\steamapps\common\xcom-enemy-unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{974B8CCE-4DFF-4BE9-AA15-941B684D7141}] => (Allow) E:\Steam\steamapps\common\xcom-enemy-unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{7A4FB0C9-DD9C-4B30-9196-37F1F07AB000}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{83C656C5-89FF-4EB7-95E7-92BAE6E8EAFB}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{BC9C1A13-A0B1-4B74-B43D-28BA217C2712}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{427782EF-4103-4AAB-9953-E0EB46E9B77A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{058C047F-5BBA-4D6E-AAFF-49764D0EA064}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{0A6FE87C-4DAD-49DB-9339-D548BDA90FDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{1B0A08B7-7E68-4B24-85F3-331C70D34AB7}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{01CCD176-8B8B-4335-A901-A2259498E89B}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{BACA9681-8CF4-49C0-BFF9-409EABCCF652}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{8217C23F-FEAF-4062-9D17-2102E60B25FA}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{D600AD1A-0E29-4FA9-B5E2-7C509096FA24}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{FCAC3D79-3193-49CB-B26E-73B36D5E927B}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{D75CA714-236A-4788-A7FC-B27BA043F622}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{D2A49CA9-1B23-458B-8F8A-56D016AFD0DB}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{CA235633-F034-4CDE-BBDB-104967663B46}] => (Allow) E:\Steam\steamapps\common\Space Hulk\game.exe
FirewallRules: [{551E3496-5B03-4403-8C37-DE54AB6EBFEF}] => (Allow) E:\Steam\steamapps\common\Space Hulk\game.exe
FirewallRules: [{4AE0ECC4-4084-4D00-B5E4-08AED89831EA}] => (Allow) E:\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{406FEACF-A344-4E15-A6AF-AEE780AB3710}] => (Allow) E:\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{FA5987D3-E348-482B-A786-7D93F2E402B0}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{D73FFE9C-00E0-440F-898C-B8100D1F37F8}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{9BDEC232-3E17-4C8A-A93A-BB5CB4ACE887}] => (Allow) E:\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{AF814C23-0783-4C8D-9D15-9CE4DB8B82D5}] => (Allow) E:\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{0840292D-B6EB-4EB6-A600-88B1571B930B}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{7325A8CA-65AF-4840-A9D1-A8AEB5102245}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{E1C47CEE-EB02-41B5-A322-F76F6786C713}] => (Allow) E:\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{D08C8436-AA10-4385-903F-E166D896C410}] => (Allow) E:\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{A7A0B389-CE66-49A6-AC32-7D05D2376FB7}] => (Allow) E:\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{8F3DA39F-1E1E-4EC0-B053-F82F02C4B5BF}] => (Allow) E:\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{D3EBB6B7-2E38-4A57-9BCD-26544424EFF5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{652C0F9B-0E65-489E-9439-CF269375F62E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{8CDD4A80-45DD-44A5-9590-62E473B7616B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{109F7C78-28C9-43C9-85F8-673CD6924A6D}] => (Allow) E:\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{F5F665B1-B50E-4A2B-8512-A5B7397C518B}] => (Allow) E:\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{28B06E16-E163-4FFF-AABB-14B4457AD68F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{522ABDA9-C2D4-4E73-8D72-FF9C9A49A11B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{30AAA268-C35B-47B3-825F-338F40D6A68D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{82835EF8-50CD-4C49-BEB2-94BE513A21BC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{90F9DC80-394B-44A4-AA31-6DAD28E23B3F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{B7F2DF84-C2A4-4F96-B631-2F1E74FDD1DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{186C2EC7-C377-4B00-AF5C-9A80DC4617C1}] => (Allow) E:\Steam\steamapps\common\Child of Light\ChildofLight.exe
FirewallRules: [{D47598C9-5908-45E8-AF6F-F6555087E095}] => (Allow) E:\Steam\steamapps\common\Child of Light\ChildofLight.exe
FirewallRules: [{895CA5E1-C858-4112-B899-BBC06ABDE645}] => (Allow) E:\Steam\steamapps\common\Child of Light\ChildofLight.exe
FirewallRules: [{8D2BA020-9FBF-4D86-9C19-A7486FCE94E1}] => (Allow) E:\Steam\steamapps\common\Child of Light\ChildofLight.exe
FirewallRules: [{7F52473D-F938-4589-9481-2D0347946DD9}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{97E43B4A-7EE3-401E-9A01-2C8F45413B0A}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{3944BE92-74B0-4D14-A73D-6A19F49E77CB}] => (Allow) E:\Steam\steamapps\common\dawn of war gold\W40kWA.exe
FirewallRules: [{2FCA92E1-423F-4D3D-B372-079200A5BE81}] => (Allow) E:\Steam\steamapps\common\dawn of war gold\W40kWA.exe
FirewallRules: [{89B2D444-2F12-4B48-9CFD-E73A06A413AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{96F6EE5D-6788-4C94-B4A9-AFF23A05FFDD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{4FFDC750-6334-471D-81D5-BA206E0F3DDB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{79335E72-B948-470E-8B3D-062BDBAE6F0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{83D37238-C389-4220-9D78-221A166D10BF}] => (Allow) E:\Steam\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{FBE4B7A8-E97C-4955-BC13-F1ECBD312B1A}] => (Allow) E:\Steam\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{F1668C9F-AEA2-4936-B550-283226CB4792}] => (Allow) E:\Steam\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{BDC8CE93-22A2-465F-BCBC-5FF68CB0BB07}] => (Allow) E:\Steam\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{E39A0C4E-901D-4F45-9FDD-A39E8BEF850B}] => (Allow) E:\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{474F40B7-2350-4C34-BB67-D75739754F17}] => (Allow) E:\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{76D235D6-BF26-4E9A-B627-660CF0D3C9DF}] => (Allow) E:\Steam\steamapps\common\Quake\Winquake.exe
FirewallRules: [{D32179FF-E19A-425B-9077-1D893D586FF7}] => (Allow) E:\Steam\steamapps\common\Quake\Winquake.exe
FirewallRules: [{E972BB24-5E77-42E9-A6AC-8AF4E5776D8B}] => (Allow) E:\Steam\steamapps\common\Quake\qwcl.exe
FirewallRules: [{6D456D85-2717-430C-8EC6-D97F602A73B5}] => (Allow) E:\Steam\steamapps\common\Quake\qwcl.exe
FirewallRules: [{44053650-C0F5-4A4E-8BA2-3AA0D613E206}] => (Allow) E:\Steam\steamapps\common\Quake\Glquake.exe
FirewallRules: [{A1CF6515-A982-4499-998D-58411CEC88FE}] => (Allow) E:\Steam\steamapps\common\Quake\Glquake.exe
FirewallRules: [{64BE781C-9ED1-41EF-BC79-49C623BA3004}] => (Allow) E:\Steam\steamapps\common\Quake\glqwcl.exe
FirewallRules: [{F42E07D8-6D2F-4608-81C6-61077B114978}] => (Allow) E:\Steam\steamapps\common\Quake\glqwcl.exe
FirewallRules: [{5E45C8B3-1D39-4630-BD62-91732750EE0D}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{03843A41-B911-4494-B17E-D59CDA9F0CFF}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E6832ED5-1D62-48F4-8657-D61C4DB1810A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{EFF175D1-CA46-4944-BC28-531527AFF353}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{13251BDF-8524-498C-9A31-5155A8DC3EB5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2012\UnityVS.OpenFile.exe
FirewallRules: [{CA5D8DDA-A90D-479E-A32A-F3EF817D04AD}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe 
FirewallRules: [{37C16607-0D9F-4DC0-9456-82AA73990157}] => (Allow) C:\Program Files (x86)\Unity\Editor\Unity.exe
FirewallRules: [{525989FE-B9C2-45EA-8211-F39CD1491E08}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{2AF7FAEA-76DD-4043-BE77-74EBE7C1F83F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DE5BB68E-F2F9-416F-831D-CEB1B06564DE}] => (Allow) LPort=2869
FirewallRules: [{6416C9FE-8246-43BF-8747-11975AAAF760}] => (Allow) LPort=1900
FirewallRules: [{CFBCF084-90A2-4A87-A193-560D28873B42}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{D1BE91A7-A439-4A85-A906-07196EFFC1D6}E:\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{DB7F38F1-12A7-40AF-BBB5-A14788A11057}E:\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{0D855007-8BBF-4B33-97AC-AFA8C03688C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{59B168B9-C89E-41DB-848A-5CA190F48408}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{332A0647-8F3D-4974-8AA8-B304DDDA84D5}] => (Allow) E:\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{3AAF47B4-83CD-48E3-AF28-41EC448B1D31}] => (Allow) E:\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{67F4E39E-F3D3-4B64-BD81-BE47EFC7700E}] => (Allow) LPort=12292
FirewallRules: [TCP Query User{8EF21763-6F93-462F-B6DF-1F6AA01965A0}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{CE65A5C5-C144-4964-B494-CD4D687CA8A2}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [{EDAD08D4-52F2-4B67-8D2B-9833B8E78621}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{07268F95-2D71-4D09-894E-2FA100923398}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{1B5A8573-A0DA-4611-A45E-A1E835D2AF72}C:\users\rowan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\rowan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{36C36D8B-DAA2-4086-A113-3429CF474B25}C:\users\rowan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\rowan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E70B4C5E-CA96-46FD-92B7-6189CDDF4848}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9454114A-18A2-4186-82AE-2693C94B8653}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{515FE0EC-8DDD-471F-9061-4B2DAFBCAE3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{B87C0359-AAF0-47B9-B8CA-9176D18912D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{38D6F7B7-4336-4A78-9F42-0EA74C9AFA2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{AF408642-023B-4C9E-BE65-7839E2CC6573}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{9A41F53C-70E8-4F97-A48D-433228936F8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{F0EFDE72-370E-4B13-9118-C06E0D5B6545}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{346D86C1-95EE-45A2-B5FB-7266F2E7AF7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{AF8D3D41-56E4-4B43-BBB4-C39853E5E981}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{DF4137F3-8E21-44A5-AF97-C254CBE2D19E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{0EC68E4D-E1D1-46D3-AC50-AD922C2BE665}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{DDFCD17E-B98B-4CB0-96AC-D0DCB16520BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{4140733D-0B5A-4698-BDC9-C39FFC445C76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{57370520-7C06-4B2E-8F8A-E1F988547318}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{F84AC5D1-444A-4C6E-84A8-A07E23C265E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{D57F727F-52EA-4BC3-98A4-D369E6E02075}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{492FB4E0-B1FD-4FA7-BA83-1042C52CD52C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{769D9983-03AE-400F-8BFF-36847E64FADB}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5857B658-0847-46AB-B37B-51E25C412559}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{A9BE7512-17BE-4B50-BF84-26343CE5DBB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\pixeljunkeden\eden.exe
FirewallRules: [{15565A21-08DB-4DE7-B193-0DCA11714D11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\pixeljunkeden\eden.exe
FirewallRules: [{0040458B-C2E9-4784-8799-A67EA8699E77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King of Fighters XIII\kofxiii.exe
FirewallRules: [{FF9AEFC6-8FB5-48D1-B6EE-3BDE9E576983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King of Fighters XIII\kofxiii.exe
FirewallRules: [TCP Query User{7EC0439C-CEF7-453E-B297-D4317EA4769F}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{043C8C4C-E924-4AD6-BFF2-8AE9527CA24A}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{9B54F338-5A89-43CC-BED9-6BF2EBAABE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Painkiller Hell & Damnation\Binaries\Win32\PKHDGame-Win32-Shipping.exe
FirewallRules: [{1A69E6EA-25BD-4E8E-95F8-8D4AEF570B96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Painkiller Hell & Damnation\Binaries\Win32\PKHDGame-Win32-Shipping.exe
FirewallRules: [{E89C4166-50AF-4A39-8758-7B4079CD3D30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{2FAF01DD-4AF3-4A01-B3DF-4448433B63A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{BF19F8AE-DEA1-440D-AF8E-0069AEC7AFFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{E363A701-05E9-41B0-8613-8B1527943A0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{3ED703E3-38A8-46A8-A203-91E23D6A1805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{2CCE2AFC-C6C0-4E47-8C8B-201C0777E31B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{EB9D2038-1263-4F2F-93DB-04E11ABE88F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{5B07859B-AA24-4ED6-B7EA-A7C0E09DE5A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{94F2FC1C-112E-42E9-A211-82CA31FC907C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{D2A79E3C-AF41-41F4-8CC1-EF7FD9C72358}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{9C20668F-4996-4FB7-A43F-8561FBB28330}C:\users\rowan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\rowan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D323E6AC-A777-437D-8ACD-46F3CE515DB6}C:\users\rowan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\rowan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2D26B409-D7E1-4A70-9668-90A7AD223DE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{4A738E79-62B2-414C-87D9-499D3DBD4346}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{8B029A0C-8228-4D7C-B633-0526EE6A220D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{C47758FA-8946-4497-A576-6FC82EB85343}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{C4DD8391-4C84-467A-8DE8-C17DD41EE6A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{A5B96EAB-1984-4A08-AA93-7D103166909F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{68620ADD-1BE1-4B5D-8C80-69DB945AC621}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{A6F5209B-9C9B-4385-9292-AFD164CB558F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{6FB15BDE-3146-4EBD-8C74-373E0092DE1C}] => (Allow) D:\SteamLibrary\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{F60ABAB0-FE8E-4B09-B21C-5BF4162583B1}] => (Allow) D:\SteamLibrary\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{77BFA2E9-BA2F-4D5F-B5BF-35CFA3328F11}] => (Allow) D:\SteamLibrary\steamapps\common\Toribash\toribash.exe
FirewallRules: [{C6D92A41-6BCB-4AD9-8E97-43B4ED222BB1}] => (Allow) D:\SteamLibrary\steamapps\common\Toribash\toribash.exe
FirewallRules: [{DFAA397F-5D0A-4AFE-B928-C313E4095485}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{31067035-6855-4DF8-A836-AB1F2E57348A}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{156FDB75-1A98-4334-B4A7-122B91E15846}] => (Allow) D:\SteamLibrary\steamapps\common\Spriter\Spriter.exe
FirewallRules: [{3BA46C56-A989-4A15-9635-079486C6B386}] => (Allow) D:\SteamLibrary\steamapps\common\Spriter\Spriter.exe
FirewallRules: [{D5451DF3-68C8-4923-9685-334E465AAC39}] => (Allow) D:\SteamLibrary\steamapps\common\Sprite Lamp\SpriteLamp.exe
FirewallRules: [{25BDE187-A6D2-41C2-B848-07098E5B7CE5}] => (Allow) D:\SteamLibrary\steamapps\common\Sprite Lamp\SpriteLamp.exe
FirewallRules: [{0D3E989D-7AFB-4EC2-AB4A-C8DD843293B0}] => (Allow) D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{7F2036F9-4D17-4EEC-9AB5-C8AF30E17929}] => (Allow) D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{180D8C12-6FE3-48C4-9DBD-63509BDCF6A7}D:\steamlibrary\steamapps\common\dayz\dayz.exe] => (Block) D:\steamlibrary\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{D369FEBC-CB95-40D2-B7EF-B48544D24B70}D:\steamlibrary\steamapps\common\dayz\dayz.exe] => (Block) D:\steamlibrary\steamapps\common\dayz\dayz.exe
FirewallRules: [{E967F2F7-0E4F-420D-B4B3-E3B2EDA1EDDF}] => (Allow) D:\SteamLibrary\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{4846C634-222D-4756-98E9-8884B9D4C77D}] => (Allow) D:\SteamLibrary\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{120EFB7F-E2B0-4471-AAAE-4BCDD8BC1212}] => (Allow) D:\SteamLibrary\steamapps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{11D5D2EE-DA77-4574-ACD6-34CFCAD473EC}] => (Allow) D:\SteamLibrary\steamapps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{493A5FD0-2A07-4310-B78C-1FE8800A4415}] => (Allow) D:\SteamLibrary\steamapps\common\Mortal Kombat Arcade Kollection\BINARIES\WIN32\MKHDGame.exe
FirewallRules: [{08E31BB7-5C9E-4783-9CA7-D86DA2A5818A}] => (Allow) D:\SteamLibrary\steamapps\common\Mortal Kombat Arcade Kollection\BINARIES\WIN32\MKHDGame.exe
FirewallRules: [{06E337E1-3D14-4233-91B3-0266DF9206E8}] => (Allow) D:\SteamLibrary\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{931A5650-5714-443C-8F4B-9BF25D19EE8A}] => (Allow) D:\SteamLibrary\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{35182B3F-F4A1-4FD2-8AE8-EC5DC4CFE6D5}] => (Allow) D:\SteamLibrary\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{42731256-4F32-4C03-8F88-291D767D720E}] => (Allow) D:\SteamLibrary\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{AC7D1832-D266-48FB-803B-E12FB5421EE8}] => (Allow) D:\SteamLibrary\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{CF4005B8-A4E2-4AE6-A06C-DBD3A88431FF}] => (Allow) D:\SteamLibrary\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{0236A5ED-02D4-4E6F-AD6B-C6C014B1B998}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Rising 2\deadrising2.exe
FirewallRules: [{CD3EB562-3485-412B-97B4-C61952B2259E}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Rising 2\deadrising2.exe
FirewallRules: [{3F8456B1-CC1D-4088-9046-D66CF3AC27EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Salt Demo\SaltTrial.exe
FirewallRules: [{B3780C64-93AC-41A5-B68C-01BB884D29C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Salt Demo\SaltTrial.exe
FirewallRules: [{14901DFD-1B69-4B55-822D-E864FB91B096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rodina\Rodina_SteamDemo.exe
FirewallRules: [{C0EE5694-8D1E-493E-B515-E29F1A5D40D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rodina\Rodina_SteamDemo.exe
FirewallRules: [{8B52FA77-9DEB-482E-B3C1-944533843C04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Old City\Binaries\Win32\UDK.exe
FirewallRules: [{E7C2C0F5-ECBD-4A73-A4A4-DAA3FFB07609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Old City\Binaries\Win32\UDK.exe
FirewallRules: [{AF2C1D1E-7C13-4A85-92F7-A50F1263DB7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{3D333A8C-34B6-4E71-BB2D-9A3FD9B41F9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{424AB07C-1258-41BE-89F8-70CEECB378AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Amazing Wagon Adventure\WagonAdventure.exe
FirewallRules: [{D649411F-0FC4-492F-9378-A8CA0F445402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Amazing Wagon Adventure\WagonAdventure.exe
FirewallRules: [TCP Query User{001A916D-F917-479B-B059-885232F6215E}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{288DEB0C-43DF-4AC1-B4A9-F62264010860}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{A790C44E-E9E1-4800-8D96-2EE8DBE66516}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{54710FF7-27B3-4F9E-BFA5-4D4908B6AFDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{5182CB39-9075-474A-AABF-4D5E964E4AA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{5B570EE2-124E-4432-A752-2466164C2BA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{E343FBE8-79AD-4A82-9A8A-E16DBED58330}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{BD6A5A03-414E-4F1A-BFE5-99F80321722D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{27441F81-718A-4D92-8FB1-8CF1C4C4027A}] => (Allow) D:\SteamLibrary\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{06CDE4E9-4E8A-4B8A-B1E3-C17916891E6A}] => (Allow) D:\SteamLibrary\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{317E2EE4-0750-479C-B01F-1A1FD5AA177B}] => (Allow) D:\SteamLibrary\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{97DD22E6-B8AB-4C56-A72C-78E893A8C183}] => (Allow) D:\SteamLibrary\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{04FBD05B-9B90-4465-ACF5-8BAF93CF6C8E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6DD9A127-FA8F-471C-9AEA-2D926DA591F9}] => (Allow) D:\SteamLibrary\steamapps\common\SOMA\Soma.exe
FirewallRules: [{98ECC652-65B9-45C1-99DE-FCCB4EF87C2E}] => (Allow) D:\SteamLibrary\steamapps\common\SOMA\Soma.exe
FirewallRules: [{7A91CF0D-EDB5-41A8-8134-D2C3B4399668}] => (Allow) D:\SteamLibrary\steamapps\common\SOMA\ModLauncher.exe
FirewallRules: [{057FC0D3-FB6D-4F31-BF99-B2BAA027B541}] => (Allow) D:\SteamLibrary\steamapps\common\SOMA\ModLauncher.exe
FirewallRules: [{03B32E9A-C700-4005-80BE-0BC6DDADB272}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{36D791F5-77C0-4A75-9438-4A33B3BCBB2E}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [TCP Query User{344BAF4E-2F0E-4C8F-BF41-B7A6EA446F10}D:\steamlibrary\steamapps\common\dayz\dayz.exe] => (Allow) D:\steamlibrary\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{14033300-C387-4CB8-975E-47EF80252905}D:\steamlibrary\steamapps\common\dayz\dayz.exe] => (Allow) D:\steamlibrary\steamapps\common\dayz\dayz.exe
FirewallRules: [{FDC2A334-F396-495A-9903-C4E5A64F3622}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{51238774-9B5E-4E33-AB4F-99C7629026EC}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{A91F0CD6-9724-449C-AB0F-78476D9823F9}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{5692D0F9-713C-4DE9-8BBC-DDFF3460B69C}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{EA4B19F3-68A7-47D6-8FAF-CE18A6EC00E0}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{C424A46B-C5A7-4576-8F26-CD39E07DFB0B}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{2C651154-DE56-42C3-A91C-03EF422BE610}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{952276A7-1481-48FC-9D84-A7B1A47BD1DD}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{7DEA9AF4-E80B-4837-8DB7-B079B8B693BD}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{F161D909-13FB-4483-8341-FA8BC6A1BFD8}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{6BD31C1F-B57B-4A7E-8E39-085BD99BC510}] => (Allow) D:\SteamLibrary\steamapps\common\The Beginners Guide\beginnersguide.exe
FirewallRules: [{5CCCDC78-4992-4FC1-BFAE-688C4E1D4FE9}] => (Allow) D:\SteamLibrary\steamapps\common\The Beginners Guide\beginnersguide.exe
FirewallRules: [{08BD0D44-9A41-4E85-AB2B-E44239B5E924}] => (Allow) D:\SteamLibrary\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{AD3F5D11-6DB3-4154-8CD7-E69799D11CC3}] => (Allow) D:\SteamLibrary\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{4D561D8A-FEB1-4429-A381-D526C38BFBB7}] => (Allow) D:\SteamLibrary\steamapps\common\Air Brawl\Air Brawl.exe
FirewallRules: [{3A5C723D-75A9-4A5F-993B-478C838F0CEE}] => (Allow) D:\SteamLibrary\steamapps\common\Air Brawl\Air Brawl.exe
FirewallRules: [{C0BDAB9F-BA37-4876-9C65-E77F3CB516A3}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{DD689DA1-50C5-4052-8D21-2E04E0326315}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{5C080A0F-FB5E-439E-B519-EC75B6B86A96}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{29B6A177-F74D-4CD4-9F23-33C238F856D5}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{3EA1D9C4-EC55-4A16-B427-1C79B3ECA763}] => (Allow) D:\SteamLibrary\steamapps\common\The Ship Tutorial\ship.exe
FirewallRules: [{D94B62AC-C075-442B-A4C1-9F108F15CF4A}] => (Allow) D:\SteamLibrary\steamapps\common\The Ship Tutorial\ship.exe
FirewallRules: [{C07D56B7-3823-4D2C-9CD0-95E25F29A826}] => (Allow) D:\SteamLibrary\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{A22E0098-29A6-4D03-B45E-DF7A25DE9255}] => (Allow) D:\SteamLibrary\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{E6D65EDA-D00C-44CC-AD3F-46BE5A643887}] => (Allow) D:\SteamLibrary\steamapps\common\The Ship\ship.exe
FirewallRules: [{AB6FDE7D-B67A-4E31-96E1-D878820D1C94}] => (Allow) D:\SteamLibrary\steamapps\common\The Ship\ship.exe
FirewallRules: [{DFCA2294-E41D-46AE-AB46-E895777D7A68}] => (Allow) D:\SteamLibrary\steamapps\common\Shelter2\Shelter2.exe
FirewallRules: [{51FCB64A-999D-454F-B4E7-E212F21057D7}] => (Allow) D:\SteamLibrary\steamapps\common\Shelter2\Shelter2.exe
FirewallRules: [{ADD641DB-82C6-4EF2-8EBA-4A219763008F}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{16BB62F2-EABA-4016-9676-EAEBEED547D9}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{C67F2C34-FB78-4F7D-87F5-808C266158E0}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{F9F4228F-6762-4DF7-99B5-E17B9F0EEF32}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{439991D5-2DF1-4CD8-BFF0-B99E00A171F5}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{06FF27EA-98EA-4CAA-B30B-F63D9716F3C1}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{ED257840-EDBD-4AFB-9119-43A3CE185554}] => (Allow) D:\SteamLibrary\steamapps\common\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
FirewallRules: [{628AABA0-128D-44DF-AA46-02A7A0EF5695}] => (Allow) D:\SteamLibrary\steamapps\common\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
FirewallRules: [TCP Query User{EEC58986-62F3-4A01-ACEF-3508DF6902AC}C:\program files (x86)\java\jre1.8.0_65\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\java.exe
FirewallRules: [UDP Query User{CF3F937D-1905-41A0-8B45-64028D7BDFC7}C:\program files (x86)\java\jre1.8.0_65\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\java.exe
FirewallRules: [{2C85F039-343F-4089-8E7C-4CC9E8C37CF7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{309E9095-5B2A-430E-8770-08D85B20CBF4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E41BA807-688F-40BA-8439-15E2590788EC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0EC82ABC-3E91-4AAC-9259-9275A57CB7C3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D9F7E580-77CF-4E92-90A7-06B4D6B3985E}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{9961F8EB-99D5-4EB2-A23D-3E5E9CA56146}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{BB676D65-F480-4706-8E72-678B041FBFAF}] => (Allow) D:\SteamLibrary\steamapps\common\Synergy\hl2.exe
FirewallRules: [{F48AFD20-70B6-4C22-980B-183A2AA57FF6}] => (Allow) D:\SteamLibrary\steamapps\common\Synergy\hl2.exe
FirewallRules: [{62844A59-3B96-41C2-A508-090CB89C9736}] => (Allow) D:\SteamLibrary\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{60D44B10-83B6-4F35-A1E2-0B0B456C2E60}] => (Allow) D:\SteamLibrary\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{CD883F3E-2500-4AB6-BB80-4C7AA6145AA1}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{EF9C6329-074A-4849-B9F0-52838C109C44}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{3D03C799-85B4-4917-B3BC-C192B96F148F}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{65B096DD-1697-4CE8-BE80-0D4057F184CF}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{038A897D-7579-4F14-90C6-008C40869296}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{DCF659A1-15C3-46FE-8EA6-44BDF318888E}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{48EA42A0-5808-450F-8373-F5092A5AE613}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{F0D7F6D4-CB7F-46F6-992C-1A9C355D7950}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{35CCD537-BECF-42EE-99D9-FA59625D7360}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{444C4AFF-F440-4E3C-97A0-AF55E6C44951}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{2F705CE6-0119-4CD5-A868-ED85CF8319BC}] => (Allow) D:\SteamLibrary\steamapps\common\Black Mesa\bms.exe
FirewallRules: [{F97B31E0-BBF4-45D7-BE9B-20838FD46294}] => (Allow) D:\SteamLibrary\steamapps\common\Black Mesa\bms.exe
FirewallRules: [{8F116135-9ADD-4366-9E23-EF23AC1B232E}] => (Allow) D:\SteamLibrary\steamapps\common\The Park\AtlanticIslandPark\Binaries\Win64\ThePark.exe
FirewallRules: [{C362F16F-4671-4EA6-B72A-328265EF500E}] => (Allow) D:\SteamLibrary\steamapps\common\The Park\AtlanticIslandPark\Binaries\Win64\ThePark.exe
FirewallRules: [{97FC6E2D-52F6-40BA-B85A-C353B85A5DD5}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{03E96D7C-E2FB-4CA3-AD0B-19D143FD5603}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{7491661A-99E2-4E37-A43B-9C259F00E418}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{AEC1F3DB-8B8E-42B5-9B81-E5FCCCF087D9}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{EA0662D8-62B2-414F-BC90-37596A666802}] => (Allow) D:\SteamLibrary\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe
FirewallRules: [{FA2484D9-CAE7-4826-843C-634382BA6FF0}] => (Allow) D:\SteamLibrary\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe
FirewallRules: [{DEFC050A-D6DE-4CC8-8D65-A3BF8DE05DED}] => (Allow) D:\SteamLibrary\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{4E248B90-2732-4BB6-81DE-B1660B0ECA9B}] => (Allow) D:\SteamLibrary\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{655D9810-3C62-4E1F-890A-B371C1AFD876}] => (Allow) E:\Games\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{5C1DA8B3-0FB5-426C-924D-34219CF621B4}] => (Allow) E:\Games\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{AE6F9E83-CD8B-4ED0-91F6-F90D1AFD5DF3}] => (Allow) E:\Games\steamapps\common\Mind_Path_to_Thalamus\Mind_Pathtothalamus\Binaries\Win64\Mind_Pathtothalamus.exe
FirewallRules: [{0DBF59F2-28BC-4145-9F0C-7447CA5AE967}] => (Allow) E:\Games\steamapps\common\Mind_Path_to_Thalamus\Mind_Pathtothalamus\Binaries\Win64\Mind_Pathtothalamus.exe
FirewallRules: [{A1C1B613-FA60-4507-B502-27203585FF0B}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{463634D3-9358-4312-A8C1-83AABFE07154}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{FBAFE948-D086-46CE-9718-C838F7D58770}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{F8AC8D39-3694-44E6-A154-DE29DB14D269}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{BE7C46EA-19BC-4090-8230-9A5B9B9C6A6F}] => (Allow) E:\Games\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{7DF3DE6D-6644-48BC-8997-0ECD44FDD99B}] => (Allow) E:\Games\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{53307602-BAAA-473A-9A5D-EE2A754BC4BB}] => (Allow) E:\Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{36C33446-B4D7-4C7E-BC8F-635ED02E62B1}] => (Allow) E:\Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{D43BFDD0-81D6-4F85-A586-D4F61AAF6967}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bad Rats\Rats.exe
FirewallRules: [{A98B2799-9823-4F9B-80EE-CB1055012FEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bad Rats\Rats.exe
FirewallRules: [{A8C194C4-6628-4F75-97F3-7766ACC84D1B}] => (Allow) E:\Games\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{61CC7F46-62BB-4DCE-9981-1A7B710FE31D}] => (Allow) E:\Games\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{784CDB8C-F7FB-441C-8E81-5FDA381E75DF}] => (Allow) E:\Games\steamapps\common\Old City\Binaries\Win32\UDK.exe
FirewallRules: [{799A93AB-FDB6-44FD-BDF4-2F3FE1993EE3}] => (Allow) E:\Games\steamapps\common\Old City\Binaries\Win32\UDK.exe
FirewallRules: [{BA56AABF-FDBD-40B6-9937-1FA833C8F8A9}] => (Allow) E:\Games\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{5AD5BA04-FBAD-46DE-8182-0D95945C849C}] => (Allow) E:\Games\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{9F297634-88C5-4322-9639-96C3B236D127}] => (Allow) E:\Games\steamapps\common\MINERVA\hl2.exe
FirewallRules: [{555BC10F-D267-496C-A9D1-1EA919960CAB}] => (Allow) E:\Games\steamapps\common\MINERVA\hl2.exe
FirewallRules: [{A9B2CBC2-0BF2-49D8-A4D6-7620F7211E64}] => (Allow) E:\Games\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{0FB1C20C-EE46-4823-949A-E48A17FED8D4}] => (Allow) E:\Games\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{EC9339EB-225A-4EBC-999F-E89DD5198FDF}] => (Allow) E:\Games\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{5D5E4CC1-37A3-4907-9A37-411BCAB9AC00}] => (Allow) E:\Games\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{E1667ADB-E3DF-4FA4-86E4-A0350AF95CE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{53B4F116-5CAC-413C-A0FE-4B51EDA9956B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{D459E4F7-5593-4047-B6E6-3ACB58090CFC}] => (Allow) E:\Games\steamapps\common\Under the Ocean\Under the Ocean.exe
FirewallRules: [{504EBC92-E3D8-43DB-B4EB-42DAFE42049C}] => (Allow) E:\Games\steamapps\common\Under the Ocean\Under the Ocean.exe
FirewallRules: [{DC3FFF34-18CB-456D-A15D-3999BED76D08}] => (Allow) E:\Games\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [{C98AD960-DB58-479D-8DDE-B6A290E2A10A}] => (Allow) E:\Games\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [{AD489173-BE71-4B99-A7C2-49AB099363B1}] => (Allow) E:\Games\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{D0FB1285-5EDA-48BF-AF9E-62319AA8B2AB}] => (Allow) E:\Games\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{43AF9A1C-9F94-42AB-AF48-CB419C82439D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{953C87A1-3907-4D73-B843-C16D9AC82F8F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{8DA7A567-A248-49A0-B52C-7FD40DF2B6BF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E379BFFE-054F-4DF3-A1E6-CD69C7CF9E7B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EC25DA10-B640-40EE-B080-A76068E056B4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{13D5237D-2244-4DC4-83A6-388EFF4687F0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BD38EED4-2CFE-49B7-A83F-6EF30A998927}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DE341C71-15C0-4CDD-8839-B6B99ABB6972}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0DD16E1B-0AEA-4D8E-8836-5BA02180532F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9354B7D0-3852-4E0F-93CF-387F08A36B53}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2E970C8F-8D74-428F-8C48-D362A00DE0FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F98BB9BF-A942-4458-8925-CA46E6FDB5B0}] => (Allow) E:\Games\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{F7382365-700A-43A6-B62A-D198C4B19CA7}] => (Allow) E:\Games\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{D9EAE2FF-6D9D-4AD8-B0D4-75E53D054D78}] => (Allow) E:\Games\steamapps\common\StarMade\StarMade-starter.exe
FirewallRules: [{0EAE5BBB-DE80-477C-99DA-00863DCD6069}] => (Allow) E:\Games\steamapps\common\StarMade\StarMade-starter.exe
FirewallRules: [TCP Query User{D13987AB-FAC7-441C-BC9E-6341826E5EC7}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{B429E10D-F351-4D22-92ED-467B17A58011}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [TCP Query User{BD9FCE40-D6A5-4E76-93F4-0628E9E5165E}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{F370988D-5462-4394-8F3D-28F8702F06B6}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{1CA19512-A4F2-4F96-8137-6E991FDF81DB}C:\program files\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{9F1BA91D-D143-47CA-A354-A8FCF639D7E2}C:\program files\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\java.exe
FirewallRules: [{8F03265C-71D3-4F4D-9708-2F5DD4F01A47}] => (Allow) E:\Games\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{30385F96-3928-47CB-B59C-E3450E9CF8BC}] => (Allow) E:\Games\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{2FFCB361-181A-4932-A6CE-5F4BB8BBB1FB}] => (Allow) E:\Games\steamapps\common\Luftrausers\bin\Luftrausers.exe
FirewallRules: [{649DB952-F034-4330-9EFB-1F38702303D9}] => (Allow) E:\Games\steamapps\common\Luftrausers\bin\Luftrausers.exe
FirewallRules: [{A7E1EEF8-CE0B-4513-A4C5-8AC4328248DA}] => (Allow) E:\Games\steamapps\common\Project Zomboid Demo\ProjectZomboid64.exe
FirewallRules: [{A2920654-DF30-4C8B-BBD8-ADCD3BD5ADC8}] => (Allow) E:\Games\steamapps\common\Project Zomboid Demo\ProjectZomboid64.exe
FirewallRules: [{AA7B2A32-1040-4C32-9F67-6DB9B89ED2EE}] => (Allow) E:\Games\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{521154D9-8588-4E21-B423-BE4D03B29F14}] => (Allow) E:\Games\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{DF78C4A7-F683-46F3-A5E2-EE41790DCE63}] => (Allow) E:\Games\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{7CDB53AA-2699-412D-97A9-A5835AE217DD}] => (Allow) E:\Games\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{81A77FB2-77B5-4C1C-B9CA-0D33B77C6C38}] => (Allow) E:\Games\steamapps\common\Mind_Path_to_Thalamus\Engine\Binaries\Win64\Mind_pathtothalamus.exe
FirewallRules: [{CBC39E5C-ED55-41B5-8310-0E68FAC46738}] => (Allow) E:\Games\steamapps\common\Mind_Path_to_Thalamus\Engine\Binaries\Win64\Mind_pathtothalamus.exe
FirewallRules: [{EDC28728-27EC-4C5C-B501-C3B3648707E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{257E7C50-C5F5-418C-942F-D9924816A9ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{105BEA97-F4E0-4CD6-9F89-6B38DA9D59C6}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{9AE7BD63-3840-4C72-9737-E8D34869224E}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{0627488D-8B44-4EB2-9C4F-59938D462E7E}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{CDDC4BCA-27C9-4CC4-8E8A-3CAF84BA9043}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{5C6250D8-87F5-45D6-B51B-23CF96D6CA69}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{04B8CC2D-02BD-4B29-92BE-885B8459CB50}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera\Binaries\UDKLift.exe
 
==================== Faulty Device Manager Devices =============
 
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/10/2015 12:29:52 PM) (Source: MSMQ) (EventID: 2199) (User: )
Description: Message Queuing Service failed to listen on both IPv4 and IPv6 protocol. Messages will not be accepted from the network through TCP/IP protocols.  Messages addressed to this machine using TCP/IP protocols will not arrive but will accumulate in sender's outgoing queues.   Please fix the TCP/IP protocols issue and restart the computer.
 
Error: (12/10/2015 09:44:56 AM) (Source: MSMQ) (EventID: 2199) (User: )
Description: Message Queuing Service failed to listen on both IPv4 and IPv6 protocol. Messages will not be accepted from the network through TCP/IP protocols.  Messages addressed to this machine using TCP/IP protocols will not arrive but will accumulate in sender's outgoing queues.   Please fix the TCP/IP protocols issue and restart the computer.
 
Error: (12/10/2015 09:33:15 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0afb7007-268b-4298-bd4c-64903fee3c29}
 
Error: (12/10/2015 03:27:58 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x80070005
Partial Pkey=9YQTR
ACID=?
Detailed Error[?]
 
Error: (12/10/2015 03:27:09 AM) (Source: MSMQ) (EventID: 2199) (User: )
Description: Message Queuing Service failed to listen on both IPv4 and IPv6 protocol. Messages will not be accepted from the network through TCP/IP protocols.  Messages addressed to this machine using TCP/IP protocols will not arrive but will accumulate in sender's outgoing queues.   Please fix the TCP/IP protocols issue and restart the computer.
 
Error: (12/09/2015 01:05:19 PM) (Source: MSMQ) (EventID: 2199) (User: )
Description: Message Queuing Service failed to listen on both IPv4 and IPv6 protocol. Messages will not be accepted from the network through TCP/IP protocols.  Messages addressed to this machine using TCP/IP protocols will not arrive but will accumulate in sender's outgoing queues.   Please fix the TCP/IP protocols issue and restart the computer.
 
Error: (12/09/2015 12:59:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ce6816d1-f7c2-4623-94b1-501e3c6b5fdf}
 
Error: (12/09/2015 12:40:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Windi.exe, version: 1.0.0.0, time stamp: 0x565e9599
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19045, time stamp: 0x56258f05
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x5138
Faulting application start time: 0xWindi.exe0
Faulting application path: Windi.exe1
Faulting module path: Windi.exe2
Report Id: Windi.exe3
 
Error: (12/09/2015 12:40:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Windi.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at System.Windows.Application.Run()
   at demoforupdaterwindow.App.Main()
 
Error: (12/08/2015 10:03:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveUpdate.exe, version: 3.1.2.0, time stamp: 0x4f06724c
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56258e62
Exception code: 0xc0000008
Fault offset: 0x00082b59
Faulting process id: 0x%9
Faulting application start time: 0xLiveUpdate.exe0
Faulting application path: LiveUpdate.exe1
Faulting module path: LiveUpdate.exe2
Report Id: LiveUpdate.exe3
 
 
System errors:
=============
Error: (12/10/2015 12:34:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (12/10/2015 12:33:24 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %Trojan:Win64/Patched.AZ.gen!dll60 has encountered a critical error when taking action on malware or other potentially unwanted software.
 
For more information please see the following:
%Trojan:Win64/Patched.AZ.gen!dll603
 
Name: Trojan:Win64/Patched.AZ.gen!dll
 
ID: 2147708040
 
Severity: %Trojan:Win64/Patched.AZ.gen!dll600
 
Category: %Trojan:Win64/Patched.AZ.gen!dll602
 
Path: 4.8.0204.02
 
Detection Origin: 4.8.0204.04
 
Detection Type: 4.8.0204.08
 
Detection Source: %Trojan:Win64/Patched.AZ.gen!dll608
 
User: {7B6DA330-4492-4ADD-A002-6AFAA3BD0F46}9
 
Process Name: %Trojan:Win64/Patched.AZ.gen!dll609
 
Action: {7B6DA330-4492-4ADD-A002-6AFAA3BD0F46}1
 
Action Status:  {7B6DA330-4492-4ADD-A002-6AFAA3BD0F46}8
 
Error Code: {7B6DA330-4492-4ADD-A002-6AFAA3BD0F46}3
 
Error description: {7B6DA330-4492-4ADD-A002-6AFAA3BD0F46}4
 
Signature Version: 2015-12-10T19:29:48.965Z1
 
Engine Version: 2015-12-10T19:29:48.965Z2
 
Error: (12/10/2015 12:31:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (12/10/2015 12:29:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (12/10/2015 12:29:59 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x80070005
 
Error description: Access is denied. 
 
Reason: %%892
 
Error: (12/10/2015 12:27:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Web Deployment Agent Service service hung on starting.
 
Error: (12/10/2015 12:27:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Cryptographic Services service hung on starting.
 
Error: (12/10/2015 12:26:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service failed to start due to the following error: 
%%1053
 
Error: (12/10/2015 12:26:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Zero Configuration Service service to connect.
 
Error: (12/10/2015 12:25:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Workstation service hung on starting.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 30%
Total physical RAM: 8169.16 MB
Available physical RAM: 5663.24 MB
Total Virtual: 16336.54 MB
Available Virtual: 13616.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:39.74 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (SDATA1) (Fixed) (Total:232.87 GB) (Free:15.54 GB) NTFS
Drive e: (SDATA2) (Fixed) (Total:232.89 GB) (Free:134.65 GB) NTFS
Drive f: (35874) (CDROM) (Total:7.57 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:14.9 GB) (Free:8 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38601C96)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#10 Hypatia415

Hypatia415
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 11 December 2015 - 12:31 PM

Here's the FRSTlog txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by admin (administrator) on ASUS-LAPTOP (11-12-2015 10:16:34)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & Mcx1-ASUS-LAPTOP & Rowan & Kai & Rachel & Classic .NET AppPool & www.leaningtreestudio.com & DefaultAppPool & ASP.NET v4.0)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\SysWOW64\ExMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Lenovo) C:\Program Files\Lenovo Y Gaming Surround Sound Headset\CPL\Y gaming surround sound_x64.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Autodesk Inc.) C:\Users\admin\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [100112 2012-01-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Xear3DEX_P960] => C:\Windows\syswow64\ExMgr.exe [204800 2011-02-25] ()
HKLM\...\Run: [P960Sound] => C:\Program Files\Lenovo Y Gaming Surround Sound Headset\CPL\Y gaming surround sound_x64.exe [4086784 2015-08-28] (Lenovo)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-11] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-07-18] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2014-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-04] (Autodesk Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\...\Run: [Best Buy pc app] => C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-09] (Valve Corporation)
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\...\Run: [EADM] => D:\Origin\Origin.exe [3638256 2015-10-27] (Electronic Arts)
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\...\Run: [Windi] => C:\ProgramData\DataFile\Downloads\Windi.exe [288256 2015-12-02] ()
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\...\MountPoints2: {0baf053d-1859-11e1-958c-14dae919946f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.exe
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\...\MountPoints2: {bf320cd2-6df4-11e1-88f5-dfaccfdf3bd9} - G:\win\setup.exe -phs
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
Startup: C:\Users\ASP.NET v4.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-11]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-11]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-11]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-11]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-11]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Mcx1-ASUS-LAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-11]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 www.wavybrain.local
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0246A4FE-2534-4A23-B434-D976D5FE4B6B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{10263373-432F-4BEC-B662-86657F059851}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{2B3F1DF6-406A-4863-8405-0CE78C4FE119}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{59C55E06-D678-41E5-BDE6-B69B4C1A2D4E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{59C55E06-D678-41E5-BDE6-B69B4C1A2D4E}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2133040787-3344251579-4125002376-1000 -> {300A29DB-E4F4-489F-8169-97242EF0042B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-27] (Oracle Corporation)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-04-11] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-11] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-28] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2013-07-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-02-19] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-02-19] [not signed]
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-04] (Autodesk Inc.)
S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
S3 ATLOISAService; C:\Windows\system\ATLOISAService.exe [512000 2013-10-25] (Cmedia Electronics Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-09-23] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-15] (NVIDIA Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [88720 2014-05-05] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-15] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2099208 2015-10-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-10-28] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [655040 2015-07-07] (Wacom Technology, Corp.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [84480 2011-05-19] (Intel Corporation) [File not signed]
S3 bpmp; C:\Windows\System32\DRIVERS\bpmp.sys [182272 2011-05-19] (Intel Corporation) [File not signed]
S3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [83968 2011-05-19] (Intel Corporation) [File not signed]
R3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2011-02-08] (CSR plc.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-03] (Citrix Systems, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-11-15] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated) [File not signed]
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.) [File not signed]
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-07-19] (Sierra Wireless Inc.) [File not signed]
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-11 10:16 - 2015-12-11 10:18 - 00041854 _____ C:\Users\admin\Desktop\FRST.txt
2015-12-10 12:19 - 2011-05-03 23:24 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-12-10 09:55 - 2015-12-10 09:48 - 01738240 _____ C:\Users\admin\Desktop\adwcleaner_5.024.exe
2015-12-10 09:52 - 2015-12-10 12:19 - 00000000 ____D C:\AdwCleaner
2015-12-10 09:46 - 2015-12-10 10:06 - 00001921 _____ C:\Users\admin\Desktop\Search.txt
2015-12-10 09:33 - 2015-12-10 09:33 - 00028105 _____ C:\Users\admin\Desktop\Fixlog.txt
2015-12-10 09:28 - 2015-12-08 15:50 - 02369024 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-12-09 06:14 - 2015-11-20 11:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 06:14 - 2015-11-20 11:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 06:14 - 2015-11-20 11:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 06:14 - 2015-11-20 11:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 06:14 - 2015-11-20 11:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 06:14 - 2015-11-20 11:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 06:14 - 2015-11-20 11:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 06:14 - 2015-11-20 11:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 06:14 - 2015-11-20 11:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 06:14 - 2015-11-20 11:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 06:14 - 2015-11-20 11:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 06:14 - 2015-11-20 11:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 06:14 - 2015-11-20 11:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 06:14 - 2015-11-20 11:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 06:14 - 2015-11-20 11:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 06:14 - 2015-11-20 11:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 06:14 - 2015-11-03 12:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 06:14 - 2015-11-03 11:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 06:13 - 2015-11-11 14:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 06:13 - 2015-11-11 13:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 06:13 - 2015-11-11 11:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 06:13 - 2015-11-11 11:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 06:13 - 2015-11-11 11:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 06:13 - 2015-11-11 11:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 06:13 - 2015-11-11 09:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 06:13 - 2015-11-11 09:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 06:13 - 2015-11-11 08:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 06:13 - 2015-11-11 08:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 06:13 - 2015-11-11 08:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 06:13 - 2015-11-11 08:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 06:13 - 2015-11-11 07:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 06:13 - 2015-11-10 11:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 06:13 - 2015-11-10 11:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 06:13 - 2015-11-10 11:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 06:13 - 2015-11-10 11:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 06:13 - 2015-11-10 11:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 06:13 - 2015-11-10 10:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 06:13 - 2015-11-09 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 06:13 - 2015-11-09 17:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 06:13 - 2015-11-09 17:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 06:13 - 2015-11-09 17:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 06:13 - 2015-11-09 17:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 06:13 - 2015-11-09 17:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 06:13 - 2015-11-09 17:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 06:13 - 2015-11-09 17:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 06:13 - 2015-11-09 17:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 06:13 - 2015-11-09 17:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 06:13 - 2015-11-09 17:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 06:13 - 2015-11-09 17:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 06:13 - 2015-11-09 17:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 06:13 - 2015-11-09 16:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 06:13 - 2015-11-09 16:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 06:13 - 2015-11-09 16:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 06:13 - 2015-11-09 16:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 06:13 - 2015-11-09 16:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 06:13 - 2015-11-09 16:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 06:13 - 2015-11-09 16:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 06:13 - 2015-11-09 16:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 06:13 - 2015-11-09 16:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 06:13 - 2015-11-09 16:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 06:13 - 2015-11-09 16:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 06:13 - 2015-11-08 15:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 06:13 - 2015-11-08 15:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 06:13 - 2015-11-08 15:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 06:13 - 2015-11-08 15:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 06:13 - 2015-11-08 15:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 06:13 - 2015-11-08 15:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 06:13 - 2015-11-08 15:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 06:13 - 2015-11-08 15:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 06:13 - 2015-11-08 15:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 06:13 - 2015-11-08 15:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 06:13 - 2015-11-08 15:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 06:13 - 2015-11-08 15:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 06:13 - 2015-11-08 15:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 06:13 - 2015-11-08 15:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 06:13 - 2015-11-08 15:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 06:13 - 2015-11-08 15:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 06:13 - 2015-11-08 14:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 06:13 - 2015-11-08 14:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 06:13 - 2015-11-08 14:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 06:13 - 2015-11-08 14:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 06:13 - 2015-11-08 14:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 06:13 - 2015-11-08 14:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 06:13 - 2015-11-08 14:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 06:13 - 2015-11-08 14:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 06:13 - 2015-11-08 14:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 06:13 - 2015-11-08 14:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 06:13 - 2015-11-08 14:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 06:13 - 2015-11-08 14:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 06:13 - 2015-11-08 13:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 06:13 - 2015-11-08 13:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 06:13 - 2015-11-08 13:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 06:13 - 2015-11-05 12:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 06:13 - 2015-11-05 12:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 06:13 - 2015-11-05 02:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 06:13 - 2015-11-03 12:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 06:13 - 2015-11-03 11:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 15:53 - 2015-12-11 10:16 - 00000000 ____D C:\FRST
2015-12-08 14:36 - 2015-12-08 14:36 - 00000000 ____D C:\Users\admin\AppData\Local\GWX
2015-12-08 08:24 - 2015-12-09 12:40 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2015-12-08 08:03 - 2015-11-20 12:29 - 00050001 _____ C:\Users\Rowan\Documents\abaddon - Copy.xcf
2015-12-08 07:22 - 2015-12-08 07:22 - 00000000 ____D C:\Users\admin\AppData\Roaming\LEP960
2015-12-08 07:22 - 2015-12-08 07:22 - 00000000 ____D C:\Users\admin\.android
2015-12-08 07:21 - 2015-12-08 07:22 - 00000000 ____D C:\Users\admin\AppData\Local\Wacom
2015-12-07 16:44 - 2015-12-07 16:44 - 00000000 ____D C:\Users\Rowan\.android
2015-12-07 16:43 - 2015-12-07 16:44 - 00000000 ____D C:\Users\Rowan\AppData\Local\Wacom
2015-12-07 16:34 - 2015-12-07 16:34 - 00000000 ____D C:\Users\Rowan\AppData\Local\gmsd_us_005010169
2015-12-07 16:25 - 2015-12-07 16:25 - 00000000 ____D C:\Users\Rachel\AppData\Local\gmsd_us_005010169
2015-12-07 16:23 - 2015-12-09 13:07 - 00000000 ____D C:\ProgramData\DataFile
2015-12-07 16:23 - 2015-12-08 07:21 - 00004784 _____ C:\Windows\SysWOW64\Hulkokcos.ini
2015-12-07 16:23 - 2015-12-08 07:21 - 00002504 _____ C:\Windows\SysWOW64\HulkokcosOff.ini
2015-12-07 16:23 - 2015-12-08 07:21 - 00002504 _____ C:\Windows\system32\HulkokcosOff.ini
2015-12-07 16:23 - 2015-12-07 16:23 - 00001145 _____ C:\Users\Rachel\Desktop\Simple Media Player.lnk
2015-12-07 16:23 - 2015-12-07 16:23 - 00001145 _____ C:\Users\Mcx1-ASUS-LAPTOP\Desktop\Simple Media Player.lnk
2015-12-07 16:23 - 2015-12-07 16:23 - 00001145 _____ C:\Users\Kai\Desktop\Simple Media Player.lnk
2015-12-07 16:23 - 2015-12-07 16:23 - 00001145 _____ C:\Users\admin\Desktop\Simple Media Player.lnk
2015-12-07 16:23 - 2015-12-07 16:23 - 00000000 ____D C:\Windows\system32\phfo
2015-12-07 16:23 - 2015-12-07 16:23 - 00000000 ____D C:\Users\Rowan\AppData\LocalLow\Company
2015-12-07 16:23 - 2015-12-07 16:23 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-12-07 16:23 - 2015-12-07 16:23 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\AnarsaSabciv
2015-12-07 16:23 - 2015-12-07 16:23 - 00000000 ____D C:\Users\Rachel\AppData\Local\Tempfolder
2015-12-07 16:23 - 2015-12-07 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-12-07 16:23 - 2015-12-07 16:23 - 00000000 ____D C:\Program Files (x86)\Simple Media Player
2015-12-07 16:23 - 2015-12-07 15:30 - 00375120 _____ C:\Windows\system32\Hulkokcos64.dll
2015-12-07 16:23 - 2015-12-07 15:30 - 00289104 _____ C:\Windows\SysWOW64\Hulkokcos.dll
2015-12-07 16:22 - 2015-12-07 16:22 - 00000000 ____D C:\Users\Rachel\AppData\LocalLow\Company
2015-12-07 16:22 - 2015-12-07 16:22 - 00000000 ____D C:\uninst
2015-12-07 16:21 - 2015-12-07 16:21 - 00003164 _____ C:\Windows\System32\Tasks\Pool Browser
2015-12-07 16:21 - 2015-12-07 16:21 - 00000000 ____D C:\Users\Rachel\AppData\Local\Pool Browser
2015-12-07 16:17 - 2015-12-07 16:17 - 00002291 _____ C:\Users\Rowan\FLRegKey_On_HAX.rar
2015-12-07 16:16 - 2015-12-07 16:16 - 00976112 _____ (Generic program ) C:\Users\Rowan\FLRegKey_On_HAX.exe
2015-12-07 16:12 - 2014-10-07 20:53 - 00000856 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-07 16:11 - 2015-12-07 16:11 - 00002648 _____ C:\Users\Rachel\Desktop\DM.lnk
2015-12-07 16:10 - 2015-12-07 16:10 - 00000000 ____D C:\Users\Rowan\New folder
2015-12-07 16:01 - 2015-12-07 16:01 - 00000000 ____D C:\Users\Rachel\AppData\Local\CrashDumps
2015-12-07 15:58 - 2015-12-07 15:59 - 517121104 _____ (Image-Line) C:\Users\Rowan\Downloads\flstudio_12.1.3.exe
2015-12-07 15:57 - 2015-12-07 15:57 - 00003815 _____ C:\Users\Rowan\Downloads\FL5tud1o1213CrackA.zip
2015-12-07 15:55 - 2015-12-07 15:55 - 00001157 _____ C:\Users\Rachel\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2015-12-07 15:55 - 2015-12-07 15:55 - 00000000 ____D C:\Users\Rowan\ASIO4ALL v2
2015-12-07 15:55 - 2015-12-07 15:55 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2015-12-07 15:51 - 2015-12-07 15:51 - 00001516 _____ C:\Users\Rowan\Desktop\FL Studio 12 (64bit).lnk
2015-12-07 15:51 - 2015-12-07 15:51 - 00001500 _____ C:\Users\Rowan\Desktop\FL Studio 12.lnk
2015-12-07 15:51 - 2015-12-07 15:51 - 00000000 ____D C:\Users\Rowan\Documents\Image-Line
2015-12-07 15:51 - 2015-12-07 15:51 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2015-12-07 15:50 - 2015-12-07 15:51 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-12-07 15:50 - 2015-12-07 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-12-07 15:50 - 2015-12-07 15:50 - 00000000 ____D C:\Program Files\Image-Line
2015-12-07 15:48 - 2015-12-07 15:49 - 00000000 ____D C:\Users\Rowan\System
2015-12-07 15:43 - 2015-12-07 15:48 - 00000000 ____D C:\Users\Rowan\Plugins
2015-12-07 15:43 - 2015-12-07 15:43 - 00000000 ____D C:\Users\Rowan\Help
2015-12-07 15:38 - 2015-12-07 15:43 - 00000000 ____D C:\Users\Rowan\Data
2015-12-07 15:38 - 2015-12-07 15:38 - 00000000 ____D C:\Users\Rowan\Artwork
2015-12-07 15:26 - 2015-12-07 15:55 - 00000000 ____D C:\Program Files (x86)\Image-Line
2015-12-07 15:23 - 2015-04-22 16:58 - 00000000 ____D C:\Users\Rowan\Desktop\Image-Line FL Studio 12.0.1 Producer Edition - Final
2015-12-07 15:21 - 2015-12-07 15:22 - 453908579 _____ C:\Users\Rowan\Downloads\Image-Line FL Studio 12.0.1 Producer Edition - Final [ENG].rar
2015-12-07 08:11 - 2015-12-07 08:11 - 00008303 _____ C:\Users\Rowan\AppData\Local\recently-used.xbel
2015-12-07 01:25 - 2015-12-07 01:25 - 01308417 _____ C:\Users\Rowan\Documents\judgegiffinal.xcf
2015-12-07 01:00 - 2015-12-07 01:24 - 00093745 _____ C:\Users\Rowan\Documents\judgegif.xcf
2015-12-06 15:42 - 2015-12-06 16:10 - 00000000 ____D C:\Users\Rowan\AppData\Local\UNDERTALE
2015-12-06 13:40 - 2015-12-06 13:40 - 00000000 ____D C:\Users\Rowan\AppData\LocalLow\Steel Crate Games
2015-12-06 12:04 - 2015-12-06 12:05 - 00000000 ____D C:\Users\Rowan\Zomboid
2015-12-04 23:39 - 2015-12-04 23:39 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\.LUFTRAUSERS
2015-12-04 23:38 - 2015-12-04 23:38 - 00000222 _____ C:\Users\Rowan\Desktop\LUFTRAUSERS.url
2015-12-02 18:27 - 2015-12-02 18:27 - 00000222 _____ C:\Users\Rowan\Desktop\Space Engineers.url
2015-12-02 15:57 - 2015-12-02 15:57 - 00005894 _____ C:\Users\Rowan\Downloads\SkypeVoiceChanger.application
2015-12-02 15:42 - 2015-12-02 15:57 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mark Heath
2015-12-02 15:42 - 2015-12-02 15:42 - 00000000 ____D C:\Users\Rowan\AppData\Local\SkypeVoiceChangerPro
2015-12-02 15:41 - 2015-12-02 15:41 - 00483416 _____ () C:\Users\Rowan\Downloads\setup.exe
2015-11-29 16:33 - 2015-11-29 16:36 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\Notepad++
2015-11-29 14:09 - 2015-11-30 14:39 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\SpaceEngineers
2015-11-28 12:45 - 2015-11-28 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-11-28 12:45 - 2015-11-28 12:45 - 00000000 ____D C:\Program Files\Logitech
2015-11-28 12:45 - 2015-11-28 12:45 - 00000000 ____D C:\Program Files\Common Files\Logitech
2015-11-28 12:44 - 2015-11-28 12:45 - 17276616 _____ (Logitech ) C:\Users\Rowan\Downloads\lgs510_x64.exe
2015-11-27 19:29 - 2015-11-27 19:28 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-11-27 19:28 - 2015-11-27 19:28 - 00000000 ____D C:\Program Files\Java
2015-11-27 19:27 - 2015-11-27 19:27 - 57017440 _____ (Oracle Corporation) C:\Users\Rowan\Downloads\jre-8u66-windows-x64.exe
2015-11-27 18:49 - 2015-11-27 19:25 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\.StarMade
2015-11-27 18:47 - 2015-11-27 18:47 - 00000222 _____ C:\Users\Rowan\Desktop\StarMade.url
2015-11-26 12:30 - 2015-11-26 12:30 - 00000000 ____D C:\Users\Rowan\AppData\LocalLow\Unknown Worlds
2015-11-26 12:12 - 2015-11-26 12:12 - 00000222 _____ C:\Users\Rowan\Desktop\Subnautica.url
2015-11-24 12:36 - 2015-11-24 12:36 - 00001383 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-11-24 12:33 - 2015-11-24 12:38 - 00000000 ____D C:\Users\Rachel\AppData\Local\NVIDIA
2015-11-24 12:33 - 2015-11-15 20:35 - 01828160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-24 12:33 - 2015-11-15 20:35 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-24 12:33 - 2015-11-15 20:35 - 01509824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-24 12:33 - 2015-11-15 20:35 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-24 12:33 - 2015-11-15 20:35 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-11-24 12:32 - 2015-11-24 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-24 12:32 - 2015-11-13 22:53 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-11-24 12:31 - 2015-11-13 23:06 - 06358832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-24 12:31 - 2015-11-13 23:06 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-24 12:31 - 2015-11-13 23:06 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-24 12:31 - 2015-11-13 23:06 - 00938800 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-24 12:31 - 2015-11-13 23:06 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-24 12:31 - 2015-11-13 23:06 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-24 12:31 - 2015-10-28 01:17 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2015-11-24 12:30 - 2015-11-15 20:35 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-24 12:30 - 2015-11-15 20:35 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-24 12:29 - 2015-11-15 20:35 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-11-24 12:29 - 2015-11-15 20:35 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-11-24 12:29 - 2015-11-15 20:35 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-11-24 12:28 - 2015-11-15 20:35 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 37881976 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 18363000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 17515528 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 15717864 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 13527440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 12770944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 11130488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-24 12:28 - 2015-11-15 20:35 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 02870576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 02490672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435900.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435900.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-11-24 12:28 - 2015-11-15 20:35 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-11-24 12:28 - 2015-11-15 20:35 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-24 12:14 - 2015-11-24 12:15 - 302252144 _____ (NVIDIA Corporation) C:\Users\Rowan\Downloads\359.00-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-11-24 11:50 - 2015-11-24 11:51 - 00411280 _____ (TweakBit) C:\Users\Rowan\Downloads\driver-updater-setup.exe
2015-11-24 11:12 - 2015-11-24 11:13 - 00000000 ____D C:\Users\Rowan\Downloads\DDU Logs
2015-11-24 11:12 - 2015-11-24 11:12 - 00000000 ____D C:\Users\Rowan\Downloads\x64
2015-11-24 11:11 - 2015-11-24 11:12 - 00000000 ____D C:\Users\Rowan\Downloads\settings
2015-11-24 11:11 - 2015-11-24 11:11 - 02547083 _____ (Igor Pavlov) C:\Users\Rowan\Downloads\DDU v15.6.0.2.exe
2015-11-24 11:11 - 2015-11-15 13:29 - 01820160 _____ C:\Users\Rowan\Downloads\Display Driver Uninstaller.exe
2015-11-24 11:11 - 2015-11-15 13:29 - 00243200 _____ C:\Users\Rowan\Downloads\Display Driver Uninstaller.pdb
2015-11-24 11:11 - 2015-09-06 04:26 - 00000224 _____ C:\Users\Rowan\Downloads\Display Driver Uninstaller.exe.config
2015-11-24 10:53 - 2015-11-24 10:55 - 302252144 _____ (NVIDIA Corporation) C:\Users\Rowan\Downloads\359.00-notebook-win8-win7-64bit-international-whql.exe
2015-11-23 20:52 - 2015-11-23 20:52 - 00045894 _____ C:\Users\Rowan\Documents\face.xcf
2015-11-23 16:28 - 2015-11-23 18:40 - 00000000 ____D C:\Program Files\Microsoft Xbox One Controller for Windows
2015-11-23 16:27 - 2015-11-23 16:27 - 02854912 _____ C:\Users\Rowan\Downloads\xb1usb.11059.0.140526x64.msi
2015-11-23 16:26 - 2015-11-23 16:26 - 00144345 _____ C:\Users\Rowan\Downloads\TDS_XboxOneControllerPlusCableforWindows.pdf
2015-11-20 12:29 - 2015-11-20 12:29 - 00050001 _____ C:\Users\Rowan\Documents\abaddon.xcf
2015-11-20 10:24 - 2015-11-20 10:24 - 00000000 ____D C:\Users\Rowan\Documents\GameMaker
2015-11-20 08:57 - 2015-11-20 10:23 - 00000000 ____D C:\Users\Rowan\AppData\Local\gamemaker_studio
2015-11-20 08:57 - 2015-11-20 08:57 - 00000000 ____D C:\Users\Rowan\AppData\Local\GameMaker_Player
2015-11-18 17:38 - 2015-11-18 17:38 - 00430124 _____ C:\Users\Rowan\Desktop\underwater.wav
2015-11-17 20:03 - 2015-11-17 20:04 - 60039168 _____ C:\Users\Rowan\Downloads\PhysX-9.14.0702-SystemSoftware.msi
2015-11-17 20:03 - 2015-11-17 20:04 - 301483888 _____ (NVIDIA Corporation) C:\Users\Rowan\Downloads\358.91-notebook-win8-win7-64bit-international-whql.exe
2015-11-17 19:55 - 2015-11-17 19:55 - 00000000 ____D C:\Users\Rowan\Documents\EA Games
2015-11-17 19:46 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-11-17 19:46 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-11-17 19:46 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-11-17 19:46 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-11-17 19:46 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-11-17 19:46 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-11-17 19:46 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-11-17 19:46 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-11-17 19:46 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-11-17 19:46 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-11-17 19:46 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-11-17 19:46 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-11-17 19:46 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-11-17 19:46 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-11-17 19:46 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-11-17 19:46 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-11-17 19:46 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-11-17 19:46 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-11-17 19:46 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-11-17 19:46 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-11-17 19:46 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-11-17 19:46 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-11-17 19:46 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-11-17 19:46 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-11-17 19:46 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-11-17 19:46 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-11-17 19:46 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-11-17 19:46 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-11-17 19:46 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-11-17 19:46 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-11-17 19:46 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-11-17 19:46 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-11-17 19:46 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-11-17 19:46 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-11-17 19:46 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-11-17 19:46 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-11-17 19:46 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-11-17 19:46 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-11-17 19:46 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-11-17 19:46 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-11-17 19:46 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-11-17 19:46 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-11-17 19:46 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-11-17 19:46 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-11-17 19:46 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-11-17 19:46 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-11-17 19:45 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-11-17 19:45 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-11-17 19:45 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-11-17 19:45 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-11-17 19:45 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-11-17 19:45 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-11-17 19:45 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-11-17 19:45 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-11-17 19:45 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-11-17 19:45 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-11-17 19:45 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-11-17 19:45 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-11-17 19:45 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-11-17 19:45 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-11-17 19:45 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-11-17 19:45 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-11-17 19:45 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-11-17 19:45 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-11-17 11:50 - 2015-11-17 11:53 - 1031967555 _____ C:\Users\Rowan\Downloads\rnlopenbeta6 (1).exe
2015-11-16 10:27 - 2015-11-16 10:27 - 00051309 _____ C:\Users\Rowan\Documents\zach.xcf
2015-11-14 17:55 - 2015-11-14 17:55 - 00002822 _____ C:\Users\Rowan\Desktop\entry.aup
2015-11-14 17:55 - 2015-11-14 17:55 - 00000000 ____D C:\Users\Rowan\Desktop\entry_data
2015-11-14 17:25 - 2015-12-06 20:53 - 01449554 _____ C:\Users\Rowan\Documents\oddities ep.xcf
2015-11-14 00:13 - 2015-11-14 00:13 - 00076464 _____ C:\Users\Rowan\Documents\welcome.xcf
2015-11-13 23:55 - 2015-11-13 23:55 - 00187086 _____ C:\Users\Rowan\Documents\oddities 1.xcf
2015-11-13 13:30 - 2015-11-13 13:30 - 00000000 ____D C:\Users\Rowan\Documents\ArtRage Paintings
2015-11-13 13:29 - 2015-11-13 13:29 - 00001769 _____ C:\Users\Public\Desktop\ArtRage Demo.lnk
2015-11-13 13:29 - 2015-11-13 13:29 - 00000000 ____D C:\Users\Rowan\Resources
2015-11-13 13:29 - 2015-11-13 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtRage 4 Demo
2015-11-13 13:27 - 2015-11-13 13:30 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\Ambient Design
2015-11-13 13:27 - 2015-11-13 13:27 - 48726008 _____ (Ambient Design) C:\Users\Rowan\Downloads\install_artrage_4_demo_windows.exe
2015-11-13 13:10 - 2015-11-13 13:10 - 06417600 _____ C:\Users\Rowan\Documents\hearton.xcf
2015-11-11 12:29 - 2015-12-07 01:25 - 00000000 ____D C:\Users\Rowan\AppData\Local\gtk-2.0
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-11 10:17 - 2013-04-11 22:05 - 00002261 _____ C:\Users\admin\Desktop\Google Chrome.lnk
2015-12-11 10:14 - 2012-04-12 18:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-11 10:00 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-11 10:00 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-11 09:44 - 2013-01-03 17:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 03:14 - 2012-04-12 18:33 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-11 03:14 - 2012-04-12 18:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-11 03:14 - 2011-12-03 02:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-10 14:44 - 2013-01-03 17:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 12:35 - 2015-09-22 13:30 - 00000000 ____D C:\Users\admin\Documents\My Games
2015-12-10 12:30 - 2015-07-24 12:57 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-10 12:23 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-10 12:21 - 2011-11-25 17:14 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-10 09:45 - 2013-04-11 22:05 - 00000000 ____D C:\Users\admin\AppData\Local\TSVNCache
2015-12-10 04:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-12-10 03:26 - 2009-07-13 21:45 - 00520592 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 03:24 - 2012-05-15 20:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 03:24 - 2011-11-26 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 03:23 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2015-12-10 03:07 - 2012-05-20 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 03:07 - 2011-11-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-08 20:39 - 2011-11-25 17:18 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 15:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows
2015-12-08 08:04 - 2009-07-13 22:13 - 01009786 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-08 08:02 - 2015-07-24 12:49 - 00000000 ____D C:\Users\Rowan
2015-12-08 07:22 - 2011-11-25 16:57 - 00137760 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-08 07:22 - 2011-11-25 16:21 - 00000000 ____D C:\Users\admin
2015-12-08 07:21 - 2015-09-21 13:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\WTablet
2015-12-08 07:18 - 2015-07-24 12:50 - 00000000 ____D C:\Users\Rowan\AppData\Local\TSVNCache
2015-12-08 07:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-08 07:02 - 2015-07-24 13:00 - 00000000 ____D C:\Users\Rowan\AppData\Local\Spotify
2015-12-08 06:57 - 2015-07-24 12:59 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\Spotify
2015-12-08 06:40 - 2015-07-24 20:55 - 00000000 ____D C:\Users\Rowan\AppData\Local\CrashDumps
2015-12-07 16:43 - 2015-08-08 09:08 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\WTablet
2015-12-07 16:27 - 2015-07-25 11:47 - 00000000 ____D C:\Users\Rachel\AppData\Local\TSVNCache
2015-12-07 16:27 - 2011-05-03 23:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-12-07 16:26 - 2015-07-24 12:50 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\Skype
2015-12-07 08:11 - 2015-08-02 09:31 - 00000000 ____D C:\Users\Rowan\.gimp-2.8
2015-12-06 18:37 - 2015-07-24 12:49 - 00000000 ____D C:\Users\Rowan\Documents\Visual Studio 2013
2015-12-05 11:35 - 2015-11-02 21:20 - 00003302 _____ C:\Users\Rowan\AppData\Roaming\SpeedRunnersLog.txt
2015-12-04 21:35 - 2015-07-26 08:43 - 00000080 _____ C:\Users\Rowan\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-12-02 17:19 - 2015-07-24 12:50 - 00000000 ____D C:\Users\Rowan\AppData\Local\Deployment
2015-11-27 23:08 - 2015-10-25 12:15 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\.minecraft
2015-11-27 19:29 - 2015-10-25 12:24 - 00000000 ____D C:\Users\Rowan\.oracle_jre_usage
2015-11-27 19:29 - 2015-10-25 12:23 - 00000000 ____D C:\Users\Rachel\.oracle_jre_usage
2015-11-27 19:28 - 2015-10-25 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-24 12:38 - 2015-07-25 11:48 - 00000000 ____D C:\Users\Rachel\AppData\Local\NVIDIA Corporation
2015-11-24 12:36 - 2012-05-17 22:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-24 12:33 - 2011-11-25 17:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-24 12:32 - 2012-05-09 17:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-24 12:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2015-11-24 12:26 - 2012-10-10 20:57 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-24 12:23 - 2013-07-28 17:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-24 12:04 - 2015-07-24 12:51 - 00000000 ____D C:\Users\Rowan\AppData\Local\NVIDIA Corporation
2015-11-24 11:44 - 2015-07-25 11:45 - 00000000 ____D C:\Users\Rachel
2015-11-20 15:08 - 2015-07-24 13:09 - 00000000 ____D C:\Users\Rowan\AppData\Local\Steam
2015-11-20 08:57 - 2012-10-05 18:05 - 00000000 ____D C:\ProgramData\gamemaker_studio
2015-11-18 18:32 - 2015-08-06 09:08 - 00000000 ____D C:\Users\Rowan\AppData\Roaming\Audacity
2015-11-18 16:50 - 2015-07-25 11:47 - 00137760 _____ C:\Users\Rachel\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-13 13:16 - 2015-08-08 11:08 - 00137760 _____ C:\Users\wes\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-11 17:17 - 2009-07-14 00:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 08:27 - 2011-11-25 17:17 - 01004642 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 08:25 - 2011-11-25 21:52 - 00000039 _____ C:\Windows\vbaddin.ini
 
Files to move or delete:
====================
C:\Users\Rowan\AR3Thumb64.dll
C:\Users\Rowan\ArtRage Demo 32.exe
C:\Users\Rowan\ArtRage Demo.exe
C:\Users\Rowan\AudioRestore.dll
C:\Users\Rowan\DelZip179.dll
C:\Users\Rowan\ds2wav.dll
C:\Users\Rowan\dsplib.dll
C:\Users\Rowan\FL (compatible memory).exe
C:\Users\Rowan\FL Studio VSTi (Multi).dll
C:\Users\Rowan\FL Studio VSTi.dll
C:\Users\Rowan\FL.exe
C:\Users\Rowan\FL64.exe
C:\Users\Rowan\FLEngine.dll
C:\Users\Rowan\FLEngine_x64.dll
C:\Users\Rowan\FLRegKey_On_HAX.exe
C:\Users\Rowan\Install ETS2MP.exe
C:\Users\Rowan\iZAudioRestore.dll
C:\Users\Rowan\setup.exe
C:\Users\Rowan\Speaker.dll
C:\Users\Rowan\speaker_x64.dll
C:\Users\Rowan\ss2wav.dll
C:\Users\Rowan\ss2wav16.dll
C:\Users\Rowan\uninstall.exe
C:\Users\Rowan\ZeroX_AS.dll
 
 
Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2011-05-03 23:24] - [2015-12-07 16:27] - 0357888 ____A (Microsoft Corporation) 2F85A6656829BE11548D1E63083D4C06
 
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-10 00:17
 
==================== End of FRST.txt ============================


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 PM

Posted 11 December 2015 - 01:50 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\...\Run: [Windi] => C:\ProgramData\DataFile\Downloads\Windi.exe [288256 2015-12-02] ()
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
C:\ProgramData\DataFile\Downloads\Windi.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Run MBAM and post the log if you can.

Let me know what problem persists.

#12 Hypatia415

Hypatia415
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 11 December 2015 - 04:26 PM

I was able to run MBAM.  After it had completed and removed all the crap (128 items) all of my symptoms seem to be gone.  I'm not sure if it was that or your AdwCleaner fixlist, but the whole windows-is-not-genuine thing is gone too.

 

Do you think I'm clean?

 

Thanks so much nasdaq!

 

 

 

Here's my MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/11/2015
Scan Time: 12:37 PM
Logfile: MBAM_scan_log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.11.05
Rootkit Database: v2015.12.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 768231
Time Elapsed: 1 hr, 15 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 52
PUP.Optional.CrossRider, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F0D2ADBD-20F9-4537-AEBB-3B842F1922AB}, , [7f521f844e3d4de95d339ed405ffc63a], 
PUP.Optional.SimpleMediaPlayer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Simple Media Player, , [29a82380e6a52511b2a158949f6456aa], 
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\HulkokcosLib.EtarUnofme, , [864b4d5664279f97be83396b34ce05fb], 
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\HulkokcosLib.EtarUnofme.1, , [8b4661420d7ece68f44d5b49ab57c43c], 
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\HulkokcosLib.KuizIpucleb, , [efe2dac907843303132efca84cb6eb15], 
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\HulkokcosLib.KuizIpucleb.1, , [1bb6544fed9e73c3ba8702a2867c41bf], 
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\HulkokcosLib.ManIamozzarm, , [5d74b4ef3e4d082e73ce8b199a686898], 
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\HulkokcosLib.ManIamozzarm.1, , [14bdb7ecc5c6c274f948574d0af817e9], 
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\HulkokcosLib.MujoVhvuciva, , [2ea33c678ffc072f47fa0e96d131bb45], 
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\HulkokcosLib.MujoVhvuciva.1, , [8b466142632867cf73ce2b793dc55aa6], 
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\HulkokcosLib.PilkDiseue, , [d4fd099a3457a98d42ff6c3856ac9b65], 
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\HulkokcosLib.PilkDiseue.1, , [4c85792af695989e152ca7fdb250966a], 
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6, , [9839dec546453afc3d95faaad82aba46], 
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8, , [775a4162eba0360052817b29aa5820e0], 
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74, , [a62b158e7e0d80b6b0246a3a0ef4cc34], 
PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\MICROSOFT\TRACING\Allpcoptimizer_RASAPI32, , [f0e1535099f28bab24c8847c94709769], 
PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\MICROSOFT\TRACING\Allpcoptimizer_RASMANCS, , [e8e98a192d5e132302ea4bb559abfe02], 
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASAPI32, , [fbd6178c4c3f171f0dfa388f7e85669a], 
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASMANCS, , [fcd5376cd6b54aec34d39d2a877c748c], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Pool Browser, , [7a571a890883142296a86b39fc064db3], 
PUP.Optional.SimpleMediaPlayer, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Simple Video Player.exe, , [7859f0b3b3d8c86edf75e00c7192a25e], 
PUP.Optional.SwiftSearch, HKLM\SOFTWARE\WOW6432NODE\SwiftSearch_1.10.0.25, , [fcd501a27f0c72c4ba3900b552b1748c], 
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HulkokcosLib.EtarUnofme, , [c011158ea7e4ff37f54c356fe1217e82], 
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HulkokcosLib.EtarUnofme.1, , [ab263f64315a45f148f93074d13122de], 
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HulkokcosLib.KuizIpucleb, , [ae23eab9404bf64048f99c089a6819e7], 
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HulkokcosLib.KuizIpucleb.1, , [15bce8bbb1da4cea68d91391bf43956b], 
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HulkokcosLib.ManIamozzarm, , [4d845251c6c5cf67dd647f255ba73ac6], 
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HulkokcosLib.ManIamozzarm.1, , [3b960a990289ff375be6762e887a9868], 
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HulkokcosLib.MujoVhvuciva, , [f9d8fba894f71a1c023f01a3e1219f61], 
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HulkokcosLib.MujoVhvuciva.1, , [2fa2584b167503332819e2c254ae53ad], 
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HulkokcosLib.PilkDiseue, , [1db4d8cb1c6f181e251c5f4543bfed13], 
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HulkokcosLib.PilkDiseue.1, , [10c1099aec9f47eff74af0b47f8302fe], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6, , [c30e1390454652e4d8fa4e564fb39967], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8, , [21b0b9ea315ad066795ad2d2b2509d63], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74, , [4f829c0774171e18c60e6f35f30f629e], 
PUP.Optional.SimpleMediaPlayer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Simple Video Player.exe, , [4b86e6bd5437a294c88ceefef11255ab], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{8271AD89-8860-4D49-88E1-66A8F1C68C4D}, , [b21f52511477a09684999ae2d52eb34d], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{8271AD89-8860-4D49-88E1-66A8F1C68C4D}, , [21b0049fb0dbcd692feeacd0966dd030], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{8271AD89-8860-4D49-88E1-66A8F1C68C4D}, , [8b46aff46a2154e2110c126a8d762bd5], 
PUP.Optional.ConsumerInput, HKU\S-1-5-21-2133040787-3344251579-4125002376-1019\SOFTWARE\ConsumerInput, , [7b56aff409821422193fa3e5bb4803fd], 
PUP.Optional.ConsumerInput, HKU\S-1-5-21-2133040787-3344251579-4125002376-1019\SOFTWARE\APPDATALOW\SOFTWARE\Compete, , [cc05891a0e7d2f0729767488c93a7a86], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-21-2133040787-3344251579-4125002376-1019\SOFTWARE\{8271AD89-8860-4D49-88E1-66A8F1C68C4D}, , [ba170f9455367fb742dbe09c748fd42c], 
PUP.Optional.ConsumerInput, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\ConsumerInput, , [8c45445f2b6049edea6ea9df5ca7b34d], 
PUP.Optional.DeskBar, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\DeskBar, , [9f321f843a51ca6c10ab5c69768d857b], 
PUP.Optional.Tuto4PC, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\TutoTag, , [824fcbd8187396a0cf576f4a887b20e0], 
PUP.Optional.MultiIE, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [ae23fba84d3e21151de7792ade25da26], 
PUP.Optional.SmartWeb, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\APPDATALOW\SOFTWARE\SmartWeb, , [7e5302a18b0046f08daa8f714eb620e0], 
PUP.Optional.OutBrowse, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\OB, , [0ec33d665c2fb0860341f9adbe45d22e], 
PUP.Optional.Tuto4PC, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\TUTORIALS\updatetutorialeshp, , [ddf4ecb7e6a52412ab78b8016a9931cf], 
PUP.Optional.Tuto4PC, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\TUTORIALS\updatetutorialshp, , [08c9f8ab850647ef28fc36832fd4e21e], 
PUP.Optional.Tuto4PC, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\TUTORIALS\updv, , [8a479a093358f3439e873f7a9b687e82], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\{8271AD89-8860-4D49-88E1-66A8F1C68C4D}, , [8a472281434840f61508502ca65d4eb2], 
 
Registry Values: 12
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{8271AD89-8860-4D49-88E1-66A8F1C68C4D}|Name, C:\Program Files\shopperz071220151935\Raabbi.exe, , [b21f52511477a09684999ae2d52eb34d]
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{8271AD89-8860-4D49-88E1-66A8F1C68C4D}|Name, C:\Program Files\shopperz071220151935\Raabbi.exe, , [21b0049fb0dbcd692feeacd0966dd030]
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{8271AD89-8860-4D49-88E1-66A8F1C68C4D}|Name, C:\Program Files\shopperz071220151935\Raabbi.exe, , [8b46aff46a2154e2110c126a8d762bd5]
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-21-2133040787-3344251579-4125002376-1019\SOFTWARE\{8271AD89-8860-4D49-88E1-66A8F1C68C4D}|Name, C:\Program Files\shopperz071220151935\Raabbi.exe, , [ba170f9455367fb742dbe09c748fd42c]
PUP.Optional.DeskBar, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DeskBar.exe, 8888, , [c40d1b88d8b3ed493a1a19e87c8858a8]
PUP.Optional.Goobzo, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchModule, C:\Users\Rachel\AppData\Local\SearchModule\dblaunch.exe, , [4d84148f2c5f74c274c1e21650b331cf]
PUP.Optional.OutBrowse, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\OB|monitype20, 12/7/15 16:11:59, , [0ec33d665c2fb0860341f9adbe45d22e]
PUP.Optional.OutBrowse, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\OB|monitype24, 12/7/15 16:11:59, , [7958396a8dfe68ce162e079fa55e9769]
PUP.Optional.OutBrowse, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\OB|monitype27, 12/7/15 16:11:59, , [79589d0699f2999d9ca8e6c0cb38966a]
PUP.Optional.OutBrowse, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\OB|monitype41, 12/7/15 16:11:59, , [02cf9b081a71c175ad97f3b3fd0629d7]
PUP.Optional.OutBrowse, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\OB|monitype42, 12/7/15 16:11:59, , [7b56871cf497bb7b3b09d3d3ff046997]
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-21-2133040787-3344251579-4125002376-1021\SOFTWARE\{8271AD89-8860-4D49-88E1-66A8F1C68C4D}|Name, C:\Program Files\shopperz071220151935\Raabbi.exe, , [8a472281434840f61508502ca65d4eb2]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 17
PUP.Optional.VBates, C:\Users\Rachel\AppData\LocalLow\Company\Product\1.0, , [f4ddd4cf612a5adc30f03595669d827e], 
PUP.Optional.VBates, C:\Users\Rachel\AppData\LocalLow\Company\Product, , [f4ddd4cf612a5adc30f03595669d827e], 
PUP.Optional.VBates, C:\Users\Rowan\AppData\LocalLow\Company\Product\1.0, , [39980f9462295ed8ae72a7238380867a], 
PUP.Optional.VBates, C:\Users\Rowan\AppData\LocalLow\Company\Product, , [39980f9462295ed8ae72a7238380867a], 
PUP.Optional.SimpleMediaPlayer, C:\Program Files (x86)\Simple Media Player, , [29a82380e6a52511b2a158949f6456aa], 
PUP.Optional.GamesDesktop, C:\Users\Rachel\AppData\Local\gmsd_us_005010169, , [5978f7acccbf8bab02aea2e5fc0620e0], 
PUP.Optional.GamesDesktop, C:\Users\Rachel\AppData\Local\gmsd_us_005010169\gmsd_us_005010169, , [5978f7acccbf8bab02aea2e5fc0620e0], 
PUP.Optional.GamesDesktop, C:\Users\Rachel\AppData\Local\gmsd_us_005010169\gmsd_us_005010169\1.20, , [5978f7acccbf8bab02aea2e5fc0620e0], 
PUP.Optional.GamesDesktop, C:\Users\Rowan\AppData\Local\gmsd_us_005010169, , [f9d83b6817743006e7c93750d032b34d], 
PUP.Optional.GamesDesktop, C:\Users\Rowan\AppData\Local\gmsd_us_005010169\gmsd_us_005010169, , [f9d83b6817743006e7c93750d032b34d], 
PUP.Optional.GamesDesktop, C:\Users\Rowan\AppData\Local\gmsd_us_005010169\gmsd_us_005010169\1.20, , [f9d83b6817743006e7c93750d032b34d], 
PUP.Optional.SimpleMediaPlayer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player, , [4b86b0f30982b87edc064162f012758b], 
PUP.Optional.SimpleMediaPlayer, C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Media Player, , [e9e8851edbb050e6f4eed4cff70b639d], 
Adware.LaSuperba, C:\uninst, , [c809515229622b0bbd8307a2739131cf], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser\Component, , [8a47535090fb1620c83a2d781fe57d83], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser, , [8a47535090fb1620c83a2d781fe57d83], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser\{ACD4922F-8530-27D0-A7C1-76A7895BE21E}, , [8a47535090fb1620c83a2d781fe57d83], 
 
Files: 46
Trojan.FilePatch.DNSApi, C:\Windows\System32\dnsapi.dll, , , 
Adware.PennyBee, C:\Users\Rachel\AppData\Roaming\AnarsaSabciv\Iogaay.exe, , [765b51522e5dfa3cfcd061571de46f91], 
PUP.Optional.Komodia.WnskRST, C:\Windows\System32\Hulkokcos64.dll, , [577aacf75b306dc9a5d81785be43669a], 
PUP.Optional.TaskRNDM, C:\Windows\SysWOW64\bs1.exe, , [339e5b482b6041f56507c48f629f659b], 
PUP.Optional.Komodia.WnskRST, C:\Windows\SysWOW64\Hulkokcos.dll, , [0fc2e3c0f19a2f07182bddbf10f107f9], 
PUP.Optional.TaskRNDM, C:\Windows\SysWOW64\Mint.exe, , [daf76043494250e638331142d62b837d], 
Trojan.FakeAlert, C:\Windows\SysWOW64\MyTrayApp.exe, , [943d188ba2e956e040208d21ba476898], 
PUP.Optional.TaskRNDM, C:\Windows\SysWOW64\Wimboldon.exe, , [f4dd7e2533583501df8c86cd6998b54b], 
PUP.Optional.InstallCore, C:\Users\Rowan\FLRegKey_On_HAX.exe, , [9140c2e12d5e40f63d6a4dfecd34629e], 
PUP.Optional.CrossRider, C:\Users\Rachel\AppData\Local\Pool Browser\{ACD4922F-8530-27D0-A7C1-76A7895BE21E}\PoolBrowser.dll, , [a829c3e00a813303464a40320202b44c], 
PUP.Optional.CrossRider, C:\Users\Rachel\AppData\Local\Pool Browser\{ACD4922F-8530-27D0-A7C1-76A7895BE21E}\tygllzpm.dll, , [00d1faa97f0c13232b8d80f3877de61a], 
PUP.Optional.CrossRider, C:\Users\Rachel\AppData\Local\Pool Browser\{ACD4922F-8530-27D0-A7C1-76A7895BE21E}\{1C38B0A9-D370-D829-3D94-0A46DED49915}.dll, , [7f521f844e3d4de95d339ed405ffc63a], 
PUP.Optional.CrossRider, C:\Windows\System32\Tasks\Pool Browser, , [f6dbabf81873e056eb4f663e52b0a858], 
PUP.Optional.Komodia.WnskRST, C:\Windows\System32\HulkokcosOff.ini, , [9a37ebb8523993a36dd58f1541c19f61], 
PUP.Optional.Komodia.WnskRST, C:\Windows\SysWOW64\Hulkokcos.ini, , [ffd2188babe082b4033f881c24de3dc3], 
PUP.Optional.Komodia.WnskRST, C:\Windows\SysWOW64\HulkokcosOff.ini, , [b120a7fcf09b132358ea485cae54c23e], 
Trojan.Agent, C:\Windows\SysWOW64\winupd.exe, , [cc05643fe8a3b0861b4fcc2b3dc527d9], 
PUP.Optional.VBates, C:\Users\Rachel\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, , [f4ddd4cf612a5adc30f03595669d827e], 
PUP.Optional.VBates, C:\Users\Rachel\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, , [f4ddd4cf612a5adc30f03595669d827e], 
PUP.Optional.VBates, C:\Users\Rowan\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, , [39980f9462295ed8ae72a7238380867a], 
PUP.Optional.VBates, C:\Users\Rowan\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, , [39980f9462295ed8ae72a7238380867a], 
PUP.Optional.SimpleMediaPlayer, C:\Users\admin\Desktop\Simple Media Player.lnk, , [60719013deadf93d2032cb21dd26a060], 
PUP.Optional.SimpleMediaPlayer, C:\Users\Kai\Desktop\Simple Media Player.lnk, , [a9289d06b1da5fd7de747c7014ef08f8], 
PUP.Optional.SimpleMediaPlayer, C:\Users\Mcx1-ASUS-LAPTOP\Desktop\Simple Media Player.lnk, , [3998366d028944f2a2b0f0fc25de23dd], 
PUP.Optional.SimpleMediaPlayer, C:\Users\Rachel\Desktop\Simple Media Player.lnk, , [51807033cac148eebc96aa426f94a060], 
PUP.Optional.SimpleMediaPlayer, C:\Program Files (x86)\Simple Media Player\Simple Media Player.url, , [29a82380e6a52511b2a158949f6456aa], 
PUP.Optional.SimpleMediaPlayer, C:\Program Files (x86)\Simple Media Player\Simple Video Player.exe, , [29a82380e6a52511b2a158949f6456aa], 
PUP.Optional.SimpleMediaPlayer, C:\Program Files (x86)\Simple Media Player\uninst.exe, , [29a82380e6a52511b2a158949f6456aa], 
PUP.Optional.GamesDesktop, C:\Users\Rachel\AppData\Local\gmsd_us_005010169\upgmsd_us_005010169.cyl, , [5978f7acccbf8bab02aea2e5fc0620e0], 
PUP.Optional.GamesDesktop, C:\Users\Rachel\AppData\Local\gmsd_us_005010169\upgmsd_us_005010169.exe, , [5978f7acccbf8bab02aea2e5fc0620e0], 
PUP.Optional.GamesDesktop, C:\Users\Rachel\AppData\Local\gmsd_us_005010169\gmsd_us_005010169\1.20\cnf.cyl, , [5978f7acccbf8bab02aea2e5fc0620e0], 
PUP.Optional.GamesDesktop, C:\Users\Rowan\AppData\Local\gmsd_us_005010169\gmsd_us_005010169\1.20\cnf.cyl, , [f9d83b6817743006e7c93750d032b34d], 
PUP.Optional.SimpleMediaPlayer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player\Simple Media Player.lnk, , [4b86b0f30982b87edc064162f012758b], 
PUP.Optional.SimpleMediaPlayer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player\Uninstall.lnk, , [4b86b0f30982b87edc064162f012758b], 
PUP.Optional.SimpleMediaPlayer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player\Website.lnk, , [4b86b0f30982b87edc064162f012758b], 
Adware.LaSuperba, C:\uninst\uninstall.html, , [c809515229622b0bbd8307a2739131cf], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser\Component\config.json, , [8a47535090fb1620c83a2d781fe57d83], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser\Component\hello.js, , [8a47535090fb1620c83a2d781fe57d83], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser\Component\manifest.json, , [8a47535090fb1620c83a2d781fe57d83], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser\Component\scriptTagContext.js, , [8a47535090fb1620c83a2d781fe57d83], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser\Component\tmp_bg.js, , [8a47535090fb1620c83a2d781fe57d83], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser\Component\uconfig.json, , [8a47535090fb1620c83a2d781fe57d83], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser\{ACD4922F-8530-27D0-A7C1-76A7895BE21E}\c.dat, , [8a47535090fb1620c83a2d781fe57d83], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser\{ACD4922F-8530-27D0-A7C1-76A7895BE21E}\f.dat, , [8a47535090fb1620c83a2d781fe57d83], 
PUP.Optional.CrossAd.Gen, C:\Users\Rachel\AppData\Local\Pool Browser\{ACD4922F-8530-27D0-A7C1-76A7895BE21E}\{CA4937CA-AC2E-96CC-C2F8-991E1C9E3AAA}.dat, , [8a47535090fb1620c83a2d781fe57d83], 
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\phfo\bixb\sew.dat, , [5c75049f6c1f78beaa5104a0956f04fc], 
PUP.Optional.TaskRNDM, C:\Windows\SysWOW64\sc.bat, , [923fa9faf39864d2f99ba9ff0400e31d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
And here's the Fixlog:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by admin (2015-12-11 12:28:45) Run:3
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & Mcx1-ASUS-LAPTOP & Rowan & Kai & Rachel & Classic .NET AppPool & www.leaningtreestudio.com & DefaultAppPool & ASP.NET v4.0)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\...\Run: [Windi] => C:\ProgramData\DataFile\Downloads\Windi.exe [288256 2015-12-02] ()
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
C:\ProgramData\DataFile\Downloads\Windi.exe
 
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2133040787-3344251579-4125002376-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windi => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\ProgramData\DataFile\Downloads\Windi.exe => moved successfully
EmptyTemp: => 23.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 12:29:14 ====
 


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 PM

Posted 12 December 2015 - 07:52 AM

I just want to make sure that you have removed everything that was found by the MBAM tool.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 Hypatia415

Hypatia415
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 12 December 2015 - 12:33 PM

Yep, everything the MBAM tool found is now in that giant bit bucket in the sky(removed).  I'll check out that link... and have my daughter read it.  It turned out she tried to get a free version of a music creation program, FL Studio.

 

Thank you for all your help!



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 PM

Posted 18 December 2015 - 11:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users