Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden.ADS


  • This topic is locked This topic is locked
21 replies to this topic

#1 HighwayHam

HighwayHam

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 24 December 2015 - 11:30 PM

Hi, I'm having some trouble, the Hidden.ADS virus is only being picked up by RogueKiller and none of my other antimalware software.

 

There was another recent post with this problem, but I'm not sure how it was fixed.



BC AdBot (Login to Remove)

 


#2 HighwayHam

HighwayHam
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 24 December 2015 - 11:35 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by Owner (administrator) on OWNER-PC (24-12-2015 23:32:48)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner &  (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe
() C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(eMPIA Technology, Inc.) C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Owner\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250280 2015-11-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-12-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [36864 2006-03-07] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-29] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Run: [TiVme Agent] => C:\Program Files (x86)\Diamond Video Capture\ScheduleAgent.exe [145408 2015-06-01] ()
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Run: [AVG-Secure-Search-Update_1015av] => C:\ProgramData\Avg_Update_1015av\AVG-Secure-Search-Update_1015av.exe /PROMPT /mid=f5218bcdd20547d0b8a0d16f13a10158-2b512d97dba5505d1ca1c98e993c4d7756c7a856 /RUNBY=AV /CMPID=1015av
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Run: [Discord] => C:\Users\Owner\AppData\Local\Discord\app-0.0.283\Discord.exe [51716784 2015-11-17] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1638230022-4117330738-313971243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TiVme Agent] => C:\Program Files (x86)\Diamond Video Capture\ScheduleAgent.exe [145408 2015-06-01] ()
HKU\S-1-5-21-1638230022-4117330738-313971243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1638230022-4117330738-313971243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_1015av] => C:\ProgramData\Avg_Update_1015av\AVG-Secure-Search-Update_1015av.exe /PROMPT /mid=f5218bcdd20547d0b8a0d16f13a10158-2b512d97dba5505d1ca1c98e993c4d7756c7a856 /RUNBY=AV /CMPID=1015av
HKU\S-1-5-21-1638230022-4117330738-313971243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Discord] => C:\Users\Owner\AppData\Local\Discord\app-0.0.283\Discord.exe [51716784 2015-11-17] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1638230022-4117330738-313971243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2015-11-09]
ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\emMon.lnk [2013-01-13]
ShortcutTarget: emMon.lnk -> C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe (eMPIA Technology, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2015-11-09]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-07-14]
ShortcutTarget: Curse.lnk -> C:\Users\Owner\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-11-22] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-02-20]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series.lnk [2015-12-24]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 series.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-03-24]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{11353924-4995-4F82-B171-E787DC888471}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{12FC887A-D868-44F3-B8C7-2C9B331365B7}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{75F3B1E8-3D92-4DB8-91D0-DBA723C69326}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{97BF1232-1697-4B65-9BBB-3FB8A37187D2}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9B1DA317-8E38-46C7-A825-A94DF37718F0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C2280D58-5663-4F94-BD2D-24B6DD3B9EAC}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1638230022-4117330738-313971243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1638230022-4117330738-313971243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aaehyo9l.default-1442775221153
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-05-08] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1638230022-4117330738-313971243-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1638230022-4117330738-313971243-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-05-08] (Pando Networks)
FF Plugin HKU\S-1-5-21-1638230022-4117330738-313971243-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin HKU\S-1-5-21-1638230022-4117330738-313971243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1638230022-4117330738-313971243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-05-08] (Pando Networks)
FF Plugin HKU\S-1-5-21-1638230022-4117330738-313971243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-11] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aaehyo9l.default-1442775221153\searchplugins\fallout-wiki-en.xml [2015-11-09]
FF Extension: MEGA - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aaehyo9l.default-1442775221153\Extensions\firefox@mega.co.nz.xpi [2015-12-22]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aaehyo9l.default-1442775221153\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-12-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-12-09] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-01] () [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1751096 2015-05-31] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6516280 2015-05-31] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KinectManagement; C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe [98816 2013-08-20] (Microsoft Corporation) [File not signed]
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-26] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-01-31] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-10] (Electronic Arts)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-06-20] ()
R2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [528512 2010-02-19] (Cisco Consumer Products LLC)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [445240 2015-05-12] ()
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250280 2015-11-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2012-08-03] () [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613688 2013-02-08] (Wacom Technology, Corp.)
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-02-13] (Ralink Technology Corp.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [309760 2011-06-30] (Advanced Micro Devices, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-09-05] (The OpenVPN Project)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [111616 2012-11-02] (UT)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-10-05] ()
S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [192512 2013-08-20] (Microsoft Corporation)
R3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows ® Win 7 DDK provider)
R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-24] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0007.sys [38432 2015-11-09] (SoftEther Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2015-01-13] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36608 2015-12-24] ()
S3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [44784 2015-05-05] (Shaul Eizikovich)
S2 AODDriver4.3; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-06 23:59 - 2013-09-04 07:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-24 23:31 - 2015-12-24 23:31 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64(1).exe
2015-12-24 23:12 - 2015-12-24 23:12 - 30257616 _____ (Adlice Software ) C:\Users\Owner\Downloads\setup(1).exe
2015-12-24 23:05 - 2015-12-24 23:05 - 00000208 _____ C:\Users\Owner\Desktop\Company of Heroes 2.url
2015-12-24 18:59 - 2015-12-24 18:59 - 00003022 _____ C:\Windows\System32\Tasks\MSIAfterburner
2015-12-24 18:28 - 2015-12-24 18:36 - 00231124 _____ C:\Windows\ntbtlog.txt
2015-12-24 18:28 - 2015-12-24 18:29 - 00397496 _____ C:\Windows\Minidump\122415-39593-01.dmp
2015-12-24 18:23 - 2015-12-24 18:23 - 00000080 _____ C:\Users\Owner\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-12-24 16:27 - 2015-12-24 16:27 - 00000208 _____ C:\Users\Owner\Desktop\METAL GEAR SOLID V THE PHANTOM PAIN.url
2015-12-23 18:44 - 2015-12-23 18:44 - 00002227 _____ C:\Users\Owner\Desktop\Kindle.lnk
2015-12-23 18:44 - 2015-12-23 18:44 - 00000000 ____D C:\Users\Owner\Documents\My Kindle Content
2015-12-23 18:44 - 2015-12-23 18:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-12-23 18:44 - 2015-12-23 18:44 - 00000000 ____D C:\Users\Owner\AppData\Local\Amazon
2015-12-23 18:39 - 2015-12-23 18:39 - 43325744 _____ (Amazon.com) C:\Users\Owner\Downloads\KindleForPC-installer-1.13.42052.exe
2015-12-20 17:21 - 2015-12-20 18:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-20 17:20 - 2015-12-20 18:35 - 00000000 ____D C:\Users\Owner\Downloads\mbar
2015-12-20 16:28 - 2015-12-20 16:28 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.09.3.1001.exe
2015-12-20 16:07 - 2015-12-24 18:59 - 00000000 ____D C:\ProgramData\MCShield
2015-12-20 16:07 - 2015-12-20 16:07 - 00001076 _____ C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
2015-12-20 16:07 - 2015-12-20 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-12-20 16:07 - 2015-12-20 16:07 - 00000000 ____D C:\Program Files (x86)\MCShield
2015-12-20 13:33 - 2015-12-23 23:28 - 00000175 _____ C:\Windows\wininit.ini
2015-12-19 15:32 - 2015-12-24 18:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-19 04:13 - 2015-12-19 04:16 - 00225426 _____ C:\TDSSKiller.3.1.0.9_19.12.2015_04.13.53_log.txt
2015-12-19 04:13 - 2015-12-19 04:13 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2015-12-19 03:48 - 2015-12-19 03:48 - 02856736 _____ (MyCity) C:\Users\Owner\Downloads\MCShield-Setup.exe
2015-12-19 03:28 - 2015-12-19 03:35 - 00095368 _____ C:\Users\Owner\Downloads\Addition.txt
2015-12-19 03:24 - 2015-12-24 23:32 - 00038943 _____ C:\Users\Owner\Downloads\FRST.txt
2015-12-19 03:24 - 2015-12-24 23:32 - 00000000 ____D C:\FRST
2015-12-19 03:23 - 2015-12-19 03:23 - 02370048 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2015-12-19 02:43 - 2015-12-24 23:13 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-12-19 02:43 - 2015-12-24 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-12-19 02:43 - 2015-12-24 23:13 - 00000000 ____D C:\Program Files\RogueKiller
2015-12-19 02:40 - 2015-12-19 02:40 - 30263336 _____ (Adlice Software ) C:\Users\Owner\Downloads\setup.exe
2015-12-19 01:14 - 2015-12-19 01:14 - 00407328 _____ C:\Windows\Minidump\121915-50091-01.dmp
2015-12-18 18:22 - 2015-12-18 18:22 - 14905795 _____ C:\Users\Owner\Downloads\BodySlide_Fo4_alpha_v0_3a.7z
2015-12-18 18:18 - 2015-12-18 18:18 - 00056899 _____ C:\Users\Owner\Downloads\Main file. Anime Moan.rar
2015-12-18 13:33 - 2015-12-18 13:33 - 00000509 _____ C:\Users\Owner\Downloads\FreeMove-3615-0-1.zip
2015-12-16 12:12 - 2015-12-16 12:12 - 00012964 _____ C:\Users\Owner\Downloads\doom2.zip
2015-12-16 12:12 - 2015-12-16 12:12 - 00000000 ____D C:\Users\Owner\Downloads\doom2
2015-12-16 12:07 - 2015-12-16 12:07 - 00003073 _____ C:\Users\Owner\Downloads\binaryhexidecimaloctal.zip
2015-12-16 12:07 - 2015-12-16 12:07 - 00000000 ____D C:\Users\Owner\Downloads\binaryhexidecimaloctal
2015-12-16 12:04 - 2015-12-16 12:04 - 00010575 _____ C:\Users\Owner\Downloads\nsmlhard.zip
2015-12-16 11:59 - 2015-12-16 11:59 - 00006105 _____ C:\Users\Owner\Downloads\abasecnv.zip
2015-12-16 11:01 - 2015-12-16 11:01 - 00001690 _____ C:\Users\Owner\Downloads\bdhcnvrt.zip
2015-12-16 11:01 - 2015-12-16 11:01 - 00000000 ____D C:\Users\Owner\Downloads\bdhcnvrt
2015-12-16 10:50 - 2015-12-16 10:50 - 00000000 ____D C:\Users\Owner\Documents\MyTiData
2015-12-16 10:31 - 2012-03-07 10:07 - 00128512 _____ (Texas Instruments) C:\Windows\system32\Drivers\tiehdusb.sys
2015-12-16 10:30 - 2015-12-16 10:30 - 00001019 _____ C:\Users\Public\Desktop\TI Connect.lnk
2015-12-16 10:30 - 2015-12-16 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
2015-12-16 10:30 - 2015-12-16 10:30 - 00000000 ____D C:\Program Files (x86)\TI Education
2015-12-16 10:25 - 2015-12-16 10:25 - 18089328 _____ C:\Users\Owner\Downloads\TI-Connect-4.0.0.218.exe
2015-12-14 00:12 - 2015-12-14 00:12 - 00000347 _____ C:\Users\Owner\Downloads\OCDecorator - No Experience Fix-4270-1-0.7z
2015-12-14 00:08 - 2015-12-14 00:08 - 00320361 _____ C:\Users\Owner\Downloads\Settler Renaming-2017-1-9.zip
2015-12-14 00:06 - 2015-12-14 00:06 - 00005148 _____ C:\Users\Owner\Downloads\OCDecorator - VER 0.32c-4270-0-32c.7z
2015-12-13 23:56 - 2015-12-13 23:57 - 26344507 _____ C:\Users\Owner\Downloads\Jacket of the commonwealth - EN-3571-1-15.rar
2015-12-13 23:56 - 2015-12-13 23:57 - 06336608 _____ (Black Tree Gaming ) C:\Users\Owner\Downloads\Nexus Mod Manager-0.61.3.exe
2015-12-13 18:30 - 2015-12-14 21:39 - 00000000 ____D C:\Users\Owner\Desktop\IGME110
2015-12-11 21:00 - 2015-12-11 21:00 - 00299824 _____ C:\Users\Owner\Downloads\HW9_Brandon_Guglielmo.zip
2015-12-11 20:58 - 2015-12-11 21:00 - 00000000 ____D C:\Users\Owner\Downloads\HW9_Brandon_Guglielmo
2015-12-11 20:58 - 2015-12-11 20:58 - 00000000 ____D C:\Users\Owner\Downloads\HW9_Brandon_Guglielmo (2)
2015-12-11 20:54 - 2015-12-11 20:54 - 00302236 _____ C:\Users\Owner\Downloads\HW9_Brandon_Guglielmo (2).zip
2015-12-10 17:28 - 2015-12-10 21:21 - 00000000 ____D C:\Users\Owner\Documents\Homework9
2015-12-10 16:10 - 2015-12-10 16:10 - 09300864 _____ C:\Users\Owner\Documents\Undertale trailer 2.mp4
2015-12-10 16:02 - 2015-12-10 16:02 - 09300864 _____ C:\Users\Owner\Documents\Undertale Trailer.mp4
2015-12-10 11:33 - 2015-12-10 11:33 - 00853983 _____ C:\Users\Owner\Downloads\Undertale - Annoying Dog Error Room.mp4
2015-12-09 19:52 - 2015-12-10 12:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\discord
2015-12-09 19:52 - 2015-12-09 19:52 - 00002160 _____ C:\Users\Owner\Desktop\Discord.lnk
2015-12-09 19:52 - 2015-12-09 19:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2015-12-09 19:51 - 2015-12-09 19:52 - 00000000 ____D C:\Users\Owner\AppData\Local\SquirrelTemp
2015-12-09 19:51 - 2015-12-09 19:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Discord
2015-12-09 19:51 - 2015-12-09 19:51 - 49419440 _____ (Hammer & Chisel, Inc.) C:\Users\Owner\Downloads\DiscordSetup.exe
2015-12-08 16:43 - 2015-12-08 16:43 - 00021419 _____ C:\Users\Owner\Downloads\Homework9.zip
2015-12-07 21:25 - 2015-12-07 21:25 - 00000932 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-12-07 21:25 - 2015-12-07 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-12-07 21:25 - 2015-12-07 21:25 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2015-12-07 21:24 - 2015-12-07 21:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Guild Wars 2
2015-12-07 21:23 - 2015-12-07 21:24 - 26068984 _____ (ArenaNet) C:\Users\Owner\Downloads\Gw2Setup.exe
2015-12-07 19:01 - 2015-12-07 19:01 - 00199439 _____ C:\Users\Owner\Downloads\f4se_0_01_03.7z
2015-12-07 19:01 - 2015-12-07 19:01 - 00000000 ____D C:\Users\Owner\Downloads\f4se_0_01_03
2015-12-06 02:16 - 2015-12-06 02:16 - 00000096 _____ C:\Users\Owner\Downloads\Create Settlement Bat-1050-1-0.rar
2015-12-06 02:16 - 2015-11-17 16:22 - 00000022 _____ C:\Users\Owner\Downloads\settle.txt
2015-12-06 02:07 - 2015-12-06 02:07 - 01925248 _____ C:\Users\Owner\Downloads\BhaalsBetterSorting1.3-2698-1-3.7z
2015-12-04 19:35 - 2015-12-04 19:36 - 06368552 _____ (Black Tree Gaming ) C:\Users\Owner\Downloads\Nexus Mod Manager-0.61.2.exe
2015-12-04 19:29 - 2015-12-04 19:31 - 63447871 _____ C:\Users\Owner\Downloads\Armorsmith Extended v1.71-2228-1-71.rar
2015-12-04 19:28 - 2015-12-04 19:29 - 07257501 _____ C:\Users\Owner\Downloads\Daisy Nukes - 6 options to craft - Booters-2678-1-2-5boot.7z
2015-12-04 19:26 - 2015-12-04 19:26 - 00003653 _____ C:\Users\Owner\Downloads\Wireguts-2755-2.rar
2015-12-03 19:16 - 2015-12-03 19:16 - 00000000 ____D C:\Users\Owner\Documents\SavedGames
2015-12-03 19:15 - 2015-12-22 19:55 - 00002315 _____ C:\Users\Owner\AppData\Roaming\SpeedRunnersLog.txt
2015-12-03 13:35 - 2015-12-03 14:18 - 07946839 _____ C:\Users\Owner\Documents\Nintendo Ignite Brandon Guglielmo.pptx
2015-12-03 12:36 - 2015-12-03 12:36 - 00563681 _____ C:\Users\Owner\Downloads\IgniteSample_Nintendo.pptx
2015-12-02 20:42 - 2015-12-02 20:42 - 00028231 _____ C:\Users\Owner\Downloads\pm&knuckles.zip
2015-11-29 20:13 - 2015-11-29 20:15 - 36270887 _____ C:\Users\Owner\Downloads\MSIAfterburnerSetup.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-24 23:23 - 2014-06-30 20:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-24 23:23 - 2012-08-30 11:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-24 23:14 - 2014-08-29 22:43 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-24 23:14 - 2012-08-01 12:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-24 22:33 - 2014-09-05 21:22 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2015-12-24 20:24 - 2012-08-01 19:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-24 19:05 - 2015-07-14 15:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Curse Client
2015-12-24 19:05 - 2009-07-13 23:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-24 19:05 - 2009-07-13 23:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-24 19:02 - 2015-11-20 15:46 - 00000000 ___RD C:\Users\Owner\Creative Cloud Files
2015-12-24 19:02 - 2014-08-16 10:02 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2015-12-24 19:00 - 2013-11-22 19:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
2015-12-24 18:57 - 2015-11-09 08:01 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2015-12-24 18:57 - 2012-09-07 17:24 - 00000000 ____D C:\Users\Owner\AppData\Local\TSVNCache
2015-12-24 18:57 - 2012-08-30 11:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-24 18:56 - 2015-10-29 07:02 - 00000542 _____ C:\Windows\Tasks\AVG_SYS_TASK_1015av.job
2015-12-24 18:56 - 2015-10-29 07:02 - 00000426 _____ C:\Windows\Tasks\AVG_SYS_TASK_1015av_DELETE.job
2015-12-24 18:56 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-24 18:55 - 2015-04-29 17:57 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-24 18:28 - 2013-01-12 15:39 - 790600064 _____ C:\Windows\MEMORY.DMP
2015-12-24 18:28 - 2013-01-12 15:39 - 00000000 ____D C:\Windows\Minidump
2015-12-24 18:28 - 2012-08-01 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-24 18:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-24 18:27 - 2015-08-14 19:57 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-12-24 18:27 - 2015-08-14 17:01 - 00000000 ____D C:\Program Files\Rockstar Games
2015-12-24 18:26 - 2013-04-19 14:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2015-12-24 13:06 - 2012-08-01 12:28 - 00000000 ____D C:\ProgramData\MFAData
2015-12-21 01:45 - 2015-07-25 14:12 - 00000000 ____D C:\Users\Owner\Downloads\Roms
2015-12-21 00:20 - 2015-11-06 19:04 - 00000000 ____D C:\Users\Owner\Downloads\UPRandomizer-163b
2015-12-20 17:20 - 2014-06-30 20:42 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-20 16:12 - 2009-07-14 00:13 - 00795620 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-20 16:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-20 13:33 - 2015-10-02 15:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2015-12-19 04:32 - 2012-08-01 11:04 - 00000000 ___RD C:\Users\Owner
2015-12-19 03:09 - 2014-08-29 22:40 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-19 01:21 - 2015-08-25 17:56 - 00000000 ____D C:\Users\Owner\Documents\Visual Studio 2013
2015-12-18 13:23 - 2014-07-10 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-12-18 13:23 - 2012-09-21 17:09 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2015-12-17 20:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-17 07:41 - 2009-07-13 23:45 - 00800352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-16 10:31 - 2012-08-01 12:05 - 00000000 ____D C:\Program Files\DIFX
2015-12-15 12:48 - 2015-11-04 19:08 - 00000936 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-12-15 12:48 - 2014-06-17 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-15 12:48 - 2012-08-01 12:30 - 00000000 ___HD C:\$AVG
2015-12-15 12:47 - 2014-11-21 15:20 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2015-12-14 20:56 - 2012-11-14 21:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Audacity
2015-12-14 20:30 - 2012-10-22 19:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Paint.NET
2015-12-13 23:36 - 2013-12-28 22:19 - 00000000 ____D C:\Users\Owner\AppData\Local\Oblivion
2015-12-10 17:28 - 2015-11-20 17:14 - 00000000 ____D C:\Users\Owner\Downloads\Homework8
2015-12-09 05:14 - 2012-08-01 12:32 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 05:14 - 2012-08-01 12:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 05:14 - 2012-08-01 12:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-06 23:16 - 2012-08-08 16:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2015-12-05 17:05 - 2013-04-02 17:13 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2015-12-04 19:35 - 2012-09-21 17:09 - 00000000 ____D C:\Users\Owner\Documents\Nexus Mod Manager
2015-12-03 14:13 - 2014-05-17 13:38 - 00000000 ____D C:\Users\Owner\Documents\FOMM
2015-12-02 04:18 - 2012-08-30 11:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 04:18 - 2012-08-30 11:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-29 20:28 - 2012-08-01 12:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2015-11-29 20:27 - 2015-11-20 15:43 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-11-29 20:27 - 2015-11-20 15:43 - 00001137 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-11-29 20:27 - 2012-08-01 12:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-29 20:14 - 2015-05-31 18:15 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-29 20:07 - 2014-07-24 09:48 - 00000000 ____D C:\ProgramData\AVG2014
2015-11-29 20:07 - 2012-08-30 12:00 - 00000000 ____D C:\Program Files\Google
2015-11-29 20:07 - 2012-08-30 11:59 - 00000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2015-12-03 19:15 - 2015-12-22 19:55 - 0002315 _____ () C:\Users\Owner\AppData\Roaming\SpeedRunnersLog.txt
2014-02-15 09:23 - 2014-02-15 09:26 - 0035328 ___SH () C:\Users\Owner\AppData\Roaming\Thumbs.db
2015-10-22 12:02 - 2015-10-29 15:29 - 0000600 _____ () C:\Users\Owner\AppData\Roaming\winscp.rnd
2015-11-20 16:51 - 2015-11-20 16:54 - 0001456 _____ () C:\Users\Owner\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-01-27 21:37 - 2013-01-27 21:37 - 0004608 ____R () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-30 18:55 - 2012-11-30 18:55 - 0027520 ____R () C:\Users\Owner\AppData\Local\dt.dat
2012-09-13 18:30 - 2012-09-13 18:30 - 0000093 ____R () C:\Users\Owner\AppData\Local\fusioncache.dat
2015-09-27 19:05 - 2015-10-26 17:06 - 0000600 _____ () C:\Users\Owner\AppData\Local\PUTTY.RND
2014-05-05 15:31 - 2014-05-05 15:31 - 0000861 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2015-11-01 16:19 - 2015-11-01 16:19 - 0000032 RSHOT () C:\Users\Owner\AppData\Local\t70rc.dat
2015-11-15 17:01 - 2015-11-15 17:01 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\13-9-legacy_vista_win7_32_dd_ccc_whql.exe
C:\Users\Owner\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\Owner\AppData\Local\Temp\aacenc3.exe
C:\Users\Owner\AppData\Local\Temp\ainst_e.exe
C:\Users\Owner\AppData\Local\Temp\ainst_f.exe
C:\Users\Owner\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Owner\AppData\Local\Temp\avg-7966803e-a641-4343-9951-916a5f0c9711.exe
C:\Users\Owner\AppData\Local\Temp\avguirn_08625894175.exe
C:\Users\Owner\AppData\Local\Temp\B77B.exe
C:\Users\Owner\AppData\Local\Temp\bcainst.exe
C:\Users\Owner\AppData\Local\Temp\bcsetup.exe
C:\Users\Owner\AppData\Local\Temp\burnsetup.exe
C:\Users\Owner\AppData\Local\Temp\DelB60C.exe
C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Owner\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Owner\AppData\Local\Temp\ffmpeg7.exe
C:\Users\Owner\AppData\Local\Temp\Gw2.exe
C:\Users\Owner\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\Owner\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.53.2.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.53.7.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.54.10.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.55.4.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.55.6.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.55.7.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.55.8.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.60.16.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.60.6.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.61.4.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.34.0.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.44.15.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.44.5.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.44.7.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.2.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.4.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.5.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.6.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.7.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.2.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.6.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.7.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.8.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.50.3.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.51.0.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.1.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.3.exe
C:\Users\Owner\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Owner\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Owner\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Owner\AppData\Local\Temp\nvStInst.exe
C:\Users\Owner\AppData\Local\Temp\old haloupdate.exe
C:\Users\Owner\AppData\Local\Temp\prismsetup.exe
C:\Users\Owner\AppData\Local\Temp\raptrpatch.exe
C:\Users\Owner\AppData\Local\Temp\readSTILog.dll
C:\Users\Owner\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Owner\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Owner\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Owner\AppData\Local\Temp\sfextra.dll
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Owner\AppData\Local\Temp\tbsetup.exe
C:\Users\Owner\AppData\Local\Temp\toolbarconduit.exe
C:\Users\Owner\AppData\Local\Temp\uninst.exe
C:\Users\Owner\AppData\Local\Temp\vpsetup.exe
C:\Users\Owner\AppData\Local\Temp\WMEncoder.exe
C:\Users\Owner\AppData\Local\Temp\wme_instagt.exe
C:\Users\Owner\AppData\Local\Temp\_is3CB2.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 01:54

==================== End of FRST.txt ============================



#3 HighwayHam

HighwayHam
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 25 December 2015 - 04:58 PM

Bumping because I'm seriously worried about this.

 

Also, please tell me if anything else seems out of the ordinary in that log and how to fix it.



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:28 AM

Posted 26 December 2015 - 09:11 AM

Hello DeviousDanish, welcome to Bleeping Computer's Malware Removal forum!
 
My name is Gerrit. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================

 

STEP 1
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 2

BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.

 

STEP 3
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • JRT.txt
  • AdwCleaner[C1].txt
  • MBAM Log
  • FRST.txt & Addition.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 HighwayHam

HighwayHam
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 26 December 2015 - 02:55 PM

Doesn't seem like anything else picked it up, could RogueKiller be giving me a false positive?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by Owner (Administrator) on Sat 12/26/2015 at 13:12:40.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Users\Owner\AppData\Roaming\3909 (Folder)
Successfully deleted: C:\Users\Owner\AppData\Roaming\speedrunnerslog.txt (File)
Successfully deleted: C:\Users\Owner\AppData\Roaming\system (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/26/2015 at 13:16:59.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

# AdwCleaner v5.026 - Logfile created 26/12/2015 at 13:31:30
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [773 bytes] ##########

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/26/2015
Scan Time: 1:41 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.26.04
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 491140
Time Elapsed: 1 hr, 3 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by Owner (administrator) on OWNER-PC (26-12-2015 14:49:34)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe
() C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hammer & Chisel, Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.283\Discord.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
(eMPIA Technology, Inc.) C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Hammer & Chisel, Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.283\Discord.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Hammer & Chisel, Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.283\Discord.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Farbar) C:\Users\Owner\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250280 2015-11-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-12-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [36864 2006-03-07] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-29] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Run: [TiVme Agent] => C:\Program Files (x86)\Diamond Video Capture\ScheduleAgent.exe [145408 2015-06-01] ()
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Run: [AVG-Secure-Search-Update_1015av] => C:\ProgramData\Avg_Update_1015av\AVG-Secure-Search-Update_1015av.exe /PROMPT /mid=f5218bcdd20547d0b8a0d16f13a10158-2b512d97dba5505d1ca1c98e993c4d7756c7a856 /RUNBY=AV /CMPID=1015av
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Run: [Discord] => C:\Users\Owner\AppData\Local\Discord\app-0.0.283\Discord.exe [51716784 2015-11-17] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2015-11-09]
ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\emMon.lnk [2013-01-13]
ShortcutTarget: emMon.lnk -> C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe (eMPIA Technology, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2015-11-09]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-07-14]
ShortcutTarget: Curse.lnk -> C:\Users\Owner\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-11-22] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-02-20]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series.lnk [2015-12-26]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 series.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-03-24]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{11353924-4995-4F82-B171-E787DC888471}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{12FC887A-D868-44F3-B8C7-2C9B331365B7}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{75F3B1E8-3D92-4DB8-91D0-DBA723C69326}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{97BF1232-1697-4B65-9BBB-3FB8A37187D2}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9B1DA317-8E38-46C7-A825-A94DF37718F0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C2280D58-5663-4F94-BD2D-24B6DD3B9EAC}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aaehyo9l.default-1442775221153
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-05-08] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1638230022-4117330738-313971243-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1638230022-4117330738-313971243-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-05-08] (Pando Networks)
FF Plugin HKU\S-1-5-21-1638230022-4117330738-313971243-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-11] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aaehyo9l.default-1442775221153\searchplugins\fallout-wiki-en.xml [2015-11-09]
FF Extension: MEGA - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aaehyo9l.default-1442775221153\Extensions\firefox@mega.co.nz.xpi [2015-12-22]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aaehyo9l.default-1442775221153\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-12-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-12-09] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-01] () [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1751096 2015-05-31] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6516280 2015-05-31] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KinectManagement; C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe [98816 2013-08-20] (Microsoft Corporation) [File not signed]
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-26] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-01-31] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-10] (Electronic Arts)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-06-20] ()
R2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [528512 2010-02-19] (Cisco Consumer Products LLC)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [445240 2015-05-12] ()
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250280 2015-11-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2012-08-03] () [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613688 2013-02-08] (Wacom Technology, Corp.)
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-02-13] (Ralink Technology Corp.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [309760 2011-06-30] (Advanced Micro Devices, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-09-05] (The OpenVPN Project)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [111616 2012-11-02] (UT)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-10-05] ()
S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [192512 2013-08-20] (Microsoft Corporation)
R3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows ® Win 7 DDK provider)
R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0007.sys [38432 2015-11-09] (SoftEther Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2015-01-13] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36608 2015-12-26] ()
S3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [44784 2015-05-05] (Shaul Eizikovich)
S2 AODDriver4.3; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-06 23:59 - 2013-09-04 07:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-11-06 23:59 - 2013-09-04 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-26 14:46 - 2015-12-26 14:46 - 00001058 _____ C:\Users\Owner\Desktop\MBAM.txt
2015-12-26 14:46 - 2015-12-26 14:46 - 00001058 _____ C:\MBAM.txt
2015-12-26 13:19 - 2015-12-26 13:19 - 01743360 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
2015-12-26 13:16 - 2015-12-26 13:31 - 00001595 _____ C:\Users\Owner\Desktop\JRT.txt
2015-12-26 13:12 - 2015-12-26 13:12 - 01599336 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe
2015-12-24 23:31 - 2015-12-24 23:31 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64(1).exe
2015-12-24 23:12 - 2015-12-24 23:12 - 30257616 _____ (Adlice Software ) C:\Users\Owner\Downloads\setup(1).exe
2015-12-24 23:05 - 2015-12-24 23:05 - 00000208 _____ C:\Users\Owner\Desktop\Company of Heroes 2.url
2015-12-24 18:59 - 2015-12-26 13:37 - 00003022 _____ C:\Windows\System32\Tasks\MSIAfterburner
2015-12-24 18:28 - 2015-12-24 18:36 - 00231124 _____ C:\Windows\ntbtlog.txt
2015-12-24 18:28 - 2015-12-24 18:29 - 00397496 _____ C:\Windows\Minidump\122415-39593-01.dmp
2015-12-24 18:23 - 2015-12-24 18:23 - 00000080 _____ C:\Users\Owner\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-12-24 16:27 - 2015-12-24 16:27 - 00000208 _____ C:\Users\Owner\Desktop\METAL GEAR SOLID V THE PHANTOM PAIN.url
2015-12-23 18:44 - 2015-12-23 18:44 - 00002227 _____ C:\Users\Owner\Desktop\Kindle.lnk
2015-12-23 18:44 - 2015-12-23 18:44 - 00000000 ____D C:\Users\Owner\Documents\My Kindle Content
2015-12-23 18:44 - 2015-12-23 18:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-12-23 18:44 - 2015-12-23 18:44 - 00000000 ____D C:\Users\Owner\AppData\Local\Amazon
2015-12-23 18:39 - 2015-12-23 18:39 - 43325744 _____ (Amazon.com) C:\Users\Owner\Downloads\KindleForPC-installer-1.13.42052.exe
2015-12-20 17:21 - 2015-12-20 18:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-20 17:20 - 2015-12-20 18:35 - 00000000 ____D C:\Users\Owner\Downloads\mbar
2015-12-20 16:28 - 2015-12-20 16:28 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.09.3.1001.exe
2015-12-20 16:07 - 2015-12-26 13:37 - 00000000 ____D C:\ProgramData\MCShield
2015-12-20 16:07 - 2015-12-20 16:07 - 00001076 _____ C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
2015-12-20 16:07 - 2015-12-20 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-12-20 16:07 - 2015-12-20 16:07 - 00000000 ____D C:\Program Files (x86)\MCShield
2015-12-19 15:32 - 2015-12-24 18:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-19 04:13 - 2015-12-19 04:16 - 00225426 _____ C:\TDSSKiller.3.1.0.9_19.12.2015_04.13.53_log.txt
2015-12-19 04:13 - 2015-12-19 04:13 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2015-12-19 03:48 - 2015-12-19 03:48 - 02856736 _____ (MyCity) C:\Users\Owner\Downloads\MCShield-Setup.exe
2015-12-19 03:28 - 2015-12-19 03:35 - 00095368 _____ C:\Users\Owner\Downloads\Addition.txt
2015-12-19 03:24 - 2015-12-26 14:50 - 00037039 _____ C:\Users\Owner\Downloads\FRST.txt
2015-12-19 03:24 - 2015-12-26 14:49 - 00000000 ____D C:\FRST
2015-12-19 03:23 - 2015-12-19 03:23 - 02370048 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2015-12-19 02:43 - 2015-12-24 23:13 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-12-19 02:43 - 2015-12-24 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-12-19 02:43 - 2015-12-24 23:13 - 00000000 ____D C:\Program Files\RogueKiller
2015-12-19 02:40 - 2015-12-19 02:40 - 30263336 _____ (Adlice Software ) C:\Users\Owner\Downloads\setup.exe
2015-12-19 01:14 - 2015-12-19 01:14 - 00407328 _____ C:\Windows\Minidump\121915-50091-01.dmp
2015-12-18 18:22 - 2015-12-18 18:22 - 14905795 _____ C:\Users\Owner\Downloads\BodySlide_Fo4_alpha_v0_3a.7z
2015-12-18 18:18 - 2015-12-18 18:18 - 00056899 _____ C:\Users\Owner\Downloads\Main file. Anime Moan.rar
2015-12-18 13:33 - 2015-12-18 13:33 - 00000509 _____ C:\Users\Owner\Downloads\FreeMove-3615-0-1.zip
2015-12-16 12:12 - 2015-12-16 12:12 - 00012964 _____ C:\Users\Owner\Downloads\doom2.zip
2015-12-16 12:12 - 2015-12-16 12:12 - 00000000 ____D C:\Users\Owner\Downloads\doom2
2015-12-16 12:07 - 2015-12-16 12:07 - 00003073 _____ C:\Users\Owner\Downloads\binaryhexidecimaloctal.zip
2015-12-16 12:07 - 2015-12-16 12:07 - 00000000 ____D C:\Users\Owner\Downloads\binaryhexidecimaloctal
2015-12-16 12:04 - 2015-12-16 12:04 - 00010575 _____ C:\Users\Owner\Downloads\nsmlhard.zip
2015-12-16 11:59 - 2015-12-16 11:59 - 00006105 _____ C:\Users\Owner\Downloads\abasecnv.zip
2015-12-16 11:01 - 2015-12-16 11:01 - 00001690 _____ C:\Users\Owner\Downloads\bdhcnvrt.zip
2015-12-16 11:01 - 2015-12-16 11:01 - 00000000 ____D C:\Users\Owner\Downloads\bdhcnvrt
2015-12-16 10:50 - 2015-12-16 10:50 - 00000000 ____D C:\Users\Owner\Documents\MyTiData
2015-12-16 10:31 - 2012-03-07 10:07 - 00128512 _____ (Texas Instruments) C:\Windows\system32\Drivers\tiehdusb.sys
2015-12-16 10:30 - 2015-12-16 10:30 - 00001019 _____ C:\Users\Public\Desktop\TI Connect.lnk
2015-12-16 10:30 - 2015-12-16 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
2015-12-16 10:30 - 2015-12-16 10:30 - 00000000 ____D C:\Program Files (x86)\TI Education
2015-12-16 10:25 - 2015-12-16 10:25 - 18089328 _____ C:\Users\Owner\Downloads\TI-Connect-4.0.0.218.exe
2015-12-14 00:12 - 2015-12-14 00:12 - 00000347 _____ C:\Users\Owner\Downloads\OCDecorator - No Experience Fix-4270-1-0.7z
2015-12-14 00:08 - 2015-12-14 00:08 - 00320361 _____ C:\Users\Owner\Downloads\Settler Renaming-2017-1-9.zip
2015-12-14 00:06 - 2015-12-14 00:06 - 00005148 _____ C:\Users\Owner\Downloads\OCDecorator - VER 0.32c-4270-0-32c.7z
2015-12-13 23:56 - 2015-12-13 23:57 - 26344507 _____ C:\Users\Owner\Downloads\Jacket of the commonwealth - EN-3571-1-15.rar
2015-12-13 23:56 - 2015-12-13 23:57 - 06336608 _____ (Black Tree Gaming ) C:\Users\Owner\Downloads\Nexus Mod Manager-0.61.3.exe
2015-12-13 18:30 - 2015-12-14 21:39 - 00000000 ____D C:\Users\Owner\Desktop\IGME110
2015-12-11 21:00 - 2015-12-11 21:00 - 00299824 _____ C:\Users\Owner\Downloads\HW9_Brandon_Guglielmo.zip
2015-12-11 20:58 - 2015-12-11 21:00 - 00000000 ____D C:\Users\Owner\Downloads\HW9_Brandon_Guglielmo
2015-12-11 20:58 - 2015-12-11 20:58 - 00000000 ____D C:\Users\Owner\Downloads\HW9_Brandon_Guglielmo (2)
2015-12-11 20:54 - 2015-12-11 20:54 - 00302236 _____ C:\Users\Owner\Downloads\HW9_Brandon_Guglielmo (2).zip
2015-12-10 17:28 - 2015-12-10 21:21 - 00000000 ____D C:\Users\Owner\Documents\Homework9
2015-12-10 16:10 - 2015-12-10 16:10 - 09300864 _____ C:\Users\Owner\Documents\Undertale trailer 2.mp4
2015-12-10 16:02 - 2015-12-10 16:02 - 09300864 _____ C:\Users\Owner\Documents\Undertale Trailer.mp4
2015-12-10 11:33 - 2015-12-10 11:33 - 00853983 _____ C:\Users\Owner\Downloads\Undertale - Annoying Dog Error Room.mp4
2015-12-09 19:52 - 2015-12-10 12:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\discord
2015-12-09 19:52 - 2015-12-09 19:52 - 00002160 _____ C:\Users\Owner\Desktop\Discord.lnk
2015-12-09 19:52 - 2015-12-09 19:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2015-12-09 19:51 - 2015-12-09 19:52 - 00000000 ____D C:\Users\Owner\AppData\Local\SquirrelTemp
2015-12-09 19:51 - 2015-12-09 19:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Discord
2015-12-09 19:51 - 2015-12-09 19:51 - 49419440 _____ (Hammer & Chisel, Inc.) C:\Users\Owner\Downloads\DiscordSetup.exe
2015-12-08 16:43 - 2015-12-08 16:43 - 00021419 _____ C:\Users\Owner\Downloads\Homework9.zip
2015-12-07 21:25 - 2015-12-07 21:25 - 00000932 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-12-07 21:25 - 2015-12-07 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-12-07 21:25 - 2015-12-07 21:25 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2015-12-07 21:24 - 2015-12-07 21:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Guild Wars 2
2015-12-07 21:23 - 2015-12-07 21:24 - 26068984 _____ (ArenaNet) C:\Users\Owner\Downloads\Gw2Setup.exe
2015-12-07 19:01 - 2015-12-07 19:01 - 00199439 _____ C:\Users\Owner\Downloads\f4se_0_01_03.7z
2015-12-07 19:01 - 2015-12-07 19:01 - 00000000 ____D C:\Users\Owner\Downloads\f4se_0_01_03
2015-12-06 02:16 - 2015-12-06 02:16 - 00000096 _____ C:\Users\Owner\Downloads\Create Settlement Bat-1050-1-0.rar
2015-12-06 02:16 - 2015-11-17 16:22 - 00000022 _____ C:\Users\Owner\Downloads\settle.txt
2015-12-06 02:07 - 2015-12-06 02:07 - 01925248 _____ C:\Users\Owner\Downloads\BhaalsBetterSorting1.3-2698-1-3.7z
2015-12-04 19:35 - 2015-12-04 19:36 - 06368552 _____ (Black Tree Gaming ) C:\Users\Owner\Downloads\Nexus Mod Manager-0.61.2.exe
2015-12-04 19:29 - 2015-12-04 19:31 - 63447871 _____ C:\Users\Owner\Downloads\Armorsmith Extended v1.71-2228-1-71.rar
2015-12-04 19:28 - 2015-12-04 19:29 - 07257501 _____ C:\Users\Owner\Downloads\Daisy Nukes - 6 options to craft - Booters-2678-1-2-5boot.7z
2015-12-04 19:26 - 2015-12-04 19:26 - 00003653 _____ C:\Users\Owner\Downloads\Wireguts-2755-2.rar
2015-12-03 19:16 - 2015-12-03 19:16 - 00000000 ____D C:\Users\Owner\Documents\SavedGames
2015-12-03 13:35 - 2015-12-03 14:18 - 07946839 _____ C:\Users\Owner\Documents\Nintendo Ignite Brandon Guglielmo.pptx
2015-12-03 12:36 - 2015-12-03 12:36 - 00563681 _____ C:\Users\Owner\Downloads\IgniteSample_Nintendo.pptx
2015-12-02 20:42 - 2015-12-02 20:42 - 00028231 _____ C:\Users\Owner\Downloads\pm&knuckles.zip
2015-11-29 20:13 - 2015-11-29 20:15 - 36270887 _____ C:\Users\Owner\Downloads\MSIAfterburnerSetup.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-26 14:49 - 2015-07-14 15:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Curse Client
2015-12-26 14:23 - 2012-08-30 11:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-26 14:14 - 2012-08-01 12:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-26 13:44 - 2009-07-13 23:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-26 13:44 - 2009-07-13 23:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-26 13:40 - 2015-11-20 15:46 - 00000000 ___RD C:\Users\Owner\Creative Cloud Files
2015-12-26 13:40 - 2014-08-16 10:02 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2015-12-26 13:38 - 2014-06-30 20:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-26 13:38 - 2013-11-22 19:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
2015-12-26 13:37 - 2012-08-30 11:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-26 13:36 - 2015-10-29 07:02 - 00000542 _____ C:\Windows\Tasks\AVG_SYS_TASK_1015av.job
2015-12-26 13:36 - 2015-10-29 07:02 - 00000426 _____ C:\Windows\Tasks\AVG_SYS_TASK_1015av_DELETE.job
2015-12-26 13:36 - 2012-09-07 17:24 - 00000000 ____D C:\Users\Owner\AppData\Local\TSVNCache
2015-12-26 13:35 - 2015-11-09 08:01 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2015-12-26 13:34 - 2015-04-29 17:57 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-26 13:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-26 13:31 - 2015-11-04 18:34 - 00000000 ____D C:\AdwCleaner
2015-12-26 13:18 - 2014-08-29 22:43 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-26 13:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-26 13:10 - 2012-08-01 12:28 - 00000000 ____D C:\ProgramData\MFAData
2015-12-25 19:50 - 2013-04-19 14:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2015-12-24 22:33 - 2014-09-05 21:22 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2015-12-24 20:24 - 2012-08-01 19:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-24 18:28 - 2013-01-12 15:39 - 790600064 _____ C:\Windows\MEMORY.DMP
2015-12-24 18:28 - 2013-01-12 15:39 - 00000000 ____D C:\Windows\Minidump
2015-12-24 18:28 - 2012-08-01 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-24 18:27 - 2015-08-14 19:57 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-12-24 18:27 - 2015-08-14 17:01 - 00000000 ____D C:\Program Files\Rockstar Games
2015-12-21 01:45 - 2015-07-25 14:12 - 00000000 ____D C:\Users\Owner\Downloads\Roms
2015-12-21 00:20 - 2015-11-06 19:04 - 00000000 ____D C:\Users\Owner\Downloads\UPRandomizer-163b
2015-12-20 17:20 - 2014-06-30 20:42 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-20 16:12 - 2009-07-14 00:13 - 00795620 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-20 16:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-20 13:33 - 2015-10-02 15:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2015-12-19 04:32 - 2012-08-01 11:04 - 00000000 ___RD C:\Users\Owner
2015-12-19 03:09 - 2014-08-29 22:40 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-19 01:21 - 2015-08-25 17:56 - 00000000 ____D C:\Users\Owner\Documents\Visual Studio 2013
2015-12-18 13:23 - 2014-07-10 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-12-18 13:23 - 2012-09-21 17:09 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2015-12-17 20:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-17 07:41 - 2009-07-13 23:45 - 00800352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-16 10:31 - 2012-08-01 12:05 - 00000000 ____D C:\Program Files\DIFX
2015-12-15 12:48 - 2015-11-04 19:08 - 00000936 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-12-15 12:48 - 2014-06-17 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-15 12:48 - 2012-08-01 12:30 - 00000000 ___HD C:\$AVG
2015-12-15 12:47 - 2014-11-21 15:20 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2015-12-14 20:56 - 2012-11-14 21:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Audacity
2015-12-14 20:30 - 2012-10-22 19:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Paint.NET
2015-12-13 23:36 - 2013-12-28 22:19 - 00000000 ____D C:\Users\Owner\AppData\Local\Oblivion
2015-12-10 17:28 - 2015-11-20 17:14 - 00000000 ____D C:\Users\Owner\Downloads\Homework8
2015-12-09 05:14 - 2012-08-01 12:32 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 05:14 - 2012-08-01 12:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 05:14 - 2012-08-01 12:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-06 23:16 - 2012-08-08 16:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2015-12-05 17:05 - 2013-04-02 17:13 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2015-12-04 19:35 - 2012-09-21 17:09 - 00000000 ____D C:\Users\Owner\Documents\Nexus Mod Manager
2015-12-03 14:13 - 2014-05-17 13:38 - 00000000 ____D C:\Users\Owner\Documents\FOMM
2015-12-02 04:18 - 2012-08-30 11:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 04:18 - 2012-08-30 11:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-29 20:28 - 2012-08-01 12:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2015-11-29 20:27 - 2015-11-20 15:43 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-11-29 20:27 - 2015-11-20 15:43 - 00001137 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-11-29 20:27 - 2012-08-01 12:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-29 20:14 - 2015-05-31 18:15 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-29 20:07 - 2014-07-24 09:48 - 00000000 ____D C:\ProgramData\AVG2014
2015-11-29 20:07 - 2012-08-30 12:00 - 00000000 ____D C:\Program Files\Google
2015-11-29 20:07 - 2012-08-30 11:59 - 00000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2014-02-15 09:23 - 2014-02-15 09:26 - 0035328 ___SH () C:\Users\Owner\AppData\Roaming\Thumbs.db
2015-10-22 12:02 - 2015-10-29 15:29 - 0000600 _____ () C:\Users\Owner\AppData\Roaming\winscp.rnd
2015-11-20 16:51 - 2015-11-20 16:54 - 0001456 _____ () C:\Users\Owner\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-01-27 21:37 - 2013-01-27 21:37 - 0004608 ____R () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-30 18:55 - 2012-11-30 18:55 - 0027520 ____R () C:\Users\Owner\AppData\Local\dt.dat
2012-09-13 18:30 - 2012-09-13 18:30 - 0000093 ____R () C:\Users\Owner\AppData\Local\fusioncache.dat
2015-09-27 19:05 - 2015-10-26 17:06 - 0000600 _____ () C:\Users\Owner\AppData\Local\PUTTY.RND
2014-05-05 15:31 - 2014-05-05 15:31 - 0000861 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2015-11-01 16:19 - 2015-11-01 16:19 - 0000032 RSHOT () C:\Users\Owner\AppData\Local\t70rc.dat
2015-11-15 17:01 - 2015-11-15 17:01 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\13-9-legacy_vista_win7_32_dd_ccc_whql.exe
C:\Users\Owner\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\Owner\AppData\Local\Temp\aacenc3.exe
C:\Users\Owner\AppData\Local\Temp\ainst_e.exe
C:\Users\Owner\AppData\Local\Temp\ainst_f.exe
C:\Users\Owner\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Owner\AppData\Local\Temp\avg-7966803e-a641-4343-9951-916a5f0c9711.exe
C:\Users\Owner\AppData\Local\Temp\avguirn_08625894175.exe
C:\Users\Owner\AppData\Local\Temp\B77B.exe
C:\Users\Owner\AppData\Local\Temp\bcainst.exe
C:\Users\Owner\AppData\Local\Temp\bcsetup.exe
C:\Users\Owner\AppData\Local\Temp\burnsetup.exe
C:\Users\Owner\AppData\Local\Temp\DelB60C.exe
C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Owner\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Owner\AppData\Local\Temp\ffmpeg7.exe
C:\Users\Owner\AppData\Local\Temp\Gw2.exe
C:\Users\Owner\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\Owner\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.53.2.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.53.7.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.54.10.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.55.4.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.55.6.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.55.7.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.55.8.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.60.16.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.60.6.exe
C:\Users\Owner\AppData\Local\Temp\Nexus Mod Manager-0.61.4.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.34.0.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.44.15.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.44.5.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.44.7.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.2.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.4.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.5.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.6.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.7.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.2.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.6.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.7.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.8.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.50.3.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.51.0.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.1.exe
C:\Users\Owner\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.3.exe
C:\Users\Owner\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Owner\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Owner\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Owner\AppData\Local\Temp\nvStInst.exe
C:\Users\Owner\AppData\Local\Temp\old haloupdate.exe
C:\Users\Owner\AppData\Local\Temp\prismsetup.exe
C:\Users\Owner\AppData\Local\Temp\raptrpatch.exe
C:\Users\Owner\AppData\Local\Temp\readSTILog.dll
C:\Users\Owner\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Owner\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Owner\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Owner\AppData\Local\Temp\sfextra.dll
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Owner\AppData\Local\Temp\tbsetup.exe
C:\Users\Owner\AppData\Local\Temp\toolbarconduit.exe
C:\Users\Owner\AppData\Local\Temp\uninst.exe
C:\Users\Owner\AppData\Local\Temp\vpsetup.exe
C:\Users\Owner\AppData\Local\Temp\WMEncoder.exe
C:\Users\Owner\AppData\Local\Temp\wme_instagt.exe
C:\Users\Owner\AppData\Local\Temp\_is3CB2.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 01:54

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by Owner (2015-12-26 14:50:38)
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-01 16:04:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1638230022-4117330738-313971243-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1638230022-4117330738-313971243-1006 - Limited - Enabled)
Guest (S-1-5-21-1638230022-4117330738-313971243-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1638230022-4117330738-313971243-1002 - Limited - Enabled)
Owner (S-1-5-21-1638230022-4117330738-313971243-1001 - Administrator - Enabled) => C:\Users\Owner
SQLDebugger (S-1-5-21-1638230022-4117330738-313971243-1008 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ableton Live 8 (HKLM-x32\...\{4941E15C-3C68-4FB7-B5A4-5061B92E9166}) (Version: 8.0.0.0 - Ableton)
Action Replay PowerSaves 3DS version 1.29 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.29 - Datel Design & Development)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Amazon Kindle) (Version: 1.13.1.42052 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anime Studio Debut 8.2 (HKLM-x32\...\ASD820_is1) (Version: 8.2 - Smith Micro Software, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
Autodesk SketchBook Express 2011 sp2 (HKLM-x32\...\{EB87378B-E64A-4D27-8AB6-0786BAB3AC84}) (Version: 5.20.0000 - Autodesk)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.244.0 - AVAST Software)
AVG (Version: 16.12.7303 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4489 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.12.7303 - AVG Technologies)
Axure RP Pro 7.0 (HKLM-x32\...\Axure RP Pro 7.0) (Version: 7.0.0.3189 - Axure Software Solutions, Inc.)
Axure RP Pro 7.0 (x32 Version: 7.0.0.3189 - Axure Software Solutions, Inc.) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.63-release - Blender Foundation)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.1 - BlueJ Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Cisco Valet Connector (HKLM-x32\...\Cisco Valet Connector) (Version: 1.1.10049.0 - Cisco Consumer Products LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Color Efex Pro 4 (HKLM-x32\...\Color Efex Pro 4) (Version: 4.0.0.2 - Nik Software, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
DayZ Commander (HKLM-x32\...\{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}) (Version: 0.92.79 - Dotjosh Studios)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
Diamond Video Capture GC1000 driver (HKLM-x32\...\TVFujDrv) (Version:  - )
Discord (HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Discord) (Version: 0.0.283 - Hammer & Chisel, Inc.)
DiskAid 6.4.8.0 (HKLM\...\DiskAid_is1) (Version: 6.4.8.0 - DigiDNA)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
DMCap (HKLM-x32\...\DMCap_is1) (Version:  - )
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dragon Age Toolset (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.01 - Electronic Arts, Inc.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EaseUS Data Recovery Wizard 7.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.5_is1) (Version:  - EaseUS)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
FFsplit version 0.7 (HKLM-x32\...\{82458834-6226-4A34-AE96-6907354F9F36}_is1) (Version: 0.7 - FFsplit Team)
FlashDevelop 4.4.3 (HKLM-x32\...\FlashDevelop) (Version: 4.4.3-RTM - FlashDevelop.org)
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
FOMM version 0.14 (HKLM-x32\...\{072C2AEF-16B2-46B7-BA7F-D0CAA7B4F89F}_is1) (Version: 0.14 - Prideslayer)
Free MP3 WMA OGG Converter 8.9.5 (HKLM-x32\...\Free MP3 WMA OGG Converter_is1) (Version:  - CyberPower Tech, Inc.)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Garry's Mod 13 Beta (HKLM-x32\...\Steam App 4010) (Version:  - TEAM GARRY)
GCFScape 1.8.4 (HKLM\...\GCFScape_is1) (Version:  - Ryan Gregg)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
GraphicsGale FreeEdition version 2.03.19 (HKLM-x32\...\GraphicsGale FreeEdition_is1) (Version:  - HUMANBALANCE Ltd.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
HexChat (HKLM-x32\...\HexChat_is1) (Version: 2.10.2 - HexChat)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
join.me (HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
Kinect for Windows Drivers v1.8 (HKLM\...\{AA62B868-5D5C-46CF-BA88-386BE71D4F87}) (Version: 1.8.0.595 - Microsoft Corporation)
KinoniDrivers 2.8.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.8.1 - Kinoni)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 3.10.3 - )
LOOT (HKLM-x32\...\LOOT) (Version: 0.7.1 - LOOT Development Team)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Halo Custom Edition (HKLM-x32\...\Halo CE) (Version:  - )
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio .NET Professional 2003 - English (HKLM-x32\...\Visual Studio .NET Professional 2003 - English) (Version:  - Microsoft)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{cd09eea6-d0b3-4246-bb80-e047ceadf61f}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version:  - GameTuts)
MonoGame SDK (HKLM-x32\...\MonoGame) (Version: 3.4.0.456 - The MonoGame Team)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2.5833 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MultiBit 0.5.17 (HKLM-x32\...\MultiBit 0.5.17) (Version: 0.5.17 - )
NCH Toolbar (HKLM-x32\...\NCH Toolbar) (Version: 6.10.2.5 - NCH)
NCH Toolbox (HKLM-x32\...\ToolBox) (Version:  - NCH Software)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10500 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10100.1.100 - Nero AG)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PCGen60401 (HKLM-x32\...\PCGen60401) (Version:  - )
Play withSIX (HKLM-x32\...\{D7F3EEAD-183C-47DE-BDC5-593539573F97}) (Version: 1.30.0484 - SIX Networks)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.7 - Portforward, LLC)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Prism Video File Converter (HKLM-x32\...\Prism) (Version:  - NCH Software)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 2.7 (HKLM-x32\...\{20c31435-2a0a-4580-be8b-ac06fc243ca4}) (Version: 2.7.150 - Python Software Foundation)
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Qt 5.1.1 (HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\Qt 5.1.1) (Version: 5.1.1 - Digia Plc)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
RGSS-RTP Standard (HKLM-x32\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
Rivals of Aether (HKLM-x32\...\Steam App 383980) (Version:  - Dan Fornace)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
RPG Maker XP (HKLM-x32\...\RPG Maker XP_is1) (Version: 1.04 - Enterbrain)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
SimpleMU MUD Client (HKLM-x32\...\SimpleMU MUD Client) (Version: 4.2 - Kathleen MacMahon)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.19.9599 - SoftEther VPN Project)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Source SDK Base 2013 Dedicated Server (HKLM-x32\...\Steam App 244310) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.43148 - TeamViewer)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.4.0 - GOG.com)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
TortoiseSVN 1.7.9.23248 (64 bit) (HKLM\...\{5D762D74-E92F-4E95-9255-D85312617E4D}) (Version: 1.7.23248 - TortoiseSVN)
Twine 2.0.8 (remove only) (HKLM-x32\...\Twine2) (Version:  - )
Tyrian 2000 (HKLM-x32\...\1207658901_is1) (Version: 2.1.0.13 - GOG.com)
Ulead VideoStudio 10 (HKLM-x32\...\{E188D820-1218-4E28-8BCA-91134C3664C2}) (Version: 10.0 - Ulead Systems)
Undertale (HKLM-x32\...\Steam App 391540) (Version:  - tobyfox)
Unity (HKLM-x32\...\Unity) (Version: 4.6.0b20 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1638230022-4117330738-313971243-1001\...\UnityWebPlayer) (Version: 4.6.0b20 - Unity Technologies ApS)
Unreal Development Kit: 2014-05 (HKLM\...\UDK-143bde9a-d0b7-470b-9a21-f70ce190a1dd) (Version:  - Epic Games, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB TV Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vJoy Device Driver 0.2.0.5 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.0.5 - Shaul Eizikovich)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.5-3 - Wacom Technology Corp.)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Wii U USB GCN adapter version 3.2.1 (HKLM-x32\...\{B3898604-95BA-4EBA-A8D7-C4C2BDC2712A}_is1) (Version: 3.2.1 - Matt Cunningham)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Glulxe (HKLM-x32\...\WinGlulxe) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinSCP 5.7.5 (HKLM-x32\...\winscp3_is1) (Version: 5.7.5 - Martin Prikryl)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)
XviD Video Codec (remove only) (HKLM-x32\...\XviD Video Codec) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1638230022-4117330738-313971243-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1638230022-4117330738-313971243-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files (x86)\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1638230022-4117330738-313971243-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Restore Points =========================

24-12-2015 00:50:48 Scheduled Checkpoint
26-12-2015 13:12:41 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-11-08 17:30 - 00000861 ____A C:\Windows\system32\Drivers\etc\hosts

#74.208.105.171 gs.apple.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0774FE03-8B43-4038-8653-45D48C51D97D} - System32\Tasks\{60F09250-F6DF-4AD1-9A3B-F745880150D3} => pcalua.exe -a J:\data\DataSetup.exe -d J:\data
Task: {1A8DC9D2-56CB-41A4-9C5F-0D95E7C6614C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1D01924A-D60B-43E5-B981-AF29F9F2AFA8} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2015-05-12] (AVAST Software)
Task: {31ED0F22-B3A5-4202-BEDE-29A2978DF843} - System32\Tasks\AVG_SYS_TASK_1015av_DELETE => C:\ProgramData\Avg_Update_1015av\AVG-Secure-Search-Update_1015av.exe
Task: {4C17B4D0-0501-4EA0-8C3A-DF1D0EC9190A} - System32\Tasks\{995B8E4F-D33A-4347-AA4B-130E279119C8} => pcalua.exe -a "J:\data\Dragon Age_code.exe" -d J:\data
Task: {4E09164A-640F-41D8-96B8-E3DCA7319AAC} - System32\Tasks\{8B81CD9E-3C42-43CF-B87B-7DD69C98A0AA} => pcalua.exe -a C:\Users\Owner\Downloads\sawndz012.exe -c "I:\brawlmods\music\smashbros_sound.brsar"
Task: {6C1263CF-62C1-4891-83E6-1159B739818C} - System32\Tasks\AVG_SYS_TASK_1015av => C:\ProgramData\Avg_Update_1015av\AVG-Secure-Search-Update_1015av.exe
Task: {76D6D7FB-C889-4160-8895-FAF608DE6C4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {775E2F99-01D3-4B5F-890E-BD6F5EDC7756} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {7A930096-D981-46A7-9D5E-F31E49AE829C} - System32\Tasks\{1420EF28-5B2A-4405-A749-F7E4B5EE83F3} => E:\MegaMan2\bin\MegaMan2.exe
Task: {804EA072-9181-497B-89EC-30334A45F01D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8FF459EF-9115-4694-87AF-0D4EA33E99E2} - System32\Tasks\{CAAB7A69-443D-4B37-9BF8-E7FE4FB78BB6} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Flash Professional\Adobe CS3\Setup.exe" -d "C:\Program Files (x86)\Adobe\Flash Professional\Adobe CS3"
Task: {9530EA6B-909B-4CE5-B1ED-ED307F0C90DF} - System32\Tasks\{1C4B1E30-8A09-4326-BD61-B8F417D0BEBF} => pcalua.exe -a "C:\Users\Owner\Downloads\Installer Version - Recommended-10724.exe" -d C:\Users\Owner\Downloads
Task: {A5DD3D2A-07DD-4597-8911-35BDC2839057} - System32\Tasks\{D471CABF-5519-435F-8922-BD62A6AB1D29} => pcalua.exe -a D:\QuickInstall.exe -d D:\
Task: {AC17AACF-A232-4242-899A-DB351881EABC} - System32\Tasks\{15E81D6A-8D8B-4606-B599-A55D95643832} => pcalua.exe -a "C:\Users\Owner\Downloads\Tale Of Two Wastelands\Tale Of Two Wastelands Installer.exe" -d "C:\Users\Owner\Downloads\Tale Of Two Wastelands"
Task: {B2F305C3-5F3C-4AE0-9100-CB699186F29B} - System32\Tasks\{DE895683-46ED-4783-B2F6-CF53C906E344} => pcalua.exe -a C:\Users\Owner\Downloads\VirtualDub-1.9.11\auxsetup.exe -d C:\Users\Owner\Downloads\VirtualDub-1.9.11
Task: {C26D44EB-46B1-4EE8-97A0-EA49111C2B71} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {C7A8A767-8E8D-4637-A377-E4E0658D66D2} - System32\Tasks\{D03AE4F8-822A-4D18-92DD-9F7D491251EA} => pcalua.exe -a C:\Users\Owner\Downloads\RPGXP\RPGXP.exe -d C:\Users\Owner\Downloads\RPGXP
Task: {DF5690F4-449E-484C-869D-086A59BB9E07} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {E0DB7969-9C4B-44FF-9447-C09A37E5837B} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-12-06] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_1015av.job => C:\ProgramData\Avg_Update_1015av\AVG-Secure-Search-Update_1015av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_1015av_DELETE.job => C:\ProgramData\Avg_Update_1015av\AVG-Secure-Search-Update_1015av.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qt 5.1.1\5.1.1\MSVC 2012 (64-bit)\Qt 5.1.1 64-bit for Desktop (MSVC 2012).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /A /Q /K C:\Qt\Qt5.1.1\5.1.1\msvc2012_64\bin\qtenv2.bat

==================== Loaded Modules (Whitelisted) ==============

2015-04-29 17:57 - 2015-11-05 10:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-17 21:29 - 2014-04-17 21:29 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-26 10:34 - 2013-02-26 10:34 - 00525312 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
2015-06-20 15:40 - 2015-06-20 15:40 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-03 21:10 - 2012-04-24 05:43 - 00390632 ____R () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-11-09 15:42 - 2015-05-12 16:11 - 00445240 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2012-08-03 10:53 - 2012-08-03 10:53 - 00045056 _____ () C:\Windows\SysWOW64\UTSCSI.EXE
2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2012-08-30 18:57 - 2012-08-30 18:57 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-05-07 14:12 - 2013-02-08 13:37 - 01185080 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2012-11-29 21:06 - 2012-11-29 21:06 - 01263512 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-11-14 04:22 - 2015-11-14 04:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-01-23 08:06 - 2013-01-23 08:06 - 00147456 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll
2013-01-23 08:06 - 2013-01-23 08:06 - 03703808 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll
2013-01-23 08:06 - 2013-01-23 08:06 - 00224256 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll
2015-05-18 18:00 - 2015-10-11 22:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-09 19:52 - 2015-11-17 12:07 - 02397696 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.283\libdiscord.dll
2015-12-26 13:38 - 2015-12-26 13:38 - 00380416 _____ () C:\Users\Owner\AppData\Local\Temp\B00C.tmp
2015-12-09 19:52 - 2015-11-17 12:07 - 00049664 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.283\resources\node_modules\discord_overlay\discord_overlay.node
2015-11-09 15:42 - 2015-05-12 16:11 - 38561984 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
2012-08-30 18:01 - 2012-08-30 18:01 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2012-11-29 21:07 - 2012-11-29 21:07 - 00100248 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-07-24 14:21 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-11-04 19:01 - 2015-11-04 18:53 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-12-09 19:52 - 2015-11-17 12:07 - 01581568 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.283\libglesv2.dll
2015-12-09 19:52 - 2015-11-17 12:07 - 00371712 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.283\server.x86.dll
2015-12-09 19:52 - 2015-11-17 12:07 - 00012288 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.283\libegl.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-11-25 19:35 - 2015-11-25 19:35 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-11-25 13:22 - 2015-11-25 13:22 - 00089264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin7.dll
2015-11-25 19:35 - 2015-11-25 19:35 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-11-25 13:15 - 2015-11-25 13:15 - 00089264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\native\ProxyResolverWin7.dll
2015-11-25 19:48 - 2015-11-25 19:48 - 00085504 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00086016 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1638230022-4117330738-313971243-1001\Software\Classes\.exe:  =>  <===== ATTENTION
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\Software\Classes\exefile:  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1638230022-4117330738-313971243-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{3F0F2EBC-E8BB-4579-AADB-B7D3B3333A50}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{5FA2E622-DB4E-437C-AF26-488332DA26F8}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{15EC16BF-044F-4EC8-A2A9-45C6A481FEBD}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{8503552B-D286-4DA0-B9BF-1C0947E17D73}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{1441001C-AE97-4472-92BF-E9B926C8F6C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\fangtemer\garry's mod beta\hl2.exe
FirewallRules: [{C5298654-AE81-4687-AFBB-0904D74468F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\fangtemer\garry's mod beta\hl2.exe
FirewallRules: [{2BEFF2E8-ED7D-4D3D-831F-2A723F2F3FFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\fangtemer\garry's mod beta\hl2.exe
FirewallRules: [{8009DE95-6637-4480-8F48-DBEAA49FC61C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\fangtemer\garry's mod beta\hl2.exe
FirewallRules: [{CB9CE568-8DE2-46AB-B01B-97EE016B68F1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2BE63C52-35FD-40FA-AE19-0B58156E5080}] => (Allow) LPort=2869
FirewallRules: [{49728D4C-3DD9-4BDE-B185-2DEAB444FABC}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{5F561A8B-A13C-4F75-9D21-5B471D82C81E}C:\program files (x86)\bethesda softworks\fallout 3\vaultmaster\vaultmaster.exe] => (Allow) C:\program files (x86)\bethesda softworks\fallout 3\vaultmaster\vaultmaster.exe
FirewallRules: [UDP Query User{747F362F-96A5-4ECE-89A9-9FA03DD14E1E}C:\program files (x86)\bethesda softworks\fallout 3\vaultmaster\vaultmaster.exe] => (Allow) C:\program files (x86)\bethesda softworks\fallout 3\vaultmaster\vaultmaster.exe
FirewallRules: [TCP Query User{DF75D0E6-8F7C-4948-A5C2-93E62518C6E0}C:\program files (x86)\bethesda softworks\fallout 3\vaultserver\windows\vaultserverd.exe] => (Allow) C:\program files (x86)\bethesda softworks\fallout 3\vaultserver\windows\vaultserverd.exe
FirewallRules: [UDP Query User{8606A99A-0F3B-481A-B121-A1F5F1087A7A}C:\program files (x86)\bethesda softworks\fallout 3\vaultserver\windows\vaultserverd.exe] => (Allow) C:\program files (x86)\bethesda softworks\fallout 3\vaultserver\windows\vaultserverd.exe
FirewallRules: [TCP Query User{C6E4D284-FB5F-480B-B1B1-3A92AF342E06}C:\program files (x86)\bethesda softworks\fallout 3\vaultmpd.exe] => (Allow) C:\program files (x86)\bethesda softworks\fallout 3\vaultmpd.exe
FirewallRules: [UDP Query User{B8784D3E-CEA2-46D2-BBEE-B8249D2C401C}C:\program files (x86)\bethesda softworks\fallout 3\vaultmpd.exe] => (Allow) C:\program files (x86)\bethesda softworks\fallout 3\vaultmpd.exe
FirewallRules: [TCP Query User{1FD76B06-D6BF-4B20-92AC-7D412A32FE19}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{8781E8DD-9748-458F-B16B-52A3A97A43C0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{523BDB56-8C76-403E-9646-E8741939D67C}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{66251E37-91B6-4919-9A7D-D1DA403D420F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{DD75C4B1-BAD8-4152-B890-D901EB692B29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{45F3A301-B8A7-4F9B-BAFF-D036F25160C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{1570D80F-3922-48AD-82F4-300BEE8936DB}] => (Allow) C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
FirewallRules: [{AD052966-2350-4849-AEEA-CFA2AC68FFEC}] => (Allow) C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
FirewallRules: [{4B6B59B7-4515-4414-BA26-C51C623FC986}] => (Allow) C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
FirewallRules: [{5C6E4A9F-5BEC-40CD-9D71-0BA63EBAF26C}] => (Allow) C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
FirewallRules: [{DD867ED4-E877-4CCD-AE1E-7FF4D3FBA074}] => (Allow) C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
FirewallRules: [{20A3CB61-0206-4D6C-BF8C-0DFA34F39820}] => (Allow) C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
FirewallRules: [{E6BAE748-BCAD-4D4A-B2E3-35707852204F}] => (Allow) C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
FirewallRules: [{86AD42B9-F581-4363-B379-FFC62C578E61}] => (Allow) C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
FirewallRules: [{E8253BC8-5A64-4B6B-B40D-FD728AEF5B4C}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{8C9E782B-6D7C-4644-91C8-12318175D618}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{7E6CECDA-523D-49A3-A05E-C34B37D3960C}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{DECB45DC-66DC-4BDB-A0CA-29CF9142293B}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{BC988BDD-F001-42B3-8720-EC502909B08E}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{0D2986A0-D2EF-456A-ABEA-AC3CB669FD75}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{740FE9A5-25DC-48B9-A982-5652A48462B7}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{5D02F0C2-404D-4A1F-8613-36A551F1E97F}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{D844DF20-DA5E-4A90-8324-7CF8AD758EB1}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\DragonAgeToolset.exe
FirewallRules: [{4C702327-0244-4E5A-BEF6-BE1B83149393}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\DragonAgeToolset.exe
FirewallRules: [{9BEC5AA9-9DB8-4C2B-9543-13F9E6FFB05B}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\RPU.exe
FirewallRules: [{F31CD835-C1DF-44C4-A619-CB2239A73FB2}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\RPU.exe
FirewallRules: [{D2DFF7FA-3084-4420-963F-514291DF3263}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\lightmapper\eclipseRay.exe
FirewallRules: [{F7EA54C9-514C-434F-AB48-04A9B668AB9C}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\lightmapper\eclipseRay.exe
FirewallRules: [{1CEBE96D-CF2F-4996-B321-8C971DDE9B18}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe
FirewallRules: [{61339568-DAD9-465E-BC5F-1D4214933807}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe
FirewallRules: [{96E77051-E489-4379-B75E-4588A80A042D}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe
FirewallRules: [{29E4638A-C835-4818-AE6B-BF46D80C25A0}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe
FirewallRules: [{0F5B834F-6391-4B95-A3DB-F24CB27C2663}] => (Allow) C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
FirewallRules: [{C56B5ECA-AE1E-455C-A118-79E0E3E3C589}] => (Allow) C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
FirewallRules: [{4BFA959A-CEB9-4437-93A2-B750C5B807CA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3D1DC143-42BF-406F-AC0B-66A5A338C67D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{CF76F3C8-30DC-45F7-9A3B-689AF93849D7}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F7C621E8-9DE5-4DF9-8CFD-5AB21656A5FA}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5C6E0929-E071-4164-8B30-7CB1A58C98C4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{AC88A01F-A994-44CD-931E-FE9E819E919D}] => (Allow) LPort=56590
FirewallRules: [{0E918670-516F-41CE-88A6-FABF86780C38}] => (Allow) LPort=56590
FirewallRules: [{FFE6B693-92FE-4018-8C6A-F82CDFA46127}] => (Allow) LPort=56590
FirewallRules: [{C4EE74A7-DB76-4955-BEFF-DD2E72DEC8D3}] => (Allow) LPort=56590
FirewallRules: [{E79B3414-439A-4076-98B8-A207DCE04C8C}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{C75F66C2-A967-42C6-9C63-0A2A603289D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\fangtemer\garrysmod\hl2.exe
FirewallRules: [{269C36B2-1DD9-4419-B2E9-230EBEC0992D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\fangtemer\garrysmod\hl2.exe
FirewallRules: [{E4225FB3-7AEE-48D5-8E00-A56C28DE3483}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{0EE24D1D-750A-456C-BCB5-6548050D12E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{6EEC734D-BB68-4262-9AB9-B8A6F739C905}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{FA32EDBA-73E9-4A4E-879A-F837D0C0C74B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{D67C762D-CE00-4F8F-AADE-E3DFBDA3DAD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{202C9001-F9EC-48F0-AC46-4BE5A137715F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{1A103745-B734-4BEE-9C72-1ECD57BA5ACC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{176B59B3-F818-49E8-8EFD-063050B9C152}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{63F79FB6-A67D-4237-BE72-1EB1F949C0CF}] => (Allow) LPort=80
FirewallRules: [{82E72988-3C98-4496-BBCC-50FF53C88FC6}] => (Allow) LPort=443
FirewallRules: [{2EF5A8F7-2C6E-4B3F-AC7A-9AF416D16FA8}] => (Allow) LPort=20010
FirewallRules: [{C1262BF4-F1A4-484F-8097-25FAD0185D94}] => (Allow) LPort=3478
FirewallRules: [{97D5E5D0-7BC9-470B-A7BE-B3CB5D6EBEC3}] => (Allow) LPort=7850
FirewallRules: [{C795A9C8-D267-42B9-A15C-F1457732705F}] => (Allow) LPort=27022
FirewallRules: [{1C22E5EA-EFA3-4E9E-A114-F0993DCD9825}] => (Allow) LPort=6881
FirewallRules: [{2F1BEC2A-F34C-45DF-836A-A053E38079CE}] => (Allow) LPort=33333
FirewallRules: [{61F5750B-29B2-4683-B4BA-0A3D67594427}] => (Allow) LPort=20443
FirewallRules: [{B9C79FED-767D-4D52-A850-313D68BA36C9}] => (Allow) LPort=8090
FirewallRules: [{6941C13B-3B19-42E2-858E-9E91EA4BBC5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B95CAF97-8780-431C-9278-020B8573BA9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2EE640EE-410F-40B1-95D6-654AAAC59BD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{75F4A9DE-93CE-4089-BFE4-4272DB240D5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{1E1B2921-DAA9-4B58-860A-ECE3612D6C17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A5F0DCC4-6201-471A-9EC3-1F35FB1FA7F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8931C370-646A-4378-B536-A670377E8516}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1123F350-F7A6-4880-94E7-B2164206D420}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5043D238-9DFC-4DAF-9F52-545EB1A8C462}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{44FFC730-58C3-4900-80A6-6CA40795D911}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A4C2BFB6-EE9B-4479-BE13-42E7456204C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{36D081A8-B7B2-4365-8B77-C79B97FE3D31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{80091A98-312D-4EAC-B396-FE8E71AD2344}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{6B5DDDD2-1509-4ACC-B89B-0EC050091745}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{12E66D5D-206B-4FD8-80DE-1AD411B5B7BC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{117A283E-8290-44B7-BC56-E6ACD8B6830F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{72EF7933-E506-470D-9337-825A30D3AD3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rustlauncher.exe
FirewallRules: [{4EB88156-06B5-43C1-9389-31B6F4DB5844}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rustlauncher.exe
FirewallRules: [{2E263927-16DD-4EF7-B11E-110C9D0FE741}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DD153B3D-BC7E-4349-BA18-824E2D3CE441}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DE5AB41A-656D-4ACD-920F-A14C5CBCDA88}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8AAA55E8-D2AD-451F-AF04-6CBD820B744F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5DEECC9B-5129-4B3F-903D-C5320B72CDB6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{F3463B0F-A5B7-4048-8C25-0B764E62A268}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{6484FD7F-2C7E-4882-8AF9-317371AEEB0C}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{39C7F9AD-D850-46EB-8363-8A35D0CC9C8B}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{EF687538-6ED2-4DC0-B8B0-5E46141E286B}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{A630D8ED-495E-41BA-8AD3-FE42B31D61CD}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{C6592723-DD06-4D1F-89D5-5184EA91A802}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{9A7DD64B-D844-4A92-AE14-918C969B6F81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{724FE6EC-FB2B-4C46-A819-A914F7D854D4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{1E2974BC-E07E-4F9E-AF9E-4EDDB353CC03}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{5A130777-742F-462B-B1FB-71C6B3251B7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{757A7D6C-1DC3-463F-A884-CFA426F31590}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{DCAE62DF-4B15-4C61-96BC-D8F70ACD9E9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{BC5E5AE8-BFDA-44B6-B3AD-5CFF5E48B44F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{B28263EB-C521-4E11-886C-277AEF04C43B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{CF8A0B7D-10BF-4C8E-9DD9-384E5247E4D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{F877D4CA-B351-4359-82FC-E89EE81FCB21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{66498799-67E5-4ED5-9790-A29E337430E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{B62020E8-AB96-462B-9D43-B9E0C931125F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{845DADE4-2F3E-4E3C-B105-8A08E8438F87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{B6BD0872-57C0-4883-A03A-E516CC869C81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{A9683404-7E76-4483-832E-E92CC270D8D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{12DF6FDC-A8AD-4BD7-B3BC-C3A32C1E438B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{9EA38040-ADA6-4163-8194-67EEC4B37BAB}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{2042DEFF-7AC9-4986-A7A5-091972AD06C1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{E2670619-8D3B-47AD-BFC9-7986DEC0CAE3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{84BD7B11-62A8-4ED3-BF62-F05EA2BA4959}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{509D2089-D787-40A4-BFDA-634F1C62454C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{B8549101-96F2-4A76-BC79-7BC2356CDD0B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8B026CBD-F836-4EA5-851A-89E2FD54EBAF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{93305606-1C3F-4261-B4A2-06EE2F28F07E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\nxsteam.exe
FirewallRules: [{C2395931-8147-46A9-B7F2-EFE85CDA6280}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\nxsteam.exe
FirewallRules: [{5CBF541E-7FDA-4F5C-98A7-F9822FB9EE09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{8B3288F7-CED1-4917-8B55-44B8F374241A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{AC910B54-6A4E-4EF1-87C0-9AAF31B75491}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\experimental\Rust.exe
FirewallRules: [{A5F93CCD-3111-489B-B3FD-C37A96D18006}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\experimental\Rust.exe
FirewallRules: [{540A1656-203B-4D56-82E6-95EF77DBA7C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{390D3E99-6046-4099-A350-1CECE4ABE97F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{4AC874AE-02E8-4909-8F49-7E2C5ECF4DEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Dedicated Server\srcds.exe
FirewallRules: [{2E81E753-8D62-445F-A310-CAED428CD5AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Dedicated Server\srcds.exe
FirewallRules: [{78255459-E3E4-46FD-A39F-CC2E8CA1A838}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\experimental\Rust.exe
FirewallRules: [{E0D196D3-0BDC-4208-883D-ED37C43DC7EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\experimental\Rust.exe
FirewallRules: [{D4A2C97C-4697-4931-B438-50DA3F7456E1}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{9192B5A6-1EC1-438F-8109-5E6F9103E591}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{BE01E50C-97E2-41C6-ACA1-CBC724F37E3F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6EB93B64-6ACC-4296-8226-11970A2C657E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{F8CDE798-A6A6-4D72-AA2E-40BD6502EC71}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E25C8DE1-83E4-4FAC-89AD-4619517009F5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{AE97D7B9-143E-45F6-86AD-993FE7BB2CF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{1B6120CA-15B5-46D7-8826-753015846A84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{86D32D10-F6EE-460B-A37E-3278D727E468}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5ACC9D18-4479-4654-9204-085A1A101A51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2B1A53EA-293C-4DE5-B5E4-FFEFCEAB5ACC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3991FB9C-8F88-4667-B72A-78B3F5CF6EAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{1504742C-58B7-4F91-8E73-3AAA72CE205C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{49546521-0769-4FE9-8DD4-EE89D773FBBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{B26FA240-27EB-493A-BA4E-FCB1A04B478F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{F3A20F0D-817E-4E61-BC8F-CF5D9844E750}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [{2E45F851-D362-45C9-9470-5E80D7679F7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [{C896E72C-524B-4760-826F-EFB77D0B8FD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{1F4EC6FC-A5BF-4D85-92A3-E6A68D1ED6C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{7E66ECED-09C0-48AE-A183-FE59C1F65453}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{38CEFD36-9F41-41B9-A282-11380347F562}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EF253218-9497-41F6-905E-DAF0528BD6BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{76987982-71EF-4065-B1FE-B207EC69412F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{F8E715B6-A9D1-4A29-9ACF-73C674E35ED7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [{3ED530AC-FE82-41CC-A4AA-1AE3E41511EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [{3E45CD44-6181-4B71-AF4F-499151189ACA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{D97E076A-D18C-4A2A-BC5C-2B7367ACC3B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{13D01D6F-2C27-4932-BA76-F4CF85AE4B51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{80DA2748-4E8E-4E39-86B5-8A3FA5A0AB40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{A51544D7-A2D8-4B1A-8CC2-3385268D59D1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B09ADC49-DBD4-4495-A014-6DB7EDC49D90}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8060F1E0-3A03-4688-9141-4B3E83CDCC5F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D55E2115-1F09-4558-AE08-83DEB51458C2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{63991970-6356-4C2D-BEC7-41F703887F2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{5C4AD8AB-B782-4E4C-AE00-B299F1449264}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{9B288D75-F7A8-42A5-95AF-78FFB0EF220A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\SDK\Binaries\Win64\DepthEditor.exe
FirewallRules: [{3DFCBFCB-FFB7-4E0B-AE92-44F10557B500}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\SDK\Binaries\Win64\DepthEditor.exe
FirewallRules: [{5F95889C-B9BF-4502-AC09-59ADFF338B3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{25E70037-1178-49C7-8525-46FB34F8433C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B66574BD-96A2-47D1-94DF-8FE403286608}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2C23DC55-47E1-4DF4-BE95-D943F7CC3741}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1A9F2F7C-E741-47E7-B820-D856B919CC9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{802E0690-9A3E-4B28-9F61-C073BBE464C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{8498E97D-25CD-41CC-8FB1-ED9BB858DC86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{47C9854F-DA7A-41CE-A5C3-A550DF0C2605}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{3C468051-4435-4772-A339-E94C1A436E85}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{364B14DC-A16D-460D-A44C-7C07A66C00E3}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{F1BB9AC3-64D9-49F1-8FAD-AA72325F5BDB}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{88919510-ABAE-4CE0-8CE3-71226A8C7F54}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{E0E995AC-22DF-4B93-923F-4403AE6B8604}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{D71D81F1-5DCD-4A05-8082-6BCD9B9D9ABC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{9FCFFBC8-DB05-4403-A0FA-E2B0D17F304C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{3930742B-2E39-474E-A77A-17861E180BE0}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{B301BA00-899F-430D-8FCA-85A15A489EA0}] => (Allow) LPort=12292
FirewallRules: [{7221C676-6A6C-4DCF-854B-7A9C37AF68BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{F2FBBDC1-BCE4-4671-80E2-C66BFF3197BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{C5422C6B-12BE-4961-893B-6A9C7CFBD783}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{9289F79B-9B3E-485A-AC96-16B9B8AF6A8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{29238B10-6D70-493E-A401-3BDADA16B9B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rivals of Aether\RivalsofAether.exe
FirewallRules: [{78F2B8B6-2D07-4ADF-A0C2-E69CBEF4A9CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rivals of Aether\RivalsofAether.exe
FirewallRules: [{24949A3B-60C2-45A7-B6E5-073A21CCABF7}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{B6D71C45-587E-44DF-AE0F-41DF2C54E263}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{098A7FB8-29B0-49F5-A019-48FD02AEFD8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86C5FC6D-1ED2-48B1-9A6F-AD59443DF416}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7FEEBF03-7DC3-4BE5-B41A-30B55A319729}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FA187481-AB0C-4F21-8A3E-C9283B0AD02B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E25E126-26C4-48E5-B484-32CE859B606B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{970E984F-9FCA-472E-A59D-089A33257592}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0980F0D-F903-4993-8BB9-FC28275564F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{602A4347-D1A7-4A45-8069-B8FFDFF85A29}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{B1F3A40C-EC85-4746-8F04-8684F8F0610C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{50C8F419-A4B7-43E7-B34C-2F76C81AF649}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{A91E5076-D4F5-43EE-A6E0-F22D6BFDAD5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{9E3C0BCA-3213-4F21-87DB-FC6B0D2B43A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{F6D1CF09-6472-45B5-9C8E-7C1FC622C316}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{9E32E373-7DE2-4AB9-9695-E0C9A1D470AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{F180D9D9-DB56-4F6B-AE67-175F4899002F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{441825B3-C3DE-4305-9584-F0B31F88F524}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{683913AA-40A6-42FD-BABC-62DB229E339C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{55E1BFEE-0130-4C5A-AFCB-5285F49A86C4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{2B55200C-4616-440E-B59C-582B1C054C61}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{D4D2E0E2-A9C1-4F17-8FDB-D1EE33B3C14F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{6F75B57E-9C5D-428E-A62B-556E599135D8}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{16FD7DC9-F749-4C6B-AB6E-7605A69F1EC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{894EE148-CB61-47A8-AE1D-1627B691416B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{74B169E6-6D79-4707-B8E7-51CEBAAE5E96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5AC3D527-8E1C-45A6-AFE2-B40EC9C84DEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{CAEC6431-BF82-4D16-A463-450BDC45FF7D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{1D6FE714-98F9-41DB-8F52-937140833D44}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{F56588AD-33B8-4743-A769-B30276490CBE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{C3C580A1-8A7D-4355-B693-6A7EF3DAD7CE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{5F6612A1-811D-4139-8AA5-A85FCA77660A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{29473DE9-44EE-4B69-9CC3-6482B6FE6822}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{C404C497-D0C6-4E47-BAAA-93D3EB86E106}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{5C334B98-0A96-4630-B11E-BF9E9B3EC10F}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{4F08B548-FC77-4D97-A6CB-26A89A2DC051}] => (Allow) LPort=5357
FirewallRules: [{C4CED077-E806-478F-84AB-4DCE0034AB6C}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{EDB9F99B-938C-4AE7-8A4B-081A093C036A}] => (Allow) C:\Games\Steam\Steam.exe
FirewallRules: [{45D98E2C-0417-4DCC-B237-67B6DF1FFE1C}] => (Allow) C:\Games\Steam\Steam.exe
FirewallRules: [{11601916-D28C-49E7-B01E-D35A936969D8}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{4E4110B3-32B3-4252-9B71-D51DC46D1BA6}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{164A0281-8F9B-434A-B8E2-541092022693}] => (Allow) C:\Games\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{581DD86B-D657-47F9-8938-9B6630DAA79A}] => (Allow) C:\Games\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F32E2885-CA40-4921-AA5C-04F6B97C453E}] => (Allow) C:\Games\Steam\steamapps\common\Rivals of Aether\RivalsofAether.exe
FirewallRules: [{9D4DAE8C-32E3-4116-A9BA-626CA4426B64}] => (Allow) C:\Games\Steam\steamapps\common\Rivals of Aether\RivalsofAether.exe
FirewallRules: [{E78DE653-3E8D-48F0-8122-1CBF3274224E}] => (Allow) C:\Games\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{091EFC45-2BD1-4032-B603-7E25F13B1A24}] => (Allow) C:\Games\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{D82D67AF-792E-45E6-88F5-E0203547D3F0}] => (Allow) C:\Games\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{0832FDC5-0752-444E-BD4A-5F0FFC812A93}] => (Allow) C:\Games\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{B9A31FA5-8D5F-4A19-904B-B1B84C68FA5E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{AB5396BB-6434-439E-AB25-2C6ABFDD8AB2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{97FC4818-E4A0-4500-AAF0-452CB3E848B4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{C0CAA365-EA01-4573-A2A5-D8D7633ACC8B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{7597319C-FA5D-4A4F-9F89-6C49B795A95B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6F759ABA-45C9-494E-A375-C3863B4B8029}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{2D513C15-A151-411A-8E59-EB579D40859F}] => (Allow) C:\Games\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{FEC91816-7864-4102-A955-A8342122A317}] => (Allow) C:\Games\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C9B04D89-15A1-41F9-BDDC-CB9784CB0550}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3C342141-440F-44DC-9D7C-AA2BFCFE4433}] => (Allow) C:\Games\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{FA2CAFA1-B211-4918-9A28-6E69C4AE0E1E}] => (Allow) C:\Games\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F1A5B7EC-A146-4079-9BC9-4211B38D6819}] => (Allow) C:\Games\Steam\steamapps\common\Depth\SDK\Binaries\Win64\DepthEd.exe
FirewallRules: [{E01A39DD-953D-4E91-BFFB-FDAF73820D85}] => (Allow) C:\Games\Steam\steamapps\common\Depth\SDK\Binaries\Win64\DepthEd.exe
FirewallRules: [{40480FC8-3701-4938-A245-52E2F37A2CD4}] => (Allow) C:\Games\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{6517A2C1-7932-49E9-8E66-850FCD0C2960}] => (Allow) C:\Games\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{F11970CD-C315-4E3C-A076-5D07ECD16726}] => (Allow) C:\Games\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{E42DC33D-BBF2-4FF5-9FDB-1A804A239FE1}] => (Allow) C:\Games\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{CB795921-9A30-4E7D-8B0D-F2B282A1541F}] => (Allow) C:\Games\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{0EAB5B01-90AF-4D5C-B8FB-B42B077D6846}] => (Allow) C:\Games\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: AODDriver4.3
Description: AODDriver4.3
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.3
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: vJoy Device
Description: vJoy Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Shaul Eizikovich
Service: vjoy
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2015 01:40:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xCurseClient.exe0
Faulting application path: CurseClient.exe1
Faulting module path: CurseClient.exe2
Report Id: CurseClient.exe3

Error: (12/26/2015 01:37:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 F.B.B.6.9.2.C.3.5.4.F.0.9.A.C.E.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Owner-PC-2.local.

Error: (12/26/2015 01:37:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.107.191:5353   16 F.B.B.6.9.2.C.3.5.4.F.0.9.A.C.E.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Owner-PC.local.

Error: (12/26/2015 01:37:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 191.107.254.169.in-addr.arpa. PTR Owner-PC-2.local.

Error: (12/26/2015 01:37:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.107.191:5353   16 191.107.254.169.in-addr.arpa. PTR Owner-PC.local.

Error: (12/26/2015 01:37:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 D.2.0.2.B.5.2.F.5.2.0.3.E.E.8.C.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Owner-PC-2.local.

Error: (12/26/2015 01:37:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.15:5353   16 D.2.0.2.B.5.2.F.5.2.0.3.E.E.8.C.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Owner-PC.local.

Error: (12/26/2015 01:37:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 6.A.D.E.C.8.E.0.B.2.0.4.0.4.1.A.0.F.3.3.0.0.4.0.8.8.0.0.1.0.6.2.ip6.arpa. PTR Owner-PC-2.local.

Error: (12/26/2015 01:37:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.15:5353   16 6.A.D.E.C.8.E.0.B.2.0.4.0.4.1.A.0.F.3.3.0.0.4.0.8.8.0.0.1.0.6.2.ip6.arpa. PTR Owner-PC.local.

Error: (12/26/2015 01:37:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 D.2.0.2.B.5.2.F.5.2.0.3.E.E.8.C.0.F.3.3.0.0.4.0.8.8.0.0.1.0.6.2.ip6.arpa. PTR Owner-PC-2.local.


System errors:
=============
Error: (12/26/2015 01:34:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error:
%%2

Error: (12/26/2015 01:33:30 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
%%1056

Error: (12/26/2015 01:31:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/26/2015 01:31:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/26/2015 01:31:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BrYNSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/26/2015 01:31:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/26/2015 01:31:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/26/2015 01:31:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/26/2015 01:31:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/26/2015 01:31:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CLCV0 service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2015-12-26 13:18:30.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-26 13:18:29.847
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-24 23:14:06.557
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-24 23:14:06.217
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-24 23:10:30.548
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-24 23:10:30.220
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-19 14:13:49.068
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-19 14:13:48.724
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-19 03:17:00.011
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-19 03:16:59.652
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom™ II X4 810 Processor
Percentage of memory in use: 44%
Total physical RAM: 8183.89 MB
Available physical RAM: 4514.32 MB
Total Virtual: 16365.96 MB
Available Virtual: 10677.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:113.08 GB) NTFS
Drive l: (USB30FD) (Removable) (Total:29.75 GB) (Free:11.74 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3CA90520)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End of Addition.txt ============================


Edited by DeviousDanish, 26 December 2015 - 02:56 PM.


#6 HighwayHam

HighwayHam
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 27 December 2015 - 12:49 AM

I can also include RogueKiller's log if you want, I didn't do anything, just had RogueKiller scan.

 

I should also mention, RogueKiller picks up "C:/Windows:nlsPreferences" as Hidden.ADS.


Edited by DeviousDanish, 27 December 2015 - 01:13 AM.


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:28 AM

Posted 27 December 2015 - 07:54 AM

Hi,

please include the RogueKiller log. Don't worry about that Hidden.ADS. :)


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 HighwayHam

HighwayHam
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 27 December 2015 - 10:25 AM

RogueKiller V11.0.4.0 (x64) [Dec 20 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/27/2015 00:47:16

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Hidden.ADS][[[ADS]]] C:\Windows:nlsPreferences -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc0000428]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Seagate ST1000DM003-9YN1 SCSI Disk Device +++++
--- User ---
[MBR] 9b433a343cf7e4483b4bf2077d169705
[BSP] db2542cedaee4aa36b1c8a941ebe43fe : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: PNY USB 3.0 FD USB Device +++++
--- User ---
[MBR] 5c1cbef11a5502d54b7a1d177d40ec46
[BSP] 03346c062f0b9cf99e157921494da963 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x65) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0xd) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:28 AM

Posted 27 December 2015 - 10:41 AM

Hey, don't worry about that RogueKiller entry. It is probably a FP.

 

Running from C:\Users\Owner\Downloads

Please move FRST to your Desktop.

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    HKLM-x32\...\Run: [] => [X]
    Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1638230022-4117330738-313971243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll => No File
    CHR Plugin: (AVG Internet Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
    Hosts:
    HKU\S-1-5-21-1638230022-4117330738-313971243-1001\Software\Classes\.exe:  =>  <===== ATTENTION
    HKU\S-1-5-21-1638230022-4117330738-313971243-1001\Software\Classes\exefile:  <===== ATTENTIONEmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • ESET Online Scan log

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 HighwayHam

HighwayHam
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 28 December 2015 - 01:49 AM

I screwed up with ESET and it deleted stuff, still going to include the log anyway.

 

ESET did find some trojans, so, thank you for having my download it.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-12-2015
Ran by Owner (2015-12-27 16:37:17) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
Hosts:
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\Software\Classes\.exe:  =>  <===== ATTENTION
HKU\S-1-5-21-1638230022-4117330738-313971243-1001\Software\Classes\exefile:  <===== ATTENTIONEmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1638230022-4117330738-313971243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll => not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll => not found.
C:\Windows\SysWOW64\npDeployJava1.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKU\S-1-5-21-1638230022-4117330738-313971243-1001\Software\Classes\.exe" => key removed successfully
"HKU\S-1-5-21-1638230022-4117330738-313971243-1001\Software\Classes\exefile" => key removed successfully

==== End of Fixlog 16:37:36 ====

 

C:\Users\All Users\Microsoft\Windows\DRM\8CD0.tmp    Win64/Olmarik.AR trojan    
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Free MP3 WMA OGG Converter\Free MP3 WMA OGG Converter on the Web.url    LNK/Agent.CH trojan    
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Free MP3 WMA OGG Converter\More Free Tools.url    LNK/Agent.CH trojan    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\precache.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\SaUpdate.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\Updater\Updater.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting - quarantined
C:\Program Files (x86)\BitTorrent\BitTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    cleaned by deleting - quarantined
C:\Program Files (x86)\NCH\NCHToolbarHelper.exe    Win32/Toolbar.Conduit.Q potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Components\toolbarconduit\ToolBarConduit.dll    a variant of Win32/Toolbar.Conduit.K potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Debut\debut.exe    a variant of Win32/Toolbar.Conduit.I potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Debut\DebutVideoCapture_setup_v1.49.exe    a variant of Win32/Toolbar.Conduit.I potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\NCH Software\Debut\uninst.exe    a variant of Win32/Toolbar.Conduit.I potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.62.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\prism.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Prism\prismsetup_v1.89.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\ProgramData\Microsoft\Windows\DRM\8CD0.tmp    Win64/Olmarik.AR trojan    cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MP3 WMA OGG Converter\Free MP3 WMA OGG Converter on the Web.url    LNK/Agent.CH trojan    cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MP3 WMA OGG Converter\More Free Tools.url    LNK/Agent.CH trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir    Win32/Sirefef.EZ trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir    Win64/Sirefef.W trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.10.2012_19.08.03\zasubsys0000\zafs0000\tsk0000.dta    Win32/Sirefef.EZ trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.10.2012_19.08.03\zasubsys0000\zafs0000\tsk0001.dta    Win64/Sirefef.W trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.10.2012_19.08.03\zasubsys0001\zafs0000\tsk0000.dta    Win32/Sirefef.EZ trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.10.2012_19.08.03\zasubsys0001\zafs0000\tsk0001.dta    Win64/Sirefef.W trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.10.2012_15.57.36\zasubsys0000\zafs0000\tsk0000.dta    Win32/Sirefef.EZ trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.10.2012_15.57.36\zasubsys0000\zafs0000\tsk0001.dta    Win64/Sirefef.W trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.09.2012_17.46.07\zasubsys0000\zafs0000\tsk0003.dta    Win64/Conedex.C trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.09.2012_17.46.07\zasubsys0000\zafs0000\tsk0008.dta    a variant of Win64/Sirefef.BK trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.09.2012_17.46.07\zasubsys0001\zafs0000\tsk0003.dta    Win64/Conedex.C trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.09.2012_17.46.07\zasubsys0001\zafs0000\tsk0008.dta    a variant of Win64/Sirefef.BK trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.09.2012_17.49.56\zasubsys0000\zafs0000\tsk0003.dta    Win64/Conedex.C trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.09.2012_17.49.56\zasubsys0000\zafs0000\tsk0008.dta    a variant of Win64/Sirefef.BK trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.09.2012_17.49.56\zasubsys0001\zafs0000\tsk0003.dta    Win64/Conedex.C trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.09.2012_17.49.56\zasubsys0001\zafs0000\tsk0008.dta    a variant of Win64/Sirefef.BK trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.09.2012_17.49.56\zasubsys0002\zafs0000\tsk0003.dta    Win64/Conedex.C trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.09.2012_17.49.56\zasubsys0002\zafs0000\tsk0008.dta    a variant of Win64/Sirefef.BK trojan    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdgdcdddidjdigddgdbgddedhdbgf\background.js    Win32/TrojanDownloader.Tracur.V trojan    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdgdcdddidjdigddgdbgddedhdbgf\ContentScript.js    Win32/TrojanDownloader.Tracur.AD trojan    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\1PzUfp19.exe.part    a variant of Win32/InstallCore.D potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\bcsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\Users\Owner\AppData\Local\Temp\burnsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\Users\Owner\AppData\Local\Temp\prismsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\Users\Owner\AppData\Local\Temp\toolbarconduit.exe    a variant of Win32/Toolbar.Conduit.K potentially unwanted application    deleted - quarantined
C:\Users\Owner\AppData\Local\Temp\uninst.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\vpsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\Users\Owner\AppData\Local\Temp\7zS6264\Optional\HP_IPG_Toolbar_installer.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\PromoEngineInstaller\chutil.dll    Win32/TopMedia.A potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\NCH\ldrtbNCH.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\NCH\tbNCH.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6c07b501-736571af    Java/Exploit.Agent.NMB trojan    cleaned by deleting - quarantined
C:\Users\Owner\Documents\cbsidlm-tr1_11-My_Screen_Recorder-ORG-10972953.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
C:\Users\Owner\Downloads\CheatEngine64.exe    a variant of Win32/OpenCandy.A potentially unsafe application    deleted - quarantined
C:\Users\Owner\Downloads\OJ4630_198.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Owner\Pictures\cbsidlm-cbsi134-Decompile_Flash_Free-SEO-10861859.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\SysWOW64\sysprep\CRYPTSP.dll_    a variant of Win32/Kryptik.AMVE trojan    cleaned by deleting - quarantined
 



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:28 AM

Posted 28 December 2015 - 03:11 PM

Have you been helped somewhere before? You have several very dangerous malware.

 

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal system, financial & personal information.
 
If your computer has been used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for Email, eBay, Paypal, online forums, etc).
 
Banking and credit card institutions should be notified of the possible security breach. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
 
Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows a remote attacker to make any number of modifications. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, the decision is personal, and what you're most comfortable with. Once you've read the articles linked above, let me know if you have any questions, and how you wish to proceed.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 HighwayHam

HighwayHam
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 28 December 2015 - 03:27 PM

I don't think I have the disc for my OS, but I'm not sure. How do I go about reformatting?



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:28 AM

Posted 28 December 2015 - 03:51 PM

You should be able to download Windows 7 from the internet.

 

We need the disc, then I can explain how to reformat your system. 

 

Cheers


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 HighwayHam

HighwayHam
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 28 December 2015 - 04:19 PM

I'll see what I can do about getting it from here. If you want, you can lock this thread since I don't know if I'll be able to respond a ton in the next few days.

 

Is it alright if I ask you questions over PM?



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:28 AM

Posted 29 December 2015 - 02:38 PM

No, we do it here in the thread. I will wait some days.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users