Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Webcam switching on randomly, rootkit suspected


  • This topic is locked This topic is locked
26 replies to this topic

#1 jethull

jethull

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 08 January 2016 - 04:48 PM

 

Mod Edit: moved to forum for FRTST and RK logs. ~` boopme


Hi guys. I've spent 2 afternoons and nights reading this forum and others, searching for answers, but i think it's time to ask for your help.
 
OS: Windows 7 Ultimate, Service Pack 1
Installed active protection: Kaspersky Antivirus (about 4 years), Emisisoft Anti-Malware (20 days)
 
I'm a software developer with 10 years experience, so i'm not just some random guy screaming for help. I'll try to keep my post short to explain the steps taken so far:
 
I got a webcam recently (22 days ago) and i noticed that at some times the green light on it would be switched on when i wasn't using anything that should turn it on. That was spooky. So i looked up the "Physical device object name" in Device Manager, and in Process Explorer found some processes that were using the camera. They keep changing every reboot but they included:
 
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (<-- this is the only possibly legit process that could use the webcam handle, since it's an app by Logitech to control the webcam)
mmc.exe (Command line = "C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc)
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\svchost.exe
 
Some of the times i could kill the processes and they wouldn't come back, and other times i couldn't (svchost, obviously).
 
Before that, 3 months ago, while i was using Visual Studio to develop something in C#, it seemed like a DLL used by Visual Studio in debug runtime wouldn't be able to terminate properly. As if something got hooked onto the Terminate return values. I actually had to re-download the dll in question (not sure i remember the name) which was part of the windows development environment. It was annoying, because each time I'd stop debug, a message would appear with some kind of error in terminating the process. Didn't think of it much at the time, so after finding the same dll for my machine and replacing it, it stopped and i forgot about it.
 
After the webcam scared me tho, I installed Emsisoft Anti-Malware and Malwarebytes. They found a bunch of stuff! So, I removed mostly all of it, except for some of the stuff i knew was OK. I can post the logs if required.
 
My main suspects at the time were (what i think was a torrent download of a full version) of Daemon Tools and Teamviewer. My brother uses this machine when i'm not in town as a server and whatnot, but he's not stupid to download dangerous stuff, or so i thought. 
 
So I thought this solved the problem, and i didn't see the webcam switch on for a while, but 2 days ago i turned my PC on, and i ran a java update. For the 10th time in a row (i think this was happening all year) the java download failed to download and install, and this was odd. Right after that, my webcam switched on again (used by process: RtkNGUI64.exe)
 
Next thing I did was i downloaded and ran RogueKiller. First two times it ran, it stopped at 83% at Antirootkit scan, and wouldn't move for 30 minutes so i had to reboot. Third time's the charm and it finished the scan. I deleted a bunch of objects. 
 
RogueKiller Log attached: http://pastebin.com/hVQu8zkU
 
I selected Delete on all of the issues, but the amount of TerminateProcess hooks (one hundred eleven ! ) was worrying!
 
Next, here is the  Farbar Recovery Scan Tool (FRST) log: http://pastebin.com/uj8rr8uz
 
Next, I downloaded TDSSKiller, but it would crash as soon as i started the application. I tried downloading both the exe and the zip version, from kaspersky directly and from other websites. Not working, crash on start. I can look into the event log but i'm guessing that won't tell you much more.
 
Next, i downloaded and used aswMBR to scan. Here is the log: http://pastebin.com/5zvFGg14
 
Another weird thing is that while aswMBR was scanning my soundcard switched off and i can't get it to work. Also while a scan was being done once by RogueKiller (i think) my PC crashed because of the soundcard driver error. It seems the soundcard cannot be switched off normaly, because the system will always crash, but i got used to it by now. Just thought it might be worth mentioning. In theory, there could be a hook in the driver, and because it's a firewire card with specific kinds of addressing by the OS, a bad termination will cause my system to crash (or it could simply be a crappy driver *shrug*).
 
My next step would be to download and try using FixTDSS.exe  (https://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99)
but i read that in some of the threads you advise people NOT to do stuff before getting advice.
 
So, I'll sit here and refresh the thread until someone gets an idea. I'm guessing you want me to do the aswMBR MBR.dat thing?
 
THANKS in advance!


Edited by boopme, 08 January 2016 - 07:37 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:39 PM

Posted 09 January 2016 - 10:36 AM

Greetings jethull and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I will be away from my computer for a few hours but will be posting back upon my return.

Please do this which will provide me with the most current state of your computer along with the Addition.txt log.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Double click the FRST.exe icon
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 jethull

jethull
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 09 January 2016 - 11:04 AM

Hi Gary! I'm happy to get a reply from you. I will be responsive, except for maybe this sunday and monday when I will be a bit busy.


Edited by jethull, 10 January 2016 - 09:33 AM.


#4 jethull

jethull
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 09 January 2016 - 01:05 PM

Note:

 

I read now that you usually ask people to disable virtual drives. I think i had some still enabled while the scan was made (Daemon Tools).


Edited by jethull, 09 January 2016 - 01:06 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:39 PM

Posted 09 January 2016 - 04:04 PM

Thank you for your patience, there was a lot to sort through.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office 2013, Sonic Charge Microtonic, Crashtastic, and all other products for which you do not have a valid Product Key. If you are willing to do that please let me know when they have been uninstalled. If you prefer to leave the programs on your computer let me know that and I will be closing the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 jethull

jethull
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 10 January 2016 - 09:30 AM

Those are illegal? Ok, some of them i suspected, but I didn't install them. I don't use most of those anyway. I'll go through all that stuff and post back when I've uninstalled all that I can find. I guess those could be the source of malware also...

 

Edit: Office and many others i uninstalled since i have my own copies on my laptop (for most of them anyway). My brother is pissed off for me uninstalling all this because he wants to use it sometimes, but hey, tough luck! However I now remember I installed some "semi-legal" stuff for software i already own legally, mainly for music, because newer versions of the software wouldn't work with my other apps (plugins), and they kept trying to update themselves which would break other stuff. So i have to go through all my old projects and see if it's at all possible to bring everything up to the newest versions, so i can uninstall these older ones. This might take a while, but it's about time i sat down and did it.

 

PS
You should maybe warn people in your "Read This First" posts that they should check that they don't have anything illegal installed before posting, and that having something illegal will cause you to refuse help. If that's already stated somewhere, I'm sorry if I missed it.


Edited by jethull, 10 January 2016 - 10:18 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:39 PM

Posted 10 January 2016 - 03:26 PM

Pirated software is often times the mechanism through which malicious software is introduced into a system, sometimes catastrophically.

You didn't miss it in my first post, it isn't there.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 jethull

jethull
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 12 January 2016 - 12:41 PM

I'm back and I did a few things:
 
1. As for illegal software, I uninstalled all I could find: Office, Adobe Photoshop, Nero burning thing, a few stupid games and 6 plugins. Crashtastic i don't know what it is and i couldn't find it. I hope this is to your satisfaction mr police officer? ;)
 
2. I then performed further cleaning up by going through all my installed programs and uninstalling what I didn't need. I cleaned up the registry and other stuff that was there since a long time ago, or that i knew for sure can be cleaned up.
 
3. I tried running TDSKiller again, but this time I looked at the stack trace on crash. It seems to be going into and out of ntdll.dll a few hundred (or 1000) times in just a few milliseconds and then crashes. It is crashing when ntdll is inserting something into working memory, but it looks like that memory was reserved by something else within it's memory space.  I doubt my memory has a hardware problem, so there might be something inserted there into ntdll.dll that shouldn't be, and is causing the crash. Maybe ntdll.dll itself is modified, and I'm not sure how to check the proper md5 since there are so many windows updates.
 
4.  I am providing you the current (created just now) logs in this post further down, but I looked at the logs myself, and here are some of the suspicious items. Of course, i'm untrained, so this might be useless to you, but maybe not.
 
---------------------------------------------------------------------
 
==================== Registry (Whitelisted) ===========================
 
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
 
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: K - K:\setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {0de6dde4-0abb-11e2-a9e0-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {b9d0ae60-0f41-11e2-b506-94dbc98aaf7b} - H:\setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {d53b3c81-14a0-11e2-9ec1-94dbc98aaf7b} - K:\Autorun.exe
 
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
FireFox:
========
 
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkTDA\npthinkorswim.dll [2013-09-13] (TD Ameritrade)
 
 
Chrome: 
=======
 
 
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
 
CHR Extension: (Universe) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk [2015-09-30]
 
==================== Services (Whitelisted) ========================
 
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
 
 
==================== One Month Modified files and folders ========
 
2015-12-25 11:45 - 2014-01-13 13:56 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-01 19:25 - 2015-02-18 23:16 - 0004608 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-03 18:48 - 2014-09-27 16:24 - 0001572 _____ () C:\Users\John\AppData\Local\80212257.il
 
 
------------ addition.txt
 
==================== Scheduled Tasks (Whitelisted) =============
 
Task: {03A50B50-460E-46B4-A95F-B40E726EB759} - System32\Tasks\{5468F323-F791-461A-A109-C5719C1E93D6} => pcalua.exe -a C:\Users\John\Desktop\Solution\Setup.exe -d C:\Users\John\Desktop\Solution
Task: {7E259002-D471-439C-AAD8-0FE9240163EB} - System32\Tasks\{9E7AE2E8-8772-4A72-A1BB-9C52AC9394B9} => pcalua.exe -a C:\Users\John\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
 
Task: {AEB11FD1-33C0-4435-A6E2-B9EC42E9B4A7} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-107711043-1986751878-3852339312-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B0C62C4A-9656-4487-BAD4-29B3A3CB4AD6} - System32\Tasks\{EF747721-9758-4AA6-AD9E-B509A972962F} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\SPORE_BP1Setup.exe" -c -runfromtemp -l0x0009 -removeonly
 
==================== Alternate Data Streams (Whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:966F7784
 
==================== FirewallRules (Whitelisted) ===============
 
FirewallRules: [{AD7160BE-1147-4A03-BE22-B46E7D516810}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{173D3364-6C9B-4C15-8362-7FBC7187DE52}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [TCP Query User{9A1F1987-6594-4D1D-87CF-30883EA5A8F3}C:\program files (x86)\cain\cain.exe] => (Allow) C:\program files (x86)\cain\cain.exe
FirewallRules: [UDP Query User{25EC1C2F-7321-4AA2-B282-E02B42D16AC7}C:\program files (x86)\cain\cain.exe] => (Allow) C:\program files (x86)\cain\cain.exe
 
FirewallRules: [{E9125562-3D6E-49B4-9619-9EF9F7908D0C}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{942BD573-5A78-4706-95A8-5E89C2B80CCD}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
 
 
 
 
 
Finally, here are the new FRST and Addition.txt logs:
 
--------------------------------------------------------------------------
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by John (administrator) on JOHN_I7_DESKTOP (12-01-2016 18:18:17)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TASCAM) C:\Windows\System32\fw1082Panel.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Akamai Technologies, Inc.) C:\Users\John\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\John\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Akamai Technologies, Inc.) C:\Users\John\AppData\Local\Akamai\netsession_win.exe
() C:\Users\John\AppData\Local\Viber\Viber.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
() C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Axantum Software AB) C:\Program Files\Axantum\AxCrypt\AxCrypt.exe
(AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sysinternals - www.sysinternals.com) C:\Program Files\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Program Files\procexp64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2012-09-30] (Broadcom Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [StartFw1082Panel] => fw1082panel.exe H
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9234848 2016-01-06] (Emsisoft Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2011-10-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1376896 2012-03-01] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Run: [ISM] => C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\ism2.exe [694240 2012-07-25] (Intel Corporation)
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Run: [Akamai NetSession Interface] => C:\Users\John\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Run: [Dropbox Update] => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Run: [Spotify Web Helper] => C:\Users\John\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-28] (Spotify Ltd)
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Run: [Viber] => C:\Users\John\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Run: [GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: K - K:\setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {0de6dde4-0abb-11e2-a9e0-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {b9d0ae60-0f41-11e2-b506-94dbc98aaf7b} - H:\setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {d53b3c81-14a0-11e2-9ec1-94dbc98aaf7b} - K:\Autorun.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{15662B9A-7C81-40A7-92CD-938681F440FB}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{91C3809B-31C0-40A8-BC48-6403BEC17032}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-03-03] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-01] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-01] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-03-03] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-01] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-01] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7kfum7v2.default
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-01] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-03-03] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-03-03] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll [2013-02-07] (Wolfram Research, Inc.)
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: @citrixonline.com/appdetectorplugin -> C:\Users\John\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-08-23] (Citrix Online)
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkTDA\npthinkorswim.dll [No File]
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\nptossc.dll [No File]
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-12] ()
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7kfum7v2.default\user.js [2015-03-03]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: QuickJava - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7kfum7v2.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-07-07]
FF Extension: ChatZilla - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7kfum7v2.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-09-21]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-03-03] [not signed]
FF Extension: Battlefield Heroes Updater - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7kfum7v2.default\Extensions\battlefieldheroespatcher@ea.com [2013-04-24] [not signed]
FF Extension: Battlefield Play4Free - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7kfum7v2.default\Extensions\battlefieldplay4free@ea.com [2012-11-15] [not signed]
FF Extension: NASA Night Launch - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7kfum7v2.default\Extensions\nasanightlaunch@example.com.xpi [2015-10-08]
FF Extension: Flashget Downloader Extension - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7kfum7v2.default\Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2015-11-02] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-03-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2015-03-03] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR DefaultSearchKeyword: Default -> google.com/ncr/
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Wolfram Mathematica) - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-21]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Last.fm free music player) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh [2015-11-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-11]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-08]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Kaspersky Protection) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-03]
CHR Extension: (Chrome Speak) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\diagnfimeecdcecjpnkjgbnlelkclcpj [2013-07-09]
CHR Extension: (Wassersport InformationsDienst Berlin) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlcpmefppioiopakkbkcoogjlnbjoddh [2015-09-30]
CHR Extension: (AudioRecorder) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhfkjkjfhhdibpgjmiamdcdgmcjpplk [2015-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (Speed Dial 2) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-11-11]
CHR Extension: (DotVPN — better than VPN.) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2015-12-25]
CHR Extension: (Skype) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-09]
CHR Extension: (Chrono Download Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2015-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Universe) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk [2015-09-30]
CHR Extension: (Vine Client) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojohjpgmcfnholboljmkbcchbipcbci [2015-10-08]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKU\S-1-5-21-107711043-1986751878-3852339312-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10900888 2016-01-06] (Emsisoft Ltd)
S3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () [File not signed]
S3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe [1493120 2012-02-22] (ASUSTeK Computer Inc.)
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2014-06-18] (Autodesk) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-09-11] (Ellora Assets Corp.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () [File not signed]
R2 mi-raysat_3dsmax9_32; C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [65536 2006-09-29] () [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2358656 2012-01-09] (TeamViewer GmbH) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5821952 2012-09-30] (Broadcom Corporation) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 2310_00; C:\Windows\system32\drivers\2310_00.sys [170528 2009-06-12] (HighPoint Technologies, Inc.)
S3 272x_1x; C:\Windows\system32\drivers\272x_1x.sys [612672 2012-04-24] (HighPoint Technologies, Inc.)
S3 274x_3x; C:\Windows\system32\drivers\274x_3x.sys [240960 2012-04-24] (HighPoint Technologies, Inc.)
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
S3 arcm_a64; C:\Windows\system32\drivers\arcm_a64.sys [52768 2009-11-09] (ARECA Technology Corporation)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-05-19] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-20] (Broadcom Corporation.)
S3 DC133; C:\Windows\system32\drivers\DC133.sys [39320 2011-05-02] (Dawicontrol GmbH)
S3 DC150; C:\Windows\system32\drivers\DC150.sys [39832 2011-05-02] (Dawicontrol GmbH)
S3 DC154; C:\Windows\system32\drivers\DC154.sys [48136 2011-05-02] (Dawicontrol GmbH)
S3 DC300e; C:\Windows\system32\drivers\DC300e.sys [40344 2011-05-02] (Dawicontrol GmbH)
S3 DC324e; C:\Windows\system32\drivers\DC324e.sys [49752 2011-05-02] (Dawicontrol GmbH)
R0 DC3410; C:\Windows\System32\drivers\DC3410.sys [48328 2011-05-02] (Dawicontrol GmbH)
S3 DC4300; C:\Windows\system32\drivers\DC4300.sys [48360 2011-05-02] (Dawicontrol GmbH)
S3 DC600e; C:\Windows\system32\drivers\DC600e.sys [40744 2011-05-02] (Dawicontrol GmbH)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R3 Fw1082; C:\Windows\System32\Drivers\Fw1082x64.sys [228864 2010-03-03] (TASCAM)
R3 Fw1082WdmService; C:\Windows\System32\Drivers\FW1082Wdmx64.sys [70144 2010-03-16] (TASCAM)
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [130688 2014-03-14] (Gemalto)
S3 HH10Help.sys; C:\Windows\system32\drivers\HH10Help.sys [24088 2009-07-09] (H+H Software GmbH)
S3 hptiop; C:\Windows\system32\drivers\hptiop.sys [17440 2009-05-25] (HighPoint Technologies, Inc.)
S3 hptmv; C:\Windows\system32\drivers\hptmv.sys [93472 2006-09-18] (HighPoint Technologies, Inc.)
S3 hptmv6; C:\Windows\system32\drivers\hptmv6.sys [152096 2007-11-01] (HighPoint Technologies, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-07-09] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [651224 2012-06-29] (Intel Corporation)
S3 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [38680 2008-05-14] (ITE Tech. Inc.)
S3 iteraid; C:\Windows\system32\drivers\iteraid.sys [32768 2007-05-02] (ITE Tech. Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-03-03] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-03-03] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [51496 2012-02-28] (LSI Corporation)
S3 megasr1; C:\Windows\system32\drivers\MegaSR1.sys [461320 2009-04-16] (LSI Corporation, Inc.)
S3 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [182576 2011-05-06] (Marvell Semiconductor, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [175720 2010-04-09] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 OXYGEN; C:\Windows\System32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio)
S3 Pnp680; C:\Windows\system32\drivers\pnp680.sys [80424 2007-11-13] (Silicon Image, Inc)
S3 rr172x; C:\Windows\system32\drivers\rr172x.sys [124448 2007-11-01] (HighPoint Technologies, Inc.)
S3 rr174x; C:\Windows\system32\drivers\rr174x.sys [159264 2007-11-01] (HighPoint Technologies, Inc.)
S3 rr2210; C:\Windows\system32\drivers\rr2210.sys [153632 2007-11-01] (HighPoint Technologies, Inc.)
S3 rr232x; C:\Windows\system32\drivers\rr232x.sys [152096 2008-05-05] (HighPoint Technologies, Inc.)
S3 rr2340; C:\Windows\system32\drivers\rr2340.sys [162400 2009-12-31] (HighPoint Technologies, Inc.)
S3 rr2522; C:\Windows\system32\drivers\rr2522.sys [168032 2009-12-31] (HighPoint Technologies, Inc.)
S3 rr276x; C:\Windows\system32\drivers\rr276x.sys [241472 2012-04-24] (HighPoint Technologies, Inc.)
S3 rr278x; C:\Windows\system32\drivers\rr278x.sys [240960 2012-04-24] (HighPoint Technologies, Inc.)
S3 rr62x; C:\Windows\system32\drivers\rr62x.sys [156256 2010-06-16] (HighPoint Technologies, Inc.)
S3 SI3112r; C:\Windows\system32\drivers\SI3112r.sys [164656 2007-02-01] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\drivers\SI3114.sys [99120 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\drivers\SI3114R.sys [163632 2007-04-11] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\drivers\SI3124.sys [113456 2006-11-02] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [334640 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
S3 Si3531; C:\Windows\system32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2012-10-06] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36608 2016-01-08] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S1 vdrv1000; C:\Windows\System32\DRIVERS\vdrv1000.sys [223256 2010-03-25] (H+H Software GmbH)
S3 viamrx64; C:\Windows\system32\drivers\viamrx64.sys [161904 2010-12-02] (VIA Technologies Inc.,Ltd)
S3 videX64; C:\Windows\system32\drivers\videX64.sys [15000 2010-02-11] (VIA Technologies, Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
R0 xfiltx64; C:\Windows\System32\drivers\xfiltx64.sys [26776 2010-02-11] (VIA Technologies, Inc.)
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MFE_RR; \??\C:\Users\John\AppData\Local\Temp\mfe_rr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 18:18 - 2016-01-12 18:18 - 00049842 _____ C:\Users\John\Desktop\FRST.txt
2016-01-12 16:55 - 2016-01-12 18:18 - 00000997 _____ C:\Users\John\Desktop\bp 12-06.txt
2016-01-10 21:40 - 2016-01-10 21:40 - 00000000 ____D C:\Users\John\Desktop\ls14
2016-01-10 21:18 - 2016-01-10 21:38 - 00208629 _____ C:\Users\John\Desktop\ls14.xlsx
2016-01-10 20:18 - 2016-01-10 20:19 - 00019456 ____H C:\Users\John\Desktop\sjgndkf.v11.suo
2016-01-10 20:18 - 2016-01-10 20:18 - 00000989 _____ C:\Users\John\Desktop\sjgndkf.sln
2016-01-10 20:14 - 2016-01-10 20:14 - 00010752 ____H C:\Users\John\Desktop\TDSSKiller.v11.suo
2016-01-10 20:14 - 2016-01-10 20:14 - 00000998 _____ C:\Users\John\Desktop\TDSSKiller.sln
2016-01-10 20:09 - 2015-12-11 22:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\John\Desktop\sjgndkf.exe
2016-01-10 18:47 - 2016-01-10 18:47 - 00109766 _____ C:\Users\John\Desktop\Addition-3.txt
2016-01-10 18:38 - 2016-01-10 18:38 - 00110247 _____ C:\Users\John\Desktop\Addition-2.txt
2016-01-10 18:37 - 2016-01-10 18:47 - 00072988 _____ C:\Users\John\Desktop\FRST-3.txt
2016-01-10 18:37 - 2016-01-10 18:38 - 00074066 _____ C:\Users\John\Desktop\FRST-2.txt
2016-01-10 18:05 - 2016-01-10 18:05 - 00113464 _____ C:\Users\John\Desktop\Addition-1.txt
2016-01-10 18:04 - 2016-01-10 18:05 - 00076227 _____ C:\Users\John\Desktop\FRST-1.txt
2016-01-10 18:00 - 2016-01-10 20:09 - 00010208 _____ C:\Users\John\Desktop\potential illegal software removal.txt
2016-01-10 17:51 - 2016-01-10 20:07 - 00006123 _____ C:\Users\John\Desktop\fixlist 1.txt
2016-01-10 17:46 - 2016-01-10 18:44 - 00000270 _____ C:\Users\John\Desktop\cleaning pc log.txt
2016-01-09 16:59 - 2016-01-09 16:59 - 00000000 ____D C:\Users\John\AppData\Roaming\Nitro PDF
2016-01-09 02:16 - 2016-01-09 02:16 - 01332408 _____ (KC Softwares ) C:\Users\John\Downloads\hdde_lite.exe
2016-01-09 02:09 - 2016-01-09 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
2016-01-09 02:09 - 2016-01-09 02:09 - 00000000 ____D C:\Program Files (x86)\Western Digital Corporation
2016-01-08 22:09 - 2016-01-12 17:29 - 01479536 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp64.exe
2016-01-08 21:27 - 2016-01-08 21:27 - 04633146 _____ C:\Users\John\Downloads\tdsskiller.zip
2016-01-08 21:21 - 2016-01-08 21:21 - 05200384 _____ (AVAST Software) C:\Users\John\Downloads\aswmbr.exe
2016-01-08 21:19 - 2016-01-08 21:19 - 00784152 _____ (McAfee, Inc.) C:\Users\John\Downloads\rootkitremover.exe
2016-01-08 21:15 - 2016-01-08 21:16 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller (1).exe
2016-01-08 21:10 - 2016-01-08 21:10 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2016-01-08 20:39 - 2016-01-08 20:40 - 31162664 _____ (Adlice Software ) C:\Users\John\Downloads\setup (1).exe
2016-01-08 12:36 - 2016-01-08 12:37 - 00105465 _____ C:\Users\John\Downloads\Addition.txt
2016-01-08 12:35 - 2016-01-12 18:18 - 00000000 ____D C:\FRST
2016-01-08 12:35 - 2016-01-08 12:35 - 02370560 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2016-01-08 12:34 - 2016-01-08 12:34 - 01721856 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2016-01-08 12:33 - 2016-01-08 12:33 - 00098823 _____ C:\Users\John\Downloads\FRST (1).txt
2016-01-08 12:32 - 2016-01-08 12:37 - 00087185 _____ C:\Users\John\Downloads\FRST.txt
2016-01-08 12:14 - 2016-01-08 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-08 12:13 - 2016-01-08 12:14 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-01-08 10:59 - 2016-01-08 10:59 - 00386152 _____ C:\Windows\Minidump\010816-49280-01.dmp
2016-01-07 13:16 - 2016-01-07 13:16 - 00393990 _____ C:\Users\John\Downloads\Attachments_201617.zip
2016-01-07 13:16 - 2016-01-07 13:16 - 00037588 _____ C:\Users\John\Downloads\Vertragsdokumente_InsuranceDocuments_4030132.pdf
2016-01-05 22:12 - 2016-01-05 22:12 - 00248674 _____ C:\Users\John\Downloads\lilyhammer-first-season_english-697470.zip
2016-01-05 22:10 - 2016-01-05 22:10 - 00009378 _____ C:\Users\John\Downloads\lilyhammer-first-season_english-543587.zip
2016-01-05 15:29 - 2016-01-05 15:29 - 00455906 _____ C:\Users\John\Downloads\Broad Data Solutions if-75.pdf
2016-01-05 15:28 - 2016-01-05 15:28 - 00008704 _____ C:\Users\John\Downloads\Broad Data Solutions Nalozi plata 12 2015.xls
2015-12-31 21:36 - 2015-12-31 21:36 - 07477174 _____ C:\Users\John\Downloads\SoulseekQt-2015-6-12 (1).exe
2015-12-31 21:34 - 2015-12-31 21:34 - 07477174 _____ C:\Users\John\Downloads\SoulseekQt-2015-6-12.exe
2015-12-31 15:41 - 2016-01-08 20:42 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-31 15:41 - 2016-01-08 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-12-31 15:41 - 2016-01-08 20:41 - 00000000 ____D C:\Program Files\RogueKiller
2015-12-31 15:41 - 2016-01-08 15:04 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-31 15:38 - 2015-12-31 15:39 - 31158640 _____ (Adlice Software ) C:\Users\John\Downloads\setup.exe
2015-12-31 00:50 - 2016-01-05 15:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-30 15:55 - 2015-12-30 15:55 - 00000000 ____D C:\Users\John\AppData\Local\The Wonderful End of the World
2015-12-28 10:38 - 2016-01-12 18:12 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2015-12-28 10:38 - 2015-12-28 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-28 10:38 - 2015-12-28 10:38 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-12-28 10:33 - 2015-12-28 10:34 - 28849904 _____ C:\Users\John\Downloads\vlc-2.2.1-win32.exe
2015-12-25 22:24 - 2015-12-25 22:24 - 00034130 _____ C:\Users\John\Downloads\children.of.men.(2006).scc.1cd.(4478508).zip
2015-12-25 22:24 - 2015-12-25 22:24 - 00032343 _____ C:\Users\John\Downloads\children.of.men.(2006).scc.1cd.(3141211).zip
2015-12-25 22:24 - 2015-12-25 22:24 - 00024816 _____ C:\Users\John\Downloads\children.of.men.(2006).scc.2cd.(3108796).zip
2015-12-25 22:20 - 2015-12-25 22:20 - 00030380 _____ C:\Users\John\Downloads\children.of.men.(2006).eng.1cd.(6065444).zip
2015-12-25 22:20 - 2015-12-25 22:20 - 00030379 _____ C:\Users\John\Downloads\children.of.men.(2006).eng.1cd.(6065444) (1).zip
2015-12-21 18:07 - 2015-12-21 18:07 - 00029822 _____ C:\Users\John\Downloads\belle.de.jour.(1967).eng.1cd.(4458656).zip
2015-12-20 18:29 - 2015-12-20 18:29 - 00000000 ____D C:\ProgramData\Emsisoft
2015-12-20 18:27 - 2016-01-12 17:34 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-12-20 18:27 - 2015-12-20 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-12-20 18:21 - 2015-12-20 18:26 - 205830032 _____ (Emsisoft Ltd. ) C:\Users\John\Downloads\EmsisoftAntiMalwareSetup.exe
2015-12-20 18:04 - 2016-01-08 10:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-20 18:04 - 2016-01-08 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-20 18:04 - 2016-01-08 10:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-20 18:04 - 2015-12-20 18:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-20 18:04 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-20 18:04 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-20 18:04 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-20 18:03 - 2015-12-20 18:04 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-sem-2.1.6.1022 (1).exe
2015-12-20 18:03 - 2015-12-20 18:03 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-12-18 17:14 - 2015-12-18 17:15 - 30539074 _____ C:\Users\John\Downloads\Dzanjare - Lep dan za dab - Output - Stereo Out.wav
2015-12-18 01:01 - 2015-12-18 01:01 - 00000000 ____D C:\Users\John\AppData\Local\Sony
2015-12-18 00:54 - 2015-12-18 01:01 - 00000000 ____D C:\Users\John\AppData\Roaming\Sony
2015-12-18 00:54 - 2015-12-18 00:57 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2015-12-18 00:45 - 2015-12-18 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-12-18 00:45 - 2015-12-18 00:58 - 00000000 ____D C:\Program Files (x86)\Sony
2015-12-18 00:45 - 2015-12-18 00:46 - 29380776 _____ (Sony Mobile Communications ) C:\Users\John\Downloads\Sony PC Companion_Web (1).exe
2015-12-18 00:45 - 2015-12-18 00:45 - 00000000 ____D C:\ProgramData\Sony
2015-12-18 00:43 - 2015-12-18 00:44 - 29380776 _____ (Sony Mobile Communications ) C:\Users\John\Downloads\Sony PC Companion_Web.exe
2015-12-17 16:58 - 2015-12-17 16:59 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-12-16 20:57 - 2015-12-16 20:57 - 00046948 _____ C:\Users\John\Downloads\coherence.(2013).eng.1cd.(5823638).zip
2015-12-16 18:20 - 2015-12-16 18:20 - 00380856 _____ C:\Windows\Minidump\121615-85160-01.dmp
2015-12-15 15:30 - 2015-12-15 15:30 - 00816025 _____ C:\Users\John\Downloads\MORPH2_Bitwig_SetupGuide_v2.pdf.zip
2015-12-15 13:32 - 2015-12-15 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-15 12:21 - 2015-12-15 12:51 - 00000000 ____D C:\Users\John\AppData\Roaming\WindSolutions
2015-12-15 12:21 - 2015-12-15 12:34 - 00000000 ____D C:\ProgramData\WindSolutions
2015-12-15 12:21 - 2015-12-15 12:21 - 06234272 _____ (WindSolutions) C:\Users\John\Downloads\Install_CopyTransControlCenter.exe
2015-12-15 11:18 - 2015-12-15 11:40 - 00000000 ____D C:\Users\John\AppData\Local\D2DD5D83-408F-4A91-8AA1-E4708899070C.aplzod
2015-12-15 11:18 - 2015-12-15 11:18 - 00000000 ____D C:\Users\John\AppData\Local\Apple Inc
2015-12-15 10:39 - 2015-12-15 10:44 - 125168408 _____ (Apple Inc.) C:\Users\John\Downloads\icloudsetup.exe
2015-12-14 16:32 - 2015-12-14 16:34 - 00000000 ____D C:\Huvles
2015-12-13 18:12 - 2015-12-13 18:12 - 00056582 _____ C:\Users\John\Downloads\mistress.america.(2015).eng.1cd.(6410643).zip
2015-12-13 18:10 - 2015-12-13 18:10 - 00048103 _____ C:\Users\John\Downloads\mistress.america.(2015).hrv.1cd.(6382386).zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 18:12 - 2012-09-30 12:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-12 18:01 - 2012-10-23 19:25 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2016-01-12 17:55 - 2013-04-22 14:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-12 17:49 - 2014-09-18 21:12 - 00000000 ____D C:\Users\John\AppData\Roaming\AIMP3
2016-01-12 17:45 - 2014-07-30 17:50 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C490091-CD4A-4AFB-A16F-9B5550FD642B}
2016-01-12 17:37 - 2012-09-30 12:33 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-12 17:37 - 2012-09-30 12:07 - 00000000 ____D C:\ProgramData\Adobe
2016-01-12 17:36 - 2012-10-25 14:22 - 00000000 ____D C:\Program Files\Adobe
2016-01-12 17:36 - 2012-10-25 14:21 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-12 17:35 - 2012-09-30 17:38 - 00000000 ____D C:\Program Files (x86)\Everything
2016-01-12 17:34 - 2012-09-30 12:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-12 17:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-12 17:33 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-12 17:32 - 2014-06-30 16:23 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-12 17:32 - 2012-09-30 13:59 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-12 17:32 - 2012-09-30 12:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-12 17:32 - 2011-04-12 09:28 - 00000000 ____D C:\Windows\ShellNew
2016-01-12 17:31 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-12 17:31 - 2009-07-14 03:34 - 00000387 _____ C:\Windows\win.ini
2016-01-12 17:24 - 2015-06-19 08:13 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-107711043-1986751878-3852339312-1000UA.job
2016-01-12 16:41 - 2012-10-01 11:48 - 00000000 ____D C:\Users\John\AppData\Roaming\VisualAssist
2016-01-12 16:08 - 2012-09-29 22:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-12 15:02 - 2014-04-01 14:20 - 00000383 _____ C:\Windows\lgfwup.ini
2016-01-12 14:55 - 2014-09-18 10:33 - 00000000 ____D C:\Users\John\Desktop\temp
2016-01-12 14:55 - 2013-04-22 14:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-12 14:55 - 2012-10-16 21:37 - 00000000 ____D C:\Svasta
2016-01-12 14:30 - 2015-09-30 18:11 - 00000000 ____D C:\Users\John\AppData\Local\Spotify
2016-01-12 14:27 - 2015-09-30 18:10 - 00000000 ____D C:\Users\John\AppData\Roaming\Spotify
2016-01-12 12:24 - 2009-07-14 05:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-12 12:24 - 2009-07-14 05:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-12 03:24 - 2015-06-19 08:13 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-107711043-1986751878-3852339312-1000Core.job
2016-01-11 20:23 - 2012-09-30 17:48 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2016-01-11 15:06 - 2015-01-09 13:04 - 00000000 ____D C:\Users\John\Documents\ViberDownloads
2016-01-10 23:00 - 2009-07-14 06:13 - 00006422 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-10 20:25 - 2015-01-09 13:04 - 00000000 ____D C:\Users\John\AppData\Roaming\ViberPC
2016-01-10 20:25 - 2014-04-01 14:20 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2016-01-10 20:25 - 2013-10-22 19:40 - 00000000 ____D C:\ProgramData\TEMP
2016-01-10 20:25 - 2013-02-01 13:37 - 00000000 ___RD C:\Users\John\Dropbox
2016-01-10 20:25 - 2013-02-01 13:37 - 00000000 ____D C:\Users\John\AppData\Roaming\Dropbox
2016-01-10 20:25 - 2012-09-29 21:11 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-10 20:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-10 20:19 - 2015-09-24 18:03 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2016-01-10 20:17 - 2013-03-27 15:06 - 00000000 ____D C:\Users\John\Documents\Visual Studio 2010
2016-01-10 18:44 - 2012-10-06 00:11 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2016-01-10 18:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-10 18:37 - 2015-01-20 16:29 - 00000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2016-01-10 18:36 - 2014-01-13 20:52 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2016-01-10 18:35 - 2013-04-20 23:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-10 18:28 - 2013-04-20 23:06 - 00000000 ____D C:\ProgramData\Apple
2016-01-10 18:24 - 2013-04-20 23:07 - 00000000 ____D C:\Users\John\AppData\Roaming\Apple Computer
2016-01-10 17:44 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-10 17:39 - 2014-01-25 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vovoid VSXu 0.4.2
2016-01-10 17:39 - 2014-01-25 17:01 - 00000000 ____D C:\Program Files\Vovoid VSXu 0.4.2
2016-01-10 17:28 - 2014-01-25 16:30 - 00000000 ____D C:\Users\John\Documents\PCDJ VJ
2016-01-10 17:28 - 2014-01-25 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCDJ VJ
2016-01-10 17:23 - 2014-02-26 16:40 - 00000000 ____D C:\Users\John\.nbi
2016-01-10 17:20 - 2012-11-28 15:58 - 00000000 ____D C:\Users\John\Documents\Interactive Data
2016-01-10 17:20 - 2012-10-23 17:51 - 00026470 _____ C:\Windows\WinSig.ini
2016-01-10 17:20 - 2012-10-23 17:51 - 00002456 _____ C:\Windows\WinRos.ini
2016-01-10 17:20 - 2012-10-23 17:51 - 00000000 ____D C:\Program Files (x86)\eSignal
2016-01-10 17:19 - 2014-07-30 17:50 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2016-01-10 17:19 - 2012-09-29 21:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-09 21:19 - 2012-09-29 22:28 - 00000000 ___RD C:\Users\John\Desktop\Programi
2016-01-09 19:47 - 2012-10-25 14:39 - 00001456 _____ C:\Users\John\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-01-09 18:18 - 2015-11-08 03:10 - 00005343 _____ C:\Users\John\Desktop\why quit.txt
2016-01-08 20:33 - 2015-11-29 17:43 - 00000000 ____D C:\Users\John\Desktop\VISA 2016
2016-01-08 10:59 - 2014-01-31 11:47 - 00000000 ____D C:\Windows\Minidump
2016-01-08 09:31 - 2012-09-29 21:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-07 00:51 - 2012-09-30 14:04 - 00000000 ____D C:\Users\John\Documents\Visual Studio 2012
2016-01-04 13:41 - 2014-02-27 23:06 - 00000000 ____D C:\Users\John\Desktop\Altiverse 2
2016-01-04 13:33 - 2014-11-19 12:39 - 00000446 _____ C:\Users\John\Desktop\Priority ToDo.txt
2016-01-02 15:12 - 2012-09-30 12:07 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 15:12 - 2012-09-30 12:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 15:12 - 2012-09-30 12:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-31 21:39 - 2014-02-08 16:03 - 00000000 ____D C:\Program Files (x86)\SoulseekQt
2015-12-31 03:50 - 2013-02-17 19:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-30 15:43 - 2013-02-17 20:09 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-27 02:30 - 2012-10-23 19:25 - 00000000 ____D C:\ProgramData\Skype
2015-12-26 13:12 - 2014-06-11 15:27 - 00000000 ____D C:\Users\John\Desktop\MAGYARUL
2015-12-25 11:45 - 2014-01-13 13:56 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-12-20 18:34 - 2013-06-12 23:24 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2015-12-20 18:34 - 2013-06-12 23:24 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2015-12-19 11:51 - 2014-01-25 15:00 - 00000000 ____D C:\Music Ableton
2015-12-19 03:00 - 2015-04-05 15:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-19 03:00 - 2015-04-05 15:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-18 01:01 - 2012-09-29 21:06 - 00000000 ____D C:\Users\John
2015-12-18 00:56 - 2012-09-30 13:59 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-15 13:32 - 2014-03-09 20:01 - 00000000 ____D C:\Users\John\AppData\Local\Skype
2015-12-15 13:32 - 2012-10-23 19:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-15 13:14 - 2012-09-30 17:44 - 00000000 ____D C:\Jts
2015-12-15 11:40 - 2014-01-13 12:29 - 00000000 ____D C:\Users\John\Documents\Outlook Files
2015-12-15 11:03 - 2013-04-20 23:07 - 00000000 ____D C:\Users\John\AppData\Local\Apple Computer
2015-12-14 20:14 - 2015-11-07 17:03 - 00005125 _____ C:\Users\John\Desktop\hungarian vocabulary learning system - Huvles - design.txt
 
==================== Files in the root of some directories =======
 
2012-07-11 16:38 - 2012-09-29 22:27 - 2691192 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp.exe
2016-01-08 22:09 - 2016-01-12 17:29 - 1479536 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp64.exe
2012-10-25 14:39 - 2014-11-25 17:17 - 0000132 _____ () C:\Users\John\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-09-26 11:43 - 2014-10-24 23:10 - 0000716 _____ () C:\Users\John\AppData\Roaming\SolEol.cfg
2012-10-03 18:48 - 2014-09-27 16:24 - 0001572 _____ () C:\Users\John\AppData\Local\80212257.il
2012-10-25 14:39 - 2016-01-09 19:47 - 0001456 _____ () C:\Users\John\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-02-01 19:25 - 2015-02-18 23:16 - 0004608 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-23 17:41 - 2014-09-09 10:57 - 0000025 _____ () C:\Users\John\AppData\Local\gt-props
2012-10-03 18:48 - 2012-10-03 19:23 - 0000240 _____ () C:\Users\John\AppData\Local\IndexIE_80212257.il
2014-07-30 22:48 - 2014-08-15 14:35 - 0000600 _____ () C:\Users\John\AppData\Local\PUTTY.RND
2014-08-14 12:20 - 2014-08-14 12:20 - 0000218 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2015-01-30 21:17 - 2015-01-30 21:17 - 0000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\John\AppData\Local\setup.txt
2012-12-04 13:34 - 2012-12-04 13:34 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\dateinj01.dll
C:\Users\John\AppData\Local\Temp\dllnt_dump.dll
C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg27czt.dll
C:\Users\John\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\John\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\John\AppData\Local\Temp\npp.6.8.8.Installer.exe
C:\Users\John\AppData\Local\Temp\ose00000.exe
C:\Users\John\AppData\Local\Temp\Uninstall.exe
C:\Users\John\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-09 03:29
 
==================== End of FRST.txt ============================

Edited by jethull, 12 January 2016 - 12:52 PM.


#9 jethull

jethull
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 12 January 2016 - 12:46 PM

post too long, so here is pastebin for Addition.txt
 
http://pastebin.com/MhLbuHPw
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by John (2016-01-12 18:18:32)
Running from C:\Users\John\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-09-29 20:06:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-107711043-1986751878-3852339312-500 - Administrator - Disabled)
Guest (S-1-5-21-107711043-1986751878-3852339312-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-107711043-1986751878-3852339312-1003 - Limited - Enabled)
John (S-1-5-21-107711043-1986751878-3852339312-1000 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.netCHARTING WinForms (HKLM-x32\...\{8B251B2C-E1ED-46FA-88A6-F98F92F4EFDC}) (Version: 7.0.4217.16066 - WebAvail Productions Inc. & Corporate Web Solutions Ltd.)
2C-Audio Aether (HKLM-x32\...\Aether) (Version: - 2C-Audio)
3dsmax ancillary install (x32 Version: 1 - Autodesk) Hidden
Abbeyroadplugins EMI TG Mastering Pack VST RTAS v1.0.2 (HKLM-x32\...\Abbeyroadplugins EMI TG Mastering Pack VST RTAS_is1) (Version: - )
Ableton Live 9 Suite (HKLM\...\{2E533C18-7395-4EAB-B5F5-1891FC591D79}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM-x32\...\{CBFFFADF-30D3-49B2-806C-237EDDBFA0B3}) (Version: 9.0.0.0 - Ableton)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version: - )
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.29 - ASUSTeK Computer Inc.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1492, 24.04.2015 - AIMP DevTeam)
Akamai NetSession Interface (HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AMR Player 1.3 (HKLM-x32\...\{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1) (Version: - www.amrplayer.com)
ArKaos VJ 3.6 FC2 (HKLM-x32\...\{E636027F-7BAE-4E9F-91C0-08BC75E2F733}) (Version: 3.6 FC2 - )
ARP2600 V (HKLM-x32\...\ARP2600 V) (Version: - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
Autodesk 3ds Max 2014 (HKLM\...\Autodesk 3ds Max 2014) (Version: 16.0.420.0 - Autodesk)
Autodesk 3ds Max 2014 (Version: 16.0.420.0 - Autodesk) Hidden
Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk)
Autodesk 3ds Max 9 32-bit (HKLM-x32\...\{E96D4088-AAC5-437F-9E39-EC0E387897B4}) (Version: 9.2.0.114 - Autodesk)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk DWF Viewer 7 (HKLM-x32\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.0.0 - Autodesk, Inc.)
Autodesk Essential Skills Movies for 3ds Max 2014 64-bit (HKLM\...\{E8814D63-BB76-4C89-A25E-264ECF11D00D}) (Version: 1.2.0.0 - Autodesk)
Autodesk FBX Plugin 2009.3 - 3ds Max 9.0 (HKLM-x32\...\Autodesk FBX Plugin 2009.3 - 3ds Max 9.0) (Version: - Autodesk)
Autodesk FBX Review (HKLM\...\{FA9B1D5B-25D3-4809-B8AD-DFB00B1BF560}) (Version: 1.2.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.32.600 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (Version: 13.02.15161 - Autodesk) Hidden
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Backburner (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2007.0 - Discreet)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.3200 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.97 - Broadcom Corporation)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.)
C++ Compiler XE Documentation (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
C++ Indicator MSI (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
C++ Integration(s) in Microsoft Visual Studio* (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
C++|Fortran Compiler XE common files (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
C++|Fortran Compiler XE on IA-32 (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
C++|Fortran Compiler XE on Intel® 64 (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
C++|Fortran Compiler XE on Intel® 64 common files (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Close Combat Gateway to Caen (HKLM-x32\...\Close Combat Gateway to Caen_is1) (Version: - )
Close Combat Last Stand Arnhem (HKLM-x32\...\Close Combat Last Stand Arnhem5.60) (Version: 5.60 - Matrix Games)
Composer XE 2013 Common Files (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
Composer XE 2013 OpenMP on IA-32 (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
Composer XE 2013 OpenMP on Intel® 64 (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
Data Lifeguard Diagnostic for Windows 1.28 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Dishonored (HKLM-x32\...\Dishonored_is1) (Version: - )
Distributed Installer (x32 Version: 1.0 - Intel) Hidden
DMG Extractor (HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\DMG Extractor) (Version: 1.3.2.0 - Reincubate Ltd)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Dropbox (HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Drox Operative (HKLM-x32\...\Drox Operativev1.032) (Version: v1.032 - Soldak Entertainment)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Erlang OTP R15B02 (5.9.2) (HKLM-x32\...\Erlang OTP R15B02 (5.9.2)) (Version: - )
Ether One (HKLM-x32\...\Ether One_is1) (Version: - )
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.8.1.4016 - battleclinic.com)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - )
Expat XML Parser 2.1.0 (HKLM-x32\...\expat_is1) (Version: 2.1.0 - The Expat Developers)
FabFilter Total Bundle (64-bit) (HKLM-x32\...\FabFilter Total Bundle (64-bit)) (Version: - )
Fallout New Vegas 1.4 (HKLM-x32\...\Fallout New Vegas_is1) (Version: 1.4 - Bethesda Softworks)
FBX Plugin 2006.08 for Max 9.0 (HKLM-x32\...\FBX Plugin 2006.08 for Max 9.0) (Version: - )
FEZ (HKLM-x32\...\FEZ1.1) (Version: 1.1 - Foxy Games)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Filter Forge 4.008 (HKLM-x32\...\Filter Forge 4_is1) (Version: - Filter Forge, Inc.)
FRACT OSC (HKLM-x32\...\GOGPACKFRACTOSC_is1) (Version: 2.0.0.1 - GOG.com)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Freelancer (HKLM-x32\...\Freelancer 1.0) (Version: - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version: - )
FW1082 Driver 1.80 (HKLM\...\FW1082 Driver_is1) (Version: 1.80 - Frontier Design Group, LLC)
FXpansion Tremor (HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\FXpansion Tremor) (Version: 1.0.0.6 - FXpansion Audio UK Ltd)
Galactic Civilizations II - Gold Edition (HKLM-x32\...\Galactic Civilizations II - Gold Edition) (Version: - Stardock Entertainment, Inc.)
Game Dev Tycoon version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)
GemPcCCID (HKLM\...\{5E74980F-368B-4DB4-832C-E13F3ED1F02E}) (Version: 2.0.4 - Gemalto)
GForce - Minimonsta (HKLM-x32\...\Minimonsta) (Version: - )
gImageReader (HKLM-x32\...\gImageReader) (Version: 3.1.2 - Sandro Mani)
Gods Will Be Watching (HKLM-x32\...\1207664883_is1) (Version: 2.0.0.1 - GOG.com)
Gomo 1.0.4 (HKLM-x32\...\Gomo 1.0.4) (Version: 1.0.4 - Cat-A-Cat)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Grand Theft Auto V ver. 1.0.335.2 (HKLM-x32\...\{27159000-99AS-22CV-33F9-55GYHF2186AC}_is1) (Version: 1.0.335.2 - Rockstar Games)
GRID 2 © Codemasters version 1 (HKLM-x32\...\R1JJRDI=_is1) (Version: 1 - )
Grim Fandango Remastered (HKLM-x32\...\1207667183_is1) (Version: 2.0.0.2 - GOG.com)
Hearts of Iron III (HKLM-x32\...\{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}) (Version: - )
HexEdit (HKLM-x32\...\{083EF76E-0760-4D7A-9508-0B88A3AF1889}) (Version: 4.0.0 - Expert Commercial Software Pty Ltd)
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.27.01 - Hyperionics Technology LLC)
Icecream PDF Split and Merge version 2.24 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 2.24 - Icecream Apps)
IDGo 500 PKCS#11 Library for IDPrime .NET Smart Cards (HKLM-x32\...\{19699919-028B-4B2F-9290-558532122010}) (Version: 2.3.0.03 - Gemalto)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)
Instant Demo (HKLM-x32\...\{2C646D30-DC48-4061-A5DB-AE63173C8E3E}) (Version: 8.50.355 - NetPlay Software)
Integrated Documentation (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
Intel C++ Compiler XE common files (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
Intel C++ Compiler XE on IA-32 (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
Intel C++ Compiler XE on Intel® 64 (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
Intel C++ Compiler XE on Intel® 64 common files (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
Intel Composer XE 2013 for Windows* (HKLM-x32\...\{E546CD3A-3C28-45BC-9772-40C80B90ABB8}) (Version: 2013.0.089 - Intel Corporation)
Intel Composer XE 2013 for Windows* (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
Intel IPP common files (x32 Version: 7.1.0.089 - Intel Corporation) Hidden
Intel IPP on IA-32 (x32 Version: 7.1.0.089 - Intel Corporation) Hidden
Intel IPP on Intel® 64 (x32 Version: 7.1.0.089 - Intel Corporation) Hidden
Intel MKL common files (x32 Version: 11.0.0.089 - Intel Corporation) Hidden
Intel MKL on IA-32 (x32 Version: 11.0.0.089 - Intel Corporation) Hidden
Intel MKL on Intel® 64 (x32 Version: 11.0.0.089 - Intel Corporation) Hidden
Intel TBB core files and examples (x32 Version: 4.1.0.089 - Intel Corporation) Hidden
Intel® C++ Redistributables on IA-32 (x32 Version: 13.0.089 - Intel Corporation) Hidden
Intel® C++ Redistributables on Intel® 64 (x32 Version: 13.0.089 - Intel Corporation) Hidden
Intel® Composer XE 2013 for Windows* (x32 Version: 13.0.0.089 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Software Manager (x32 Version: 1.0.036 - Intel) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iZotope RX 3 (HKLM-x32\...\iZotope RX 3_is1) (Version: 3.02 - iZotope, Inc.)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Lounge Lizard EP-2 v2.0 (HKLM-x32\...\Lounge Lizard EP-2 v2.0) (Version: - )
Magicka (HKLM-x32\...\Magicka_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
MATLAB R2012a (HKLM\...\Matlab R2012a) (Version: 7.14 - The MathWorks, Inc.)
M-Audio Oxygen Driver 1.3.0 (x64) (HKLM\...\{B52D5EDB-1945-4889-8F25-DEA1F9CD876A}) (Version: 1.3.0 - M-Audio)
Max 6.1.0 (HKLM\...\{33BC130F-F589-43EE-BF5E-9FA4C00E7E0E}) (Version: 136.1.0 - Cycling '74)
Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
Media Go (HKLM-x32\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2012 Tools for Unity (HKLM-x32\...\{AC085267-DE20-4E80-AACC-86913BDDDAA8}) (Version: 1.9.0.0 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{e238e1a0-7fbd-4146-a4ac-d48badcdf3ae}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{7CF296C0-583C-4BB7-8DBE-34DD6AE635B7}) (Version: 4.18.1.0 - Domit LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-14ab53e0-ba7b-4bdb-99a1-beda13f35c0b) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-a96b9933-105e-4807-b33b-c12cc1c202fb) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-c0c58e70-0d03-462c-8942-3b74f6fbcbc7) (Version: - Epic Games, Inc.)
NaissanceE (HKLM-x32\...\TmFpc3NhbmNlRQ==_is1) (Version: 1 - )
Native Instruments Absynth 4 (HKLM-x32\...\Native Instruments Absynth 4) (Version: - )
Native Instruments B4 II (HKLM-x32\...\Native Instruments B4 II) (Version: - )
Native Instruments Battery 4 (HKLM-x32\...\Native Instruments Battery 4) (Version: 4.0.2.2254 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.3.0.6464 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: - Native Instruments)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios)
NinjaTrader 7 (HKLM-x32\...\{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}) (Version: 7.0.1011 - NinjaTrader)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Novation V-Station v1.20-H2O (HKLM-x32\...\Novation V-Station v1.20-H2O) (Version: - )
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
NVIDIA 3DTV Play Activation Utility (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DTV) (Version: 266.7 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ohm Force - Ohmicide VST (HKLM-x32\...\Ohmicide VST) (Version: - )
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PSP Lexicon PSP 42 v1.2 (HKLM-x32\...\PSP Lexicon PSP 42 v1.2) (Version: - )
Python 2.7 (HKLM-x32\...\{20c31435-2a0a-4580-be8b-ac06fc243ca4}) (Version: 2.7.150 - Python Software Foundation)
Python 2.7 pywin32-214 (HKLM-x32\...\pywin32-py2.7) (Version: - )
Python 2.7 reverence-1.5.0 (HKLM-x32\...\reverence-py2.7) (Version: - )
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.2.12 - Intuit)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Recuva (HKLM\...\Recuva) (Version: 1.37 - Piriform)
Reversion - The escape (HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Reversion - The Escape) (Version: 1.3.2176 - 3f Interative)
rgcAudio z3ta Plus v1.40 (HKLM-x32\...\rgcAudio z3ta Plus v1.40) (Version: - )
Rob Papen SubBoomBass 1.0.3c (HKLM-x32\...\SubBoomBass_is1) (Version: - RPCX)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
SecureAccess64 (HKLM\...\{EAA0BC6A-B288-4F36-9A67-C0B16C895507}) (Version: 1.0.0 - Microsoft)
SecureAccess86 (HKLM-x32\...\{E6C2A010-032E-41F7-8D49-ABB6CB169758}) (Version: 1.0.0 - Microsoft)
Semper Fi 1.0 (HKLM-x32\...\Semper Fi_is1) (Version: - Paradox Interactive)
Shadowrun - Hong Kong (HKLM-x32\...\1436866438_is1) (Version: 2.0.0.1 - GOG.com)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
Sir, You Are Being Hunted (HKLM-x32\...\GOGPACKSIRYOUAREBEINGHUNTED_is1) (Version: 2.0.0.2 - GOG.com)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Slate Digital FG-X Mastering Processor VST RTAS v1.1.2 (HKLM-x32\...\Slate Digital FG-X Mastering Processor_is1) (Version: - )
Softube Tube-Tech CL 1B VST RTAS v1.0.3 (HKLM-x32\...\Softube Tube-Tech CL 1B VST RTAS_is1) (Version: - )
Sonic Charge Microtonic (HKLM-x32\...\Sonic Charge Microtonic) (Version: 3.1.0.47 - NuEdge Development)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
SoundCloud Downloader (HKLM-x32\...\PC Gizmos 136528) (Version: 83 - PC Gizmos LTD)
SpaceMonger 2.1.1 (HKLM-x32\...\SpaceMonger) (Version: 2.1.1 - Sixty-Five)
Split Second (HKLM-x32\...\Split Second_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Spotify (HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version: - Cryptic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steinberg Magneto VST v1.5 (HKLM-x32\...\Steinberg Magneto VST v1.5) (Version: - )
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version: - Team Meat)
Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.11656 - TeamViewer GmbH)
Telegram Desktop version 0.9.2 (HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.2 - Telegram Messenger LLP)
Tesseract-OCR - open source OCR engine (HKLM-x32\...\Tesseract-OCR) (Version: 3.02.02 - Tesseract-OCR community)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
The Sims 4 Update 6 - RELOADED Multi17 (HKLM-x32\...\The Sims 4 Update 6 - RELOADED Multi17) (Version: - )
The Wonderful End of the World (HKLM-x32\...\Steam App 15500) (Version: - Dejobaan Games, LLC)
Torchlight (HKLM-x32\...\Runic Games Torchlight) (Version: 0.0.66.192 - )
Torchlight 2.v 1.25.5.2 + 1 DLC (HKLM-x32\...\Torchlight 2.v 1.25.5.2 + 1 DLC_is1) (Version: Torchlight 2.v 1.25.5.2 + 1 DLC - Repack by Fenixx (01.06.2013))
Trader Workstation 4.0 (HKLM-x32\...\Trader Workstation 4.0) (Version: - )
TWS Interoperability Components (HKLM-x32\...\TWS Interoperability Components) (Version: Interopability Components version 9.66 - Interactive Brokers © Copyright 2007)
uLink (HKLM-x32\...\uLink) (Version: 1.5.8 Lina (2014-03-13) - MuchDifferent)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.0.0 beta1 - UltraDefrag Development Team)
Unity (HKLM-x32\...\Unity) (Version: 4.5.4f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
Viber (HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\{e577cb09-2068-44fb-8eed-cfcc1617b010}) (Version: 5.3.0.1884 - Viber Media Inc.)
Viber (x32 Version: 5.3.0.1884 - Viber Media Inc.) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Voxengo GlissEQ (HKLM\...\Voxengo GlissEQ_is1) (Version: 3.8 - Voxengo)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
Waldorf Edition (HKLM-x32\...\{5790BB78-C3B6-11E0-AF6D-C6874824019B}) (Version: 1.7.3 - Waldorf Music GmbH)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 5.0.5 - SoundSpectrum)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windforge (HKLM-x32\...\V2luZGZvcmdl_is1) (Version: 1 - )
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
X3 Albion Prelude (HKLM-x32\...\X3 Albion Prelude_is1) (Version: - )
yEd Graph Editor 3.13 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.13 - yWorks GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-107711043-1986751878-3852339312-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03A50B50-460E-46B4-A95F-B40E726EB759} - System32\Tasks\{5468F323-F791-461A-A109-C5719C1E93D6} => pcalua.exe -a C:\Users\John\Desktop\Solution\Setup.exe -d C:\Users\John\Desktop\Solution
Task: {03A582E2-03CD-4629-BC98-FABC3989F3B2} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-02-29] (ASUSTeK Computer Inc.)
Task: {0CCA5666-786B-4191-83FB-BF03B5520C70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1348B79E-C182-4E81-A0D6-4DEB93626518} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {1B7859F9-68BB-4D08-A946-A5DD71E28BF8} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {203BFCCF-D92C-4A4A-8643-43D8294F28D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {20FC24DB-599F-4DFA-BB92-5E8665F602A5} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {27A2689F-E6E9-4DFA-8B6B-5C4CCF937026} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-01-30] (ASUSTeK Computer Inc.)
Task: {309EE92C-D7A7-4E71-B336-31BA0480E83F} - System32\Tasks\{96F2E9FB-08C7-4D4C-9771-2BF6AC2DDB59} => pcalua.exe -a "D:\Program Files (x86)\Electronic Arts\SPORE\Support\SPORE™_uninst.exe" -d "D:\Program Files (x86)\Electronic Arts\SPORE\Support"
Task: {51E1627B-9189-482A-83AA-D5D312611E63} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-107711043-1986751878-3852339312-1000UA => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {54919013-40F8-4993-929C-071357C359B1} - System32\Tasks\ASUS\i-Setup221943 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6BBDB361-7643-4719-8889-3117B3F88090} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-107711043-1986751878-3852339312-1000Core => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {79B61AD7-AC35-4311-B657-3F4D0E440354} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {7E259002-D471-439C-AAD8-0FE9240163EB} - System32\Tasks\{9E7AE2E8-8772-4A72-A1BB-9C52AC9394B9} => pcalua.exe -a C:\Users\John\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {892C8C63-0916-4F19-8479-4ECC0A18455D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-107711043-1986751878-3852339312-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A03FDAA4-215D-4DDD-AAF9-587374F66BE2} - System32\Tasks\mp3 alert morning => C:\Program Files (x86)\Winamp\winamp.exe [2012-06-28] (Nullsoft, Inc.)
Task: {A38D52B8-100C-49A4-B91F-AFC5AC7EC3E9} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {AEB11FD1-33C0-4435-A6E2-B9EC42E9B4A7} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-107711043-1986751878-3852339312-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B0A692F0-98CC-4BB4-ACC2-D9DB5E483BC0} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [2012-03-01] (ASUSTeK Computer Inc.)
Task: {B0C62C4A-9656-4487-BAD4-29B3A3CB4AD6} - System32\Tasks\{EF747721-9758-4AA6-AD9E-B509A972962F} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\SPORE_BP1Setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {C253ED36-A8AD-4C3B-B414-13ADFD3BF10D} - System32\Tasks\mp3 alert => C:\Program Files (x86)\Winamp\winamp.exe [2012-06-28] (Nullsoft, Inc.)
Task: {D4BF032A-CF63-40F2-B837-7459C2A7688A} - System32\Tasks\mp3 alert 1 => C:\Program Files (x86)\Winamp\winamp.exe [2012-06-28] (Nullsoft, Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {F5BD3900-8D33-4E2E-84C4-459E28874146} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-107711043-1986751878-3852339312-1000Core.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-107711043-1986751878-3852339312-1000UA.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files (x86)\Simple Port Forwarding\basic_ui.bat ()

ShortcutWithArgument: C:\Users\John\Desktop\Programi\Trader Workstation 4.0.LNK -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /C "C:\Jts\StartTws.bat C:\Jts"
ShortcutWithArgument: C:\Users\John\Desktop\Programi\TWS Previous Version.LNK -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /C "C:\Jts\StartPreviousTWS.bat C:\Jts"

==================== Loaded Modules (Whitelisted) ==============

2012-09-30 14:35 - 2015-11-02 14:22 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-06 15:41 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2013-06-05 15:38 - 2012-12-11 12:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-10-16 11:02 - 2015-10-16 11:02 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-10-06 00:07 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-11-20 10:07 - 2015-11-09 11:26 - 51657424 _____ () C:\Users\John\AppData\Local\Viber\Viber.exe
2011-09-15 05:19 - 2011-09-15 05:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
2006-09-29 11:48 - 2006-09-29 11:48 - 00065536 _____ () C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll
2015-04-14 12:53 - 2015-10-12 04:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-11-20 10:07 - 2015-11-09 11:19 - 00089088 _____ () C:\Users\John\AppData\Local\Viber\qfacebook.dll
2015-11-20 10:07 - 2015-11-09 11:19 - 00389632 _____ () C:\Users\John\AppData\Local\Viber\imageformats\qsvg.dll
2015-11-20 10:07 - 2015-09-29 02:58 - 00012288 _____ () C:\Users\John\AppData\Local\Viber\QtQuick.2\qtquick2plugin.dll
2015-11-20 10:07 - 2015-09-29 15:25 - 00690176 _____ () C:\Users\John\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-20 10:07 - 2015-09-29 15:26 - 00057856 _____ () C:\Users\John\AppData\Local\Viber\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-20 10:07 - 2015-09-29 02:58 - 00012288 _____ () C:\Users\John\AppData\Local\Viber\QtQuick\Window.2\windowplugin.dll
2015-11-20 10:07 - 2015-09-29 03:04 - 00184320 _____ () C:\Users\John\AppData\Local\Viber\QtMultimedia\declarative_multimedia.dll
2015-11-20 10:07 - 2015-09-29 15:34 - 00425984 _____ () C:\Users\John\AppData\Local\Viber\QtLocation\declarative_location.dll
2015-11-20 10:07 - 2015-09-29 03:03 - 00065024 _____ () C:\Users\John\AppData\Local\Viber\QtPositioning\declarative_positioning.dll
2015-11-20 10:07 - 2015-09-29 02:58 - 00012288 _____ () C:\Users\John\AppData\Local\Viber\QtQml\Models.2\modelsplugin.dll
2015-11-20 10:07 - 2015-09-29 02:58 - 00044032 _____ () C:\Users\John\AppData\Local\Viber\QtQml\StateMachine\qtqmlstatemachine.dll
2015-10-16 11:02 - 2015-10-16 11:02 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-12-16 20:58 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 20:58 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-11 17:22 - 2015-10-31 01:59 - 00034768 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00022848 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00023352 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00042296 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 17:22 - 2015-10-31 01:59 - 00116688 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 17:22 - 2015-10-31 01:59 - 00093640 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 17:22 - 2015-10-31 01:59 - 00018376 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00019760 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00105928 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 17:22 - 2015-10-31 01:59 - 00392144 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 17:22 - 2015-12-08 22:36 - 00381752 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 17:22 - 2015-10-31 01:59 - 00692688 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00020816 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00109520 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 01737032 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00020808 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00020800 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00021840 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00038696 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00024528 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00020936 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00114640 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00021320 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00124880 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00030160 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00043472 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00175560 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00028616 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00048592 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00024392 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00036296 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 17:22 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00117056 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00023376 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 17:22 - 2015-10-31 01:59 - 00134608 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 17:22 - 2015-10-31 01:59 - 00134088 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00240584 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00020280 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00052024 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00021304 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00350152 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00084792 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 17:22 - 2015-12-08 22:36 - 01826608 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 17:22 - 2015-10-31 02:00 - 00083912 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 03891504 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 01950000 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00519984 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00133936 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00225080 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00207672 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00024904 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00486704 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 17:22 - 2015-12-08 22:36 - 00357680 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 22:45 - 2015-10-31 02:01 - 00019920 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 22:45 - 2015-10-31 02:00 - 00786904 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 11:33 - 2015-10-31 02:00 - 00063448 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 22:45 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-10-02 09:30 - 2012-02-06 20:08 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\pngio.dll
2015-12-24 21:57 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\John\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll
2014-10-16 02:41 - 2014-10-16 02:41 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-11-30 15:07 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-09-29 21:29 - 2012-02-07 16:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-11-28 20:09 - 2015-11-28 20:09 - 00218112 _____ () C:\Program Files (x86)\AIMP3\System\libsoxr.dll
2015-11-28 20:09 - 2015-11-28 20:09 - 00467968 _____ () C:\Program Files (x86)\AIMP3\System\Encoders\libFLAC.dll
2015-11-28 20:09 - 2015-11-28 20:09 - 01733120 _____ () C:\Program Files (x86)\AIMP3\System\Encoders\aimp_libvorbis.dll
2015-11-28 20:09 - 2015-11-28 20:09 - 00059976 _____ () C:\Program Files (x86)\AIMP3\Plugins\aimp_AnalogMeter\aimp_AnalogMeter.dll
2015-11-28 20:09 - 2015-11-28 20:09 - 00160840 _____ () C:\Program Files (x86)\AIMP3\Plugins\aimp_cdda\aimp_cdda.dll
2015-11-28 20:09 - 2015-11-28 20:09 - 00159232 _____ () C:\Program Files (x86)\AIMP3\Plugins\aimp_sacd\libsacd.dll
2015-11-28 20:09 - 2015-11-28 20:09 - 00026624 _____ () C:\Program Files (x86)\AIMP3\Plugins\Aorta\Aorta.dll
2015-11-28 20:09 - 2015-11-28 20:09 - 00237568 _____ () C:\Program Files (x86)\AIMP3\Plugins\OptimFROG\OptimFROG.dll
2015-11-28 20:09 - 2015-11-28 20:09 - 00152648 _____ () C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter\PandemicAnalogMeter.dll
2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-06-08 20:06 - 2015-06-08 20:06 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-05-15 15:24 - 2015-05-15 15:24 - 02873856 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:966F7784

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-28 22:24 - 00001167 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com127.0.0.1 www.stereotool.com
127.0.0.1 vvv.stereotool.com127.0.0.1 vox1b.nuedge.net
127.0.0.1 *.nuedge.net
127.0.0.1 *nuedge*127.0.0.1 api.crashtastic.com
127.0.0.1 api.crashtastic.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-107711043-1986751878-3852339312-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5BBBEF1B-94E0-4C64-9B52-A4A6841A2202}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{505EF0FF-B2B9-4843-B31D-691591C97924}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3510BFF2-C452-444D-BC6A-D0AAA1EA7330}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{3A498848-3F2A-44D0-8058-039E603A427F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{D2F3EE61-D7D5-4803-B0CC-1F2C9B15EC5A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{67F984E6-B14E-4452-A84D-E0A8B75C1554}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [TCP Query User{FA795A88-B993-4839-B672-DA0C3198E6FC}C:\program files (x86)\stone giant\exe\stone_giant.exe] => (Allow) C:\program files (x86)\stone giant\exe\stone_giant.exe
FirewallRules: [UDP Query User{A9258934-4DC9-488D-A561-E61404239177}C:\program files (x86)\stone giant\exe\stone_giant.exe] => (Allow) C:\program files (x86)\stone giant\exe\stone_giant.exe
FirewallRules: [{ACB43901-9074-4FBB-B311-D21A1D19C3E2}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe
FirewallRules: [{97590651-B283-4108-8CB1-96A1E774729E}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe
FirewallRules: [{6B31F9D1-8BB7-415E-80BA-D453101FEB54}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe
FirewallRules: [{B9CE395D-E7B2-4110-8C7D-CD591FA92DC2}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\EasyChat.exe
FirewallRules: [{94C443A2-5F36-40AE-A8FE-DB9381227B40}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe
FirewallRules: [{EF1D8196-BCB8-45AF-86B9-F1E6FE0C2BA5}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe
FirewallRules: [{A82DD02D-03C5-4E1C-B1BE-7E789718B22F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{75AF9109-126C-42BB-86B2-1C040933BB2C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{33ED3C2E-7639-446F-ABF5-4E6111DEAD5B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{720DA5FE-0665-4A40-8675-2F1056B06F9A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{55901C8E-B187-4BAE-828C-908722DA35BC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{066ECBCA-798C-4CC5-A349-08DCFD183C41}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{E1C261AD-6F5B-4D1A-BFF9-3D8F2E8BBC39}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{8638A411-3DF1-4994-8C47-5D6CF3C25D8E}C:\unmechanical\binaries\win32\udk.exe] => (Allow) C:\unmechanical\binaries\win32\udk.exe
FirewallRules: [UDP Query User{0A49919C-1696-4A2A-9D4F-8BC6D4C26E33}C:\unmechanical\binaries\win32\udk.exe] => (Allow) C:\unmechanical\binaries\win32\udk.exe
FirewallRules: [{AD7160BE-1147-4A03-BE22-B46E7D516810}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{173D3364-6C9B-4C15-8362-7FBC7187DE52}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [TCP Query User{9A1F1987-6594-4D1D-87CF-30883EA5A8F3}C:\program files (x86)\cain\cain.exe] => (Allow) C:\program files (x86)\cain\cain.exe
FirewallRules: [UDP Query User{25EC1C2F-7321-4AA2-B282-E02B42D16AC7}C:\program files (x86)\cain\cain.exe] => (Allow) C:\program files (x86)\cain\cain.exe
FirewallRules: [{1CAECFB2-A7C0-42AF-A021-4D245F8A893C}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{F12395F1-443F-44B5-8AD3-73806B9E8582}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{FCDA2167-72A5-4AEF-A4EC-EB17795C08BE}] => (Allow) LPort=2869
FirewallRules: [{55803A05-8118-4339-88FD-18C74EBE2360}] => (Allow) LPort=1900
FirewallRules: [{A08122C4-0F94-4803-8448-772AFC3B143B}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{5220A476-45E4-4E63-B9D4-B139567C176C}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [TCP Query User{775A6B5E-8145-4C7C-ACD6-392941782E69}C:\users\john\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\john\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{68E7D175-F498-4841-A92F-36CD87CC3CEE}C:\users\john\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\john\appdata\local\akamai\netsession_win.exe
FirewallRules: [{EBAC7C57-73CC-40D6-AD9D-B06B3CA6D585}] => (Allow) LPort=2869
FirewallRules: [{3CE340EF-0ECC-4E1B-B2E0-22942A7F69E7}] => (Allow) LPort=1900
FirewallRules: [{6A7BDA07-B107-472C-A1BA-54C5BCA6087D}] => (Allow) D:\Program Files (x86)\Bohemia Interactive\ArmA 2\arma2.exe
FirewallRules: [{5F0EE5D6-0444-4BD5-BFF1-67D39753CF66}] => (Allow) D:\Program Files (x86)\Bohemia Interactive\ArmA 2\arma2.exe
FirewallRules: [TCP Query User{7D1235CE-1473-49BA-8298-367F34302D33}C:\program files (x86)\esignal\winros.exe] => (Allow) C:\program files (x86)\esignal\winros.exe
FirewallRules: [UDP Query User{84779ED1-253E-4D56-8F0D-94FC98A5BE2E}C:\program files (x86)\esignal\winros.exe] => (Allow) C:\program files (x86)\esignal\winros.exe
FirewallRules: [{1A7CD111-837F-48C5-8BEA-372A670DAB39}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{71E27861-9EF7-47DE-8184-E40589C92F2A}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe] => (Allow) C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe
FirewallRules: [UDP Query User{CEF60B9D-095D-471C-9CEE-3CC2887BA3F1}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe] => (Allow) C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe
FirewallRules: [TCP Query User{71EFC0E0-0538-4F61-A987-2FE11D90FD7A}C:\program files (x86)\common files\interactive data\dm\winros.exe] => (Allow) C:\program files (x86)\common files\interactive data\dm\winros.exe
FirewallRules: [UDP Query User{B030792E-8CA4-47D3-B03D-0D34954395AD}C:\program files (x86)\common files\interactive data\dm\winros.exe] => (Allow) C:\program files (x86)\common files\interactive data\dm\winros.exe
FirewallRules: [TCP Query User{2B774FB3-7CEB-4552-8BBE-52BFF6593303}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe
FirewallRules: [UDP Query User{58B3DD40-EED5-4DE1-B589-CA93F108A510}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe
FirewallRules: [TCP Query User{8107B3B0-B8FD-46E5-975B-6C34EC1D293A}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{8A7FEA29-50C1-4EB1-A7D8-A0368AD8FDF4}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{DAA8F23B-E030-4C98-B6B4-7FDA33CCB6C3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E09772DF-BAFA-4D35-A3BC-7C98BD9A104C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{C1F75CE7-D97C-4420-807C-3B9F01369A7E}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [UDP Query User{D531EDA6-33F2-451F-BE12-37AEA3B34319}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{584AB354-315D-46E4-9FF8-EE89DD4C5864}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B99F8A06-6409-4D48-A9E3-549057132DFF}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{13A3E8C7-4234-41AE-98D4-C983BAE6E3F3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{02843784-BD45-472B-92AF-CCCDF27A11CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{9B59AD45-C346-4645-B088-AA76B92A2D5E}C:\program files\matlab\r2012a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2012a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F84A2F56-8BFE-485E-A97B-F2AAF1EBE368}C:\program files\matlab\r2012a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2012a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{0C0BBE78-F1B7-48E5-846A-4BD651EC69D3}C:\program files\matlab\r2012a\bin\win64\smpd.exe] => (Allow) C:\program files\matlab\r2012a\bin\win64\smpd.exe
FirewallRules: [UDP Query User{1A6B9B79-2F16-4B1B-B8C7-EA45A42F33D4}C:\program files\matlab\r2012a\bin\win64\smpd.exe] => (Allow) C:\program files\matlab\r2012a\bin\win64\smpd.exe
FirewallRules: [TCP Query User{B0694465-044E-4E54-B061-9CE717B20603}C:\program files\matlab\r2012a\bin\win64\mpiexec.exe] => (Allow) C:\program files\matlab\r2012a\bin\win64\mpiexec.exe
FirewallRules: [UDP Query User{811BA716-0C3D-4861-A5AC-A626F8BFC39B}C:\program files\matlab\r2012a\bin\win64\mpiexec.exe] => (Allow) C:\program files\matlab\r2012a\bin\win64\mpiexec.exe
FirewallRules: [{919E4CF0-E429-408C-8130-1939E8E1014D}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\WolframCDFPlayer.exe
FirewallRules: [{D633653A-7C89-4C79-B3F1-C7D1B93719EF}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\WolframCDFPlayer.exe
FirewallRules: [{F6F4AF91-4508-473A-8B79-111AEF1BCFB6}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\math.exe
FirewallRules: [{0A2940A8-5F7D-4B96-9AC5-E15D3BB5CBE3}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\math.exe
FirewallRules: [TCP Query User{D6A19FB2-C060-44D7-9535-8226C973139F}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{1A9CBF86-A89C-4E8C-AE7C-CB8579767D74}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{E5D8E789-1EEA-4D47-A561-DF02F553E60D}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{790E49A5-5356-4246-9156-BDDD25CFC856}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [TCP Query User{D6F5209B-7C81-4DD9-B35B-FC720E1D9664}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{C23E4264-3D4F-42D0-A149-771691077996}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{3CFCDB35-472F-4FB0-A5D4-05449B3DE14B}C:\program files\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{E7FA711A-752E-4F27-AFAE-17B67113331B}C:\program files\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{BE3EC7AE-46F5-4F00-8572-66D148940CE9}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{2A6B9C5E-F6B7-4BEC-850C-2212A5B0942D}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [TCP Query User{AA819AAF-E63B-40FD-9044-9F5D65F95C43}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{B2870674-4458-45D1-B3E2-67DF5B8CA89A}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{9820D7F8-4B24-4D99-9BFB-65A1E23D293C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5A67E496-938D-471F-924F-7420D416E49B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BC1C16D3-412D-4093-BE3A-8E24810D58D5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{88E68B5B-F7F7-4130-B6B4-5313D55FCA21}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{1B6B9065-DFF3-4EAF-9B55-31BA77C42F08}C:\program files (x86)\yworks\yed\yed.exe] => (Block) C:\program files (x86)\yworks\yed\yed.exe
FirewallRules: [UDP Query User{98DCE37C-B2F2-4481-B9A0-9BD8CFF5D275}C:\program files (x86)\yworks\yed\yed.exe] => (Block) C:\program files (x86)\yworks\yed\yed.exe
FirewallRules: [TCP Query User{9EA0AFD4-17A2-43ED-90CF-20C8C5994437}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{D0567BE0-39E4-4D4B-92D0-ABB074EC44E8}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe
FirewallRules: [{F1302A4D-691C-4B46-A4E6-D6B3D0447687}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{83A8F34D-B4E5-49C1-8E2A-131158C01359}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{73FDA80F-562F-4593-8AF5-8423686D3FC1}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{752F4C13-2651-4E1C-BD4F-5CDD0071C9F6}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{A942C0C9-EF7F-4308-AE72-1E8AD329AD90}C:\users\john\desktop\stratum_proxy.exe] => (Allow) C:\users\john\desktop\stratum_proxy.exe
FirewallRules: [UDP Query User{942854FF-A752-4880-B7BF-6779B0775E2A}C:\users\john\desktop\stratum_proxy.exe] => (Allow) C:\users\john\desktop\stratum_proxy.exe
FirewallRules: [TCP Query User{6D5589EF-48A2-4C06-99B0-A302DA1BEE29}C:\program files (x86)\star conflict\launcher.exe] => (Allow) C:\program files (x86)\star conflict\launcher.exe
FirewallRules: [UDP Query User{207B4818-359B-47E9-8BBF-7FA4FB5524A9}C:\program files (x86)\star conflict\launcher.exe] => (Allow) C:\program files (x86)\star conflict\launcher.exe
FirewallRules: [TCP Query User{34639296-63C8-4DD5-B3B8-6D36C4CBEEAC}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{D70333C9-1C7D-4280-B647-D3FDCAE3913F}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [TCP Query User{3328A697-F5A5-4322-8C55-C3043EEA5510}C:\users\john\desktop\cudaminer\stratum_proxy.exe] => (Allow) C:\users\john\desktop\cudaminer\stratum_proxy.exe
FirewallRules: [UDP Query User{0ED628D4-3CC7-417B-A7C6-4C841DCE3B52}C:\users\john\desktop\cudaminer\stratum_proxy.exe] => (Allow) C:\users\john\desktop\cudaminer\stratum_proxy.exe
FirewallRules: [TCP Query User{D06B1C01-C9E5-4A67-9C29-D19A3BCF0472}C:\users\john\desktop\multiplayertutorial\build.exe] => (Allow) C:\users\john\desktop\multiplayertutorial\build.exe
FirewallRules: [UDP Query User{4CDB465A-2448-4F10-90FD-959EBCC46065}C:\users\john\desktop\multiplayertutorial\build.exe] => (Allow) C:\users\john\desktop\multiplayertutorial\build.exe
FirewallRules: [TCP Query User{C595B26A-EF96-44BD-9056-76B9F70F8EC9}C:\users\john\desktop\programi\cudaminer\stratum_proxy.exe] => (Allow) C:\users\john\desktop\programi\cudaminer\stratum_proxy.exe
FirewallRules: [UDP Query User{4E25077F-8AF4-47D7-A232-E3856B66D541}C:\users\john\desktop\programi\cudaminer\stratum_proxy.exe] => (Allow) C:\users\john\desktop\programi\cudaminer\stratum_proxy.exe
FirewallRules: [TCP Query User{38402653-E1B0-4AA0-B7F7-66FB53CF2925}C:\program files (x86)\naissancee\binaries\win32\udk.exe] => (Block) C:\program files (x86)\naissancee\binaries\win32\udk.exe
FirewallRules: [UDP Query User{991BA5BE-A20D-4C43-AB52-F9FD7FB0BD14}C:\program files (x86)\naissancee\binaries\win32\udk.exe] => (Block) C:\program files (x86)\naissancee\binaries\win32\udk.exe
FirewallRules: [TCP Query User{C8D86ACB-6B80-455E-87A3-A21705A1C85F}C:\antichamber\binaries\win32\udk.exe] => (Block) C:\antichamber\binaries\win32\udk.exe
FirewallRules: [UDP Query User{E7ED20EE-E9AB-4E8B-BDFD-2783DD416F2E}C:\antichamber\binaries\win32\udk.exe] => (Block) C:\antichamber\binaries\win32\udk.exe
FirewallRules: [{C51C23F8-F3C2-429E-BCEA-434CF25241F5}] => (Allow) D:\Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{3C37CD8C-6176-4370-90D4-33EEAC06FAB1}] => (Allow) D:\Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [TCP Query User{F4096D17-7560-4910-9800-EDAA1455D035}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{3FD7E6C5-A382-4567-83AF-54CC769F2439}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{8D1857AA-6592-44FD-954E-A6C008106840}] => (Allow) LPort=3389
FirewallRules: [TCP Query User{0F3D7A56-E2AB-4A8F-BDFA-EE17614E6E20}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{9436C566-8305-44F0-B308-AD842FFA8B80}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{4992006D-CC25-4B65-9E78-43D5D5515645}D:\games\the stanley parable\stanley.exe] => (Block) D:\games\the stanley parable\stanley.exe
FirewallRules: [UDP Query User{7812372D-004C-43B5-9106-48AF93DCD956}D:\games\the stanley parable\stanley.exe] => (Block) D:\games\the stanley parable\stanley.exe
FirewallRules: [{FA862936-CD5A-4D98-9EC1-0F861B78DA3F}] => (Allow) D:\SteamLibrary\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{D5156478-A052-435E-849C-74E5131F9247}] => (Allow) D:\SteamLibrary\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{8EBEC44A-9640-4E20-A527-087B9678E531}] => (Allow) D:\SteamLibrary\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{161980DF-B64E-46B8-B4EB-E30BBCD9C1F8}] => (Allow) D:\SteamLibrary\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [TCP Query User{66D593AB-EC9C-4E6F-B76E-0523545559EF}D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{A9D04551-EB99-4BDD-96C6-0CB462FCE6CC}D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{DBDF130E-2BEB-4392-9B85-AACFAED9EA70}] => (Allow) D:\SteamLibrary\SteamApps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{F3A1A90F-B080-4567-BE66-BFA6866CEC50}] => (Allow) D:\SteamLibrary\SteamApps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [TCP Query User{BC7EFD14-E379-4F75-BA4D-D53947D2892D}D:\steamlibrary\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) D:\steamlibrary\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{EB60D243-CCAE-4C3A-88CF-24F57ADF113C}D:\steamlibrary\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) D:\steamlibrary\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [{EB85F82C-9505-4038-8585-6244F0B896F1}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 9\3dsmax.exe
FirewallRules: [{DA9A211E-E5CE-4708-99F4-0FC29BE3A3BA}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 9\3dsmax.exe
FirewallRules: [{928D4B01-88AC-4C6A-B5A9-AEA5B2BAF407}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{6F3E794B-C8BA-4CBB-9BE1-234F89D2DB53}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{421FAAAC-A754-4A5A-83E0-4557FF9C61BF}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{39981B59-3048-48A4-83CF-E6F9A09C14A6}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{7CCDDA6D-2E47-472A-8A61-F448BD00D4F4}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{E30D30A5-F438-4BF9-A63C-FBFDFE61BEF8}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{24DD6B99-10B3-4B1D-8A52-209826D36791}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{35188FE5-A7A2-4D5F-81DB-31D7C60CB898}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{23E7DB4D-7C94-4475-A84B-9E0D0DDD73CD}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{EAAD206C-B9E0-4496-8631-29D205A2A48B}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{9F72D8A0-3C79-4DFF-B55E-0D9510902E03}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2012\UnityVS.OpenFile.exe
FirewallRules: [{66323366-D71E-4E67-AB54-B6C0E02A2508}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{9A82374C-E8FE-4E78-B56A-1BB57BB88844}] => (Allow) C:\Program Files (x86)\Unity\Editor\Unity.exe
FirewallRules: [{D69E937A-6CC0-4DC9-ACF0-8238E2E2EA5C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D01A54FB-A1B9-45FF-A0F1-07A8A41A0E45}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9125562-3D6E-49B4-9619-9EF9F7908D0C}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{942BD573-5A78-4706-95A8-5E89C2B80CCD}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{7AF11504-B827-4055-A036-2B1C4B14CDCB}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{DBA89628-5677-40B8-9294-66CBDECD15B2}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{2FF7409A-1699-4F00-9684-8A714A27FD56}] => (Allow) LPort=80
FirewallRules: [{8BBBABE2-D379-423C-9934-F472CB5C8D75}] => (Allow) LPort=443
FirewallRules: [{12DC470C-F4A0-4ED8-9BB4-6DBA7D0507E7}] => (Allow) LPort=20010
FirewallRules: [{93C7C2E9-8BC2-4AB6-B11D-E0EC8A57F178}] => (Allow) LPort=3478
FirewallRules: [{AC543055-6A82-41EE-A501-BF8710052134}] => (Allow) LPort=7850
FirewallRules: [{662AC914-CAA0-4A01-9470-AE8506935B51}] => (Allow) LPort=7852
FirewallRules: [{F848EFE7-A964-49AD-87D0-06F8FA6DB08A}] => (Allow) LPort=7853
FirewallRules: [{C50FBD3F-4408-47E1-801F-3C8FF671BD28}] => (Allow) LPort=27022
FirewallRules: [{0556FB8F-7D9F-450C-9ED7-9CC4E8B995E5}] => (Allow) LPort=6881
FirewallRules: [{E100D8BD-36DC-430F-A590-561B58F24A8A}] => (Allow) LPort=33333
FirewallRules: [{48021635-1464-438B-B40A-C42ED98E1D6C}] => (Allow) LPort=20443
FirewallRules: [{55D5032E-C669-45B0-AB56-1E286310B6A8}] => (Allow) LPort=8090
FirewallRules: [{EB9F0BBB-F2B2-40FC-A255-3FCC80D66CD5}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{84120655-4BB3-4AD8-943F-2C455E20E3BC}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{52A6C0A5-BED4-46F8-AFAF-1DA5BDC9FE8F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{13A05637-2B64-4AA8-B80E-4149A3A0A327}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BFC65DE-19EE-4257-A951-6F8199510CFA}] => (Allow) D:\Program Files (x86)\Dreamfall Chapters\Dreamfall Chapters.exe
FirewallRules: [{11A873A1-EFC2-4208-82CF-348E1E2B2464}] => (Allow) D:\Program Files (x86)\Dreamfall Chapters\Dreamfall Chapters.exe
FirewallRules: [{A4DD406C-C9AD-48F4-B523-204E07DFAEAA}] => (Allow) D:\Program Files (x86)\Dreamfall Chapters\Dreamfall Chapters.exe
FirewallRules: [{F4E15542-3231-4D25-B0F3-C40EC8004F96}] => (Allow) D:\Program Files (x86)\Dreamfall Chapters\Dreamfall Chapters.exe
FirewallRules: [{44AE0ECC-FF4E-4270-936C-CDDCB582E5A2}] => (Allow) D:\Program Files (x86)\Dreamfall Chapters Book2\Dreamfall Chapters.exe
FirewallRules: [{78EB1795-BF31-463F-9D6E-41B3F633D095}] => (Allow) D:\Program Files (x86)\Dreamfall Chapters Book2\Dreamfall Chapters.exe
FirewallRules: [{F75E54B7-504E-42A5-B96C-DE5277481A29}] => (Allow) D:\Program Files (x86)\Dreamfall Chapters Book2\Dreamfall Chapters.exe
FirewallRules: [{0381C867-C12D-40B9-B285-58E34915AD4C}] => (Allow) D:\Program Files (x86)\Dreamfall Chapters Book2\Dreamfall Chapters.exe
FirewallRules: [{039DCE5C-4818-4233-A895-F5B68A5852F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{27B3FC4F-D94C-4B2F-AB60-96DDA22AD1BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{208D3E43-1392-4522-84F3-5756DEA61EE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{57BDD2BB-DCB0-48F3-A287-734BEA2AB438}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F931BF3F-8179-4D0C-A8E1-D36543AF7208}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{279C7F94-F7AA-438D-B6AF-D3DFF162CA3F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0E023C95-299E-4EDB-94AB-09C33B06AF88}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{53FD0A41-D793-4861-B79D-E5EA32DA197A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6DA7A2C9-55F9-411B-81DF-FB6964A91E64}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DFB8A30F-A0AE-40CE-A479-E1E8365F32B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F92B8A18-5677-4B1B-A7FD-97194786FD92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Wonderful End of the World\main.exe
FirewallRules: [{6E518894-B47C-47E7-87A8-C670D04AEEA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Wonderful End of the World\main.exe
FirewallRules: [{8E412DB3-B45D-4144-983D-4952923B4811}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D901ED4E-B88A-4BFF-8E11-0B9046247257}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DD0CEFAC-D00D-497E-9350-D31FAE5CAFFD}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AECB9CFB-3F28-4A1B-9A21-15433EF3AD77}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{30B9205E-D092-462A-87D0-1849571928A7}] => (Allow) LPort=1077
FirewallRules: [{632832AC-FBA7-4655-A5A8-FB1B8543BBCF}] => (Allow) LPort=5000
FirewallRules: [TCP Query User{B9EF5A2B-55AF-45D6-A3C2-4D3B40E7CE8D}C:\users\john\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\john\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{34EEA4C0-34AE-46D0-A39F-7ACBC4F2DAD8}C:\users\john\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\john\appdata\roaming\spotify\spotify.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

10-01-2016 23:49:48 Scheduled Checkpoint
12-01-2016 17:01:05 Windows Update
12-01-2016 17:31:14 Removed Microsoft Office Professional Plus 2013
12-01-2016 17:31:23 PROPLUS

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2016 11:06:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (01/11/2016 04:29:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (01/10/2016 11:00:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/10/2016 11:00:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/10/2016 08:31:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/10/2016 08:31:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/10/2016 08:25:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2016 08:19:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devenv.exe, version: 11.0.50727.1, time stamp: 0x5011ecaa
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56258e62
Exception code: 0xc0000374
Fault offset: 0x000ced0b
Faulting process id: 0x1d0c
Faulting application start time: 0xdevenv.exe0
Faulting application path: devenv.exe1
Faulting module path: devenv.exe2
Report Id: devenv.exe3

Error: (01/10/2016 08:18:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2016 07:29:43 PM) (Source: VsJITDebugger) (EventID: 4096) (User: John_i7_desktop)
Description: An unhandled win32 exception occurred in process #10032. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.


System errors:
=============
Error: (01/11/2016 08:49:31 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (01/11/2016 08:49:28 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (01/11/2016 08:49:24 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (01/11/2016 08:49:21 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (01/11/2016 08:49:17 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (01/11/2016 08:49:14 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (01/11/2016 08:49:10 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (01/11/2016 08:49:06 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (01/11/2016 08:49:03 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (01/11/2016 08:48:59 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.


CodeIntegrity:
===================================
Date: 2015-08-18 01:00:25.260
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-16 23:45:55.194
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-16 08:19:17.324
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-15 00:37:56.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-14 17:23:54.758
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-14 16:28:07.948
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-13 15:29:43.334
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-13 15:12:18.260
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-13 07:33:16.639
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-13 07:21:22.304
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 35%
Total physical RAM: 16338.98 MB
Available physical RAM: 10570.72 MB
Total Virtual: 32676.16 MB
Available Virtual: 26438.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:55.53 GB) NTFS
Drive d: (DeepSpace) (Fixed) (Total:1862.89 GB) (Free:406.75 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:203.38 GB) NTFS
Drive i: (Seagate Backup Plus Drive) (Fixed) (Total:3725.9 GB) (Free:2585.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6CA4C239)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 1B839176)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 9BBE975C)

Partition: GPT.

==================== End of Addition.txt ============================

Edited by Oh My!, 12 January 2016 - 05:35 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:39 PM

Posted 12 January 2016 - 05:55 PM

Thanks for the information.

-----

Have you ever had Cain Password Recovery installed?

-----

Do you recognize these?
 

Wassersport InformationsDienst Berlin
C:\Svasta
C:\Huvles
C:\Jts


-----

What can you tell me about these file names/extensions? Did you create them?
 

2016-01-10 20:18 - 2016-01-10 20:19 - 00019456 ____H C:\Users\John\Desktop\sjgndkf.v11.suo
2016-01-10 20:18 - 2016-01-10 20:18 - 00000989 _____ C:\Users\John\Desktop\sjgndkf.sln
2016-01-10 20:14 - 2016-01-10 20:14 - 00010752 ____H C:\Users\John\Desktop\TDSSKiller.v11.suo
2016-01-10 20:14 - 2016-01-10 20:14 - 00000998 _____ C:\Users\John\Desktop\TDSSKiller.sln
2016-01-10 20:09 - 2015-12-11 22:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\John\Desktop\sjgndkf.exe


-----

Please consider and do this.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can uninstall the program(s) via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Emsisoft Anti-Malware
Kaspersky Anti-Virus


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: K - K:\setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {0de6dde4-0abb-11e2-a9e0-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {b9d0ae60-0f41-11e2-b506-94dbc98aaf7b} - H:\setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {d53b3c81-14a0-11e2-9ec1-94dbc98aaf7b} - K:\Autorun.exe
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkTDA\npthinkorswim.dll [No File]
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\nptossc.dll [No File]
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7kfum7v2.default\user.js [2015-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MFE_RR; \??\C:\Users\John\AppData\Local\Temp\mfe_rr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:966F7784
Hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uploading Minidump File

--------------------
  • Using Windows Explorer please navigate to the following location(s):

C:\Windows\Minidump\010816-49280-01.dmp

  • Upload the file(s) here
  • I will be automatically notified when the file has been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Responses to questions
  • Fixlog
  • Uploaded Minidump file
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 jethull

jethull
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 12 January 2016 - 06:26 PM

Answers to questions
 
-Yes, i have had cain password recovery installed, 3 or so years ago. I think i removed it though.
 
-Yes i recognize all of those. 
 
-Yes i created those file names/extensions. I copied TDSKiller to my desktop and tried to run it. The .suo and .sln files are visual studio files created after entering debug mode. That's where i had obtained the aforementioned stack trace. I also tried renaming the exe to something else, thinking maybe a virus would stop it working based on file name. I was going to try the .bat > .com trick but i thought there's no use for that considering what the stack trace showed.
 
-I will remove Emsisoft Anti-Malware. (*clicking and typing noise*) Done!
 
-Here is the Fixlog.txt
 
Fix result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by John (2016-01-13 00:20:56) Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: K - K:\setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {0de6dde4-0abb-11e2-a9e0-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {b9d0ae60-0f41-11e2-b506-94dbc98aaf7b} - H:\setup.exe
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\...\MountPoints2: {d53b3c81-14a0-11e2-9ec1-94dbc98aaf7b} - K:\Autorun.exe
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkTDA\npthinkorswim.dll [No File]
FF Plugin HKU\S-1-5-21-107711043-1986751878-3852339312-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\nptossc.dll [No File]
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7kfum7v2.default\user.js [2015-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MFE_RR; \??\C:\Users\John\AppData\Local\Temp\mfe_rr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:966F7784
Hosts:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value removed successfully
HKU\S-1-5-21-107711043-1986751878-3852339312-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-107711043-1986751878-3852339312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
"HKU\S-1-5-21-107711043-1986751878-3852339312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K" => key removed successfully
"HKU\S-1-5-21-107711043-1986751878-3852339312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de6dde4-0abb-11e2-a9e0-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{0de6dde4-0abb-11e2-a9e0-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-107711043-1986751878-3852339312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0ae60-0f41-11e2-b506-94dbc98aaf7b}" => key removed successfully
HKCR\CLSID\{b9d0ae60-0f41-11e2-b506-94dbc98aaf7b} => key not found. 
"HKU\S-1-5-21-107711043-1986751878-3852339312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d53b3c81-14a0-11e2-9ec1-94dbc98aaf7b}" => key removed successfully
HKCR\CLSID\{d53b3c81-14a0-11e2-9ec1-94dbc98aaf7b} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKU\S-1-5-21-107711043-1986751878-3852339312-1000\Software\MozillaPlugins\tdameritrade.com/thinkorswim" => key removed successfully
C:\Program Files (x86)\thinkTDA\npthinkorswim.dll => not found.
"HKU\S-1-5-21-107711043-1986751878-3852339312-1000\Software\MozillaPlugins\tdameritrade.com/tossc" => key removed successfully
C:\Program Files (x86)\thinkTDA\nptossc.dll => not found.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7kfum7v2.default\user.js => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => not found.
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => not found.
rpcapd => service removed successfully
btwampfl => service removed successfully
btwaudio => service removed successfully
btwavdt => service removed successfully
btwl2cap => service removed successfully
btwrchid => service removed successfully
massfilter => service removed successfully
MFE_RR => service removed successfully
VGPU => service removed successfully
ZTEusbmdm6k => service removed successfully
ZTEusbnmea => service removed successfully
ZTEusbser6k => service removed successfully
C:\ProgramData\TEMP => ":966F7784" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
==== End of Fixlog 00:20:57 ====
 
 
 
- File submitted as requested.
 
 
- Update on computer behaviour: I haven't seen the webcam switch on the last 2 days, and even before that it wasn't switching on so frequently. The fact that my symptoms were so few and far between might make accurate diagnosis difficult, i am worried. The only "odd" thing that happend was that Chrome was shut down while applying the fix, but i believe this is normal because the fixlist included "CHR Plugin".

Edited by jethull, 12 January 2016 - 06:26 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:39 PM

Posted 12 January 2016 - 06:51 PM

Thanks for the update. Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 jethull

jethull
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 13 January 2016 - 05:48 AM

-ESET log: I plugged in my backup hardrive (F:) and also my brother's (I:) while the scan was running. Note: it is "very unlikely" that the keygens in the Adobe_new folder were ever run, but not impossible. 
 
C:\Program Files\HyperCam 2\hctoolbar.exe Win32/Somoto.F potentially unwanted application deleted
C:\Users\John\Downloads\ViberSetup.exe Win32/Toolbar.SearchSuite.W potentially unwanted application cleaned by deleting
D:\Downloads\Codec-V.exe Win32/InstallMate potentially unwanted application cleaned by deleting
D:\Downloads\SoftonicDownloader_for_dmg-extractor.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application cleaned by deleting
D:\Downloads\SoftonicDownloader_for_nero-general-cleantool.exe Win32/SoftonicDownloader.E potentially unwanted application cleaned by deleting
D:\Downloads\Unlocker1.9.1-x64.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application deleted
D:\Downloads\old\kmplayer_downloader.exe a variant of Win32/SoftonicDownloader.E potentially unwanted application cleaned by deleting
F:\other\Programs-Music\Mikes stuff\plugins trial\AfroDjMac\AfroDJMac Michael Jackson Synth.exe Win32/AdInstaller potentially unwanted application cleaned by deleting
F:\other\Programs-Music\Mikes stuff\plugins trial\AfroDjMac\AfroDjMac Reverse Piano.exe a variant of Win32/InstallIQ potentially unwanted application cleaned by deleting
F:\other\Programs-Music\Mikes stuff\plugins trial\AfroDjMac\Korg Monotron rack.exe a variant of Win32/InstallIQ potentially unwanted application cleaned by deleting
F:\other\Programs-Music\Mikes stuff\plugins trial\AfroDjMac\Vocal Rack & Dub Delay.exe a variant of Win32/InstallIQ potentially unwanted application cleaned by deleting
I:\Games_install\Grand Theft Auto V\3dmgame.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting
I:\other\Backup stuff\Bitlord_TheOcean\Adobe_new\Fnord ProEXR v1.2 for Photoshop & AE CS3\ProEXR.v1.2.for.Photoshop.Keygen.exe a variant of Generik.GUQOTFJ trojan cleaned by deleting
I:\other\Backup stuff\Bitlord_TheOcean\Adobe_new\IcePattern v1.2 for AE\Panopticum.IcePattern.v1.2.for.AE.Keygen.exe a variant of Generik.IVMJJJP trojan cleaned by deleting
I:\other\Backup stuff\Bitlord_TheOcean\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar potentially unwanted application deleted
I:\other\Backup stuff\Downloads_TheOcean\cnet2_sygate562808_exe.exe a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting
I:\other\Backup stuff\Downloads_TheOcean\SoftonicDownloader_for_kmplayer.exe Win32/SoftonicDownloader.A potentially unwanted application cleaned by deleting
I:\other\Backup stuff\Downloads_TheOcean\Unlocker1.9.1.exe Win32/Adware.ADON potentially unwanted application deleted
I:\other\Backup stuff\SvastaH\quicky 01022009\daemon4301-lite.exe a variant of Win32/Adware.Toolbar.Shopper.AE application cleaned by deleting
 
 
 
-security317 log:
 
 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Kaspersky Anti-Virus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 65  
 Visual Studio Extensions for Windows Library for JavaScript 
 Java version 32-bit out of Date!
 Adobe Flash Player 20.0.0.267  
 Mozilla Firefox (43.0.1) 
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.80) 
````````Process Check: objlist.exe by Laurent````````
 Kaspersky Lab Kaspersky Anti-Virus 15.0.0 avp.exe  
 Kaspersky Lab Kaspersky Anti-Virus 15.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Anti-Virus 15.0.0 plugin-nm-server.exe  
 Kaspersky Lab Kaspersky Anti-Virus 15.0.0 klwtblfs.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
 
 
-Computer behaviour: Unchanged.
Before ESET scan, webcam handle in use by: UMVPFSrv.exe, mmc.exe. After ESET scan, quarantine and restart: Same. (Note: still not sure if this is a legitimate "symptom")

Edited by jethull, 13 January 2016 - 06:05 AM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:39 PM

Posted 13 January 2016 - 10:15 AM

Greetings,

That device is set to automatically launch at computer startup. 

UMVPFSrv UMVPFSrv Running Auto Own Process c:\program files (x86)\common files\logishrd\lvmvfm\umvpfsrv.exe Normal LocalSystem 0


If you want to change that to Manual startup please do this.

===================================================

Disabling Service

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type services.msc and hit Enter.
  • In the right panel under Name tab find UMVPFSrv
  • Right click on the entry and select Properties
  • Click the Stop button then select Manual from the Startup type drop down list
  • Click OK and close the window
  • Reboot your computer into Normal Mode and check your computer behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 jethull

jethull
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 13 January 2016 - 11:52 AM

Reults:

Yep, that stopped it and now no process is using the webcam handle! :) Easy enough... Never thought of doing it myself because at first multiple processes were showing as using the webcam at different times. Do you think it's safe to assume the root cause and symptoms are cleared up, or should I do something else next?

 

Edit: immediately after restart, i got a java update to want to download itself. Again, it failed with a message saying "Download failed". That's why I'm surprised my java is up to date according to the logs, since I don't think any of my previous updates worked in the last few months!

 

Edit2: I went to the java website and downloaded a manual update myself and installed it.


Edited by jethull, 13 January 2016 - 12:17 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users