Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox keep crashing


  • This topic is locked This topic is locked
15 replies to this topic

#1 66xx66xx66

66xx66xx66

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 08 February 2016 - 10:25 PM

Some online flash video crashes Firefox.  Re-install Firefox made it worst, every time launch Firefox crashes.  After using Combofix and re-install Firefox seems to fix the problem, but afraid the malware remain in my Windows 7.  
 
Thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Desktop (administrator) on DESKTOP-PC (08-02-2016 22:10:41)
Running from C:\Users\Desktop\Desktop
Loaded Profiles: Desktop (Available Profiles: Desktop)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Buffalo Inc.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe
() C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIMplugin.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\CorsTra.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [Corsair Duke] => C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe [1771520 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [IMDreyePlugin] => C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIMplugin.exe [36864 2009-05-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\Run: [GoogleChromeAutoLaunch_DFC8472DABE1F2F5610AF2606F0DE9EE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-03] (Google Inc.)
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe [2594304 2012-09-27] (ASUS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk [2015-01-08]
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk [2015-01-08]
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B702E5D-C902-4522-A3C7-1E0EF8ECBC31}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2EDB427F-0AEA-44CF-810F-88342BDB9F52}: [DhcpNameServer] 64.71.255.205 64.71.255.253
Tcpip\..\Interfaces\{98FA1AE5-57DF-4BD6-801E-C8EB99C7139D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A82AC465-2788-499A-B3DD-A988DB9B7C67}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-24] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-24] (Oracle Corporation)
BHO-x32: No Name -> {06433BFE-4946-4E89-823D-CD359C81CD06} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: No Name -> {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
Toolbar: HKLM-x32 - Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIEBar.dll [2009-05-31] ()
Toolbar: HKU\S-1-5-21-102027666-3716477199-3525533037-1000 -> No Name - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\5uudvg2z.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.ca/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-27] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-12-26] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-12-26] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-102027666-3716477199-3525533037-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-14] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\5uudvg2z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR Profile: C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Text URL Linker) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegfbpchoheaflicfmggkmlmcccpjpgd [2014-10-13]
CHR Extension: (bamboo panda) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdimjkgkhlmlngcgioeokeekojhfmblk [2014-10-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-14]
CHR Extension: (YouTube) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (AdBlock) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-04]
CHR Extension: (Skype) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-21]
CHR Extension: (Dropdown List of Most Visited Links) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah [2014-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-30] (Creative Labs) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164736 2012-12-26] (Intel Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1722320 2014-08-26] (Micro-Star International)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11-21] (BUFFALO INC.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btiaa2dp; C:\Windows\System32\drivers\btiaa2dp.sys [82944 2008-09-16] (iAnywhere Solutions) [File not signed]
S3 BTiAPan; C:\Windows\System32\DRIVERS\btiapan.sys [37888 2008-09-16] (iAnywhere Solutions) [File not signed]
S3 btiarcp; C:\Windows\System32\DRIVERS\btiarcp.sys [10880 2008-07-30] (iAnywhere Solutions) [File not signed]
S3 btiaspp; C:\Windows\System32\DRIVERS\btiaspp.sys [92160 2008-09-16] (iAnywhere Solutions) [File not signed]
S3 BTIAUSB; C:\Windows\System32\DRIVERS\btiausb.sys [31744 2008-11-14] (iAnywhere Solutions) [File not signed]
S3 BTPROT; C:\Windows\System32\DRIVERS\btprot.sys [517632 2008-11-14] (iAnywhere Solutions) [File not signed]
S3 CORSGMS; C:\Windows\System32\drivers\CORSGMS.sys [25600 2012-03-27] ( ) [File not signed]
S3 DM9USB; C:\Windows\System32\DRIVERS\dm9usb.sys [64512 2012-07-05] (DAVICOM Semiconductor, Inc. )
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-24] (DT Soft Ltd)
R3 DUKEMS; C:\Windows\System32\drivers\DUKEMS.sys [25600 2012-08-16] ( )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
S3 iAnywhere_btAudio; C:\Windows\System32\drivers\btiasco.sys [25088 2008-07-30] (iAnywhere Solutions) [File not signed]
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2015-08-30] (hxxp://libusb-win32.sourceforge.net)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-08 22:10 - 2016-02-08 22:10 - 00028906 _____ C:\Users\Desktop\Desktop\FRST.txt
2016-02-08 22:10 - 2016-02-08 22:10 - 00000000 ____D C:\FRST
2016-02-08 22:09 - 2016-02-08 22:09 - 02370560 _____ (Farbar) C:\Users\Desktop\Desktop\FRST64.exe
2016-02-08 21:43 - 2016-02-08 21:43 - 00035005 _____ C:\ComboFix.txt
2016-02-06 13:09 - 2016-02-06 13:39 - 00000000 ____D C:\Users\Desktop\Desktop\2015-12-31 群星 - 2015年Hit Fm 年度百首單曲
2016-02-04 21:35 - 2015-05-16 13:48 - 00000000 ____D C:\Users\Desktop\Desktop\許志安 - Come On, Enjoy the Best DISC 1
2016-02-04 21:30 - 2015-06-16 18:09 - 00000000 ____D C:\Users\Desktop\Desktop\五月天 - Your Legend ~燃ゆる命~
2016-02-03 23:33 - 2016-02-03 23:33 - 00000000 ____D C:\Users\Desktop\AppData\Local\Razer_Inc
2016-02-02 20:19 - 2016-02-02 21:08 - 566518483 _____ C:\Users\Desktop\Desktop\5156share.com.XianGeiAEJN.EP10end.mp4
2016-02-02 19:59 - 2016-02-02 21:29 - 751566907 _____ C:\Users\Desktop\Desktop\filedm.myvnc.com.MDRT-Ch01.mkv
2016-02-01 19:58 - 2016-02-01 23:08 - 563541190 _____ C:\Users\Desktop\Desktop\5156share.com.XianGeiAEJN.EP09.mp4
2016-01-31 21:02 - 2016-01-31 21:02 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-31 21:02 - 2016-01-31 21:02 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-31 21:02 - 2016-01-31 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-31 17:33 - 2016-01-31 17:33 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-31 17:32 - 2016-01-31 17:32 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-01-31 17:31 - 2016-01-31 18:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-31 17:31 - 2016-01-31 18:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-31 16:01 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-31 16:01 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-31 16:01 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-31 16:01 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-31 16:01 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-31 16:01 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-31 16:01 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-31 16:01 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-31 16:00 - 2016-02-08 21:44 - 00000000 ____D C:\Qoobox
2016-01-31 16:00 - 2016-02-08 21:15 - 05657667 ____R (Swearware) C:\Users\Desktop\Desktop\ComboFix.exe
2016-01-31 16:00 - 2016-01-31 16:26 - 00000000 ____D C:\Windows\erdnt
2016-01-31 15:54 - 2016-01-31 15:55 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\QuickScan
2016-01-31 14:44 - 2016-01-31 14:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-31 00:18 - 2016-01-31 00:18 - 00036860 _____ C:\Users\Desktop\bookmarks-2016-01-31.json
2016-01-28 22:50 - 2016-02-04 21:28 - 00000000 ____D C:\Users\Desktop\Desktop\謝霆鋒 - 鋒味
2016-01-28 22:50 - 2015-11-22 07:37 - 00000000 ____D C:\Users\Desktop\Desktop\Club 8 - Pleasure
2016-01-28 22:46 - 2016-01-28 22:46 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2016-01-28 22:46 - 2016-01-28 22:46 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2016-01-28 22:45 - 2015-10-02 09:54 - 00688408 _____ (Samsung Electronics) C:\Windows\system32\eed_sl.exe
2016-01-28 22:45 - 2015-10-02 09:53 - 01848320 _____ C:\Windows\system32\eed_ec.dll
2016-01-28 22:45 - 2015-04-18 15:13 - 00226424 _____ C:\Windows\system32\SBuySupplies.exe
2016-01-28 22:45 - 2015-04-18 15:13 - 00158040 _____ (SS) C:\Windows\system32\ssj1mci.exe
2016-01-28 22:45 - 2015-04-18 15:13 - 00000273 _____ C:\Windows\system32\eed_sl.exe.config
2016-01-28 22:45 - 2015-04-18 15:12 - 00089600 _____ (SS) C:\Windows\system32\ssj1mci.dll
2016-01-28 22:45 - 2015-04-18 15:12 - 00022528 _____ () C:\Windows\system32\ssj1mlm.dll
2016-01-28 22:20 - 2016-01-28 22:24 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-01-28 22:20 - 2016-01-28 22:20 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2016-01-28 22:12 - 2016-01-28 22:30 - 00000000 ____D C:\Users\UpdatusUser
2016-01-28 22:12 - 2016-01-28 22:12 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Samsung
2016-01-28 22:05 - 2016-01-28 22:05 - 00000000 ____D C:\Windows\pss
2016-01-27 20:14 - 2016-01-27 20:14 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010
2016-01-27 20:14 - 2016-01-27 20:14 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\Citrix
2016-01-27 18:27 - 2016-02-08 17:02 - 00000000 ____D C:\Users\Desktop\AppData\Local\Citrix
2016-01-27 18:27 - 2016-01-27 18:54 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\ICAClient
2016-01-27 18:27 - 2016-01-27 18:27 - 00001661 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2016-01-27 18:27 - 2016-01-27 18:27 - 00000000 ____D C:\ProgramData\Citrix
2016-01-27 18:27 - 2016-01-27 18:27 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-01-27 12:25 - 2016-01-31 15:53 - 00000000 ____D C:\Users\Desktop\AppData\Local\CrashDumps
2016-01-26 19:41 - 2016-01-31 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-24 19:39 - 2015-12-16 09:53 - 00523384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-01-24 19:39 - 2015-12-16 09:53 - 00075056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-01-24 19:39 - 2015-12-16 09:39 - 00103032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-01-24 19:38 - 2015-12-16 12:34 - 42977072 _____ C:\Windows\system32\nvcompiler.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 37609080 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 31061624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 24895792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 21122456 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 20663816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 17561432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 17156968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 16286888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 12334200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-01-24 19:38 - 2015-12-16 12:34 - 03168376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 02755704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 01915696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436143.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436143.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00938104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00872056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00734512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00681592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00469144 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00423264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00416376 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00370808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-01-24 19:38 - 2015-12-16 12:34 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-01-24 17:38 - 2016-01-24 17:38 - 00194885 _____ C:\Users\Desktop\Desktop\hjsplit.zip
2016-01-24 17:35 - 2016-01-11 23:40 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-01-24 17:34 - 2015-12-18 01:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-01-24 17:34 - 2015-12-18 01:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-01-24 17:21 - 2016-02-04 22:55 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\uTorrent
2016-01-24 17:21 - 2016-01-24 17:21 - 00000983 _____ C:\Users\Desktop\Desktop\µTorrent.lnk
2016-01-24 13:29 - 2016-01-24 17:32 - 734003200 _____ C:\Users\Desktop\Desktop\Office.mkv.003
2016-01-24 13:15 - 2016-01-24 13:38 - 430689061 _____ C:\Users\Desktop\Desktop\Office.mkv.004
2016-01-24 12:03 - 2016-01-24 13:13 - 665974666 _____ C:\Users\Desktop\Desktop\Office.mkv.001
2016-01-24 11:52 - 2016-01-24 12:42 - 734003200 _____ C:\Users\Desktop\Desktop\Office.mkv.002
2016-01-21 21:51 - 2016-01-21 22:15 - 66957706 _____ C:\Users\Desktop\Desktop\2015-06-17 五月天 - Your Legend ~燃ゆる命~.rar
2016-01-21 21:22 - 2016-01-21 21:22 - 00135617 _____ C:\Users\Desktop\Desktop\Our_Times_(2015)_720p_BluRay_x264-ROVERS[rarbg].torrent
2016-01-21 21:17 - 2016-02-02 20:00 - 00001623 _____ C:\Users\Desktop\Desktop\New Text Document.txt
2016-01-19 19:21 - 2016-01-19 19:21 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\MPC-HC
2016-01-19 19:20 - 2016-01-19 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-01-19 19:20 - 2016-01-19 19:20 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-01-19 19:20 - 2015-12-18 05:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll
2016-01-19 19:20 - 2015-12-18 05:00 - 00674816 _____ C:\Windows\SysWOW64\xvidcore.dll
2016-01-19 19:20 - 2015-12-18 05:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll
2016-01-19 19:20 - 2015-12-18 05:00 - 00282112 _____ C:\Windows\SysWOW64\xvidvfw.dll
2016-01-19 19:20 - 2015-10-24 12:00 - 00126976 _____ C:\Windows\system32\ff_vfw.dll
2016-01-19 19:20 - 2015-10-24 12:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2016-01-19 19:20 - 2015-02-28 11:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2016-01-19 19:20 - 2015-02-28 11:21 - 03591680 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2016-01-19 19:20 - 2012-07-21 06:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2016-01-19 19:20 - 2012-07-21 06:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2016-01-19 19:20 - 2011-12-07 13:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2016-01-19 19:20 - 2011-12-07 13:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2016-01-17 16:57 - 2016-01-17 16:58 - 21816302 _____ C:\Users\Desktop\Desktop\tomato-RT-N66U_RT-AC6x--132-AIO-64K.zip
2016-01-16 23:20 - 2016-01-16 23:20 - 00639498 _____ C:\Users\Desktop\Desktop\Saving.Mr.Wu.2015.1080p.BluRay.x264-ROVERS.torrent
2016-01-16 17:39 - 2016-01-16 17:39 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\Inventec
2016-01-16 17:39 - 2016-01-16 17:39 - 00000000 ____D C:\ProgramData\Inventec
2016-01-16 17:37 - 2016-01-16 17:37 - 00001992 _____ C:\Users\Public\Desktop\Dr.eye.lnk
2016-01-16 17:37 - 2016-01-16 17:37 - 00000016 _____ C:\Windows\SysWOW64\rdInfo9
2016-01-16 17:37 - 2016-01-16 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.eye
2016-01-16 17:37 - 2016-01-16 17:37 - 00000000 ____D C:\Program Files (x86)\Inventec
2016-01-16 17:37 - 2009-05-15 15:53 - 03932214 _____ C:\Windows\1280Dtop.bmp
2016-01-16 17:37 - 2009-05-15 15:53 - 02359350 _____ C:\Windows\1024Dtop.bmp
2016-01-16 17:37 - 2009-05-08 13:36 - 01584640 _____ (IES) C:\Windows\system32\DreyeJP.ime
2016-01-16 17:37 - 2009-05-08 13:30 - 01589248 _____ (IES) C:\Windows\SysWOW64\DreyeJP.ime
2016-01-16 17:37 - 2009-04-20 15:35 - 01567744 _____ (IES) C:\Windows\system32\DreyeTC.ime
2016-01-16 17:37 - 2009-04-20 15:34 - 01574912 _____ (IES) C:\Windows\system32\DreyeSC.ime
2016-01-16 17:37 - 2009-04-20 15:21 - 01572864 _____ (IES) C:\Windows\SysWOW64\DreyeSC.ime
2016-01-16 17:37 - 2009-04-20 15:21 - 01564672 _____ (IES) C:\Windows\SysWOW64\DreyeTC.ime
2016-01-16 17:36 - 2016-01-16 17:36 - 00003224 _____ C:\Windows\System32\Tasks\{0F982F7D-C761-4D5B-9601-4B3867336FBA}
2016-01-14 20:30 - 2016-01-14 22:05 - 140338155 _____ C:\Users\Desktop\Desktop\Come_On_Best_DISC_1.rar
2016-01-11 23:51 - 2016-01-11 23:51 - 00193440 ____H C:\Windows\system32\mlfcache.dat
2016-01-10 19:33 - 2016-01-14 21:28 - 529530880 _____ C:\Users\Desktop\Desktop\JCKC TVB J2 亂馬 1 2.part1.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-08 22:00 - 2009-07-13 23:45 - 00020416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-08 22:00 - 2009-07-13 23:45 - 00020416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-08 21:58 - 2009-07-14 00:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-08 21:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-08 21:53 - 2014-12-17 15:55 - 00004974 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Desktop-PC-Desktop Desktop-PC
2016-02-08 21:52 - 2015-05-15 11:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f2b798e34a2.job
2016-02-08 21:52 - 2015-02-07 01:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0429e87c5f23d.job
2016-02-08 21:52 - 2014-03-10 19:22 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-08 21:52 - 2014-02-17 01:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2bac484cb107.job
2016-02-08 21:52 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-08 21:28 - 2015-05-15 11:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f2b79b6ac07.job
2016-02-08 21:28 - 2015-02-07 01:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0429e880174a3.job
2016-02-08 21:28 - 2014-10-18 18:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeb29acb7d1a7.job
2016-02-08 21:28 - 2013-10-23 18:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-08 21:26 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-02-08 21:22 - 2014-05-08 20:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b22bc67e41b.job
2016-02-08 21:15 - 2014-02-22 01:30 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\AIMP3
2016-02-08 10:42 - 2015-01-01 12:55 - 00001366 _____ C:\Users\Desktop\Desktop\AIMP3.lnk
2016-02-08 09:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-04 21:33 - 2015-03-09 22:38 - 00000000 ____D C:\Users\Desktop\Desktop\井筒昭雄 - フジテレビ系ドラマ「ファーストクラス」オリジナルサウンドトラック
2016-02-04 19:23 - 2012-12-26 21:11 - 00002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-04 18:56 - 2014-06-26 19:53 - 00000000 ____D C:\Program Files (x86)\Razer
2016-02-03 22:58 - 2014-06-26 21:01 - 00000000 ____D C:\ProgramData\Razer
2016-02-02 22:02 - 2015-02-22 14:50 - 00000000 ____D C:\Users\Desktop\AppData\Local\Battle.net
2016-02-02 20:47 - 2012-12-26 21:34 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-02-02 20:41 - 2015-02-22 14:50 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-02-02 13:23 - 2015-05-15 11:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d08f2b79b6ac07
2016-02-02 13:23 - 2015-05-15 11:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d08f2b798e34a2
2016-01-31 22:25 - 2013-06-02 21:49 - 00091136 ___SH C:\Users\Desktop\Thumbs.db
2016-01-31 20:52 - 2009-07-14 00:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-31 16:31 - 2010-11-15 03:17 - 00000000 ___RD C:\Users\MSOCache
2016-01-31 16:00 - 2013-04-01 20:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-31 15:40 - 2015-06-10 21:07 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\MediaMonkey
2016-01-31 14:56 - 2013-02-13 15:24 - 00000000 ____D C:\Windows\Sun
2016-01-31 14:55 - 2015-07-16 20:10 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2016-01-31 11:09 - 2012-12-26 08:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-31 00:02 - 2014-03-17 19:53 - 00000000 ____D C:\Users\Desktop\Desktop\Setup
2016-01-28 22:46 - 2014-09-10 22:15 - 00000000 ____D C:\ProgramData\Samsung
2016-01-28 22:29 - 2014-10-05 21:20 - 00000040 _____ C:\Autoconfig.ini
2016-01-28 22:24 - 2014-10-05 21:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2016-01-28 22:20 - 2014-09-10 22:27 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\Samsung
2016-01-28 21:34 - 2013-01-12 19:35 - 00000000 ____D C:\Users\Desktop\AppData\Local\ElevatedDiagnostics
2016-01-27 20:31 - 2013-10-23 18:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-27 20:31 - 2012-12-26 21:53 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-27 20:31 - 2012-12-26 21:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-27 20:30 - 2014-08-26 01:15 - 00000000 ____D C:\Users\Desktop\AppData\Local\Adobe
2016-01-27 18:27 - 2013-04-01 20:40 - 00000000 ____D C:\temp
2016-01-24 19:40 - 2012-12-26 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-24 19:39 - 2012-12-26 21:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-24 18:52 - 2014-07-17 09:30 - 00000000 ____D C:\ProgramData\Oracle
2016-01-24 18:51 - 2015-11-08 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-01-24 18:51 - 2015-10-25 19:55 - 00000000 ____D C:\Users\Desktop\.oracle_jre_usage
2016-01-24 18:51 - 2015-03-18 19:36 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-01-24 18:51 - 2015-03-18 19:35 - 00000000 ____D C:\Program Files\Java
2016-01-24 18:51 - 2014-07-17 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-24 18:45 - 2015-06-09 19:18 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-24 18:06 - 2013-01-30 02:46 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\vlc
2016-01-24 17:35 - 2013-08-01 18:59 - 00000000 ____D C:\Users\Desktop\AppData\Local\NVIDIA
2016-01-24 17:34 - 2014-10-30 21:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-17 11:34 - 2009-07-13 23:45 - 00434480 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-16 18:00 - 2012-12-26 07:19 - 00112320 _____ C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-16 12:45 - 2013-01-22 23:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-13 20:04 - 2014-12-24 13:17 - 00000000 ____D C:\Users\Desktop\Desktop\amy's folder
2016-01-13 19:02 - 2015-12-06 11:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 19:02 - 2015-07-02 20:10 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-11 23:41 - 2014-07-29 20:39 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-01-11 23:41 - 2013-11-05 18:59 - 01542600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-01-11 23:40 - 2014-07-29 20:39 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-01-11 23:40 - 2013-11-05 18:59 - 01860120 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-01-10 22:53 - 2014-11-09 19:49 - 00003424 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2016-01-09 14:40 - 2015-11-08 14:05 - 00326752 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

==================== Files in the root of some directories =======

2015-05-02 20:53 - 2015-05-02 20:53 - 0000168 _____ () C:\Users\Desktop\AppData\Local\temp.tmp
2009-02-24 12:40 - 2009-02-24 12:40 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001346 _____ () C:\ProgramData\cfSB1100.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-08 15:44

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Desktop (2016-02-08 22:10:58)
Running from C:\Users\Desktop\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-12-26 12:15:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-102027666-3716477199-3525533037-500 - Administrator - Disabled)
Desktop (S-1-5-21-102027666-3716477199-3525533037-1000 - Administrator - Enabled) => C:\Users\Desktop
Guest (S-1-5-21-102027666-3716477199-3525533037-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-102027666-3716477199-3525533037-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1492, 24.04.2015 - AIMP DevTeam)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Android USB Drivers (HKLM\...\{F6AEADC0-6B97-430E-B78A-C1D633A6528D}) (Version: 4.0.6753 - ASUSTeK Computer Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
ASUS RT-N66U Wireless Router Utilities (HKLM-x32\...\{88CA8932-7987-4D7A-BEE3-227BDB3CA888}) (Version: 4.2.3.9 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.78 - Buffalo Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.0.8014 - Citrix Systems, Inc.)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Corsair M95 Firmware Update Application (HKLM-x32\...\{4E44154D-0699-4D6C-996F-66D47B9A40D2}_is1) (Version: - )
Corsair M95 Gaming Mouse Driver V1.0 (HKLM-x32\...\{9C9EA6B0-2138-4111-BF26-9D0D40D12C0F}_is1) (Version: 1.00.00.14 - )
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Dr.eye 9.0 Flagship Edition (HKLM-x32\...\{ADB8679A-DCE9-4EA9-B23C-4A426478F86B}) (Version: 9.0.2009.0 - Inventec)
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.0.9 - MSI)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.18.6 - Androxyde)
Flirc (HKLM-x32\...\Flirc) (Version: - )
Geeks3D.com FurMark 1.10.3 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
ICCup Launcher (HKLM-x32\...\ICCup Launcher_is1) (Version: 1.6 - ICCup)
Ikaruga version Gouki (HKLM-x32\...\{A5E92823-5726-4733-AF09-EF64CC8C3B42}_is1) (Version: Gouki - Gouki)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
K-Lite Mega Codec Pack 11.8.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.5 - KLCP)
mca64Launcher 2.0.0.113 (HKLM-x32\...\mca64Launcher 2.0.0.113) (Version: 2.0.0.113 - mca64)
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.107.06300 (HKLM-x32\...\{12CEF785-A93B-15F6-1604-79E51E920A06}) (Version: 2.12.107.06300 - Sony)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Excel 2010 (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\store-5c0ec3f7@@XA76.Microsoft Excel 201) (Version: 1.0 - Delivered by Citrix)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Outlook 2010 (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\store-5c0ec3f7@@XA76.Microsoft Outlook 2) (Version: 1.0 - Delivered by Citrix)
Microsoft SkyDrive (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\store-5c0ec3f7@@XA76.Microsoft Word 2010) (Version: 1.0 - Delivered by Citrix)
MKVToolNix 6.7.0 [20140102-565] (HKLM-x32\...\MKVToolNix) (Version: 6.7.0 - Moritz Bunkus)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0 - Mozilla)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.009 - MSI)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.4.0.8014 - Citrix Systems, Inc.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.58.01(10/20/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SanDisk SSD Toolkit 1.0.0.1 (HKLM-x32\...\{26326B5B-3D62-4C12-8841-6B55A19B552D}_is1) (Version: 1.0.0.1 - SanDisk Corporation)
Self-service Plug-in (x32 Version: 4.4.0.11833 - Citrix Systems, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.0.2.1 - Splashtop Inc.)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TRENDnet Powerline Utility (HKLM-x32\...\{B596801C-EA86-4920-8432-1B1B8AE148F0}) (Version: 7.1.0101 - TRENDnet)
TRENDnet Powerline Utility (HKLM-x32\...\TRENDnet Powerline Utility) (Version: 6.0.0.0 - TRENDnet Corporation.)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Explorer (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\store-5c0ec3f7@@XA76.Windows Explorer) (Version: 1.0 - Delivered by Citrix)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.126 - MSI)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26D16CDF-467D-45E3-852A-D0AFD34B6C1C} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6b22bc67e41b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2CCC190C-E6E2-4A41-8DCA-43A1569B413E} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f2b798e34a2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {370CA13F-AE12-447C-B736-8EBD7A3365DD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {42DE9432-5B0D-45C5-A2F9-536AAD076058} - System32\Tasks\GoogleUpdateTaskMachineCore1cf2bac484cb107 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6495CACA-8377-445E-99CB-A05B0AFD4CC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-27] (Adobe Systems Incorporated)
Task: {659EA9AE-6F55-465E-A49C-88EB2B6EA658} - System32\Tasks\{40E51788-AC50-4802-ACE4-F56005FB7BB7} => pcalua.exe -a C:\Users\Desktop\Desktop\CMS_RMT_PCAPP_LB_2_30_02.exe -d C:\Users\Desktop\Desktop
Task: {6EA544E9-F23D-43D6-844A-483267F446C8} - System32\Tasks\GoogleUpdateTaskMachineUA1cfeb29acb7d1a7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8C8E4F6D-10AA-43F9-91DC-528D23319FB9} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
Task: {946BA927-BAB9-43F8-9094-E63149B3E11E} - System32\Tasks\AutoPico Daily Restart => E:\App\Microsoft
Task: {9F82D0BF-15BB-4F8C-AA60-4F2AE6F357EE} - System32\Tasks\GoogleUpdateTaskMachineUA1d0429e880174a3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A68A5280-3272-4C1B-85EE-D7BE0664D6C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AFD026E0-D045-43A4-8DCE-573D4A1E753B} - System32\Tasks\GoogleUpdateTaskMachineUA1d08f2b79b6ac07 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B691D2D0-2E2F-40B8-9A74-1EDCCC97E31F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {BBBAEE1A-4A26-42B5-AB39-9C92DCEC6DBF} - System32\Tasks\{0F982F7D-C761-4D5B-9601-4B3867336FBA} => pcalua.exe -a "E:\Download\Dr.eye 9.0\Dr.eye 9.0\Dr.eye 9.0\Dreye9Flag.exe" -d "E:\Download\Dr.eye 9.0\Dr.eye 9.0\Dr.eye 9.0"
Task: {CAEFCBA7-5D1E-48C7-B216-F6E78F65B691} - System32\Tasks\GoogleUpdateTaskMachineCore1d0429e87c5f23d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D094C7C0-6F98-4EC1-854B-EB6457CFAA31} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DE1B5734-F4D4-4D5E-B86C-EBF9CC6BB680} - System32\Tasks\{CE23E0DC-B28A-498B-8F4F-F4087399E682} => pcalua.exe -a "C:\Users\Desktop\Desktop\SB Audigy Series recompiled Install\CMS3_INSTALL\CMS3\Remote\setup.exe" -d "C:\Users\Desktop\Desktop\SB Audigy Series recompiled Install\CMS3_INSTALL\CMS3\Remote"
Task: {E4A3D149-A4A6-466E-B16B-0C2779A51492} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Desktop-PC-Desktop Desktop-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2bac484cb107.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0429e87c5f23d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f2b798e34a2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b22bc67e41b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeb29acb7d1a7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0429e880174a3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f2b79b6ac07.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-10-05 21:19 - 2011-04-11 00:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2016-01-28 22:45 - 2015-04-18 15:12 - 00022528 _____ () C:\Windows\System32\ssj1mlm.dll
2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-03-10 19:22 - 2015-12-16 09:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-01-24 17:34 - 2016-01-11 23:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-03-18 13:08 - 2015-03-18 13:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-30 18:25 - 2009-11-30 18:54 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2012-12-30 18:25 - 2009-12-08 15:52 - 00230912 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-01-16 17:37 - 2009-05-11 19:18 - 00036864 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIMplugin.exe
2014-05-31 14:35 - 2005-07-18 12:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2012-09-10 11:37 - 2012-09-10 11:37 - 00192512 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2012-09-27 11:08 - 2012-09-27 11:08 - 00049152 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2016-01-24 17:34 - 2016-01-11 23:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-01-16 17:37 - 2009-06-13 17:04 - 00081920 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIMhook.dll
2016-01-16 17:37 - 2008-12-23 10:34 - 00102400 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\peadict\api\DrRegPath.dll
2016-01-16 17:37 - 2009-03-20 12:42 - 00053248 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\Peadict\Api\DreyeMT.dll
2013-12-01 01:05 - 2013-05-26 14:40 - 00054272 _____ () C:\Program Files (x86)\Corsair\M95 Mouse\hidGetKey.dll
2016-01-16 17:37 - 2009-04-21 19:53 - 00077824 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DrHJMT.dll
2016-01-16 17:37 - 2009-03-06 13:00 - 00065536 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeTM.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2015-03-18 13:08 - 2015-03-18 13:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-26 21:02 - 2012-12-26 21:02 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1677AB3F
AlternateDataStreams: C:\ProgramData\Temp:93C2F41D

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-02-08 21:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-102027666-3716477199-3525533037-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Desktop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\Windows\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HKToolbarManager => C:\Program Files (x86)\881903\IETOOLBAR\hkmgr.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2AE5BCDA-EE0A-44DD-8029-130FA1DBD820}] => (Allow) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{CE3DB238-1D12-4ABF-BA0D-00E556CACA97}] => (Allow) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{AA0B5271-77EE-44E9-87E3-A09580C841CA}] => (Allow) LPort=1542
FirewallRules: [{200585E4-8197-413C-863E-9CA31B1DC04D}] => (Allow) LPort=1542
FirewallRules: [{CF756D3E-A569-421E-90B2-7E465B61EB8E}] => (Allow) LPort=53
FirewallRules: [TCP Query User{77FF68D1-656A-428C-B7EA-99D8F656CFB0}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [UDP Query User{AA8A9E63-8B6B-40C4-B148-18B321E2E352}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [{399FE0DC-8090-45D3-AEF8-E1AC5B7D6E28}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{6ACE7E5B-6B0D-42E2-952C-DD2F30233C8F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{766E5AF1-1CB2-428D-AB8E-C703E9BD0D3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{3C05935B-7C10-40AC-BAF8-D16F4FDF7D6A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{A0F17728-9370-4B34-99AB-113BF196FC6B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{02A549CC-7E31-457F-ABB8-99C069EE0EE5}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{9127D8DB-76F7-406C-AA60-A57FA0CF01C7}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{277A1B26-0A6D-4306-9B4A-C157889FFC76}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{3FDFC324-2DA7-44B6-90AD-50951DE74588}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FE0B6B7C-E901-4B6D-AB11-4CDF3D2ABFA3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{69A8A83B-6D09-4C72-B9D8-0005930641D3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DB951DAF-2FE1-453D-9A0C-C14465AC16D3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AF32C630-D3BD-4428-BB07-02F469530161}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base23260\SC2.exe
FirewallRules: [{6CB1AA52-E7F9-4FDD-B90A-04AEDDF7712C}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base23260\SC2.exe
FirewallRules: [{3C06C80C-F52C-44AB-93CA-34BC07F56368}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D3F82343-947F-41C0-85F6-0A9752BF73CD}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe
FirewallRules: [{61B72259-8FD4-4A21-B1FC-331310757A5D}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe
FirewallRules: [{4C15DF63-7F34-4C18-A496-ECF7DBCD97E7}] => (Allow) C:\Users\Desktop\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [{421125B4-52D4-4EEE-A5D7-73D5D44EBC23}] => (Allow) C:\Users\Desktop\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [{38BE5DCE-944E-4278-9CF8-61015E2F81F7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{11462B51-55DD-4095-890C-A8EA30BF5618}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{6DD9D48D-FF1E-442E-A078-9422EC15E2E5}] => (Allow) C:\Users\Desktop\Desktop\uTorrent.exe
FirewallRules: [{DCB2951F-34FE-47E8-8D7E-BBE40E583C44}] => (Allow) C:\Users\Desktop\Desktop\uTorrent.exe
FirewallRules: [TCP Query User{65E0829C-E005-4670-8681-1B66C48362D9}C:\program files (x86)\881903\ietoolbar\hkmgr.exe] => (Allow) C:\program files (x86)\881903\ietoolbar\hkmgr.exe
FirewallRules: [UDP Query User{0D3A6DA6-CC08-4B02-BB42-C9373D97489F}C:\program files (x86)\881903\ietoolbar\hkmgr.exe] => (Allow) C:\program files (x86)\881903\ietoolbar\hkmgr.exe
FirewallRules: [{5D4796C0-749F-4513-B859-EE8AAA60FAD7}] => (Allow) C:\Users\Desktop\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{1A282EC8-4DAA-498F-8D5B-177AAF9A8FD7}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Block) C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
FirewallRules: [UDP Query User{350A2549-62C9-4938-B064-D50FC38E62F3}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Block) C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
FirewallRules: [{1E8C9E0B-1206-4272-B868-E9FA9653AE03}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{FC5FAAB4-3157-4F92-B12A-A992D72EBC98}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{9481ABF8-B316-46B1-BB5A-FB1263DCDB85}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1EFE4363-C64A-41A1-8A72-1C201E5157D8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AC91C625-E7AE-42F8-90C2-47D9659C2EA7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6DC1396B-1374-43E2-84E2-112F59AD2147}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{092E5FF2-53F9-4E36-BD9F-9B5F5185C811}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A99DA17D-8E3A-4481-AEBF-9BC2E6C90E32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D1016553-B466-4930-9E63-3987006C03F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7644D3A1-D55D-4D46-9E44-D72BD74D68B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D5B5F57-6DDD-435F-87B6-00366EA2C9EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{73D95D64-E7DD-47F8-9ABD-FA39477AEA69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{0A33E945-E5E0-4145-A20F-CDB2045FC473}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [{31A8BFF5-C1FE-4DD9-8A41-893DB8268EE5}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [{F5E70B9A-952F-47B6-84BB-99946EA1564F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{899C0F6A-35B5-4FD3-AA0D-4F8D653E695E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{7E854E81-E016-4862-A634-0F34643B3F2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{FF2F91D3-06D5-46A4-A6EB-E6A6D228874D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{24266B6D-CA7D-4C9F-92DB-59336F09C97C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{CB72E054-C0A1-441A-8E91-8644050ED9A9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{BD293F9D-7D55-41D7-939E-FF11DED4A5B4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5441E2D3-EC17-4A92-8209-56247140ED73}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FBBB7654-208D-48FA-955E-958D8F65096F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0B2A838C-1922-473A-B3E0-3CBBC50C2383}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FAF0D893-DDC3-4AFB-8097-52DB0FD3FE66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4EAABD90-35D8-41E6-AF0B-2B082B17D23F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{9029E7D3-D0D9-48C9-840B-EA614CBFF282}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [UDP Query User{0B904025-4708-4D81-B331-BCA39F658D04}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [TCP Query User{EF46352B-95F9-4E54-8C3F-0C388B81D792}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [UDP Query User{CA5E1B1D-62E9-421D-A18E-DEA325A35AF4}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [{C29DDCF6-1CBC-45CA-901C-1D6D0962FD25}] => (Allow) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{1B1D7B54-0686-4B05-ABD0-0F438ABB4EED}] => (Allow) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{7FA40119-F644-4CF0-849D-67ABBB3B1B2A}] => (Allow) LPort=67
FirewallRules: [{0DB200F5-70D3-4333-8494-838114771A13}] => (Allow) LPort=68
FirewallRules: [{7248729A-C7F8-4767-8378-2A663343FC89}] => (Allow) LPort=67
FirewallRules: [{2D7F8FCE-C310-4C7F-BB0C-C52259843A6E}] => (Allow) LPort=68
FirewallRules: [{BB7535AB-1FD8-4A9C-A537-6CEFC9551E07}] => (Allow) LPort=67
FirewallRules: [{986A4E89-2704-4179-A509-4557D982FB3D}] => (Allow) LPort=68
FirewallRules: [{18010E09-DDF6-4B78-8B35-A6FEFF72A7B9}] => (Allow) LPort=67
FirewallRules: [{2901587E-9B49-405F-A732-97296C5D3F37}] => (Allow) LPort=68
FirewallRules: [{63A3FADC-92FF-46FC-B1F0-67DC88CD2459}] => (Allow) LPort=67
FirewallRules: [{1B5A5BB6-9F9F-4175-B7F1-2C0693191FE5}] => (Allow) LPort=68
FirewallRules: [{01FB16FC-5B93-4945-B898-6F7B1B5F2120}] => (Allow) LPort=67
FirewallRules: [{8D5B5A15-90A4-4603-B6D2-1E93694570F5}] => (Allow) LPort=68
FirewallRules: [{F1F2844C-3AB2-4DBA-AC44-CC1346329B1C}] => (Allow) LPort=67
FirewallRules: [{EE6A734F-13D5-41AF-AB28-555CD06F339C}] => (Allow) LPort=68
FirewallRules: [{41720359-9141-4709-8C01-9F91496F8CC3}] => (Allow) LPort=67
FirewallRules: [{B8BA749F-2467-4546-B130-BAFE426497CB}] => (Allow) LPort=68
FirewallRules: [{3EE4C6AA-A42C-4BBF-8ED3-A7FB9C906495}] => (Allow) LPort=67
FirewallRules: [{E70D597A-2D6F-4221-84B9-5289EDCD8440}] => (Allow) LPort=68
FirewallRules: [{2F97167C-60BF-419B-8047-AA69898D96FD}] => (Allow) LPort=67
FirewallRules: [{D1649693-0D73-42DD-92EA-D04DA44AB59B}] => (Allow) LPort=68
FirewallRules: [{849F5C9A-7D39-4CC6-9616-1D53C7E20C14}] => (Allow) LPort=67
FirewallRules: [{9825E33C-21B1-46A7-81C9-DA7DD35B896F}] => (Allow) LPort=68
FirewallRules: [{D497E581-F6E0-4879-AE71-11E453AC7836}] => (Allow) LPort=67
FirewallRules: [{E0CD4632-956D-45C4-B8AB-28AA650AE663}] => (Allow) LPort=68
FirewallRules: [{ACC29101-8CBE-4972-B216-BCF7DAF17CA3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{F1ECF231-BA95-4C07-90EE-78FD81671A2C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{2AD05183-D026-4C15-A3C2-E263EDCB4838}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{54CD1F4B-866C-488E-9503-BC7FE2258C68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CC5300B2-2E14-4B46-BA17-0C79941C5F50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1FE3F000-D50A-427D-B117-D14370136236}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD9C118F-66F6-48AB-AB88-2D70978E9FF4}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Discovery.exe
FirewallRules: [{33E72CF1-88AE-4E94-8DDF-1FBAB02DAEBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Discovery.exe
FirewallRules: [{C05CAACF-CD9F-44CB-9559-8D85655201D2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Rescue.exe
FirewallRules: [{049FD006-C2C3-4F63-B035-E64B5D417BFB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Rescue.exe
FirewallRules: [{2BC23BD2-DC18-414A-B8F6-2CD1BF0E1731}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\QISWizard.exe
FirewallRules: [{9F97FE59-CF14-4DF8-9DB7-ED048264F830}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\QISWizard.exe
FirewallRules: [{89CBFBD2-0570-4367-8E24-4392D5712F31}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base26490\SC2.exe
FirewallRules: [{32C587AD-703D-4395-8EAB-F8FE9461D781}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base26490\SC2.exe
FirewallRules: [TCP Query User{F4A90F93-A130-4A14-81D1-E032F432B80C}C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Block) C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [UDP Query User{CD201773-CBDF-43F6-8C36-E5B4A53A7C3B}C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Block) C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [TCP Query User{93B3F4CA-C3F9-489E-97E9-85D9D24AEF28}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [UDP Query User{CA05BCA3-FBDB-4BE0-B512-E87FBB5D6E8E}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [{B3DB36F1-9D61-43F3-A795-16DE2D68ECE8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{B0213AE1-49A3-4BBB-8D36-B61C2AF1850D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{E6932586-40C7-46F4-8825-D986DB6A96AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7177E795-10DE-4161-8FC4-621449098041}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{389FE63B-BFD0-4505-BD0D-6B491CF8CF4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{53D74708-A2AF-49B0-B151-2E0C359CA595}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{86B455F2-4846-4D02-8EA4-54688DAE8E03}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{5CC52864-72D9-48A5-93A9-3C87BAD18669}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{FA16B922-437C-4959-954A-90D2D84B47B0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3DC8AF7A-08D3-4910-8CC9-2480D9C5DE1C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3C84D6D8-9170-4B1A-A119-AEEE7C3A7082}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A353C9D0-A75A-4F74-BE4C-24793645701A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BC9B24DA-CD66-4D02-98DF-E7C5E29FD82F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E09F672B-9BF3-4713-A180-AA9D1BE64EEF}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [UDP Query User{6F510B06-37DB-49B7-B455-F2C9E3B9AF7C}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [{9FBBB211-ED57-474D-B126-B9BAA180B3DF}] => (Allow) LPort=67
FirewallRules: [{36DE24C7-E5FE-4D64-83F4-B029E6D32CDD}] => (Allow) LPort=68
FirewallRules: [{DC1BAD83-0170-4682-8369-F34731A71954}] => (Allow) LPort=67
FirewallRules: [{57C054B0-94C4-48F0-B7C5-2F5A25707A61}] => (Allow) LPort=68
FirewallRules: [{7755845C-A135-45C4-B4D0-D2CD35AD24FD}] => (Allow) LPort=67
FirewallRules: [{55DCE4E4-8654-497D-B2F3-1EED26169704}] => (Allow) LPort=68
FirewallRules: [{1589DF63-D48D-4FE8-9CFF-D3886A9BA346}] => (Allow) LPort=67
FirewallRules: [{C1FBD92A-EE41-4D41-A82D-8C6567B69BAD}] => (Allow) LPort=68
FirewallRules: [{D5F1F3F6-0986-465F-B746-059076BB8066}] => (Allow) LPort=67
FirewallRules: [{CA25A27B-1977-4365-A77B-6E449FFD2E97}] => (Allow) LPort=68
FirewallRules: [{8DC8CBBB-1093-45AF-B95C-1235FCB7ADD9}] => (Allow) LPort=67
FirewallRules: [{F9E74287-89E9-47DE-BC6D-64AC0D8659A7}] => (Allow) LPort=68
FirewallRules: [{4A02AA22-1704-4D71-B563-245AAA8C8F02}] => (Allow) LPort=67
FirewallRules: [{569A3E0D-24D2-43A2-8C41-D6B6DBF022A9}] => (Allow) LPort=68
FirewallRules: [{728AC2EA-BA66-44B6-8593-F2E3C79DE45E}] => (Allow) LPort=67
FirewallRules: [{E909F0E9-E84E-41DD-8A69-3A5CF2F6C78B}] => (Allow) LPort=68
FirewallRules: [{8232825E-AD2C-4EA1-A4CD-290512A22BAE}] => (Allow) LPort=67
FirewallRules: [{A14E6C3D-8F22-47F4-8E4A-9C2D3EEB6061}] => (Allow) LPort=68
FirewallRules: [{D1F950DD-18E7-42C6-B2B2-EDD4DB6E664A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9E96C231-6712-41B3-974C-5A05FEE5AD17}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7A6DD68E-33A1-4CCF-8224-B95560B88BB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{58B80805-F02C-4F4B-91F8-EC2A91B087FD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{35DF64EE-2071-46DC-A668-2C1B14EF3AFD}] => (Allow) LPort=67
FirewallRules: [{D7010839-B522-4913-A6EC-C69A35BABE23}] => (Allow) LPort=68
FirewallRules: [{E161C011-C311-4D29-AD2A-3A4409E78A32}] => (Allow) LPort=67
FirewallRules: [{CA6441BD-ECCF-4838-8D3F-FC1E82586AA4}] => (Allow) LPort=68
FirewallRules: [{D6D071BE-7368-4BF6-AA71-C5BA856C65EA}] => (Allow) LPort=67
FirewallRules: [{ABEF637A-0C53-4A37-A873-DDBF5F3B969B}] => (Allow) LPort=68
FirewallRules: [{E3964222-E355-4B5D-9726-6E7D88748E1D}] => (Allow) LPort=67
FirewallRules: [{CB554F6B-1A38-4470-A3BB-1145ECFC8BBC}] => (Allow) LPort=68
FirewallRules: [{13087284-F171-4F7B-B027-64F67E0430B5}] => (Allow) LPort=67
FirewallRules: [{C450F353-2AA4-4525-8AE4-9147030E0335}] => (Allow) LPort=68
FirewallRules: [{4CD692FF-7EBD-42E0-8B66-E3EB23996364}] => (Allow) LPort=67
FirewallRules: [{C937A8B2-2ABB-4D12-8876-7D674982A504}] => (Allow) LPort=68
FirewallRules: [{9C4534F9-E172-454D-BD2D-568D77BB9E34}] => (Allow) LPort=67
FirewallRules: [{12CDA30D-340C-492C-94E3-759D7BBE2475}] => (Allow) LPort=68
FirewallRules: [{557A680E-51BD-4BC1-A360-9D9F9763F67D}] => (Allow) LPort=67
FirewallRules: [{01ACB0CA-E2C1-4F3A-8BE7-C9C9B52010EB}] => (Allow) LPort=68
FirewallRules: [{706ED840-D191-4E6F-A758-8C169095BCC3}] => (Allow) LPort=67
FirewallRules: [{37A83159-5E35-4C1F-9FC8-256F29865D4B}] => (Allow) LPort=68
FirewallRules: [{A5A330AD-522A-4C01-944F-4C6686845CF0}] => (Allow) LPort=67
FirewallRules: [{AC81BE27-55A9-4DE7-9015-57E8C01A8E72}] => (Allow) LPort=68
FirewallRules: [{91FDB8BA-400B-4742-8BEB-21BF42EB3E65}] => (Allow) LPort=67
FirewallRules: [{2DF5E1DF-618C-461D-9F6F-8D0326CFCD26}] => (Allow) LPort=68
FirewallRules: [{0D667247-C73B-4C30-9021-8A47AC917D0F}] => (Allow) LPort=67
FirewallRules: [{BE103F94-8165-40E7-9AED-A69800C88D53}] => (Allow) LPort=68
FirewallRules: [{E0A7FE73-2290-446D-A51C-B63A6B635358}] => (Allow) LPort=67
FirewallRules: [{16CF461E-0072-4AF8-AE85-B01D620737A7}] => (Allow) LPort=68
FirewallRules: [{5660CBBD-DD9F-4A48-83F7-727D88B98DEF}] => (Allow) LPort=67
FirewallRules: [{21FB7FE8-0FC2-4A8E-B706-A195AFACA446}] => (Allow) LPort=68
FirewallRules: [{58D900EA-73AD-49AE-91AC-ECED6C4E87F7}] => (Allow) LPort=67
FirewallRules: [{528EDCF6-06BE-4747-8855-93BCF20741F8}] => (Allow) LPort=68
FirewallRules: [{D1E82389-60DB-41E1-B0ED-BF84A6CEC980}] => (Allow) LPort=67
FirewallRules: [{686E4BDC-14D3-48F7-8816-6B86206884B5}] => (Allow) LPort=68
FirewallRules: [{5B01AC1A-9E4F-4B7C-AB33-1D88C1DFF9DA}] => (Allow) LPort=67
FirewallRules: [{7D5E1E28-131A-4853-8B3D-6D943CEAD2FD}] => (Allow) LPort=68
FirewallRules: [{DFADAD73-C97D-4144-BB64-EFA51358E74C}] => (Allow) LPort=67
FirewallRules: [{74982403-A926-4584-8E52-5818666E0962}] => (Allow) LPort=68
FirewallRules: [{3E5D4E37-A4A5-4EE7-BA84-3AF285E6F1AD}] => (Allow) LPort=67
FirewallRules: [{FEDA4D3C-CB46-4C7C-A709-DFF6E0B85D65}] => (Allow) LPort=68
FirewallRules: [TCP Query User{6128D5B4-5A53-43C5-A912-0FD85CCED034}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D5FFD7AE-D84D-4EC6-87E9-A301212A1E1E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{F7F05972-BA31-44AA-A7D2-BA1601238C86}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{ECBB8225-F6C4-465B-ADDF-687DAB2DB3F4}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{3A4ADB02-FE71-4252-B2D1-5A3BE9534AF0}] => (Allow) LPort=67
FirewallRules: [{62548E5E-8BAD-4722-8D17-6AD6C38C691D}] => (Allow) LPort=68
FirewallRules: [{845963AB-84EA-46D3-9E25-EF7A5CA5CBC5}] => (Allow) LPort=67
FirewallRules: [{00B76460-6E09-4673-8A2C-523DEB970F10}] => (Allow) LPort=68
FirewallRules: [{078D4E5E-EE9D-4A8F-9BA7-CCA47586F500}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{80FCBCF1-FA6D-4FBB-8733-4EBBC1274A18}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{B870A9D5-7236-4C23-9482-C897A555E6D8}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.64\mca64Launcher.exe
FirewallRules: [{B1690EC5-5C58-42B8-9F34-2320E4D3FD54}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.64\mca64Launcher.exe
FirewallRules: [{1C03705F-17C1-4B46-833E-F48AFBEE3406}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.94\mca64Launcher.exe
FirewallRules: [{14F063DE-C2B7-4614-B241-26611F2CB20F}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.94\mca64Launcher.exe
FirewallRules: [{FA0D5029-230B-40FB-AB8D-D0A5D34D5DEF}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.106\mca64Launcher.exe
FirewallRules: [{A895B3E3-4AEB-498E-AA76-ED387D2C7448}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.106\mca64Launcher.exe
FirewallRules: [{4A064E52-E0C9-49AC-8155-8CD0E46FB35B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{58E6A61F-F867-4A23-871C-43C61D75F403}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{63B7FE5C-A38E-45EA-B2E6-35DAC3BA1E95}] => (Allow) E:\App\Microsoft Office Professional Plus 2013\KMSpico\AutoPico.exe
FirewallRules: [{C9F61CB6-14B0-410B-AC22-196A52BCBB16}] => (Allow) E:\App\Microsoft Office Professional Plus 2013\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{EC678179-5C39-4795-8358-860AC003EE25}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [UDP Query User{126052F5-97A3-4293-8BD5-7CB9E1F33DDB}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [TCP Query User{AAFBCE8A-7345-405B-BEFC-59B533616BF6}C:\users\desktop\desktop\nasnavi-278\nasnavi-278\module\nasnavi2.exe] => (Allow) C:\users\desktop\desktop\nasnavi-278\nasnavi-278\module\nasnavi2.exe
FirewallRules: [UDP Query User{2434BD33-20D1-42AB-B817-8969BE9933D2}C:\users\desktop\desktop\nasnavi-278\nasnavi-278\module\nasnavi2.exe] => (Allow) C:\users\desktop\desktop\nasnavi-278\nasnavi-278\module\nasnavi2.exe
FirewallRules: [{3AE6339F-BA33-4D09-B968-59DD1F7BD21C}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{F59FCC6F-8B78-4BF9-A75E-357516856948}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{7E96BFC4-40AE-4202-BB36-59BA373B2B62}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{A7C7AA85-C2AA-4E73-A519-45F371FFE639}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.113\mca64Launcher.exe
FirewallRules: [{9DC89D27-9948-4A9E-8B23-812F4C3EC859}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.113\mca64Launcher.exe
FirewallRules: [{70EFCB29-4234-492A-BEFC-42054CDE7C6D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{AC3EEAFB-B4BA-4656-8B9B-3B67A46A40FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{74C646F0-2C02-4887-9B1C-23AF12232A94}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6788C4D6-E8D8-416B-AF26-4FCEB3CC8463}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B063A6B7-845C-4A13-A8AE-178271546882}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{28C51693-C982-4A18-A664-90D57C39A049}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [TCP Query User{66C29E16-3C94-42CA-BF45-858FDD14C8A5}C:\users\desktop\appdata\local\tudou\feisutudou\tudouva.exe] => (Allow) C:\users\desktop\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [UDP Query User{DD931DD6-F6E9-4701-A5EA-5C39D52D2614}C:\users\desktop\appdata\local\tudou\feisutudou\tudouva.exe] => (Allow) C:\users\desktop\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [{421CD824-BE98-42B8-9799-84A33E2F55D1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ECC461EF-5B4D-438C-A712-093B2EFDACD1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9279665C-BC07-4EF4-9EAD-0E74505AE956}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{818E2369-8FD0-45AB-B4EA-CDBC786FAA3B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8F6ED305-662F-4B36-9C62-B5D761DB9DDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{BD2C45D7-2865-4F08-99D5-640E0006E223}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{00CE2CBD-07A3-47B8-BA2C-4970943847D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C32EABE5-414C-44A5-AAA3-29C42A882CA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{472D2724-DCDF-4A66-8FB8-B57AD3324762}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{BA8D767E-9D13-4E48-8DF1-F53F38C90A84}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{CA7FA090-1DE3-4F37-9839-92F519B82886}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{26DEAB38-D8E3-4348-9B9F-61ADF38A7AE9}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.113\mca64Launcher.exe
FirewallRules: [{8914280E-02BA-4590-B5F5-884574D4BE39}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.113\mca64Launcher.exe
FirewallRules: [{9E802710-4997-4683-8507-F0886E928B4A}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{72048FAA-3D4E-4904-AA14-9BA8A78098D7}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{D02E1B4C-8DA2-4261-BCA1-03A825598597}] => (Allow) C:\Users\Desktop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5A3E6953-4956-4363-A859-122DD332F604}] => (Allow) C:\Users\Desktop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9E85792-5B2A-4CAA-B9E0-DBD193BBF298}] => (Allow) C:\Users\Desktop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{16235819-0618-49E7-ABB2-163A65BBAC54}] => (Allow) C:\Users\Desktop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FB034857-9D17-490E-B87A-9EF90204830A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E6ACED88-71A0-4D01-9995-A20D597E835A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{910D4C78-63AC-49C6-82E2-03DE204F4081}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{46E58EC3-F60E-4951-ADB2-4DDDE4D9E69F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F537BF31-39D4-40A2-B00E-8C51EB16C36A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{07EB2F50-B894-4F8E-B584-650AF513804B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{84569584-7735-4BDD-8456-0959F7C8C7FA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{8A95DE9A-9023-4AB6-AC54-77F79E40A353}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{D602D9C5-400C-464E-A14E-C59F55BBE3AF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{10A2ACCD-800A-42EC-A4EA-1354742304C2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{2A184648-72C7-409C-B372-326185DE24CA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{8EE77E10-F4DA-4572-B995-AF6A27730FC9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{F8451F34-6148-4BAE-9722-3AEC1AA3D669}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{25477CEF-5181-4DE1-B516-CCF541A2955B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{3B204AEB-8E0A-4CE2-A8F5-0F70C9395165}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F076A80C-6877-407E-B437-62DC2ADDB7AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B625FEE1-23AA-445E-9567-86F681ECB41C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AEE61B50-D99D-47EB-B292-212C3DBA7ADB}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe

==================== Restore Points =========================

07-02-2016 15:45:53 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2016 09:15:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GPUTweak.exe, version: 2.2.8.1, time stamp: 0x5063c2c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x9e0
Faulting application start time: 0xGPUTweak.exe0
Faulting application path: GPUTweak.exe1
Faulting module path: GPUTweak.exe2
Report Id: GPUTweak.exe3

Error: (02/08/2016 09:15:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 4.1.2032.8372, time stamp: 0x5693fe3d
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a6a196
Exception code: 0xc0000005
Fault offset: 0x000000000004f6c6
Faulting process id: 0xf78
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3

Error: (01/31/2016 06:19:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GPUTweak.exe, version: 2.2.8.1, time stamp: 0x5063c2c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x9f8
Faulting application start time: 0xGPUTweak.exe0
Faulting application path: GPUTweak.exe1
Faulting module path: GPUTweak.exe2
Report Id: GPUTweak.exe3

Error: (01/31/2016 06:19:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 4.1.2032.8372, time stamp: 0x5693fe3d
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a6a196
Exception code: 0xc0000005
Fault offset: 0x000000000004f6c6
Faulting process id: 0x115c
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3

Error: (01/31/2016 04:00:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GPUTweak.exe, version: 2.2.8.1, time stamp: 0x5063c2c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x81c
Faulting application start time: 0xGPUTweak.exe0
Faulting application path: GPUTweak.exe1
Faulting module path: GPUTweak.exe2
Report Id: GPUTweak.exe3

Error: (01/31/2016 04:00:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 4.1.2032.8372, time stamp: 0x5693fe3d
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a6a196
Exception code: 0xc0000005
Fault offset: 0x000000000004f6c6
Faulting process id: 0xe00
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3

Error: (01/31/2016 03:53:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 44.0.0.5866, time stamp: 0x56a4222c
Faulting module name: MSVCP120.dll, version: 12.0.21005.1, time stamp: 0x524f7ced
Exception code: 0xc0000005
Fault offset: 0x0000e439
Faulting process id: 0xa30
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/31/2016 03:47:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 44.0.0.5866, time stamp: 0x56a4222c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1b38
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/31/2016 02:48:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 44.0.0.5866, time stamp: 0x56a4222c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02fffff9
Faulting process id: 0x196c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/31/2016 02:40:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 44.0.0.5866, time stamp: 0x56a4222c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00400501
Faulting process id: 0x12e4
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3


System errors:
=============
Error: (02/08/2016 09:26:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/08/2016 09:21:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/08/2016 09:21:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/08/2016 09:18:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/08/2016 09:16:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASGT service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2016 06:32:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/31/2016 06:24:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/31/2016 06:22:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASGT service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2016 06:21:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/31/2016 06:21:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-02-08 21:21:49.421
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 21:21:49.374
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 21:21:49.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 21:21:49.281
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-31 16:07:43.437
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-31 16:07:43.390
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 15%
Total physical RAM: 16334.93 MB
Available physical RAM: 13835.51 MB
Total Virtual: 32668.05 MB
Available Virtual: 29904.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.38 GB) (Free:28.78 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:111.79 GB) (Free:80.82 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:335.35 GB) (Free:34.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E18A2852)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: CAD8827D)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 335.4 GB) (Disk ID: A501CE35)
Partition 1: (Not Active) - (Size=335.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 09 February 2016 - 09:33 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:57 PM

Posted 09 February 2016 - 09:35 PM

Greetings 66xx66xx66 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2013 and all other products for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan with Addition.txt and post both logs. If you prefer to leave the programs on your computer let me know that and I will be closing the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 66xx66xx66

66xx66xx66
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 10 February 2016 - 07:04 PM

Hi Gary, my name is Ray.  Thank you for your assistant.  
 
I fully uninstalled Officer 2013 and scan FRST again see attached.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Desktop (administrator) on DESKTOP-PC (10-02-2016 19:00:16)
Running from C:\Users\Desktop\Desktop
Loaded Profiles: Desktop (Available Profiles: Desktop)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Buffalo Inc.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
() C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIMplugin.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M95 Mouse\CorsTra.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [Corsair Duke] => C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe [1771520 2013-08-15] (Corsair Components Inc)
HKLM-x32\...\Run: [IMDreyePlugin] => C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIMplugin.exe [36864 2009-05-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\Run: [GoogleChromeAutoLaunch_DFC8472DABE1F2F5610AF2606F0DE9EE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-09] (Google Inc.)
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe [2594304 2012-09-27] (ASUS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk [2015-01-08]
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk [2015-01-08]
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B702E5D-C902-4522-A3C7-1E0EF8ECBC31}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2EDB427F-0AEA-44CF-810F-88342BDB9F52}: [DhcpNameServer] 64.71.255.205 64.71.255.253
Tcpip\..\Interfaces\{98FA1AE5-57DF-4BD6-801E-C8EB99C7139D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A82AC465-2788-499A-B3DD-A988DB9B7C67}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-102027666-3716477199-3525533037-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-24] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-24] (Oracle Corporation)
BHO-x32: No Name -> {06433BFE-4946-4E89-823D-CD359C81CD06} -> No File
BHO-x32: No Name -> {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Toolbar: HKLM-x32 - Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIEBar.dll [2009-05-31] ()
Toolbar: HKU\S-1-5-21-102027666-3716477199-3525533037-1000 -> No Name - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\5uudvg2z.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.ca/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-12-26] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-12-26] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-102027666-3716477199-3525533037-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-14] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\5uudvg2z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR Profile: C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Text URL Linker) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegfbpchoheaflicfmggkmlmcccpjpgd [2014-10-13]
CHR Extension: (bamboo panda) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdimjkgkhlmlngcgioeokeekojhfmblk [2014-10-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-14]
CHR Extension: (YouTube) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (AdBlock) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-04]
CHR Extension: (Skype) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-21]
CHR Extension: (Dropdown List of Most Visited Links) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah [2014-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-30] (Creative Labs) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164736 2012-12-26] (Intel Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1722320 2014-08-26] (Micro-Star International)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11-21] (BUFFALO INC.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btiaa2dp; C:\Windows\System32\drivers\btiaa2dp.sys [82944 2008-09-16] (iAnywhere Solutions) [File not signed]
S3 BTiAPan; C:\Windows\System32\DRIVERS\btiapan.sys [37888 2008-09-16] (iAnywhere Solutions) [File not signed]
S3 btiarcp; C:\Windows\System32\DRIVERS\btiarcp.sys [10880 2008-07-30] (iAnywhere Solutions) [File not signed]
S3 btiaspp; C:\Windows\System32\DRIVERS\btiaspp.sys [92160 2008-09-16] (iAnywhere Solutions) [File not signed]
S3 BTIAUSB; C:\Windows\System32\DRIVERS\btiausb.sys [31744 2008-11-14] (iAnywhere Solutions) [File not signed]
S3 BTPROT; C:\Windows\System32\DRIVERS\btprot.sys [517632 2008-11-14] (iAnywhere Solutions) [File not signed]
S3 CORSGMS; C:\Windows\System32\drivers\CORSGMS.sys [25600 2012-03-27] ( ) [File not signed]
S3 DM9USB; C:\Windows\System32\DRIVERS\dm9usb.sys [64512 2012-07-05] (DAVICOM Semiconductor, Inc. )
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-24] (DT Soft Ltd)
R3 DUKEMS; C:\Windows\System32\drivers\DUKEMS.sys [25600 2012-08-16] ( )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
S3 iAnywhere_btAudio; C:\Windows\System32\drivers\btiasco.sys [25088 2008-07-30] (iAnywhere Solutions) [File not signed]
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2015-08-30] (hxxp://libusb-win32.sourceforge.net)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-10 19:00 - 2016-02-10 19:00 - 00027611 _____ C:\Users\Desktop\Desktop\FRST.txt
2016-02-08 22:10 - 2016-02-10 19:00 - 00000000 ____D C:\FRST
2016-02-08 22:09 - 2016-02-08 22:09 - 02370560 _____ (Farbar) C:\Users\Desktop\Desktop\FRST64.exe
2016-02-08 21:43 - 2016-02-08 21:43 - 00035005 _____ C:\ComboFix.txt
2016-02-06 13:09 - 2016-02-06 13:39 - 00000000 ____D C:\Users\Desktop\Desktop\2015-12-31 群星 - 2015年Hit Fm 年度百首單曲
2016-02-04 21:35 - 2015-05-16 13:48 - 00000000 ____D C:\Users\Desktop\Desktop\許志安 - Come On, Enjoy the Best DISC 1
2016-02-04 21:30 - 2015-06-16 18:09 - 00000000 ____D C:\Users\Desktop\Desktop\五月天 - Your Legend ~燃ゆる命~
2016-02-03 23:33 - 2016-02-03 23:33 - 00000000 ____D C:\Users\Desktop\AppData\Local\Razer_Inc
2016-02-02 20:19 - 2016-02-02 21:08 - 566518483 _____ C:\Users\Desktop\Desktop\5156share.com.XianGeiAEJN.EP10end.mp4
2016-02-02 19:59 - 2016-02-02 21:29 - 751566907 _____ C:\Users\Desktop\Desktop\filedm.myvnc.com.MDRT-Ch01.mkv
2016-02-01 19:58 - 2016-02-01 23:08 - 563541190 _____ C:\Users\Desktop\Desktop\5156share.com.XianGeiAEJN.EP09.mp4
2016-01-31 21:02 - 2016-01-31 21:02 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-31 21:02 - 2016-01-31 21:02 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-31 21:02 - 2016-01-31 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-31 17:33 - 2016-01-31 17:33 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-31 17:32 - 2016-01-31 17:32 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-01-31 17:31 - 2016-01-31 18:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-31 17:31 - 2016-01-31 18:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-31 16:01 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-31 16:01 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-31 16:01 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-31 16:01 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-31 16:01 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-31 16:01 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-31 16:01 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-31 16:01 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-31 16:00 - 2016-02-08 21:44 - 00000000 ____D C:\Qoobox
2016-01-31 16:00 - 2016-02-08 21:15 - 05657667 ____R (Swearware) C:\Users\Desktop\Desktop\ComboFix.exe
2016-01-31 16:00 - 2016-01-31 16:26 - 00000000 ____D C:\Windows\erdnt
2016-01-31 15:54 - 2016-01-31 15:55 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\QuickScan
2016-01-31 14:44 - 2016-01-31 14:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-31 00:18 - 2016-01-31 00:18 - 00036860 _____ C:\Users\Desktop\bookmarks-2016-01-31.json
2016-01-28 22:50 - 2016-02-04 21:28 - 00000000 ____D C:\Users\Desktop\Desktop\謝霆鋒 - 鋒味
2016-01-28 22:50 - 2015-11-22 07:37 - 00000000 ____D C:\Users\Desktop\Desktop\Club 8 - Pleasure
2016-01-28 22:46 - 2016-01-28 22:46 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2016-01-28 22:46 - 2016-01-28 22:46 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2016-01-28 22:45 - 2015-10-02 09:54 - 00688408 _____ (Samsung Electronics) C:\Windows\system32\eed_sl.exe
2016-01-28 22:45 - 2015-10-02 09:53 - 01848320 _____ C:\Windows\system32\eed_ec.dll
2016-01-28 22:45 - 2015-04-18 15:13 - 00226424 _____ C:\Windows\system32\SBuySupplies.exe
2016-01-28 22:45 - 2015-04-18 15:13 - 00158040 _____ (SS) C:\Windows\system32\ssj1mci.exe
2016-01-28 22:45 - 2015-04-18 15:13 - 00000273 _____ C:\Windows\system32\eed_sl.exe.config
2016-01-28 22:45 - 2015-04-18 15:12 - 00089600 _____ (SS) C:\Windows\system32\ssj1mci.dll
2016-01-28 22:45 - 2015-04-18 15:12 - 00022528 _____ () C:\Windows\system32\ssj1mlm.dll
2016-01-28 22:20 - 2016-01-28 22:24 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-01-28 22:20 - 2016-01-28 22:20 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2016-01-28 22:12 - 2016-01-28 22:30 - 00000000 ____D C:\Users\UpdatusUser
2016-01-28 22:12 - 2016-01-28 22:12 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Samsung
2016-01-28 22:05 - 2016-01-28 22:05 - 00000000 ____D C:\Windows\pss
2016-01-27 20:14 - 2016-01-27 20:14 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010
2016-01-27 20:14 - 2016-01-27 20:14 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\Citrix
2016-01-27 18:27 - 2016-02-08 17:02 - 00000000 ____D C:\Users\Desktop\AppData\Local\Citrix
2016-01-27 18:27 - 2016-01-27 18:54 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\ICAClient
2016-01-27 18:27 - 2016-01-27 18:27 - 00001661 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2016-01-27 18:27 - 2016-01-27 18:27 - 00000000 ____D C:\ProgramData\Citrix
2016-01-27 18:27 - 2016-01-27 18:27 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-01-27 12:25 - 2016-01-31 15:53 - 00000000 ____D C:\Users\Desktop\AppData\Local\CrashDumps
2016-01-26 19:41 - 2016-01-31 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-24 19:39 - 2015-12-16 09:53 - 00523384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-01-24 19:39 - 2015-12-16 09:53 - 00075056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-01-24 19:39 - 2015-12-16 09:39 - 00103032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-01-24 19:38 - 2015-12-16 12:34 - 42977072 _____ C:\Windows\system32\nvcompiler.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 37609080 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 31061624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 24895792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 21122456 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 20663816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 17561432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 17156968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 16286888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 12334200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-01-24 19:38 - 2015-12-16 12:34 - 03168376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 02755704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 01915696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436143.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436143.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00938104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00872056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00734512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00681592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00469144 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00423264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00416376 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00370808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-01-24 19:38 - 2015-12-16 12:34 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-01-24 19:38 - 2015-12-16 12:34 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-01-24 17:38 - 2016-01-24 17:38 - 00194885 _____ C:\Users\Desktop\Desktop\hjsplit.zip
2016-01-24 17:35 - 2016-01-11 23:40 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-01-24 17:34 - 2015-12-18 01:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-01-24 17:34 - 2015-12-18 01:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-01-24 17:21 - 2016-02-04 22:55 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\uTorrent
2016-01-24 17:21 - 2016-01-24 17:21 - 00000983 _____ C:\Users\Desktop\Desktop\µTorrent.lnk
2016-01-24 13:29 - 2016-01-24 17:32 - 734003200 _____ C:\Users\Desktop\Desktop\Office.mkv.003
2016-01-24 13:15 - 2016-01-24 13:38 - 430689061 _____ C:\Users\Desktop\Desktop\Office.mkv.004
2016-01-24 12:03 - 2016-01-24 13:13 - 665974666 _____ C:\Users\Desktop\Desktop\Office.mkv.001
2016-01-24 11:52 - 2016-01-24 12:42 - 734003200 _____ C:\Users\Desktop\Desktop\Office.mkv.002
2016-01-21 21:51 - 2016-01-21 22:15 - 66957706 _____ C:\Users\Desktop\Desktop\2015-06-17 五月天 - Your Legend ~燃ゆる命~.rar
2016-01-21 21:22 - 2016-01-21 21:22 - 00135617 _____ C:\Users\Desktop\Desktop\Our_Times_(2015)_720p_BluRay_x264-ROVERS[rarbg].torrent
2016-01-21 21:17 - 2016-02-02 20:00 - 00001623 _____ C:\Users\Desktop\Desktop\New Text Document.txt
2016-01-19 19:21 - 2016-01-19 19:21 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\MPC-HC
2016-01-19 19:20 - 2016-01-19 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-01-19 19:20 - 2016-01-19 19:20 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-01-19 19:20 - 2015-12-18 05:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll
2016-01-19 19:20 - 2015-12-18 05:00 - 00674816 _____ C:\Windows\SysWOW64\xvidcore.dll
2016-01-19 19:20 - 2015-12-18 05:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll
2016-01-19 19:20 - 2015-12-18 05:00 - 00282112 _____ C:\Windows\SysWOW64\xvidvfw.dll
2016-01-19 19:20 - 2015-10-24 12:00 - 00126976 _____ C:\Windows\system32\ff_vfw.dll
2016-01-19 19:20 - 2015-10-24 12:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2016-01-19 19:20 - 2015-02-28 11:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2016-01-19 19:20 - 2015-02-28 11:21 - 03591680 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2016-01-19 19:20 - 2012-07-21 06:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2016-01-19 19:20 - 2012-07-21 06:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2016-01-19 19:20 - 2011-12-07 13:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2016-01-19 19:20 - 2011-12-07 13:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2016-01-17 16:57 - 2016-01-17 16:58 - 21816302 _____ C:\Users\Desktop\Desktop\tomato-RT-N66U_RT-AC6x--132-AIO-64K.zip
2016-01-16 23:20 - 2016-01-16 23:20 - 00639498 _____ C:\Users\Desktop\Desktop\Saving.Mr.Wu.2015.1080p.BluRay.x264-ROVERS.torrent
2016-01-16 17:39 - 2016-01-16 17:39 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\Inventec
2016-01-16 17:39 - 2016-01-16 17:39 - 00000000 ____D C:\ProgramData\Inventec
2016-01-16 17:37 - 2016-01-16 17:37 - 00001992 _____ C:\Users\Public\Desktop\Dr.eye.lnk
2016-01-16 17:37 - 2016-01-16 17:37 - 00000016 _____ C:\Windows\SysWOW64\rdInfo9
2016-01-16 17:37 - 2016-01-16 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.eye
2016-01-16 17:37 - 2016-01-16 17:37 - 00000000 ____D C:\Program Files (x86)\Inventec
2016-01-16 17:37 - 2009-05-15 15:53 - 03932214 _____ C:\Windows\1280Dtop.bmp
2016-01-16 17:37 - 2009-05-15 15:53 - 02359350 _____ C:\Windows\1024Dtop.bmp
2016-01-16 17:37 - 2009-05-08 13:36 - 01584640 _____ (IES) C:\Windows\system32\DreyeJP.ime
2016-01-16 17:37 - 2009-05-08 13:30 - 01589248 _____ (IES) C:\Windows\SysWOW64\DreyeJP.ime
2016-01-16 17:37 - 2009-04-20 15:35 - 01567744 _____ (IES) C:\Windows\system32\DreyeTC.ime
2016-01-16 17:37 - 2009-04-20 15:34 - 01574912 _____ (IES) C:\Windows\system32\DreyeSC.ime
2016-01-16 17:37 - 2009-04-20 15:21 - 01572864 _____ (IES) C:\Windows\SysWOW64\DreyeSC.ime
2016-01-16 17:37 - 2009-04-20 15:21 - 01564672 _____ (IES) C:\Windows\SysWOW64\DreyeTC.ime
2016-01-16 17:36 - 2016-01-16 17:36 - 00003224 _____ C:\Windows\System32\Tasks\{0F982F7D-C761-4D5B-9601-4B3867336FBA}
2016-01-14 20:30 - 2016-01-14 22:05 - 140338155 _____ C:\Users\Desktop\Desktop\Come_On_Best_DISC_1.rar
2016-01-11 23:51 - 2016-01-11 23:51 - 00193440 ____H C:\Windows\system32\mlfcache.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-10 18:57 - 2012-12-27 19:33 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-10 18:57 - 2009-07-14 02:46 - 00000000 ____D C:\Windows\ShellNew
2016-02-10 18:57 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-10 18:56 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-10 18:56 - 2009-07-13 21:34 - 00000428 _____ C:\Windows\win.ini
2016-02-10 18:48 - 2014-12-17 15:55 - 00004972 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Desktop-PC-Desktop Desktop-PC
2016-02-10 18:37 - 2009-07-13 23:45 - 00020416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-10 18:37 - 2009-07-13 23:45 - 00020416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-10 18:34 - 2009-07-14 00:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-10 18:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-10 18:29 - 2015-05-15 11:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f2b79b6ac07.job
2016-02-10 18:29 - 2012-12-26 21:11 - 00002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 18:28 - 2015-02-07 01:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0429e880174a3.job
2016-02-10 18:28 - 2014-10-18 18:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeb29acb7d1a7.job
2016-02-10 18:28 - 2013-10-23 18:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-10 18:27 - 2015-05-15 11:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f2b798e34a2.job
2016-02-10 18:27 - 2015-02-07 01:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0429e87c5f23d.job
2016-02-10 18:27 - 2014-03-10 19:22 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-10 18:27 - 2014-02-17 01:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2bac484cb107.job
2016-02-10 18:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-09 22:22 - 2014-05-08 20:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b22bc67e41b.job
2016-02-09 20:28 - 2013-10-23 18:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 20:28 - 2012-12-26 21:53 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 20:28 - 2012-12-26 21:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-08 21:26 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-02-08 21:15 - 2014-02-22 01:30 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\AIMP3
2016-02-08 10:42 - 2015-01-01 12:55 - 00001366 _____ C:\Users\Desktop\Desktop\AIMP3.lnk
2016-02-08 09:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-04 21:33 - 2015-03-09 22:38 - 00000000 ____D C:\Users\Desktop\Desktop\井筒昭雄 - フジテレビ系ドラマ「ファーストクラス」オリジナルサウンドトラック
2016-02-04 18:56 - 2014-06-26 19:53 - 00000000 ____D C:\Program Files (x86)\Razer
2016-02-03 22:58 - 2014-06-26 21:01 - 00000000 ____D C:\ProgramData\Razer
2016-02-02 22:02 - 2015-02-22 14:50 - 00000000 ____D C:\Users\Desktop\AppData\Local\Battle.net
2016-02-02 20:47 - 2012-12-26 21:34 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-02-02 20:41 - 2015-02-22 14:50 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-02-02 13:23 - 2015-05-15 11:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d08f2b79b6ac07
2016-02-02 13:23 - 2015-05-15 11:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d08f2b798e34a2
2016-01-31 22:25 - 2013-06-02 21:49 - 00091136 ___SH C:\Users\Desktop\Thumbs.db
2016-01-31 20:52 - 2009-07-14 00:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-31 16:31 - 2010-11-15 03:17 - 00000000 ___RD C:\Users\MSOCache
2016-01-31 16:00 - 2013-04-01 20:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-31 15:40 - 2015-06-10 21:07 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\MediaMonkey
2016-01-31 14:56 - 2013-02-13 15:24 - 00000000 ____D C:\Windows\Sun
2016-01-31 14:55 - 2015-07-16 20:10 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2016-01-31 11:09 - 2012-12-26 08:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-31 00:02 - 2014-03-17 19:53 - 00000000 ____D C:\Users\Desktop\Desktop\Setup
2016-01-28 22:46 - 2014-09-10 22:15 - 00000000 ____D C:\ProgramData\Samsung
2016-01-28 22:29 - 2014-10-05 21:20 - 00000040 _____ C:\Autoconfig.ini
2016-01-28 22:24 - 2014-10-05 21:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2016-01-28 22:20 - 2014-09-10 22:27 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\Samsung
2016-01-28 21:34 - 2013-01-12 19:35 - 00000000 ____D C:\Users\Desktop\AppData\Local\ElevatedDiagnostics
2016-01-27 20:30 - 2014-08-26 01:15 - 00000000 ____D C:\Users\Desktop\AppData\Local\Adobe
2016-01-27 18:27 - 2013-04-01 20:40 - 00000000 ____D C:\temp
2016-01-24 19:40 - 2012-12-26 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-24 19:39 - 2012-12-26 21:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-24 18:52 - 2014-07-17 09:30 - 00000000 ____D C:\ProgramData\Oracle
2016-01-24 18:51 - 2015-11-08 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-01-24 18:51 - 2015-10-25 19:55 - 00000000 ____D C:\Users\Desktop\.oracle_jre_usage
2016-01-24 18:51 - 2015-03-18 19:36 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-01-24 18:51 - 2015-03-18 19:35 - 00000000 ____D C:\Program Files\Java
2016-01-24 18:51 - 2014-07-17 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-24 18:45 - 2015-06-09 19:18 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-24 18:06 - 2013-01-30 02:46 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\vlc
2016-01-24 17:35 - 2013-08-01 18:59 - 00000000 ____D C:\Users\Desktop\AppData\Local\NVIDIA
2016-01-24 17:34 - 2014-10-30 21:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-17 11:34 - 2009-07-13 23:45 - 00434480 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-16 18:00 - 2012-12-26 07:19 - 00112320 _____ C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-16 12:45 - 2013-01-22 23:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-14 21:28 - 2016-01-10 19:33 - 529530880 _____ C:\Users\Desktop\Desktop\JCKC TVB J2 亂馬 1 2.part1.rar
2016-01-13 20:04 - 2014-12-24 13:17 - 00000000 ____D C:\Users\Desktop\Desktop\amy's folder
2016-01-13 19:02 - 2015-12-06 11:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 19:02 - 2015-07-02 20:10 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-11 23:41 - 2014-07-29 20:39 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-01-11 23:41 - 2013-11-05 18:59 - 01542600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-01-11 23:40 - 2014-07-29 20:39 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-01-11 23:40 - 2013-11-05 18:59 - 01860120 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

==================== Files in the root of some directories =======

2015-05-02 20:53 - 2015-05-02 20:53 - 0000168 _____ () C:\Users\Desktop\AppData\Local\temp.tmp
2009-02-24 12:40 - 2009-02-24 12:40 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
2009-02-24 12:40 - 2009-02-24 12:40 - 0001346 _____ () C:\ProgramData\cfSB1100.ini

Some files in TEMP:
====================
C:\Users\Desktop\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-08 15:44

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Desktop (2016-02-10 19:00:32)
Running from C:\Users\Desktop\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-12-26 12:15:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-102027666-3716477199-3525533037-500 - Administrator - Disabled)
Desktop (S-1-5-21-102027666-3716477199-3525533037-1000 - Administrator - Enabled) => C:\Users\Desktop
Guest (S-1-5-21-102027666-3716477199-3525533037-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-102027666-3716477199-3525533037-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1492, 24.04.2015 - AIMP DevTeam)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Android USB Drivers (HKLM\...\{F6AEADC0-6B97-430E-B78A-C1D633A6528D}) (Version: 4.0.6753 - ASUSTeK Computer Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
ASUS RT-N66U Wireless Router Utilities (HKLM-x32\...\{88CA8932-7987-4D7A-BEE3-227BDB3CA888}) (Version: 4.2.3.9 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.78 - Buffalo Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.0.8014 - Citrix Systems, Inc.)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Corsair M95 Firmware Update Application (HKLM-x32\...\{4E44154D-0699-4D6C-996F-66D47B9A40D2}_is1) (Version: - )
Corsair M95 Gaming Mouse Driver V1.0 (HKLM-x32\...\{9C9EA6B0-2138-4111-BF26-9D0D40D12C0F}_is1) (Version: 1.00.00.14 - )
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Dr.eye 9.0 Flagship Edition (HKLM-x32\...\{ADB8679A-DCE9-4EA9-B23C-4A426478F86B}) (Version: 9.0.2009.0 - Inventec)
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.0.9 - MSI)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.18.6 - Androxyde)
Flirc (HKLM-x32\...\Flirc) (Version: - )
Geeks3D.com FurMark 1.10.3 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
ICCup Launcher (HKLM-x32\...\ICCup Launcher_is1) (Version: 1.6 - ICCup)
Ikaruga version Gouki (HKLM-x32\...\{A5E92823-5726-4733-AF09-EF64CC8C3B42}_is1) (Version: Gouki - Gouki)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
K-Lite Mega Codec Pack 11.8.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.5 - KLCP)
mca64Launcher 2.0.0.113 (HKLM-x32\...\mca64Launcher 2.0.0.113) (Version: 2.0.0.113 - mca64)
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.107.06300 (HKLM-x32\...\{12CEF785-A93B-15F6-1604-79E51E920A06}) (Version: 2.12.107.06300 - Sony)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Excel 2010 (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\store-5c0ec3f7@@XA76.Microsoft Excel 201) (Version: 1.0 - Delivered by Citrix)
Microsoft Outlook 2010 (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\store-5c0ec3f7@@XA76.Microsoft Outlook 2) (Version: 1.0 - Delivered by Citrix)
Microsoft SkyDrive (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\store-5c0ec3f7@@XA76.Microsoft Word 2010) (Version: 1.0 - Delivered by Citrix)
MKVToolNix 6.7.0 [20140102-565] (HKLM-x32\...\MKVToolNix) (Version: 6.7.0 - Moritz Bunkus)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0 - Mozilla)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.009 - MSI)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.4.0.8014 - Citrix Systems, Inc.) Hidden
PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.58.01(10/20/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SanDisk SSD Toolkit 1.0.0.1 (HKLM-x32\...\{26326B5B-3D62-4C12-8841-6B55A19B552D}_is1) (Version: 1.0.0.1 - SanDisk Corporation)
Self-service Plug-in (x32 Version: 4.4.0.11833 - Citrix Systems, Inc.) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.0.2.1 - Splashtop Inc.)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TRENDnet Powerline Utility (HKLM-x32\...\{B596801C-EA86-4920-8432-1B1B8AE148F0}) (Version: 7.1.0101 - TRENDnet)
TRENDnet Powerline Utility (HKLM-x32\...\TRENDnet Powerline Utility) (Version: 6.0.0.0 - TRENDnet Corporation.)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Explorer (HKU\S-1-5-21-102027666-3716477199-3525533037-1000\...\store-5c0ec3f7@@XA76.Windows Explorer) (Version: 1.0 - Delivered by Citrix)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.126 - MSI)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26D16CDF-467D-45E3-852A-D0AFD34B6C1C} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6b22bc67e41b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2CCC190C-E6E2-4A41-8DCA-43A1569B413E} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f2b798e34a2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {42DE9432-5B0D-45C5-A2F9-536AAD076058} - System32\Tasks\GoogleUpdateTaskMachineCore1cf2bac484cb107 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6495CACA-8377-445E-99CB-A05B0AFD4CC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {659EA9AE-6F55-465E-A49C-88EB2B6EA658} - System32\Tasks\{40E51788-AC50-4802-ACE4-F56005FB7BB7} => pcalua.exe -a C:\Users\Desktop\Desktop\CMS_RMT_PCAPP_LB_2_30_02.exe -d C:\Users\Desktop\Desktop
Task: {6EA544E9-F23D-43D6-844A-483267F446C8} - System32\Tasks\GoogleUpdateTaskMachineUA1cfeb29acb7d1a7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8C8E4F6D-10AA-43F9-91DC-528D23319FB9} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
Task: {946BA927-BAB9-43F8-9094-E63149B3E11E} - System32\Tasks\AutoPico Daily Restart => E:\App\Microsoft
Task: {9F82D0BF-15BB-4F8C-AA60-4F2AE6F357EE} - System32\Tasks\GoogleUpdateTaskMachineUA1d0429e880174a3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AFD026E0-D045-43A4-8DCE-573D4A1E753B} - System32\Tasks\GoogleUpdateTaskMachineUA1d08f2b79b6ac07 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B691D2D0-2E2F-40B8-9A74-1EDCCC97E31F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {BBBAEE1A-4A26-42B5-AB39-9C92DCEC6DBF} - System32\Tasks\{0F982F7D-C761-4D5B-9601-4B3867336FBA} => pcalua.exe -a "E:\Download\Dr.eye 9.0\Dr.eye 9.0\Dr.eye 9.0\Dreye9Flag.exe" -d "E:\Download\Dr.eye 9.0\Dr.eye 9.0\Dr.eye 9.0"
Task: {CAEFCBA7-5D1E-48C7-B216-F6E78F65B691} - System32\Tasks\GoogleUpdateTaskMachineCore1d0429e87c5f23d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DE1B5734-F4D4-4D5E-B86C-EBF9CC6BB680} - System32\Tasks\{CE23E0DC-B28A-498B-8F4F-F4087399E682} => pcalua.exe -a "C:\Users\Desktop\Desktop\SB Audigy Series recompiled Install\CMS3_INSTALL\CMS3\Remote\setup.exe" -d "C:\Users\Desktop\Desktop\SB Audigy Series recompiled Install\CMS3_INSTALL\CMS3\Remote"
Task: {E4A3D149-A4A6-466E-B16B-0C2779A51492} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Desktop-PC-Desktop Desktop-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2bac484cb107.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0429e87c5f23d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f2b798e34a2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b22bc67e41b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeb29acb7d1a7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0429e880174a3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f2b79b6ac07.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-10 19:22 - 2015-12-16 09:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-05 21:19 - 2011-04-11 00:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2016-01-28 22:45 - 2015-04-18 15:12 - 00022528 _____ () C:\Windows\System32\ssj1mlm.dll
2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2016-01-24 17:34 - 2016-01-11 23:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2012-12-30 18:25 - 2009-11-30 18:54 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2012-12-30 18:25 - 2009-12-08 15:52 - 00230912 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-01-16 17:37 - 2009-05-11 19:18 - 00036864 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIMplugin.exe
2014-05-31 14:35 - 2005-07-18 12:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2012-09-10 11:37 - 2012-09-10 11:37 - 00192512 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2012-09-27 11:08 - 2012-09-27 11:08 - 00049152 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2016-01-24 17:34 - 2016-01-11 23:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-01-16 17:37 - 2009-06-13 17:04 - 00081920 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIMhook.dll
2016-01-16 17:37 - 2008-12-23 10:34 - 00102400 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\peadict\api\DrRegPath.dll
2016-01-16 17:37 - 2009-03-20 12:42 - 00053248 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\Peadict\Api\DreyeMT.dll
2013-12-01 01:05 - 2013-05-26 14:40 - 00054272 _____ () C:\Program Files (x86)\Corsair\M95 Mouse\hidGetKey.dll
2016-01-16 17:37 - 2009-04-21 19:53 - 00077824 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DrHJMT.dll
2016-01-16 17:37 - 2009-03-06 13:00 - 00065536 _____ () C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeTM.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-12-26 21:02 - 2012-12-26 21:02 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-02-10 18:29 - 2016-02-09 06:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-10 18:29 - 2016-02-09 06:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1677AB3F
AlternateDataStreams: C:\ProgramData\Temp:93C2F41D

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-02-08 21:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-102027666-3716477199-3525533037-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Desktop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\Windows\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HKToolbarManager => C:\Program Files (x86)\881903\IETOOLBAR\hkmgr.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2AE5BCDA-EE0A-44DD-8029-130FA1DBD820}] => (Allow) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{CE3DB238-1D12-4ABF-BA0D-00E556CACA97}] => (Allow) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{AA0B5271-77EE-44E9-87E3-A09580C841CA}] => (Allow) LPort=1542
FirewallRules: [{200585E4-8197-413C-863E-9CA31B1DC04D}] => (Allow) LPort=1542
FirewallRules: [{CF756D3E-A569-421E-90B2-7E465B61EB8E}] => (Allow) LPort=53
FirewallRules: [TCP Query User{77FF68D1-656A-428C-B7EA-99D8F656CFB0}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [UDP Query User{AA8A9E63-8B6B-40C4-B148-18B321E2E352}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [{399FE0DC-8090-45D3-AEF8-E1AC5B7D6E28}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{6ACE7E5B-6B0D-42E2-952C-DD2F30233C8F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{766E5AF1-1CB2-428D-AB8E-C703E9BD0D3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{3C05935B-7C10-40AC-BAF8-D16F4FDF7D6A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{A0F17728-9370-4B34-99AB-113BF196FC6B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{02A549CC-7E31-457F-ABB8-99C069EE0EE5}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{9127D8DB-76F7-406C-AA60-A57FA0CF01C7}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{277A1B26-0A6D-4306-9B4A-C157889FFC76}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{AF32C630-D3BD-4428-BB07-02F469530161}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base23260\SC2.exe
FirewallRules: [{6CB1AA52-E7F9-4FDD-B90A-04AEDDF7712C}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base23260\SC2.exe
FirewallRules: [{3C06C80C-F52C-44AB-93CA-34BC07F56368}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D3F82343-947F-41C0-85F6-0A9752BF73CD}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe
FirewallRules: [{61B72259-8FD4-4A21-B1FC-331310757A5D}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe
FirewallRules: [{4C15DF63-7F34-4C18-A496-ECF7DBCD97E7}] => (Allow) C:\Users\Desktop\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [{421125B4-52D4-4EEE-A5D7-73D5D44EBC23}] => (Allow) C:\Users\Desktop\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [{38BE5DCE-944E-4278-9CF8-61015E2F81F7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{11462B51-55DD-4095-890C-A8EA30BF5618}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{6DD9D48D-FF1E-442E-A078-9422EC15E2E5}] => (Allow) C:\Users\Desktop\Desktop\uTorrent.exe
FirewallRules: [{DCB2951F-34FE-47E8-8D7E-BBE40E583C44}] => (Allow) C:\Users\Desktop\Desktop\uTorrent.exe
FirewallRules: [TCP Query User{65E0829C-E005-4670-8681-1B66C48362D9}C:\program files (x86)\881903\ietoolbar\hkmgr.exe] => (Allow) C:\program files (x86)\881903\ietoolbar\hkmgr.exe
FirewallRules: [UDP Query User{0D3A6DA6-CC08-4B02-BB42-C9373D97489F}C:\program files (x86)\881903\ietoolbar\hkmgr.exe] => (Allow) C:\program files (x86)\881903\ietoolbar\hkmgr.exe
FirewallRules: [{5D4796C0-749F-4513-B859-EE8AAA60FAD7}] => (Allow) C:\Users\Desktop\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{1A282EC8-4DAA-498F-8D5B-177AAF9A8FD7}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Block) C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
FirewallRules: [UDP Query User{350A2549-62C9-4938-B064-D50FC38E62F3}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Block) C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
FirewallRules: [{1E8C9E0B-1206-4272-B868-E9FA9653AE03}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{FC5FAAB4-3157-4F92-B12A-A992D72EBC98}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{9481ABF8-B316-46B1-BB5A-FB1263DCDB85}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1EFE4363-C64A-41A1-8A72-1C201E5157D8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AC91C625-E7AE-42F8-90C2-47D9659C2EA7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6DC1396B-1374-43E2-84E2-112F59AD2147}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{092E5FF2-53F9-4E36-BD9F-9B5F5185C811}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A99DA17D-8E3A-4481-AEBF-9BC2E6C90E32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D1016553-B466-4930-9E63-3987006C03F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7644D3A1-D55D-4D46-9E44-D72BD74D68B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D5B5F57-6DDD-435F-87B6-00366EA2C9EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{73D95D64-E7DD-47F8-9ABD-FA39477AEA69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{0A33E945-E5E0-4145-A20F-CDB2045FC473}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [{31A8BFF5-C1FE-4DD9-8A41-893DB8268EE5}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [{F5E70B9A-952F-47B6-84BB-99946EA1564F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{899C0F6A-35B5-4FD3-AA0D-4F8D653E695E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{7E854E81-E016-4862-A634-0F34643B3F2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{FF2F91D3-06D5-46A4-A6EB-E6A6D228874D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{24266B6D-CA7D-4C9F-92DB-59336F09C97C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{CB72E054-C0A1-441A-8E91-8644050ED9A9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{BD293F9D-7D55-41D7-939E-FF11DED4A5B4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5441E2D3-EC17-4A92-8209-56247140ED73}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FBBB7654-208D-48FA-955E-958D8F65096F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0B2A838C-1922-473A-B3E0-3CBBC50C2383}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FAF0D893-DDC3-4AFB-8097-52DB0FD3FE66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4EAABD90-35D8-41E6-AF0B-2B082B17D23F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{9029E7D3-D0D9-48C9-840B-EA614CBFF282}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [UDP Query User{0B904025-4708-4D81-B331-BCA39F658D04}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [TCP Query User{EF46352B-95F9-4E54-8C3F-0C388B81D792}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [UDP Query User{CA5E1B1D-62E9-421D-A18E-DEA325A35AF4}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [{C29DDCF6-1CBC-45CA-901C-1D6D0962FD25}] => (Allow) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{1B1D7B54-0686-4B05-ABD0-0F438ABB4EED}] => (Allow) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{7FA40119-F644-4CF0-849D-67ABBB3B1B2A}] => (Allow) LPort=67
FirewallRules: [{0DB200F5-70D3-4333-8494-838114771A13}] => (Allow) LPort=68
FirewallRules: [{7248729A-C7F8-4767-8378-2A663343FC89}] => (Allow) LPort=67
FirewallRules: [{2D7F8FCE-C310-4C7F-BB0C-C52259843A6E}] => (Allow) LPort=68
FirewallRules: [{BB7535AB-1FD8-4A9C-A537-6CEFC9551E07}] => (Allow) LPort=67
FirewallRules: [{986A4E89-2704-4179-A509-4557D982FB3D}] => (Allow) LPort=68
FirewallRules: [{18010E09-DDF6-4B78-8B35-A6FEFF72A7B9}] => (Allow) LPort=67
FirewallRules: [{2901587E-9B49-405F-A732-97296C5D3F37}] => (Allow) LPort=68
FirewallRules: [{63A3FADC-92FF-46FC-B1F0-67DC88CD2459}] => (Allow) LPort=67
FirewallRules: [{1B5A5BB6-9F9F-4175-B7F1-2C0693191FE5}] => (Allow) LPort=68
FirewallRules: [{01FB16FC-5B93-4945-B898-6F7B1B5F2120}] => (Allow) LPort=67
FirewallRules: [{8D5B5A15-90A4-4603-B6D2-1E93694570F5}] => (Allow) LPort=68
FirewallRules: [{F1F2844C-3AB2-4DBA-AC44-CC1346329B1C}] => (Allow) LPort=67
FirewallRules: [{EE6A734F-13D5-41AF-AB28-555CD06F339C}] => (Allow) LPort=68
FirewallRules: [{41720359-9141-4709-8C01-9F91496F8CC3}] => (Allow) LPort=67
FirewallRules: [{B8BA749F-2467-4546-B130-BAFE426497CB}] => (Allow) LPort=68
FirewallRules: [{3EE4C6AA-A42C-4BBF-8ED3-A7FB9C906495}] => (Allow) LPort=67
FirewallRules: [{E70D597A-2D6F-4221-84B9-5289EDCD8440}] => (Allow) LPort=68
FirewallRules: [{2F97167C-60BF-419B-8047-AA69898D96FD}] => (Allow) LPort=67
FirewallRules: [{D1649693-0D73-42DD-92EA-D04DA44AB59B}] => (Allow) LPort=68
FirewallRules: [{849F5C9A-7D39-4CC6-9616-1D53C7E20C14}] => (Allow) LPort=67
FirewallRules: [{9825E33C-21B1-46A7-81C9-DA7DD35B896F}] => (Allow) LPort=68
FirewallRules: [{D497E581-F6E0-4879-AE71-11E453AC7836}] => (Allow) LPort=67
FirewallRules: [{E0CD4632-956D-45C4-B8AB-28AA650AE663}] => (Allow) LPort=68
FirewallRules: [{ACC29101-8CBE-4972-B216-BCF7DAF17CA3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{F1ECF231-BA95-4C07-90EE-78FD81671A2C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{2AD05183-D026-4C15-A3C2-E263EDCB4838}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{54CD1F4B-866C-488E-9503-BC7FE2258C68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CC5300B2-2E14-4B46-BA17-0C79941C5F50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1FE3F000-D50A-427D-B117-D14370136236}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD9C118F-66F6-48AB-AB88-2D70978E9FF4}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Discovery.exe
FirewallRules: [{33E72CF1-88AE-4E94-8DDF-1FBAB02DAEBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Discovery.exe
FirewallRules: [{C05CAACF-CD9F-44CB-9559-8D85655201D2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Rescue.exe
FirewallRules: [{049FD006-C2C3-4F63-B035-E64B5D417BFB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Rescue.exe
FirewallRules: [{2BC23BD2-DC18-414A-B8F6-2CD1BF0E1731}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\QISWizard.exe
FirewallRules: [{9F97FE59-CF14-4DF8-9DB7-ED048264F830}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\QISWizard.exe
FirewallRules: [{89CBFBD2-0570-4367-8E24-4392D5712F31}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base26490\SC2.exe
FirewallRules: [{32C587AD-703D-4395-8EAB-F8FE9461D781}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base26490\SC2.exe
FirewallRules: [TCP Query User{F4A90F93-A130-4A14-81D1-E032F432B80C}C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Block) C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [UDP Query User{CD201773-CBDF-43F6-8C36-E5B4A53A7C3B}C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Block) C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [TCP Query User{93B3F4CA-C3F9-489E-97E9-85D9D24AEF28}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [UDP Query User{CA05BCA3-FBDB-4BE0-B512-E87FBB5D6E8E}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [{B3DB36F1-9D61-43F3-A795-16DE2D68ECE8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{B0213AE1-49A3-4BBB-8D36-B61C2AF1850D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{E6932586-40C7-46F4-8825-D986DB6A96AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7177E795-10DE-4161-8FC4-621449098041}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{389FE63B-BFD0-4505-BD0D-6B491CF8CF4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{53D74708-A2AF-49B0-B151-2E0C359CA595}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{86B455F2-4846-4D02-8EA4-54688DAE8E03}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{5CC52864-72D9-48A5-93A9-3C87BAD18669}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{FA16B922-437C-4959-954A-90D2D84B47B0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3DC8AF7A-08D3-4910-8CC9-2480D9C5DE1C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3C84D6D8-9170-4B1A-A119-AEEE7C3A7082}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A353C9D0-A75A-4F74-BE4C-24793645701A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BC9B24DA-CD66-4D02-98DF-E7C5E29FD82F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E09F672B-9BF3-4713-A180-AA9D1BE64EEF}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [UDP Query User{6F510B06-37DB-49B7-B455-F2C9E3B9AF7C}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [{9FBBB211-ED57-474D-B126-B9BAA180B3DF}] => (Allow) LPort=67
FirewallRules: [{36DE24C7-E5FE-4D64-83F4-B029E6D32CDD}] => (Allow) LPort=68
FirewallRules: [{DC1BAD83-0170-4682-8369-F34731A71954}] => (Allow) LPort=67
FirewallRules: [{57C054B0-94C4-48F0-B7C5-2F5A25707A61}] => (Allow) LPort=68
FirewallRules: [{7755845C-A135-45C4-B4D0-D2CD35AD24FD}] => (Allow) LPort=67
FirewallRules: [{55DCE4E4-8654-497D-B2F3-1EED26169704}] => (Allow) LPort=68
FirewallRules: [{1589DF63-D48D-4FE8-9CFF-D3886A9BA346}] => (Allow) LPort=67
FirewallRules: [{C1FBD92A-EE41-4D41-A82D-8C6567B69BAD}] => (Allow) LPort=68
FirewallRules: [{D5F1F3F6-0986-465F-B746-059076BB8066}] => (Allow) LPort=67
FirewallRules: [{CA25A27B-1977-4365-A77B-6E449FFD2E97}] => (Allow) LPort=68
FirewallRules: [{8DC8CBBB-1093-45AF-B95C-1235FCB7ADD9}] => (Allow) LPort=67
FirewallRules: [{F9E74287-89E9-47DE-BC6D-64AC0D8659A7}] => (Allow) LPort=68
FirewallRules: [{4A02AA22-1704-4D71-B563-245AAA8C8F02}] => (Allow) LPort=67
FirewallRules: [{569A3E0D-24D2-43A2-8C41-D6B6DBF022A9}] => (Allow) LPort=68
FirewallRules: [{728AC2EA-BA66-44B6-8593-F2E3C79DE45E}] => (Allow) LPort=67
FirewallRules: [{E909F0E9-E84E-41DD-8A69-3A5CF2F6C78B}] => (Allow) LPort=68
FirewallRules: [{8232825E-AD2C-4EA1-A4CD-290512A22BAE}] => (Allow) LPort=67
FirewallRules: [{A14E6C3D-8F22-47F4-8E4A-9C2D3EEB6061}] => (Allow) LPort=68
FirewallRules: [{D1F950DD-18E7-42C6-B2B2-EDD4DB6E664A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9E96C231-6712-41B3-974C-5A05FEE5AD17}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7A6DD68E-33A1-4CCF-8224-B95560B88BB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{58B80805-F02C-4F4B-91F8-EC2A91B087FD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{35DF64EE-2071-46DC-A668-2C1B14EF3AFD}] => (Allow) LPort=67
FirewallRules: [{D7010839-B522-4913-A6EC-C69A35BABE23}] => (Allow) LPort=68
FirewallRules: [{E161C011-C311-4D29-AD2A-3A4409E78A32}] => (Allow) LPort=67
FirewallRules: [{CA6441BD-ECCF-4838-8D3F-FC1E82586AA4}] => (Allow) LPort=68
FirewallRules: [{D6D071BE-7368-4BF6-AA71-C5BA856C65EA}] => (Allow) LPort=67
FirewallRules: [{ABEF637A-0C53-4A37-A873-DDBF5F3B969B}] => (Allow) LPort=68
FirewallRules: [{E3964222-E355-4B5D-9726-6E7D88748E1D}] => (Allow) LPort=67
FirewallRules: [{CB554F6B-1A38-4470-A3BB-1145ECFC8BBC}] => (Allow) LPort=68
FirewallRules: [{13087284-F171-4F7B-B027-64F67E0430B5}] => (Allow) LPort=67
FirewallRules: [{C450F353-2AA4-4525-8AE4-9147030E0335}] => (Allow) LPort=68
FirewallRules: [{4CD692FF-7EBD-42E0-8B66-E3EB23996364}] => (Allow) LPort=67
FirewallRules: [{C937A8B2-2ABB-4D12-8876-7D674982A504}] => (Allow) LPort=68
FirewallRules: [{9C4534F9-E172-454D-BD2D-568D77BB9E34}] => (Allow) LPort=67
FirewallRules: [{12CDA30D-340C-492C-94E3-759D7BBE2475}] => (Allow) LPort=68
FirewallRules: [{557A680E-51BD-4BC1-A360-9D9F9763F67D}] => (Allow) LPort=67
FirewallRules: [{01ACB0CA-E2C1-4F3A-8BE7-C9C9B52010EB}] => (Allow) LPort=68
FirewallRules: [{706ED840-D191-4E6F-A758-8C169095BCC3}] => (Allow) LPort=67
FirewallRules: [{37A83159-5E35-4C1F-9FC8-256F29865D4B}] => (Allow) LPort=68
FirewallRules: [{A5A330AD-522A-4C01-944F-4C6686845CF0}] => (Allow) LPort=67
FirewallRules: [{AC81BE27-55A9-4DE7-9015-57E8C01A8E72}] => (Allow) LPort=68
FirewallRules: [{91FDB8BA-400B-4742-8BEB-21BF42EB3E65}] => (Allow) LPort=67
FirewallRules: [{2DF5E1DF-618C-461D-9F6F-8D0326CFCD26}] => (Allow) LPort=68
FirewallRules: [{0D667247-C73B-4C30-9021-8A47AC917D0F}] => (Allow) LPort=67
FirewallRules: [{BE103F94-8165-40E7-9AED-A69800C88D53}] => (Allow) LPort=68
FirewallRules: [{E0A7FE73-2290-446D-A51C-B63A6B635358}] => (Allow) LPort=67
FirewallRules: [{16CF461E-0072-4AF8-AE85-B01D620737A7}] => (Allow) LPort=68
FirewallRules: [{5660CBBD-DD9F-4A48-83F7-727D88B98DEF}] => (Allow) LPort=67
FirewallRules: [{21FB7FE8-0FC2-4A8E-B706-A195AFACA446}] => (Allow) LPort=68
FirewallRules: [{58D900EA-73AD-49AE-91AC-ECED6C4E87F7}] => (Allow) LPort=67
FirewallRules: [{528EDCF6-06BE-4747-8855-93BCF20741F8}] => (Allow) LPort=68
FirewallRules: [{D1E82389-60DB-41E1-B0ED-BF84A6CEC980}] => (Allow) LPort=67
FirewallRules: [{686E4BDC-14D3-48F7-8816-6B86206884B5}] => (Allow) LPort=68
FirewallRules: [{5B01AC1A-9E4F-4B7C-AB33-1D88C1DFF9DA}] => (Allow) LPort=67
FirewallRules: [{7D5E1E28-131A-4853-8B3D-6D943CEAD2FD}] => (Allow) LPort=68
FirewallRules: [{DFADAD73-C97D-4144-BB64-EFA51358E74C}] => (Allow) LPort=67
FirewallRules: [{74982403-A926-4584-8E52-5818666E0962}] => (Allow) LPort=68
FirewallRules: [{3E5D4E37-A4A5-4EE7-BA84-3AF285E6F1AD}] => (Allow) LPort=67
FirewallRules: [{FEDA4D3C-CB46-4C7C-A709-DFF6E0B85D65}] => (Allow) LPort=68
FirewallRules: [TCP Query User{6128D5B4-5A53-43C5-A912-0FD85CCED034}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D5FFD7AE-D84D-4EC6-87E9-A301212A1E1E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{F7F05972-BA31-44AA-A7D2-BA1601238C86}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{ECBB8225-F6C4-465B-ADDF-687DAB2DB3F4}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{3A4ADB02-FE71-4252-B2D1-5A3BE9534AF0}] => (Allow) LPort=67
FirewallRules: [{62548E5E-8BAD-4722-8D17-6AD6C38C691D}] => (Allow) LPort=68
FirewallRules: [{845963AB-84EA-46D3-9E25-EF7A5CA5CBC5}] => (Allow) LPort=67
FirewallRules: [{00B76460-6E09-4673-8A2C-523DEB970F10}] => (Allow) LPort=68
FirewallRules: [{078D4E5E-EE9D-4A8F-9BA7-CCA47586F500}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{80FCBCF1-FA6D-4FBB-8733-4EBBC1274A18}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{B870A9D5-7236-4C23-9482-C897A555E6D8}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.64\mca64Launcher.exe
FirewallRules: [{B1690EC5-5C58-42B8-9F34-2320E4D3FD54}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.64\mca64Launcher.exe
FirewallRules: [{1C03705F-17C1-4B46-833E-F48AFBEE3406}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.94\mca64Launcher.exe
FirewallRules: [{14F063DE-C2B7-4614-B241-26611F2CB20F}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.94\mca64Launcher.exe
FirewallRules: [{FA0D5029-230B-40FB-AB8D-D0A5D34D5DEF}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.106\mca64Launcher.exe
FirewallRules: [{A895B3E3-4AEB-498E-AA76-ED387D2C7448}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.106\mca64Launcher.exe
FirewallRules: [{4A064E52-E0C9-49AC-8155-8CD0E46FB35B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{58E6A61F-F867-4A23-871C-43C61D75F403}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{63B7FE5C-A38E-45EA-B2E6-35DAC3BA1E95}] => (Allow) E:\App\Microsoft Office Professional Plus 2013\KMSpico\AutoPico.exe
FirewallRules: [{C9F61CB6-14B0-410B-AC22-196A52BCBB16}] => (Allow) E:\App\Microsoft Office Professional Plus 2013\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{EC678179-5C39-4795-8358-860AC003EE25}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [UDP Query User{126052F5-97A3-4293-8BD5-7CB9E1F33DDB}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [TCP Query User{AAFBCE8A-7345-405B-BEFC-59B533616BF6}C:\users\desktop\desktop\nasnavi-278\nasnavi-278\module\nasnavi2.exe] => (Allow) C:\users\desktop\desktop\nasnavi-278\nasnavi-278\module\nasnavi2.exe
FirewallRules: [UDP Query User{2434BD33-20D1-42AB-B817-8969BE9933D2}C:\users\desktop\desktop\nasnavi-278\nasnavi-278\module\nasnavi2.exe] => (Allow) C:\users\desktop\desktop\nasnavi-278\nasnavi-278\module\nasnavi2.exe
FirewallRules: [{3AE6339F-BA33-4D09-B968-59DD1F7BD21C}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{F59FCC6F-8B78-4BF9-A75E-357516856948}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{7E96BFC4-40AE-4202-BB36-59BA373B2B62}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{A7C7AA85-C2AA-4E73-A519-45F371FFE639}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.113\mca64Launcher.exe
FirewallRules: [{9DC89D27-9948-4A9E-8B23-812F4C3EC859}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.113\mca64Launcher.exe
FirewallRules: [{70EFCB29-4234-492A-BEFC-42054CDE7C6D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{AC3EEAFB-B4BA-4656-8B9B-3B67A46A40FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{74C646F0-2C02-4887-9B1C-23AF12232A94}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6788C4D6-E8D8-416B-AF26-4FCEB3CC8463}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B063A6B7-845C-4A13-A8AE-178271546882}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{28C51693-C982-4A18-A664-90D57C39A049}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [TCP Query User{66C29E16-3C94-42CA-BF45-858FDD14C8A5}C:\users\desktop\appdata\local\tudou\feisutudou\tudouva.exe] => (Allow) C:\users\desktop\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [UDP Query User{DD931DD6-F6E9-4701-A5EA-5C39D52D2614}C:\users\desktop\appdata\local\tudou\feisutudou\tudouva.exe] => (Allow) C:\users\desktop\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [{421CD824-BE98-42B8-9799-84A33E2F55D1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ECC461EF-5B4D-438C-A712-093B2EFDACD1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9279665C-BC07-4EF4-9EAD-0E74505AE956}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{818E2369-8FD0-45AB-B4EA-CDBC786FAA3B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8F6ED305-662F-4B36-9C62-B5D761DB9DDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{BD2C45D7-2865-4F08-99D5-640E0006E223}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{00CE2CBD-07A3-47B8-BA2C-4970943847D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C32EABE5-414C-44A5-AAA3-29C42A882CA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{472D2724-DCDF-4A66-8FB8-B57AD3324762}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{BA8D767E-9D13-4E48-8DF1-F53F38C90A84}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{CA7FA090-1DE3-4F37-9839-92F519B82886}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{26DEAB38-D8E3-4348-9B9F-61ADF38A7AE9}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.113\mca64Launcher.exe
FirewallRules: [{8914280E-02BA-4590-B5F5-884574D4BE39}] => (Allow) C:\Program Files (x86)\mca64Launcher\mca64Launcher 2.0.0.113\mca64Launcher.exe
FirewallRules: [{9E802710-4997-4683-8507-F0886E928B4A}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{72048FAA-3D4E-4904-AA14-9BA8A78098D7}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{D02E1B4C-8DA2-4261-BCA1-03A825598597}] => (Allow) C:\Users\Desktop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5A3E6953-4956-4363-A859-122DD332F604}] => (Allow) C:\Users\Desktop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9E85792-5B2A-4CAA-B9E0-DBD193BBF298}] => (Allow) C:\Users\Desktop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{16235819-0618-49E7-ABB2-163A65BBAC54}] => (Allow) C:\Users\Desktop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FB034857-9D17-490E-B87A-9EF90204830A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E6ACED88-71A0-4D01-9995-A20D597E835A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{910D4C78-63AC-49C6-82E2-03DE204F4081}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{46E58EC3-F60E-4951-ADB2-4DDDE4D9E69F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F537BF31-39D4-40A2-B00E-8C51EB16C36A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{07EB2F50-B894-4F8E-B584-650AF513804B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{84569584-7735-4BDD-8456-0959F7C8C7FA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{8A95DE9A-9023-4AB6-AC54-77F79E40A353}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{D602D9C5-400C-464E-A14E-C59F55BBE3AF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{10A2ACCD-800A-42EC-A4EA-1354742304C2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{2A184648-72C7-409C-B372-326185DE24CA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{8EE77E10-F4DA-4572-B995-AF6A27730FC9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{F8451F34-6148-4BAE-9722-3AEC1AA3D669}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{25477CEF-5181-4DE1-B516-CCF541A2955B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{3B204AEB-8E0A-4CE2-A8F5-0F70C9395165}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F076A80C-6877-407E-B437-62DC2ADDB7AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A55229F7-F453-410C-ACBD-B5CB448731C6}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
FirewallRules: [{3B08E428-23FC-408F-9806-25D300069ACF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-02-2016 15:45:53 Scheduled Checkpoint
10-02-2016 18:55:17 Removed Microsoft Office Professional Plus 2013
10-02-2016 18:55:29 PROPLUSR

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2016 09:15:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GPUTweak.exe, version: 2.2.8.1, time stamp: 0x5063c2c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x9e0
Faulting application start time: 0xGPUTweak.exe0
Faulting application path: GPUTweak.exe1
Faulting module path: GPUTweak.exe2
Report Id: GPUTweak.exe3

Error: (02/08/2016 09:15:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 4.1.2032.8372, time stamp: 0x5693fe3d
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a6a196
Exception code: 0xc0000005
Fault offset: 0x000000000004f6c6
Faulting process id: 0xf78
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3

Error: (01/31/2016 06:19:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GPUTweak.exe, version: 2.2.8.1, time stamp: 0x5063c2c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x9f8
Faulting application start time: 0xGPUTweak.exe0
Faulting application path: GPUTweak.exe1
Faulting module path: GPUTweak.exe2
Report Id: GPUTweak.exe3

Error: (01/31/2016 06:19:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 4.1.2032.8372, time stamp: 0x5693fe3d
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a6a196
Exception code: 0xc0000005
Fault offset: 0x000000000004f6c6
Faulting process id: 0x115c
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3

Error: (01/31/2016 04:00:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GPUTweak.exe, version: 2.2.8.1, time stamp: 0x5063c2c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x81c
Faulting application start time: 0xGPUTweak.exe0
Faulting application path: GPUTweak.exe1
Faulting module path: GPUTweak.exe2
Report Id: GPUTweak.exe3

Error: (01/31/2016 04:00:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 4.1.2032.8372, time stamp: 0x5693fe3d
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a6a196
Exception code: 0xc0000005
Fault offset: 0x000000000004f6c6
Faulting process id: 0xe00
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3

Error: (01/31/2016 03:53:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 44.0.0.5866, time stamp: 0x56a4222c
Faulting module name: MSVCP120.dll, version: 12.0.21005.1, time stamp: 0x524f7ced
Exception code: 0xc0000005
Fault offset: 0x0000e439
Faulting process id: 0xa30
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/31/2016 03:47:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 44.0.0.5866, time stamp: 0x56a4222c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1b38
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/31/2016 02:48:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 44.0.0.5866, time stamp: 0x56a4222c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02fffff9
Faulting process id: 0x196c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/31/2016 02:40:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 44.0.0.5866, time stamp: 0x56a4222c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00400501
Faulting process id: 0x12e4
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3


System errors:
=============
Error: (02/08/2016 09:26:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/08/2016 09:21:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/08/2016 09:21:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/08/2016 09:18:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/08/2016 09:16:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASGT service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2016 06:32:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/31/2016 06:24:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/31/2016 06:22:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASGT service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2016 06:21:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/31/2016 06:21:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-02-08 21:21:49.421
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 21:21:49.374
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 21:21:49.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 21:21:49.281
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-31 16:07:43.437
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-31 16:07:43.390
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 18%
Total physical RAM: 16334.93 MB
Available physical RAM: 13324.14 MB
Total Virtual: 32668.05 MB
Available Virtual: 29464.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.38 GB) (Free:47.84 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:111.79 GB) (Free:80.82 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:335.35 GB) (Free:34.47 GB) NTFS
Drive l: () (Network) (Total:2778.36 GB) (Free:2547.63 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E18A2852)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: CAD8827D)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 335.4 GB) (Disk ID: A501CE35)
Partition 1: (Not Active) - (Size=335.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 10 February 2016 - 08:50 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:57 PM

Posted 10 February 2016 - 09:01 PM

Hi Ray,

Nice to meet you and thank you for your understanding.

Please consider and do this. Copy and paste the report contents into your reply unless asked to attach the report.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
BHO-x32: No Name -> {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} -> No File
BHO-x32: No Name -> {06433BFE-4946-4E89-823D-CD359C81CD06} -> No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-01-10 22:53 - 2014-11-09 19:49 - 00003424 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2015-05-02 20:53 - 2015-05-02 20:53 - 0000168 _____ () C:\Users\Desktop\AppData\Local\temp.tmp
AlternateDataStreams: C:\ProgramData\Temp:1677AB3F
AlternateDataStreams: C:\ProgramData\Temp:93C2F41D
FirewallRules: [TCP Query User{F4A90F93-A130-4A14-81D1-E032F432B80C}C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Block) C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe
C:\users\desktop\appdata\local\temp\kmsnano
FirewallRules: [UDP Query User{CD201773-CBDF-43F6-8C36-E5B4A53A7C3B}C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Block) C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [{63B7FE5C-A38E-45EA-B2E6-35DAC3BA1E95}] => (Allow) E:\App\Microsoft Office Professional Plus 2013\KMSpico\AutoPico.exe
FirewallRules: [{C9F61CB6-14B0-410B-AC22-196A52BCBB16}] => (Allow) E:\App\Microsoft Office Professional Plus 2013\KMSpico\AutoPico.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Zoek by Smeenk - Scan and Automatic Cleanup

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 4 in the lower box to Do a Deep Scan and Automated Cleanup then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Zoek log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 66xx66xx66

66xx66xx66
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 10 February 2016 - 10:34 PM

Thanks for the heads up.  I will not run uturrent during the scan.

 

Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Desktop (2016-02-10 21:52:39) Run:1
Running from C:\Users\Desktop\Desktop
Loaded Profiles: Desktop (Available Profiles: Desktop)
Boot Mode: Normal
==============================================

fixlist content:
*****************
BHO-x32: No Name -> {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} -> No File
BHO-x32: No Name -> {06433BFE-4946-4E89-823D-CD359C81CD06} -> No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-01-10 22:53 - 2014-11-09 19:49 - 00003424 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2015-05-02 20:53 - 2015-05-02 20:53 - 0000168 _____ () C:\Users\Desktop\AppData\Local\temp.tmp
AlternateDataStreams: C:\ProgramData\Temp:1677AB3F
AlternateDataStreams: C:\ProgramData\Temp:93C2F41D
FirewallRules: [TCP Query User{F4A90F93-A130-4A14-81D1-E032F432B80C}C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Block) C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe
C:\users\desktop\appdata\local\temp\kmsnano
FirewallRules: [UDP Query User{CD201773-CBDF-43F6-8C36-E5B4A53A7C3B}C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Block) C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [{63B7FE5C-A38E-45EA-B2E6-35DAC3BA1E95}] => (Allow) E:\App\Microsoft Office Professional Plus 2013\KMSpico\AutoPico.exe
FirewallRules: [{C9F61CB6-14B0-410B-AC22-196A52BCBB16}] => (Allow) E:\App\Microsoft Office Professional Plus 2013\KMSpico\AutoPico.exe
*****************

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{481EE3EC-C026-4F9A-BA22-FD07654ADFC0}" => key removed successfully
HKCR\Wow6432Node\CLSID\{481EE3EC-C026-4F9A-BA22-FD07654ADFC0} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06433BFE-4946-4E89-823D-CD359C81CD06}" => key removed successfully
HKCR\Wow6432Node\CLSID\{06433BFE-4946-4E89-823D-CD359C81CD06} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihenkjeihefokohmemphikjnjbmegdik" => key removed successfully
catchme => service removed successfully
dgderdrv => service removed successfully
DIRECTIO => service removed successfully
RTL8192su => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
C:\Windows\System32\Tasks\AutoPico Daily Restart => moved successfully
C:\Users\Desktop\AppData\Local\temp.tmp => moved successfully
C:\ProgramData\Temp => ":1677AB3F" ADS removed successfully.
C:\ProgramData\Temp => ":93C2F41D" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F4A90F93-A130-4A14-81D1-E032F432B80C}C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe => value removed successfully
"C:\users\desktop\appdata\local\temp\kmsnano" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CD201773-CBDF-43F6-8C36-E5B4A53A7C3B}C:\users\desktop\appdata\local\temp\kmsnano\qemu-system-i386.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63B7FE5C-A38E-45EA-B2E6-35DAC3BA1E95} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9F61CB6-14B0-410B-AC22-196A52BCBB16} => value removed successfully

==== End of Fixlog 21:52:39 ====

 

AdwCleaner log______________________________________

AdwCleaner[C1]

# AdwCleaner v5.033 - Logfile created 10/02/2016 at 21:56:57
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Desktop - DESKTOP-PC
# Running from : C:\Users\Desktop\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
[-] Folder Deleted : C:\Users\Desktop\AppData\Roaming\mipony
[-] Folder Deleted : C:\Users\Desktop\Documents\mipony

***** [ Files ] *****

[-] File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_music.hao123.com_0.localstorage
[-] File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_music.hao123.com_0.localstorage-journal
[-] File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hao123.com_0.localstorage
[-] File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hao123.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\chatango.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ent.qq.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com

***** [ Web browsers ] *****

[-] [C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : iso-to-usb.en.softonic.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2589 bytes] ##########
 

AdwCleaner[S1]________________________________________________

# AdwCleaner v5.033 - Logfile created 10/02/2016 at 21:56:09
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Desktop - DESKTOP-PC
# Running from : C:\Users\Desktop\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
Folder Found : C:\Users\Desktop\AppData\Roaming\mipony
Folder Found : C:\Users\Desktop\Documents\mipony

***** [ Files ] *****

File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_music.hao123.com_0.localstorage
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_music.hao123.com_0.localstorage-journal
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hao123.com_0.localstorage
File Found : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hao123.com_0.localstorage-journal

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\chatango.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ent.qq.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com

***** [ Web browsers ] *****

[C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : iso-to-usb.en.softonic.com

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2389 bytes] ##########
 

 Junkware log________________________________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Ultimate x64
Ran by Desktop (Administrator) on Wed 02/10/2016 at 22:00:34.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 7

Successfully deleted: C:\Users\Desktop\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal (File)
Successfully deleted: C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage (File)
Successfully deleted: C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\423HDXPK (Folder)
Successfully deleted: C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7B0EEB19 (Folder)
Successfully deleted: C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NU9AV200 (Folder)
Successfully deleted: C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5M00X6O (Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_DFC8472DABE1F2F5610AF2606F0DE9EE (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/10/2016 at 22:02:06.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 



#6 66xx66xx66

66xx66xx66
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 10 February 2016 - 10:37 PM

Zoek log    Zoek crashed my Windows (BSOD) after click OK for reboot.  Dunno if this is normal

 

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Desktop on Wed 02/10/2016 at 22:03:08.91.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Desktop\Desktop\zoek.exe [Scan all users]   [Deep Scan] [Auto Clean]

==== System Restore Info ======================

2/10/2016 10:03:41 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Razer deleted successfully
C:\PROGRA~2\Tudou deleted successfully
C:\Program Files\Android deleted successfully
C:\Program Files\SAMSUNG deleted successfully
C:\PROGRA~3\NJStar deleted successfully
C:\Users\Desktop\AppData\Roaming\13316 deleted successfully
C:\Users\Desktop\AppData\Roaming\16161 deleted successfully
C:\Users\Desktop\AppData\Roaming\ASUS deleted successfully
C:\Users\Desktop\AppData\Roaming\Logitech deleted successfully
C:\Users\Desktop\AppData\Roaming\Publish Providers deleted successfully
C:\Users\UpdatusUser\AppData\Roaming\Samsung deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Roaming\Samsung deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Roaming\Samsung deleted successfully
C:\Users\Desktop\AppData\Local\Android deleted successfully
C:\Users\Desktop\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Desktop\AppData\Local\EmieSiteList deleted successfully
C:\Users\Desktop\AppData\Local\EmieUserList deleted successfully
C:\Users\Desktop\AppData\Local\MediaShow deleted successfully
C:\Users\Desktop\AppData\Local\Samsung deleted successfully
C:\Users\Desktop\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-102027666-3716477199-3525533037-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{481EE3EC-C026-4F9A-BA22-FD07654ADFC0} deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Desktop\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SSUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\splashtopremoteservice deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\splashtopremoteservice deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\splashtopremoteservice deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\splashtopremoteservice deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\5uudvg2z.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)");
---- FireFox user.js and prefs.js backups ----

prefs_20160210_1012_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Razer not found
C:\PROGRA~2\Tudou not found
C:\Users\Desktop\AppData\Local\Razer deleted
C:\Users\Desktop\AppData\Local\Tudou deleted
C:\PROGRA~2\DVDFab 9 deleted
C:\PROGRA~2\SynciOS Data Transfer deleted
C:\Users\Desktop\AppData\Roaming\QuickScan deleted
C:\Users\Desktop\.android deleted
C:\PROGRA~2\SamsungPrinterLiveUpdateInstaller deleted
C:\PROGRA~3\Splashtop deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Desktop\AppData\Local\{144B42D3-144F-466A-BA16-79245A51069E} deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\PROGRA~2\Splashtop" deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 16335 MB
CPU Info: Intel® Core™ i5-3570 CPU @ 3.40GHz
CPU Speed: 3395.5 MHz
Sound Card: SPDIF Interface (2- aune T1_24B |
Display Adapters: NVIDIA GeForce GTX 660   | NVIDIA GeForce GTX 660   | NVIDIA GeForce GTX 660   | NVIDIA GeForce GTX 660   | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Dell U2312HM DP |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: PdaNet Broadband Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 2x (H: | K: | ) H: DTSOFT  BDROM            | K: ASUS    SBC-06D2X-U
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  238.4GB | D:  111.8GB | E:  335.3GB
Hard Disks - Free: C:  43.1GB | D:  80.8GB | E:  35.7GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 03/07/14 | _ASUS_ - 1072009
Time Zone: Eastern Standard Time
Motherboard *: MSI Z77A-G41 (MS-7758)
Country: United States
Language: ENU

==== System Specs (Software) ======================

AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
Default Browser: Firefox    44.0
Internet Explorer Version: 11.0.9600.17959
Mozilla Firefox version: 44.0 (x86 en-US)
Google Chrome version: 48.0.2564.109
Adobe Reader version: 15.10.20056.167417
Sun Java version: 1.8.0_71 (32-bit)
Sun Java version: 1.8.0_71 (64-bit)
Flash Player version: 20.0.0.306

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2016-01-31 21:01:28    F042EE4C8D66248D9B86DCF52ABAE416    256000    ----a-w-    C:\Windows\PEV.exe
2016-01-31 21:01:28    9E05A9C264C8A908A8E79450FCBFF047    80412    ----a-w-    C:\Windows\grep.exe
2016-01-31 21:01:28    5E832F4FAF5F481F2EAF3B3A48F603B8    68096    ----a-w-    C:\Windows\zip.exe
2016-01-31 21:01:28    0277C027A26428DB64EF4F64F52BB4FD    208896    ----a-w-    C:\Windows\MBR.exe
2016-01-31 21:01:27    0297C72529807322B152F517FDB0A9FC    406528    ----a-w-    C:\Windows\SWSC.exe
2016-01-16 22:37:20    D2705ED6C98645DEB143F3FF1A8864A2    3932214    ----a-w-    C:\Windows\1280Dtop.bmp
2016-01-16 22:37:20    AF39FFA497D2819BA5CC612492203AE5    2359350    ----a-w-    C:\Windows\1024Dtop.bmp
====== C:\Users\Desktop\AppData\Local\Temp ====
2016-02-11 03:00:31    2F9C7FDA92C346CB5AA32091536AE0CB    43520    ----a-w-    C:\Users\Desktop\AppData\Local\Temp\jrt\nfo\nircmdc.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2016-02-11 02:17:58    CBF3CFC9EE1FD29707D95C63A5E7A78B    19808    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-11 02:17:58    C1096DA4634AD3356A10C00B24F53393    22368    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-02-11 02:17:58    B23936CF83DAC4B64660A88711B5234A    12128    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-02-11 02:17:58    9F9FE5F52E9B2AD655C896B849883B1A    12128    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-02-11 02:17:58    9D66FCC681389EC619D4E801F1DDBB2F    17760    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-11 02:17:58    94FEB4417CF3E39C8C58A1B73620687E    66400    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-02-11 02:17:58    8E534F49C77D787DB69BABFF931A497A    12640    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-02-11 02:17:58    85CEBA9A21CE5D51B35EF2DE9EBFBAC4    12128    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-02-11 02:17:58    80BEB858D2EEE9CA657647B599E5D844    11616    ----a-w-    C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-11 02:17:58    73CED8B30963E54D262DAE2559116E46    13664    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-11 02:17:58    6C7F782FDBF9AEFFE7663FA1579A610E    17760    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-02-11 02:17:58    5B55E9A1360A6C52CC988DA6804D6CA2    901264    ----a-w-    C:\Windows\SysWOW64\ucrtbase.dll
2016-02-11 02:17:58    4669249FB01EA369C7FD40A530966FA1    12640    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-02-11 02:17:58    408019E57D3D2DA62A9F28389EED0AC1    16224    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-11 02:17:58    39F9D0F1B698D53D78C79576C7C60526    14176    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-02-11 02:17:58    33E8CCBE05123C8146CD16293B688417    15712    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-02-11 02:17:58    00A0A24BB2E9AADE11494B627EB164C4    12640    ----a-w-    C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2016-02-11 02:17:58    F97E7878A2B372291B1269D80327BBF6    12640    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-heap-l1-1-0.dll
2016-02-11 02:17:58    ED14B64C94F543974B7FDC592FA0594B    12640    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-conio-l1-1-0.dll
2016-02-11 02:17:58    ECCF5973B80D771A79643732017CEA9A    17760    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-string-l1-1-0.dll
2016-02-11 02:17:58    E9F6D776545843A9817D8ACF38D06D09    19808    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-11 02:17:58    CC337898E64D9078CB697AC19F995C7F    12128    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-utility-l1-1-0.dll
2016-02-11 02:17:58    BBAE7B5436D6D1B0FC967FF67E35415F    16224    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-11 02:17:58    AF851DFD0D9FECB76FF2B403F3C30F5B    12128    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-environment-l1-1-0.dll
2016-02-11 02:17:58    761DDD8669A661D57D9CF9C335949C06    12128    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-locale-l1-1-0.dll
2016-02-11 02:17:58    6631C212F79350458589A5281374B38B    12640    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-process-l1-1-0.dll
2016-02-11 02:17:58    653CB5DF3CEC6A4A0E402B33D8AA5C08    63840    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-private-l1-1-0.dll
2016-02-11 02:17:58    56556659C691DD043DBE24B0A195D64C    20832    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-math-l1-1-0.dll
2016-02-11 02:17:58    53E9526AF1FDCE39F799BFE9217397A8    17760    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-11 02:17:58    32B2264317EA6200DA5DEEEC7DCB0EEB    11616    ----a-w-    C:\Windows\Sysnative\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-11 02:17:58    2381E189321EAD521FF71E72D08A6B17    984448    ----a-w-    C:\Windows\Sysnative\ucrtbase.dll
2016-02-11 02:17:58    1908861649E67CDC20C563C234A89914    15712    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-convert-l1-1-0.dll
2016-02-11 02:17:58    0F143310FADE4DE116070A3917A79C18    13664    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-11 02:17:58    090DD0BB2BDDEE3EAAE5B6FF15FAE209    14176    ----a-w-    C:\Windows\Sysnative\api-ms-win-crt-time-l1-1-0.dll
2016-01-29 03:45:23    FC21BF5A1667FC745FE53D05DA4CB8A2    89600    ----a-w-    C:\Windows\Sysnative\ssj1mci.dll
2016-01-29 03:45:23    E61B9708AE9C5623C79B0E933897F8A5    688408    ----a-w-    C:\Windows\Sysnative\eed_sl.exe
2016-01-29 03:45:23    DBAB523742E598670B37A65B16528CE1    22528    ----a-w-    C:\Windows\Sysnative\ssj1mlm.dll
2016-01-29 03:45:23    983B32C79C9EDB7024682A1A69C8CB26    273    ----a-w-    C:\Windows\Sysnative\eed_sl.exe.config
2016-01-29 03:45:23    627C52B757CA8C3F02F917D85172759B    158040    ----a-w-    C:\Windows\Sysnative\ssj1mci.exe
2016-01-29 03:45:23    2CF34465F8DE12B1BF00CD8B9C22846E    226424    ----a-w-    C:\Windows\Sysnative\SBuySupplies.exe
2016-01-29 03:45:23    1AEC452250C459B163D2B2F9A9AB17D2    1848320    ----a-w-    C:\Windows\Sysnative\eed_ec.dll
====== C:\Windows\Sysnative\drivers =====
2016-01-25 00:38:56    D812362E8AF615B521AD4DF19A93BD5A    205456    ----a-w-    C:\Windows\Sysnative\drivers\nvhda64v.sys
2016-01-25 00:38:55    506692268C5B1052B37528B5EAE4B967    12334200    ----a-w-    C:\Windows\Sysnative\drivers\nvlddmkm.sys
2016-01-24 22:34:08    64E8275CEAD43D3CA8E3A311B2F4B64A    47760    ----a-w-    C:\Windows\Sysnative\drivers\nvvad64v.sys
====== C:\Windows\Tasks ======
2016-01-31 22:32:11    --------    d-----w-    C:\Windows\Sysnative\Tasks\Safer-Networking
2016-01-16 22:36:29    AD19E09B6B3830DE04DBAD1474009F11    3224    ----a-w-    C:\Windows\Sysnative\Tasks\{0F982F7D-C761-4D5B-9601-4B3867336FBA}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-02-11 02:23:56    --------    d-----w-    C:\Program Files\Microsoft.NET
2016-02-11 02:23:37    --------    d-----w-    C:\Program Files\Common Files\DESIGNER
2016-02-11 02:23:21    --------    d-----w-    C:\Program Files\Microsoft SQL Server
2016-02-11 02:20:11    --------    d-----w-    C:\Program Files\Microsoft Analysis Services
2016-01-31 22:33:50    --------    d-----w-    C:\Program Files\Common Files\AV
2016-01-29 03:20:48    --------    d-----w-    C:\Program Files\Common Files\Common Desktop Agent
======= C:\PROGRA~2 =====
2016-02-11 02:23:25    --------    d-----w-    C:\PROGRA~2\Microsoft SQL Server
2016-02-11 02:20:11    --------    d-----w-    C:\PROGRA~2\Microsoft Analysis Services
2016-02-11 02:19:43    --------    d-----w-    C:\PROGRA~2\Microsoft Office
2016-02-01 02:02:07    --------    d-----w-    C:\PROGRA~2\Mozilla Maintenance Service
2016-01-29 03:46:31    --------    d-----w-    C:\PROGRA~2\SamsungPrinterLiveUpdate
2016-01-29 03:20:48    --------    d-----w-    C:\PROGRA~2\COMMON~1\Common Desktop Agent
2016-01-29 03:20:38    --------    d-----w-    C:\PROGRA~2\Samsung
2016-01-27 23:27:12    --------    d-----w-    C:\PROGRA~2\COMMON~1\Citrix
2016-01-27 23:27:10    --------    d-----w-    C:\PROGRA~2\Citrix
2016-01-24 23:51:38    --------    d-----w-    C:\PROGRA~2\COMMON~1\Java
2016-01-20 00:20:07    --------    d-----w-    C:\PROGRA~2\K-Lite Codec Pack
2016-01-16 22:37:17    --------    d-----w-    C:\PROGRA~2\Inventec
======= C: =====
====== C:\Users\Desktop\AppData\Roaming ======
2016-02-09 02:44:02    --------    d-----w-    C:\Users\UpdatusUser\AppData\Local\temp
2016-02-09 02:44:02    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2016-02-09 02:44:02    --------    d-----w-    C:\Users\MSOCache\AppData\Local\temp
2016-02-09 02:44:02    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2016-02-09 02:44:02    --------    d-----w-    C:\Users\Default User\AppData\Local\temp
2016-02-04 04:33:52    --------    d-----w-    C:\Users\Desktop\AppData\Local\Razer_Inc
2016-01-31 21:00:45    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\CrashDumps
2016-01-29 03:12:48    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Samsung
2016-01-28 01:14:21    --------    d-----w-    C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010
2016-01-28 01:14:21    --------    d-----w-    C:\Users\Desktop\AppData\Roaming\Citrix
2016-01-27 23:27:20    --------    d-----w-    C:\Users\Desktop\AppData\Roaming\ICAClient
2016-01-27 23:27:11    --------    d-----w-    C:\Users\Desktop\AppData\Local\Citrix
2016-01-27 17:25:17    --------    d-----w-    C:\Users\Desktop\AppData\Local\CrashDumps
2016-01-24 22:21:54    --------    d-----w-    C:\Users\Desktop\AppData\Roaming\uTorrent
2016-01-20 00:21:20    --------    d-----w-    C:\Users\Desktop\AppData\Roaming\MPC-HC
2016-01-16 22:39:33    --------    d-----w-    C:\Users\Desktop\AppData\Roaming\Inventec
====== C:\Users\Desktop ======
2016-02-11 02:54:48    A677F1A50AD97F33A1668E0559238FE1    1609032    ----a-w-    C:\Users\Desktop\Desktop\JRT.exe
2016-02-11 02:53:42    54F27C9764AD5E1DA35F5FFFB061B539    1508352    ----a-w-    C:\Users\Desktop\Desktop\AdwCleaner.exe
2016-02-11 02:24:22    --------    d-----r-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-02-11 02:23:50    --------    d-----w-    C:\ProgramData\regid.1991-06.com.microsoft
2016-02-09 03:09:10    3E4C7B50A560A8A3FDA4CA295B477985    2370560    ----a-w-    C:\Users\Desktop\Desktop\FRST64.exe
2016-01-31 21:31:58    --------    d-----w-    C:\Users\Public\AppData
2016-01-31 21:31:58    --------    d-----w-    C:\Users\MSOCache\AppData
2016-01-31 05:18:24    7A5CCA177753CC9B10D26E68C507B032    36860    ----a-w-    C:\Users\Desktop\bookmarks-2016-01-31.json
2016-01-29 03:12:48    --------    d-----w-    C:\Users\UpdatusUser\AppData
2016-01-27 23:27:19    --------    d-----w-    C:\ProgramData\Citrix
2016-01-20 00:20:21    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-01-16 22:39:18    --------    d-----w-    C:\ProgramData\Inventec
2016-01-16 22:37:49    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.eye

====== C: exe-files ==
2016-02-11 03:00:31    2F9C7FDA92C346CB5AA32091536AE0CB    43520    ----a-w-    C:\Users\Desktop\AppData\Local\Temp\jrt\nfo\nircmdc.exe
2016-02-11 02:54:48    A677F1A50AD97F33A1668E0559238FE1    1609032    ----a-w-    C:\Users\Desktop\Desktop\JRT.exe
2016-02-11 02:53:42    54F27C9764AD5E1DA35F5FFFB061B539    1508352    ----a-w-    C:\Users\Desktop\Desktop\AdwCleaner.exe
2016-02-11 01:26:04    A23E9BF946E39CA9D408F32172EEECA2    354304    ----a-w-    C:\Program Files (x86)\AIMP3\Modules\opusenc.exe
2016-02-11 01:26:04    6B4FAFDE326A58EA6AB780478D28A44E    258560    ----a-w-    C:\Program Files (x86)\AIMP3\Modules\mpcenc.exe
2016-02-10 23:28:45    4EA829EA903E51AA70767753757E621F    2519960    ----a-w-    C:\Program Files (x86)\Google\Update\Install\{31E3E873-E391-4BE0-8C31-558B0F648D0E}\48.0.2564.109_48.0.2564.103_chrome_updater.exe
2016-02-10 23:28:45    4EA829EA903E51AA70767753757E621F    2519960    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.109\48.0.2564.109_48.0.2564.103_chrome_updater.exe
2016-02-09 03:09:10    3E4C7B50A560A8A3FDA4CA295B477985    2370560    ----a-w-    C:\Users\Desktop\Desktop\FRST64.exe
=== C: other files ==
2016-02-11 02:52:15    2A0AEDE9853938B83421D6A78EBC013E    544    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-102027666-3716477199-3525533037-1000\$IPNJDMC.zip
2016-02-11 01:04:04    6B84C54433CB6FCCD3FAA26926CA8DD5    7718830    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-102027666-3716477199-3525533037-1000\$RPNJDMC.zip

==== Orphaned Tasks deleted from Registry ======================

AutoPico Daily Restart deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-102027666-3716477199-3525533037-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #1"="C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:C977C968-D9B8-46d4-8959-9EF5B08F7386"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #1"="C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:C977C968-D9B8-46d4-8959-9EF5B08F7386"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"Fast Boot"="C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe"
"Corsair Duke"="C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe"
"IMDreyePlugin"="C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIMplugin.exe /h"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice"
"CDAServer"="C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConnectionCenter]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ConnectionCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Citrix\\ICA Client\\concentr.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HKToolbarManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HKToolbarManager"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\881903\\IETOOLBAR\\hkmgr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Live Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Live Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\MSI\\Live Update\\Live Update.exe /REMINDER"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Redirector]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Redirector"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Citrix\\ICA Client\\redirector.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sony PC Companion"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Sony\\Sony PC Companion\\PCCompanion.exe\" /Background"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Desktop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk]
"path"="C:\\Users\\Desktop\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Citrix Receiver.lnk"
"backup"="C:\\Windows\\pss\\Citrix Receiver.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\Citrix\\ICACLI~1\\SELFSE~1\\SELFSE~2.EXE "
"item"="Citrix Receiver"


==== Startup Folders ======================

2016-02-11 02:31:59    1144    ----a-w-    C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
2015-01-09 03:06:40    2039    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
2015-01-09 03:06:40    2021    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [02/09/2016 08:28 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf2bac484cb107.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 06:22 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0429e87c5f23d.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d08f2b798e34a2.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 06:22 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf6b22bc67e41b.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 06:22 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cfeb29acb7d1a7.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 06:22 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0429e880174a3.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 06:22 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d08f2b79b6ac07.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 06:22 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1cf2bac484cb107" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d0429e87c5f23d" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d08f2b798e34a2" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1cf6b22bc67e41b" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1cfeb29acb7d1a7" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d0429e880174a3" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d08f2b79b6ac07" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Launch ASUS Sync Loader" [C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\5uudvg2z.default
user_pref("browser.startup.homepage", "https://www.google.ca/");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.defaultenginename.US", "Google");

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\5uudvg2z.default
user_pref("network.proxy.type", 4);

==== Firefox Extensions ======================

ProfilePath: C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\5uudvg2z.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\5uudvg2z.default
6FE651F6E3025AD51CC1D54913AEEADC    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll -    Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/08/2016 10:47 AM]

Text URL Linker - Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegfbpchoheaflicfmggkmlmcccpjpgd
bamboo panda - Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdimjkgkhlmlngcgioeokeekojhfmblk
Google Voice Search Hotword (Beta) - Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Hide My Ass Web Proxy - Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd
Google Search - Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Skype - Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Dropdown List of Most Visited Links - Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah
Chrome Web Store Payments - Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_baike.baidu.com_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_baike.baidu.com_0.localstorage-journal deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_music.baidu.com_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_music.baidu.com_0.localstorage-journal deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pan.baidu.com_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pan.baidu.com_0.localstorage-journal deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pos.baidu.com_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pos.baidu.com_0.localstorage-journal deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tieba.baidu.com_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tieba.baidu.com_0.localstorage-journal deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.baidu.com_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.baidu.com_0.localstorage-journal deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zhidao.baidu.com_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zhidao.baidu.com_0.localstorage-journal deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.atm.youku.com_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.atm.youku.com_0.localstorage-journal deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.ebay.com_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.ebay.com_0.localstorage-journal deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dealshow.kekeapp.com_0.localstorage deleted successfully
C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dealshow.kekeapp.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.ca/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.ca/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKToolbarManager deleted successfully

==== HijackThis Entries ======================

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIEBar.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
O4 - HKLM\..\Run: [Corsair Duke] C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe
O4 - HKLM\..\Run: [IMDreyePlugin] "C:\Program Files (x86)\Inventec\Dreye\9.0\DreyeMT\DreyeIMplugin.exe" /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #1] C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:C977C968-D9B8-46d4-8959-9EF5B08F7386 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #1] C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:C977C968-D9B8-46d4-8959-9EF5B08F7386 (User 'Default user')
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
O4 - Global Startup: BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
O4 - Global Startup: NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_FastBoot - MSI - C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
O23 - Service: MSI_LiveUpdate_Service - Micro-Star International - C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Desktop\AppData\Local\Mozilla\Firefox\Profiles\5uudvg2z.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
                                                                                                                                                                        

 

 

Edit: forgot the Windows Summary attachment.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    

Attached Files


Edited by 66xx66xx66, 10 February 2016 - 10:44 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:57 PM

Posted 11 February 2016 - 09:57 AM

Thank you for the information Ray. Let me know if you have any further BSOD events.

Please do this.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Running Firefox in Browser Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the run box and press Enter

firefox --safe-mode

  • Select Start in Safe Mode
  • Please report how Firefox is running
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Firefox performance?
  • Update on overall computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 66xx66xx66

66xx66xx66
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 11 February 2016 - 09:00 PM

Thanks for the fast replies.

 

I had problem during scanning.  It got stuck at 54% scanning C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Recent\xxxxxxxxxxxxx.lnk file. I have to force close Roguekiller by End task.  re-scan stuck on the same file.  Reboot Windows Safe mode than I had scan completed.

 

After scan completed start windows normal, go into Firefox safe mode everything seem OK, but when I run firefox normal I still have problem loading youtube video had to click on Pause Icon for the video to start but in safe mode video auto starts. 

 

RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Desktop [Administrator]
Started from : C:\Users\Desktop\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/11/2016 20:40:44

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2EDB427F-0AEA-44CF-810F-88342BDB9F52} | DhcpNameServer : 64.71.255.205 64.71.255.253 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2EDB427F-0AEA-44CF-810F-88342BDB9F52} | DhcpNameServer : 64.71.255.205 64.71.255.253 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2EDB427F-0AEA-44CF-810F-88342BDB9F52} | DhcpNameServer : 64.71.255.205 64.71.255.253 ([X][X])  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] 5uudvg2z.default : user_pref("network.proxy.type", 4); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT256MX100SSD1 ATA Device +++++
--- User ---
[MBR] 766db78c4232f801137be82013cc714c
[BSP] ca1d757ce69b86bd80f561c9e24375c2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244097 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk SDSSDX120GG25 ATA Device +++++
--- User ---
[MBR] 2fe84c3d9331b6df6f1e47c41f1e0e8b
[BSP] 831d50ce3097b805509344cf77d32489 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114471 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST3360832AS ATA Device +++++
--- User ---
[MBR] 3a5eb6e0d708abfaf52808295e9c4365
[BSP] a9f7f78e8f01196097ed3bc680ba9634 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 343397 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:57 PM

Posted 11 February 2016 - 09:33 PM

Thank you for the information. You are welcome for the quick replies.

Can you tell me, if you know, whether or not a Proxy was deliberately set for Firefox?

Is Firefox still crashing?

Please do these things.

===================================================

Determining Firefox Proxy Settings

--------------------
  • Launch Firefox
  • Click Tools, then Options
  • Select Advanced, then the Network tab
  • In the Connection section click Settings
  • Please take a screen shot of this window and attach it to your reply
===================================================

Uninstalling and Reinstalling Adobe Flash Player

-------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • Locate Adobe Flash Player and select Uninstall
  • Download Adobe Flash Player here and save it to your desktop. Uncheck Yes, install McAfee Security Scan Plus
  • Close any open browsers
  • Double click on the adobeflashplayer.jpg icon to launch the installation
  • If you are presented with a warning popup select Run
  • Once the installation is complete click Finish
  • Check Firefox behavior and if it is not better complete the next step
==================================================

Manually Troubleshooting Firefox Add-Ons

-------------------
  • Launch Firefox normally
  • Click Tools, then Add-ons
  • Disable half of the Add-ons, restart Firefox, then check for symptoms
  • If the symptoms remain, disable an additional Add-on, restart Firefox, then check for symptoms. Repeat as necessary
  • If the symptoms disappear after disabling half of the Add-ons, Enable an Add-on, restart Firefox and check for symptoms. Repeat as necessary
  • Report the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Proxy settings screen shot
  • Did Adobe unintstall/reinstall properly?
  • Firefox troubleshooting results, if necessary
  • Firefox crashing?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 66xx66xx66

66xx66xx66
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 11 February 2016 - 10:33 PM

You very kind,

 

see attached SS for proxy

 

Yes,  no problem uninstall/install adobe flash

 

I only have 1 Add-ons, Adblock Plus, after disable youtube runs ads before video seem don't have any loading problem anymore.

 

Firefox stop crashing after I did a Combofix scan/delete before visiting this forums.

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:57 PM

Posted 11 February 2016 - 10:38 PM

So uninstalling and reinstalling Adobe did not fix it? You had to troubleshoot the add-on?

I am not sure I understand this:
 

after disable youtube runs ads before video seem don't have any loading problem anymore.

 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 66xx66xx66

66xx66xx66
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 11 February 2016 - 10:42 PM

Disable adblock Plus seem to fix the problem



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:57 PM

Posted 11 February 2016 - 10:44 PM

OK if you want you can uninstall and reinstall it.

Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program, this may take some time
  • Click on 2. Scan
  • Click Yes to detecting Potentially Unwanted Programs
  • Click Malware Scan
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste or attach the report to your reply
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report
  • Security Check report
  • Are you experiencing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 66xx66xx66

66xx66xx66
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 13 February 2016 - 12:36 AM

Uninstall Adblock Plus

 

 

Emsisoft Emergency Kit - Version 11.0
Last update: 2/13/2016 12:28:32 AM
User account: Desktop-PC\Desktop

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    2/13/2016 12:29:05 AM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    76378
Found    2

Scan end:    2/13/2016 12:29:25 AM
Scan time:    0:00:20

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     Setting.DisableRegistryTools (A)

Deleted    1
 

-------------------------------------------------------------

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 8.0   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java version 32-bit out of Date!
 Adobe Flash Player 20.0.0.306  
 Mozilla Firefox (44.0)
 Google Chrome (48.0.2564.103)
 Google Chrome (48.0.2564.109)
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

-------------------------------------------

 

Everything seems to be working normal. Thank you



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:57 PM

Posted 13 February 2016 - 11:15 AM

Hi Ray,

Be aware there is a newer version of ESET NOD32 Antivirus available, 9.0. The other warnings are not applicable to your computer.

It looks like we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users