Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting Browser redirects in Chrome


  • This topic is locked This topic is locked
19 replies to this topic

#1 muglore

muglore

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 27 March 2016 - 08:52 AM

I started seeing my web browser (chrome) open random tabs and directing to various ad click sites. It frequently goes to one called Orion 10, but the redirect URL constantly changes. This started to happen about 3 weeks ago, and used a few reg cleaner tools like malwarebytes and HiJackThis to try to remove the infection. When I do this everything is fine until I restart the computer, then the new tab redirects start to happen again. Very frustrating. Thanks!

 

 

///////////////////////////////////////////////////////////////////////// FRST.txt /////////////////////////////////////////////////////////////////////////////////

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Neal (administrator) on TRON (27-03-2016 09:40:14)
Running from C:\Users\Neal\Desktop\downloads
Loaded Profiles: Neal (Available Profiles: Neal & OVRLibraryService)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\SCE\ORBIS\Tools\Target Manager Server\bin\orbis-tm.exe
(Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
(Oculus VR) C:\Program Files (x86)\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oculus VR) C:\Program Files (x86)\Oculus\Support\oculus-runtime\OVRServer_x64.exe
() C:\Program Files (x86)\Android\android-sdk\platform-tools\adb.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exe
(Macrovision Europe Ltd.) C:\Users\Neal\AppData\Local\Temp\Adobelm_Cleanup.0001
(Adobe Systems) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
(Macrovision Europe Ltd.) C:\Users\Neal\AppData\Local\Temp\Adobelm_Cleanup.0001
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [TortoiseHgOverlayIconServer] => C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [100616 2013-11-04] ()
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [OrbisTaskbarApp] => C:\Program Files (x86)\SCE\ORBIS\Tools\Neighborhood\bin\OrbisTaskbarApp.exe [14846976 2015-09-01] (Sony Computer Entertainment Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3862440 2016-03-02] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [57000 2014-07-01] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [Google Update] => C:\Users\Neal\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe -autostart
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Neal\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63927cc544ff47d08bfa1929465a950e-22d6885a3e0d9560199d8b731b1850a2d9b48f07 --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Neal\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 63927cc544ff47d08bfa1929465a950e-22d6885a3e0d9560199d8b731b1850a2d9b48f07 --CMPID 0913a
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Neal\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\MountPoints2: {452b7b0f-5586-11e2-bc67-c86000be7cfd} - F:\Setup.exe -auto
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\MountPoints2: {4fa5e7c7-d7dd-11dd-8547-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\MountPoints2: {8a01c027-7229-11e2-9a7b-c86000be7cfd} - I:\HTC_Sync_Manager_PC.exe
SSODL: EldosMountNotificator-cbfs5 - {AB36DAB9-5A6D-48B4-9C41-0AB0256078D5} - C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs5 - {AB36DAB9-5A6D-48B4-9C41-0AB0256078D5} - C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {460EDBEB-3464-466E-A4D7-490DFCC4F007} => C:\Windows\system32\cbfsMntNtf5.dll [2015-05-22] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {460EDBEB-3464-466E-A4D7-490DFCC4F007} => C:\Windows\SysWOW64\cbfsMntNtf5.dll [2015-05-22] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-01-10]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-01-03]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series (Copy 2).lnk [2016-03-26]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 series (Copy 2).lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EA245FCB-4DD7-4A05-A860-372ABCFE9201}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F62DD939-4B62-4BF1-BABC-DCABCB63CF66}: [DhcpNameServer] 172.16.42.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-996645693-936177921-1615747494-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-996645693-936177921-1615747494-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-996645693-936177921-1615747494-1000 -> {076D6A88-84F9-4045-958D-C954E9BFB6AB} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll [2013-01-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll [2013-01-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-996645693-936177921-1615747494-1000: @asperasoft.com/AsperaConnect -> C:\Users\Neal\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.5.1\npasperaweb_3.5.1.92525.dll [2014-09-04] (Aspera, Inc. )
FF Plugin HKU\S-1-5-21-996645693-936177921-1615747494-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Neal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-996645693-936177921-1615747494-1000: @talk.google.com/O1DPlugin -> C:\Users\Neal\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-996645693-936177921-1615747494-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-996645693-936177921-1615747494-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-996645693-936177921-1615747494-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Neal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-996645693-936177921-1615747494-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-996645693-936177921-1615747494-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Neal\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Neal\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.ghostmachinestudios.com/","hxxp://www.google.com"
CHR Profile: C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-01-14]
CHR Extension: (SEOquake) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2016-03-26]
CHR Extension: (Google Drive) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2016-03-11]
CHR Extension: (YouTube) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (uBlock Origin) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-03-08]
CHR Extension: (Image Downloader) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2015-01-14]
CHR Extension: (Google Search) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2015-11-20]
CHR Extension: (Pocket Legends) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2015-11-16]
CHR Extension: (Plants vs Zombies) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Buffer) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2016-03-01]
CHR Extension: (strikethrough) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\peahilnfgiacdkackbnbdbgkkjaghool [2015-11-03]
CHR Extension: (Gmail) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-03] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3934184 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 mi-raysat_3dsmax2010_64; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [86016 2009-03-12] () [File not signed]
S3 OVRLibraryService; C:\Program Files (x86)\Oculus\Support\oculus-librarian\OVRLibraryService.exe [1120552 2016-02-26] ()
R2 OVRService; C:\Program Files (x86)\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [332752 2016-03-09] (Oculus VR)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-02] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378288 2016-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [269232 2016-03-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66136 2016-03-25] (Broadcom Corporation.)
R1 cbfs5; C:\Windows\system32\drivers\cbfs5.sys [422080 2015-05-22] (EldoS Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77992 2014-07-01] (Fresco Logic)
S4 LMIRfsClientNP; no ImagePath
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-18] (Malwarebytes)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 OCULUSVRHEADSET; C:\Windows\System32\DRIVERS\OCULUS119B.sys [1833984 2016-02-18] (OCULUS)
S3 OCUSBVID; C:\Windows\System32\DRIVERS\ocusbvid109.sys [67096 2016-02-26] (Oculus VR, LLC)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2014-02-13] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-05] ()
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S4 NvStUSB; system32\DRIVERS\nvstusb.sys [X]
U3 aswMBR; \??\C:\Users\Neal\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Neal\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-27 01:10 - 2016-03-27 09:40 - 00000000 ____D C:\FRST
2016-03-27 01:09 - 2016-03-27 01:09 - 00006251 _____ C:\Users\Neal\Desktop\fixlist.txt
2016-03-26 17:28 - 2016-03-26 17:28 - 00000000 ____D C:\Users\Neal\Documents\Tilt Brush
2016-03-26 16:03 - 2016-03-26 16:03 - 00000000 ____D C:\Users\Neal\AppData\Local\SculptrVR
2016-03-26 15:52 - 2016-03-26 15:52 - 00000000 ____D C:\Users\Neal\Documents\Phaser Lock Interactive
2016-03-26 15:34 - 2016-03-26 15:34 - 00000000 ____D C:\Users\Neal\AppData\LocalLow\Northway and Radial Games
2016-03-26 15:33 - 2016-03-26 15:33 - 00000222 _____ C:\Users\Neal\Desktop\8i - The Climb.url
2016-03-26 11:38 - 2016-03-26 11:38 - 00000000 ____D C:\Users\Neal\AppData\Local\RoseAndI
2016-03-26 11:36 - 2016-03-26 11:36 - 00000000 ____D C:\Users\Neal\AppData\LocalLow\Alientrap
2016-03-26 10:05 - 2016-03-26 10:05 - 00000000 ____D C:\Users\Neal\AppData\LocalLow\ZenzVR
2016-03-26 09:55 - 2016-03-26 09:55 - 00000000 ____D C:\Users\Neal\AppData\LocalLow\Blackthorn Media LLC
2016-03-25 21:01 - 2016-03-25 21:01 - 00122112 _____ (Broadcom Corporation.) C:\Windows\system32\btw_ci.dll
2016-03-25 21:01 - 2016-03-25 21:01 - 00109252 _____ C:\Windows\system32\Drivers\BCM20703A1_001.001.005.0214.0481.hex
2016-03-25 21:01 - 2016-03-25 21:01 - 00073984 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwsecfl.sys
2016-03-25 21:01 - 2016-03-25 21:01 - 00066136 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwusb.sys
2016-03-25 17:27 - 2016-03-25 17:27 - 00009216 ___SH C:\Users\Public\Thumbs.db
2016-03-11 18:11 - 2016-03-23 20:32 - 00003970 _____ C:\Users\Neal\Desktop\Rkill.txt
2016-03-08 10:37 - 2016-03-08 10:37 - 00000233 _____ C:\Users\Neal\Desktop\Tom Clancy's The Division.url
2016-03-07 11:31 - 2016-03-07 17:20 - 00000000 ____D C:\Users\Neal\Documents\Unreal Projects
2016-03-07 11:27 - 2016-03-07 11:27 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Unreal Engine
2016-03-07 10:58 - 2016-03-07 10:58 - 00000000 ____D C:\Users\Neal\Documents\UnrealTournament
2016-03-07 10:58 - 2016-03-07 10:58 - 00000000 ____D C:\Users\Neal\AppData\Local\UnrealTournament
2016-03-04 19:06 - 2016-03-04 19:06 - 00000000 ____D C:\Program Files\Epic Games
2016-03-04 12:40 - 2016-03-04 12:40 - 00000000 ____D C:\Users\Neal\AppData\Local\Lost
2016-03-04 12:25 - 2016-03-04 12:25 - 00000000 ____D C:\Users\Neal\AppData\Local\UnrealEngineLauncher
2016-03-04 12:18 - 2016-03-04 12:18 - 00000000 ____D C:\Users\Neal\AppData\Local\EpicGamesLauncher
2016-03-04 12:17 - 2016-03-04 12:40 - 00000000 ____D C:\Program Files (x86)\Epic Games
2016-03-04 12:17 - 2016-03-04 12:27 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2016-03-04 12:17 - 2016-03-04 12:27 - 00002511 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2016-03-04 12:17 - 2016-03-04 12:25 - 00000000 ____D C:\ProgramData\Epic
2016-03-03 12:33 - 2016-03-03 12:33 - 00000892 _____ C:\Users\Public\Desktop\Unity 5.3.1p4 (64-bit).lnk
2016-03-03 11:44 - 2016-03-03 11:46 - 64759464 _____ (Unity Technologies ApS) C:\Users\Neal\Downloads\UnitySetup-Android-Support-for-Editor-5.3.3p1.exe
2016-03-03 11:39 - 2016-03-03 11:44 - 99350448 _____ (Unity Technologies ApS) C:\Users\Neal\Downloads\UnitySetup-Windows-Support-for-Editor-5.3.3p1.exe
2016-03-02 17:34 - 2016-03-02 17:41 - 99397808 _____ (Unity Technologies ApS) C:\Users\Neal\Downloads\UnitySetup-Windows-Support-for-Editor-5.3.2p4.exe
2016-03-02 17:25 - 2016-03-02 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.3.2p4 (64-bit)
2016-03-02 13:54 - 2016-03-02 14:00 - 98775488 _____ (Unity Technologies ApS) C:\Users\Neal\Downloads\UnitySetup-Windows-Support-for-Editor-5.3.1p4.exe
2016-03-02 13:52 - 2016-03-03 11:38 - 11796480 _____ C:\Users\Neal\Downloads\vstu.msi
2016-03-02 13:40 - 2016-03-03 11:36 - 197492272 _____ (${PRODUCT_PUBLISHER}) C:\Users\Neal\Downloads\UnityDocumentationSetup.exe
2016-03-02 13:21 - 2016-03-03 11:25 - 264021696 _____ (Unity Technologies ApS) C:\Users\Neal\Downloads\UnitySetup64.exe
2016-03-02 12:05 - 2016-03-09 00:34 - 00000000 ____D C:\Users\Neal\AppData\Local\NPE
2016-03-02 12:05 - 2016-03-02 12:05 - 00000000 ____D C:\ProgramData\Norton
2016-03-02 11:21 - 2016-03-02 11:21 - 00269232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2016-03-01 14:01 - 2016-03-01 14:01 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2015 Tools for Unity
2016-03-01 14:01 - 2016-03-01 14:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
2016-03-01 13:50 - 2016-03-01 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.3.3p1 (64-bit)
2016-02-29 12:04 - 2016-02-29 12:04 - 00000000 ____D C:\Program Files\Oculus VR Runtime Drivers
2016-02-29 11:17 - 2016-02-29 13:08 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Processing
2016-02-29 11:17 - 2016-02-29 11:17 - 00000000 ____D C:\Users\Neal\Documents\Processing
2016-02-29 11:17 - 2016-02-29 11:17 - 00000000 ____D C:\Users\Neal\.oracle_jre_usage
2016-02-26 00:04 - 2016-02-26 00:04 - 00067096 _____ (Oculus VR, LLC) C:\Windows\system32\Drivers\ocusbvid109.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-27 09:39 - 2013-01-02 19:34 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Azureus
2016-03-27 08:53 - 2012-12-30 18:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-27 08:46 - 2013-01-03 16:06 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996645693-936177921-1615747494-1000UA.job
2016-03-27 08:28 - 2014-10-10 18:12 - 00000000 ____D C:\steamcmd
2016-03-27 08:01 - 2012-12-30 19:58 - 00000000 ____D C:\ProgramData\MFAData
2016-03-27 02:53 - 2012-12-30 18:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-27 01:58 - 2013-01-02 14:03 - 00000000 ____D C:\Users\Neal\AppData\Roaming\vlc
2016-03-27 01:20 - 2013-01-14 15:57 - 00000000 ____D C:\ProgramData\Unity
2016-03-27 01:13 - 2013-01-07 14:08 - 00000000 ____D C:\Users\Neal\Desktop\ent
2016-03-26 22:55 - 2016-02-24 14:41 - 00000000 ____D C:\Program Files (x86)\Oculus
2016-03-26 21:46 - 2013-01-03 16:06 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996645693-936177921-1615747494-1000Core.job
2016-03-26 21:31 - 2012-12-30 19:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-26 20:27 - 2013-01-02 19:36 - 00000000 ____D C:\Users\Neal\Documents\Vuze Downloads
2016-03-26 17:44 - 2012-12-30 19:33 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-26 17:00 - 2009-07-13 23:45 - 00029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-26 17:00 - 2009-07-13 23:45 - 00029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-26 16:54 - 2016-02-24 14:27 - 00000000 ____D C:\Users\Neal\AppData\Local\Oculus
2016-03-26 16:49 - 2013-11-07 11:15 - 00000000 ____D C:\Users\Neal\AppData\Roaming\TortoiseHg
2016-03-26 16:49 - 2013-05-05 15:51 - 00000000 ____D C:\Users\Neal\AppData\Local\TSVNCache
2016-03-26 16:49 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-26 16:29 - 2015-12-08 17:35 - 00000000 ____D C:\Users\Neal\AppData\LocalLow\Ghost Machine
2016-03-26 16:13 - 2015-03-18 13:53 - 00000000 ____D C:\Users\Neal\AppData\Local\CrashDumps
2016-03-26 16:06 - 2014-07-03 18:29 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-26 15:45 - 2015-09-11 17:55 - 00000000 ____D C:\Users\Neal\AppData\Roaming\FC-VR
2016-03-26 11:38 - 2015-07-06 11:06 - 00000000 ____D C:\Users\Neal\AppData\Local\UnrealEngine
2016-03-25 21:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-03-25 17:58 - 2012-12-30 18:58 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-18 12:59 - 2016-01-07 12:40 - 00298748 _____ C:\Users\Neal\.babel.json
2016-03-18 12:59 - 2016-01-07 12:02 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Oculus
2016-03-12 09:01 - 2014-03-31 08:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-03-12 09:00 - 2015-06-02 09:05 - 00000000 ____D C:\Users\Neal\AppData\Local\Avg
2016-03-12 09:00 - 2012-12-30 20:00 - 00000000 ___HD C:\$AVG
2016-03-11 16:43 - 2014-04-23 13:28 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-03-11 16:43 - 2012-12-30 19:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-08 14:19 - 2016-02-19 11:58 - 00000000 ____D C:\Users\Neal\AppData\Local\Ubisoft Game Launcher
2016-03-08 12:01 - 2015-10-30 14:53 - 00000000 ____D C:\Users\Neal\Documents\Visual Studio 2015
2016-03-08 11:50 - 2015-10-30 13:59 - 00000000 ____D C:\ProgramData\VsTelemetry
2016-03-08 11:50 - 2015-04-14 14:33 - 00000000 ____D C:\Users\Neal\AppData\Local\SCE
2016-03-03 12:07 - 2013-11-28 15:40 - 00000000 ____D C:\Users\Neal\AppData\LocalLow\DefaultCompany
2016-03-03 11:27 - 2015-06-17 17:58 - 00000000 ____D C:\Program Files\Unity5
2016-03-01 14:01 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-29 11:17 - 2012-12-30 18:34 - 00000000 ____D C:\Users\Neal
2016-02-28 18:36 - 2013-01-17 20:29 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Audacity
2016-02-26 10:34 - 2016-02-11 15:28 - 00016384 ___SH C:\Users\Neal\Documents\Thumbs.db
 
==================== Files in the root of some directories =======
 
2015-04-01 17:17 - 2015-04-01 17:17 - 0073978 _____ () C:\Users\Neal\AppData\Roaming\Exception Minidump (2015-04-01 22.17.40).mdmp
2015-04-01 17:17 - 2015-04-01 17:17 - 0013473 _____ () C:\Users\Neal\AppData\Roaming\Exception Report (2015-04-01 22.17.40).txt
2013-12-16 16:50 - 2014-11-14 18:46 - 0000600 _____ () C:\Users\Neal\AppData\Local\PUTTY.RND
2014-02-27 01:58 - 2014-02-27 01:58 - 0007619 _____ () C:\Users\Neal\AppData\Local\Resmon.ResmonCfg
2008-02-05 15:28 - 2008-02-05 15:28 - 0000051 _____ () C:\Users\Neal\AppData\Local\setup.txt
2015-12-23 19:00 - 2015-12-23 19:00 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Neal\AppData\Local\Temp\AcDeltree.exe
C:\Users\Neal\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Neal\AppData\Local\Temp\avg-51af5a69-8ae7-4a25-a58a-b212488a9c18.exe
C:\Users\Neal\AppData\Local\Temp\avguirn_082146363860.exe
C:\Users\Neal\AppData\Local\Temp\dbpkbgtt.dll
C:\Users\Neal\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Neal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn7hqgj.dll
C:\Users\Neal\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Neal\AppData\Local\Temp\i4jdel0.exe
C:\Users\Neal\AppData\Local\Temp\i4jdel1.exe
C:\Users\Neal\AppData\Local\Temp\i4jdel2.exe
C:\Users\Neal\AppData\Local\Temp\i4jdel3.exe
C:\Users\Neal\AppData\Local\Temp\i4jdel4.exe
C:\Users\Neal\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Neal\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Neal\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Neal\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Neal\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Neal\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Neal\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Neal\AppData\Local\Temp\libovr.dll
C:\Users\Neal\AppData\Local\Temp\npp.6.4.5.Installer.exe
C:\Users\Neal\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\Neal\AppData\Local\Temp\npp.6.5.5.Installer.exe
C:\Users\Neal\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\Neal\AppData\Local\Temp\npp.6.7.7.Installer.exe
C:\Users\Neal\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
C:\Users\Neal\AppData\Local\Temp\npp.6.8.3.Installer.exe
C:\Users\Neal\AppData\Local\Temp\npp.6.8.8.Installer.exe
C:\Users\Neal\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Neal\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Neal\AppData\Local\Temp\nvStInst.exe
C:\Users\Neal\AppData\Local\Temp\shutdown1406816106.exe
C:\Users\Neal\AppData\Local\Temp\shutdown1410286166.exe
C:\Users\Neal\AppData\Local\Temp\shutdown1410289070.exe
C:\Users\Neal\AppData\Local\Temp\shutdown1422391873.exe
C:\Users\Neal\AppData\Local\Temp\shutdown1422392421.exe
C:\Users\Neal\AppData\Local\Temp\shutdown1422393016.exe
C:\Users\Neal\AppData\Local\Temp\shutdown1433881324.exe
C:\Users\Neal\AppData\Local\Temp\shutdown1433881927.exe
C:\Users\Neal\AppData\Local\Temp\shutdown1448922108.exe
C:\Users\Neal\AppData\Local\Temp\shutdown1452183721.exe
C:\Users\Neal\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Neal\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Neal\AppData\Local\Temp\twapi-2.0a7.dll
C:\Users\Neal\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Neal\AppData\Local\Temp\winzip170-64ml_wrapped.exe
C:\Users\Neal\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Neal\AppData\Local\Temp\_is43F2.exe
C:\Users\Neal\AppData\Local\Temp\_isBCA9.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-21 16:09
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 muglore

muglore
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 27 March 2016 - 08:56 AM

FYI: I am using windows 7 Home Premium



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 PM

Posted 27 March 2016 - 01:57 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this toolbar in bold via the Control Panel > Programs > Programs and Features applet.
Vuze Remote Toolbar v10.0 (HKLM-x32\...\{2A567123-6435-476E-9529-54F5F9A9F4E0}) (Version: 10.0 - Spigot, Inc.) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Neal\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63927cc544ff47d08bfa1929465a950e-22d6885a3e0d9560199d8b731b1850a2d9b48f07 --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Neal\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 63927cc544ff47d08bfa1929465a950e-22d6885a3e0d9560199d8b731b1850a2d9b48f07 --CMPID 0913a
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-996645693-936177921-1615747494-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
S4 LMIRfsClientNP; no ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S4 NvStUSB; system32\DRIVERS\nvstusb.sys [X]
U3 aswMBR; \??\C:\Users\Neal\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Neal\AppData\Local\Temp\aswVmm.sys [X]
C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
AlternateDataStreams: C:\Users\Neal\AppData\Local\Temporary Internet Files:MaNs2qBkHk8ammmQWcC [2364]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo [122

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

====

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 21 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
===

Please post the logs and let me know what problem persists with this computer.

#4 muglore

muglore
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 01 April 2016 - 06:48 AM

Hi Nasdaq,

 
Thanks so much for your help. Sorry for the slow response, but the Farbar Recovery Scan Tool locked up during the system fix and I thought it was still scanning the files. 
 
I have uninstalled java, rather that update it, as I do not need it and would rather remove the security risk from my system. 
 
Also, when I attempt to uninstall the vuze toolbar, I receive an exception that prevents me from doing so (see attach).
I have followed your other steps: here is the Fixlog result: 
 
//////////////////////////////////////////////////////////////////// Fixlog.txt //////////////////////////////////////////////////////////////////////////
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Neal (2016-04-01 07:38:03) Run:3
Running from C:\Users\Neal\Desktop\downloads
Loaded Profiles: Neal (Available Profiles: Neal & OVRLibraryService)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Neal\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63927cc544ff47d08bfa1929465a950e-22d6885a3e0d9560199d8b731b1850a2d9b48f07 --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Neal\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 63927cc544ff47d08bfa1929465a950e-22d6885a3e0d9560199d8b731b1850a2d9b48f07 --CMPID 0913a
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-996645693-936177921-1615747494-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
S4 LMIRfsClientNP; no ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S4 NvStUSB; system32\DRIVERS\nvstusb.sys [X]
U3 aswMBR; \??\C:\Users\Neal\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Neal\AppData\Local\Temp\aswVmm.sys [X]
C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
AlternateDataStreams: C:\Users\Neal\AppData\Local\Temporary Internet Files:MaNs2qBkHk8ammmQWcC [2364]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo [122
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-996645693-936177921-1615747494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
HKU\S-1-5-21-996645693-936177921-1615747494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_APR2013_AV => value not found.
HKU\S-1-5-21-996645693-936177921-1615747494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913a => value not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000\Software\MozillaPlugins\wacom.com/WacomTabletPlugin => key not found. 
C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => not found.
C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
LMIRfsClientNP => service not found.
LMIInfo => service not found.
NvStUSB => service not found.
aswMBR => service not found.
aswVmm => service not found.
"C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found. 
HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key not found. 
"C:\Users\Neal\AppData\Local\Temporary Internet Files" => ":MaNs2qBkHk8ammmQWcC" ADS not found.
"C:\Users\Public\.DS_Store" => ":AFP_AfpInfo" ADS not found.
"C:\Users\Public\Documents\.DS_Store" => ":AFP_AfpInfo" ADS not found.
EmptyTemp: => 74.7 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 07:40:39 ====

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 PM

Posted 01 April 2016 - 07:40 AM

The Vuze Tool bar must have been removed by an other mean.

If the folder in bold exists delete it.
C:\Users\Neal\Documents\Vuze Downloads

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#6 muglore

muglore
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 01 April 2016 - 11:23 AM

If the folder in bold exists delete it.
C:\Users\Neal\Documents\Vuze Downloads

 

I have done that, but the Vuze remote toolbar still is in my list of installed programs and returns the same error when attempting to uninstall. At this point the popups in chrome are still appearing as well. 

 

Here is a current scan of the system:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Neal (2016-04-01 10:42:05)
Running from C:\Users\Neal\Desktop\downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-12-30 23:34:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-996645693-936177921-1615747494-500 - Administrator - Disabled)
Guest (S-1-5-21-996645693-936177921-1615747494-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-996645693-936177921-1615747494-1005 - Limited - Enabled)
Neal (S-1-5-21-996645693-936177921-1615747494-1000 - Administrator - Enabled) => C:\Users\Neal
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe After Effects CS5.5 (HKLM-x32\...\{E82097B9-A3B8-404A-9A92-AC16A8AC9576}) (Version: 10.5 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.01) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Aperture Robot Repair (HKLM-x32\...\Steam App 323910) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Aspera Connect 3.5.1.92525 (HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\Aspera Connect 3.5.1.92525) (Version: 3.5.1.92525 - Aspera, Inc.)
Aspera Connect 3.5.1.92525 (x32 Version: 3.5.1.92525 - Aspera, Inc.) Hidden
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Audioshield (HKLM\...\Steam App 412740) (Version:  - Dylan Fitterer)
Autodesk 3ds Max 2010 64-bit (HKLM\...\{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}) (Version: 12.0 - Autodesk)
Autodesk 3ds Max 2010 64-bit Components (HKLM\...\{B9E591DD-DAAC-0409-B1B8-5667E359170B}) (Version: 12.0 - Autodesk)
Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit (HKLM\...\Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit) (Version:  - Autodesk)
AVG (Version: 16.51.7497 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.51.7497 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.5.441 - AVG Technologies)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bitmap Font Generator (HKLM-x32\...\BMFont) (Version:  - )
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Cloudlands : VR Minigolf (HKLM\...\Steam App 425720) (Version:  - Futuretown)
Codec Pack - All In 1 6.0.3.0 (HKLM-x32\...\Cool's_Codec_pack_4.12) (Version:  - )
Combined Community Codec Pack 2014-01-17 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.01.17.0 - CCCP Project)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Epic Games Launcher (HKLM-x32\...\{CA567F59-A3B6-4F0C-B419-63F9DFD0ABC9}) (Version: 1.1.59.0 - Epic Games, Inc.)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Final Approach (HKLM\...\Steam App 380670) (Version:  - Phaser Lock Interactive)
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Fresco Logic USB3.0 Host Controller (HKLM\...\{9F52965F-86A7-4019-AC19-020203808BC1}) (Version: 3.5.106.0 - Fresco Logic Inc.)
Git version 1.8.3-preview20130601 (HKLM-x32\...\Git_is1) (Version: 1.8.3-preview20130601 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.57 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Greenlight Developer Access (HKLM-x32\...\Steam App 219820) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gumball Drift (HKLM\...\Steam App 418260) (Version:  - Ghost Machine)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.0.1.002 - HTC Corporation)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Install Maker Pro (HKLM-x32\...\Install Maker Pro) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Jaunt VR - Experience Cinematic Virtual Reality (HKLM\...\Steam App 456450) (Version:  - Jaunt Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Jeeboman (HKLM\...\Steam App 392680) (Version:  - Futuretown)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.6.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Meltdown (HKLM-x32\...\Steam App 268220) (Version:  - Phenomenon Games)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{D68E6605-F852-4936-AB64-04B80E0C85AD}) (Version: 2.2.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{7BF8BD5F-EE1A-4DB1-B810-A4AE1D34530E}) (Version: 1.7.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins (HKLM-x32\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 8.50 - )
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oculus (HKLM\...\Oculus) (Version: <3 - Oculus VR, LLC)
Oculus Rift Sensor Driver (HKLM\...\{106C17B2-88E6-4EF4-AD01-5991C066406F}) (Version: 1.0.17.0 - Oculus VR, LLC)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PITCH-HIT : RAMPAGE LEVEL (HKLM\...\Steam App 453190) (Version:  - )
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
realities (HKLM\...\Steam App 452710) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Rocksmith 2014 (HKLM\...\Steam App 221680) (Version:  - Ubisoft - San Francisco)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
SCE Controller Capture and Playback for PlayStation®4 v3.00.0.9 (HKLM-x32\...\{41E51A67-2E1B-4F20-9E0E-82F7BD69598D}) (Version: 3.00.0.9 - Sony Computer Entertainment Inc.)
SCE Debugger for PlayStation®4 v3.00.0.13 (HKLM-x32\...\{A6377B37-9406-4023-A688-485C627A0EC3}) (Version: 3.00.0.13 - Sony Computer Entertainment Inc.)
SCE Debugger for PlayStation®4 Visual Studio Extensions v3.00.0.13 (HKLM-x32\...\{80047200-E02F-4D80-A270-DC9654B22E41}) (Version: 3.00.0.13 - Sony Computer Entertainment Inc.)
SCE Debugger Visual Studio 2013 Extensions v1.0.102.0 (HKLM-x32\...\{2328E099-9AA5-465B-B190-8A16F711EBFA}) (Version: 1.0.102.0 - Sony Computer Entertainment Inc.)
SCE Debugger Visual Studio 2015 Extensions v1.0.102.0 (HKLM-x32\...\{08A85F60-E367-4A4A-A823-4DA1D82DA61A}) (Version: 1.0.102.0 - Sony Computer Entertainment Inc.)
SCE Debugger Visualizer Interfaces v1.0.4.0 (HKLM-x32\...\{6F59105B-BCC8-4142-B767-D4FB8871B8B8}) (Version: 1.0.4.0 - Sony Computer Entertainment Inc.)
SCE Event Viewer for PlayStation®4 v3.00.0.9 (HKLM-x32\...\{35B7E7F1-7754-4C18-BFD7-9653011AF76A}) (Version: 3.00.0.9 - Sony Computer Entertainment Inc.)
SCE GPU Debugger for PlayStation®4 v3.00.0.16 (HKLM-x32\...\{3AF4ADD5-F6FF-4BF6-89D7-D5CF728AFA3F}) (Version: 3.00.0.16 - Sony Computer Entertainment Inc.)
SCE Memory Analyzer for PlayStation®4 v3.00.0.27 (HKLM-x32\...\{6E7BA29F-9E64-415A-AD4B-786F139C2EDF}) (Version: 3.00.0.27 - Sony Computer Entertainment Inc.)
SCE Neighborhood for PlayStation®4 v3.00.0.16 (HKLM-x32\...\{FE3C9881-BC94-4CDA-98A8-284CFA800D34}) (Version: 3.00.0.16 - Sony Computer Entertainment Inc.)
SCE PlayGo Viewer for PlayStation®4 v3.00.0.9 (HKLM-x32\...\{8EAD9DEB-EA7E-495F-A9EE-2391D47B52FF}) (Version: 3.00.0.9 - Sony Computer Entertainment Inc.)
SCE PlayStation File System Driver v5.1.159.21 (HKLM-x32\...\SCE PlayStation File System Driver) (Version: 5.1.159.21 - Sony Computer Entertainment Inc)
SCE ProDG Visual Studio Integration 2013 v2.3.3.3 (HKLM-x32\...\{0F8C825D-2E43-472C-A622-2E3D1E48648A}) (Version: 2.3.3.3 - Sony Computer Entertainment Inc.)
SCE PSVR Dictionary Tool for PlayStation®4 v2.2.2.0 (HKLM-x32\...\{E1004D30-16C1-485E-9F6F-C74AB9877C66}) (Version: 2.2.2.0 - Sony Computer Entertainment Inc.)
SCE PSVR Preview Tool for PlayStation®4 v1.2.1.0 (HKLM-x32\...\{EEAAEC0A-EBD8-4106-96A7-3538B025E244}) (Version: 1.2.1.0 - Sony Computer Entertainment Inc.)
SCE Publishing Tools for PlayStation®4 v2.10.0.4554 (HKLM-x32\...\{CF3AB3ED-3C14-4E0F-968B-F2FD5A61A04D}) (Version: 2.10.0.4554 - Sony Computer Entertainment Inc.)
SCE Razor CPU for PlayStation®4 v3.00.0.24 (HKLM-x32\...\{DF00DF09-ABDC-4CEE-8946-B696B9684E92}) (Version: 3.00.0.24 - Sony Computer Entertainment Inc.)
SCE Razor GPU for PlayStation®4 v3.00.0.38 (HKLM-x32\...\{FD466C52-48E2-42BE-98B6-33BA05891839}) (Version: 3.00.0.38 - Sony Computer Entertainment Inc.)
SCE Remote Viewer for PlayStation®4 v3.00.0.18 (HKLM-x32\...\{B5EFA53F-2B88-496C-98C8-CAB3C9558153}) (Version: 3.00.0.18 - Sony Computer Entertainment Inc.)
SCE Sample Browser for PS4™ v3.0.0.2 (HKLM-x32\...\{53A2E063-D468-4694-B534-9F8FC1BDADD3}) (Version: 3.0.0.2 - Sony Computer Entertainment Inc.)
SCE Scream Tool for PlayStation®4 v7.14.6 (HKLM\...\{47C01C21-E5B5-46FB-8C7C-D6F68957523E}) (Version: 7.14.6.0 - Sony Computer Entertainment, Inc.)
SCE Screen Capture for PlayStation®4 v3.00.0.7 (HKLM-x32\...\{C1A0374F-ACD8-47DD-860A-B3B093FA8699}) (Version: 3.00.0.7 - Sony Computer Entertainment Inc.)
SCE Sulpha for PlayStation®4 v3.00.0.10 (HKLM-x32\...\{FD3359E7-23C2-4514-AC20-DEFEBC1BC072}) (Version: 3.00.0.10 - Sony Computer Entertainment Inc.)
SCE Target Manager Server for PlayStation®4 v3.00.0.23 (HKLM-x32\...\{6ED5B874-73DB-456F-B75D-C1A46627101E}) (Version: 3.00.0.23 - Sony Computer Entertainment Inc.)
SCE Voice Recognition Title Name Tool for PlayStation®4 v1.1.3.0 (HKLM-x32\...\{29F552D2-8734-4D83-B0F3-544684736532}) (Version: 1.1.3.0 - Sony Computer Entertainment Inc.)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Space Pirate Trainer VR (HKLM\...\Steam App 418650) (Version:  - I-Illusions)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteamVR (HKLM-x32\...\Steam App 250820) (Version:  - )
SteamVR Demos (HKLM\...\Steam App 325280) (Version:  - )
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Tilt Brush (HKLM-x32\...\Steam App 327140) (Version:  - )
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
TortoiseHg 2.10.0 (x64) (HKLM\...\{8F3C0473-EFD2-41BB-8ABB-ED1861C258AF}) (Version: 2.10.0 - Steve Borho and others)
TortoiseSVN 1.8.2.24708 (64 bit) (HKLM\...\{D0DC3918-460D-4229-811E-41F22D0CD7E9}) (Version: 1.8.24708 - TortoiseSVN)
Trapcode Particular v2 (HKLM-x32\...\Trapcode Particular v2) (Version:  - )
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{DE02D760-9D68-49BA-A1CE-FDEC5892608D}) (Version: 11.0.2 - Red Giant Software)
Trapcode Suite 64-bit (Version: 11.0.2 - Red Giant Software) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.12.0 - Epic Games, Inc.) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.3.1p4 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-996645693-936177921-1615747494-1000\...\UnityWebPlayer) (Version: 5.3.0f4 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 17.0 - Ubisoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VR Player (HKLM-x32\...\{31DDB528-67A7-415C-B218-B111B5FAF5DD}) (Version: 0.5.1 - StephaneLX)
VRMonitor (HKLM-x32\...\Steam App 366490) (Version:  - )
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Vuze Remote Toolbar v10.0 (HKLM-x32\...\{2A567123-6435-476E-9529-54F5F9A9F4E0}) (Version: 10.0 - Spigot, Inc.) <==== ATTENTION
Water Bears VR (HKLM\...\Steam App 394130) (Version:  - Schell Games)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinZip 17.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}) (Version: 17.0.10283 - WinZip Computing, S.L. )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{04A9E854-6F47-4F37-8A10-F896717F0329}\InprocServer32 -> C:\Users\Neal\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.5.1\npasperaweb64_3.5.1.92525.dll (Aspera, Inc. )
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{AD17B774-7F87-4141-BB9C-2AEE3841DC4E}\InprocServer32 -> C:\Users\Neal\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.5.1\npasperaweb64_3.5.1.92525.dll (Aspera, Inc. )
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-996645693-936177921-1615747494-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Neal\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0358FC2B-7A1E-4EF6-B40E-CB8CAE6FB076} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {15F79778-3D4A-4B6D-B0D0-076B95801B14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1761319A-59FD-4619-9D05-5C3D733EE93B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {1AF2F0F4-CF58-482D-B673-60F6C5F49B9E} - System32\Tasks\{FA8533C9-C195-4E4D-8576-DF2AABA604C7} => pcalua.exe -a C:\Users\Neal\Desktop\downloads\HijackThis.exe -d C:\Users\Neal\Desktop\downloads
Task: {658CFA1A-202D-477C-AB7B-2EC02891D672} - System32\Tasks\sceSdkManagerTask => C:\Users\All Users\SCE\SDK Installer\Binaries\Bin\TunsTask.exe
Task: {8FEA88A4-A9D3-4633-8061-B578741FDE6F} - System32\Tasks\{03A5F3EF-A9E7-4C42-99E0-F2F05497BC31} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/207020
Task: {9BC92321-ADD3-40A4-AB61-5892D01888F8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {9C8B02EC-E4EE-441F-AB1E-0584F22CFF8B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-996645693-936177921-1615747494-1000UA => C:\Users\Neal\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B35E2D64-27BB-418B-BD79-D3C7F38CDD1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D46805FE-231F-4CFA-86D0-1135F8BC5F3A} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{9FAF411B-D82E-47A5-9149-DDD64869AD0A}.exe [2015-06-20] ()
Task: {DE6790E9-2C9E-41C5-B4B5-D3B0E2E255B3} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {E135BCA0-0085-4F20-B5B7-BFBCF2876EE1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-996645693-936177921-1615747494-1000Core => C:\Users\Neal\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{9FAF411B-D82E-47A5-9149-DDD64869AD0A}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996645693-936177921-1615747494-1000Core.job => C:\Users\Neal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996645693-936177921-1615747494-1000UA.job => C:\Users\Neal\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-22 20:01 - 2016-02-02 17:53 - 01205832 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2012-12-30 18:51 - 2016-02-09 00:41 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-10-28 20:59 - 2011-10-28 20:59 - 00918448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
2012-10-01 21:36 - 2012-10-01 21:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-27 23:00 - 2013-08-27 23:00 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-08-27 22:59 - 2013-08-27 22:59 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2015-03-29 05:25 - 2015-03-29 05:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-09-14 18:00 - 2013-06-02 11:30 - 00717230 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2014-04-23 13:29 - 2010-10-21 04:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2009-03-12 18:39 - 2009-03-12 18:39 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
2013-02-27 15:12 - 2012-12-07 18:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-11-04 00:57 - 2013-11-04 00:57 - 00100616 _____ () C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
2012-10-27 09:28 - 2012-10-27 09:28 - 00128512 _____ () C:\Program Files\TortoiseHg\win32api.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00137728 _____ () C:\Program Files\TortoiseHg\pywintypes27.dll
2012-10-27 09:28 - 2012-10-27 09:28 - 00223232 _____ () C:\Program Files\TortoiseHg\win32gui.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00027648 _____ () C:\Program Files\TortoiseHg\win32pipe.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00023040 _____ () C:\Program Files\TortoiseHg\win32event.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00149504 _____ () C:\Program Files\TortoiseHg\win32file.pyd
2012-10-27 09:28 - 2012-10-27 09:28 - 00136192 _____ () C:\Program Files\TortoiseHg\win32security.pyd
2012-04-10 23:25 - 2012-04-10 23:25 - 00111616 _____ () C:\Program Files\TortoiseHg\_ctypes.pyd
2013-11-04 00:55 - 2013-11-04 00:55 - 00010752 _____ () C:\Program Files\TortoiseHg\mercurial.osutil.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00044032 _____ () C:\Program Files\TortoiseHg\win32process.pyd
2012-10-27 09:29 - 2012-10-27 09:29 - 00503808 _____ () C:\Program Files\TortoiseHg\pythoncom27.dll
2012-10-27 09:31 - 2012-10-27 09:31 - 00438784 _____ () C:\Program Files\TortoiseHg\win32com.shell.shell.pyd
2015-09-10 12:25 - 2015-09-10 12:25 - 04718080 _____ () C:\Program Files (x86)\SCE\ORBIS\Tools\Target Manager Server\bin\orbis-tm.exe
2016-03-30 20:09 - 2016-03-30 06:58 - 02224280 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.57\libglesv2.dll
2016-03-30 20:09 - 2016-03-30 06:58 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.57\libegl.dll
2016-03-30 20:09 - 2016-03-30 06:58 - 31407256 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.57\PepperFlash\pepflashplayer.dll
2014-04-23 13:28 - 2016-04-01 07:42 - 00029696 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll
2014-04-23 13:28 - 2010-06-28 21:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll
2012-06-14 22:11 - 2012-06-14 22:11 - 00325968 _____ () C:\ProgramData\Microsoft\Windows\WER\lua5.1.dll
2016-02-22 13:49 - 2016-02-22 13:48 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-02-24 03:51 - 2016-02-24 03:51 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\384e5d911d6517b2f6db742c6aa22cf0\IsdiInterop.ni.dll
2012-12-30 19:09 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-12-30 19:05 - 2012-01-20 12:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Neal\AppData\Local\Temporary Internet Files:MaNs2qBkHk8ammmQWcC [2364]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-02-04 10:48 - 00001693 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80
127.0.0.1 199.7.54.72
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-996645693-936177921-1615747494-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{15C45D41-7235-4526-BF17-6FCCFA226682}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9D2B650F-3D6B-49B4-81FE-DBEDB1326F0C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FF1C1A70-72E5-4CCE-9057-5B5070F7AE30}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{8B3C87F9-44E6-42B6-94E3-0DC937FD31F3}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{D6507A14-8337-4AA1-AA24-145BCB65A15D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{CC7C1F8C-0CD5-4417-8F94-6D8E93FBCD51}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{6C327F44-715F-4CA6-9B2C-BD91A827C608}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{1B6422C6-6F7D-4DE3-9D86-3A62384B656F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{45CA705B-1B1F-4688-BEE2-268DEA62D2DF}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{5FB88E8A-07C3-4500-9B50-5D24A910EE88}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{4A9E0D04-240D-4DAC-A275-505FA308200F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{38C09855-BF3E-4855-88C8-21C09E459CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{36CE8A50-1DD8-4EA0-A85B-0B33FEFE686E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{AD026CDB-9CB5-4A04-9660-BDB1919E6B35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [TCP Query User{CC9C74F6-7EEA-4CF3-B29E-4C3EDE9AD3B2}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe
FirewallRules: [UDP Query User{6467D655-DC4E-40E6-A77E-BCA5CAC14CB2}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe
FirewallRules: [{C9C16CE8-56C0-45DD-9A7E-61E5FFB422DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the binding of isaac\Isaac.exe
FirewallRules: [{97EE7B5C-27C7-4CB1-9A41-3A2048AAA59A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the binding of isaac\Isaac.exe
FirewallRules: [{6ACBB67E-0160-4FEA-8C06-0F346F17AF60}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{E42E524F-BC95-4DA6-9C3B-ECE858E87D47}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{C2A5C212-C728-4F92-9FDF-456A03611210}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [UDP Query User{FD1153EF-62BB-404D-8ADA-B7619736480B}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [{4344B274-9A2A-456B-BC4A-BFE53F4D84B3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{F76005D1-1BAC-4D8D-8218-B9CA89DFADC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{5A72248F-886A-4290-BE91-AE5F914FCD26}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{DC9C6D11-3273-440E-9703-7A7905EBD291}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{5D4FCE27-8760-4E0A-A23A-B22E8A21FE02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{724D6A4F-A4C5-4E81-B886-2E4949B67061}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{27C8DDDE-75BD-4A8C-94ED-19E491312418}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{27BD5893-B33B-4CD6-B39F-428AE5294B61}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{3BCBF97B-EC56-4331-9732-2A6D868BB141}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe
FirewallRules: [UDP Query User{DA17C420-C999-4C6C-8078-CA3366114319}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe
FirewallRules: [TCP Query User{EBA58A19-8A07-4A51-8809-91BAC144AEBA}C:\program files (x86)\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe] => (Allow) C:\program files (x86)\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe
FirewallRules: [UDP Query User{2BCF03A9-E67F-47F2-9C0A-FE834E9919AD}C:\program files (x86)\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe] => (Allow) C:\program files (x86)\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe
FirewallRules: [TCP Query User{47834B1F-DF09-45AA-908D-8B4843DA7295}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe
FirewallRules: [UDP Query User{BE57920B-DD10-41EC-81E7-6EB11DCBB3A4}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe
FirewallRules: [TCP Query User{B822F6EA-D6D5-40F6-AAA9-08F49B65F86B}C:\program files\poser pro 2010\poserpro.exe] => (Block) C:\program files\poser pro 2010\poserpro.exe
FirewallRules: [UDP Query User{53BC8DDB-C19D-4231-9E71-852A2EB86346}C:\program files\poser pro 2010\poserpro.exe] => (Block) C:\program files\poser pro 2010\poserpro.exe
FirewallRules: [TCP Query User{B7003242-9F4E-4819-AFF4-22CDC42A5A54}C:\program files (x86)\poser pro 2010\queuemanager.exe] => (Block) C:\program files (x86)\poser pro 2010\queuemanager.exe
FirewallRules: [UDP Query User{AC350BB4-74AF-486B-B215-D96E8DF48408}C:\program files (x86)\poser pro 2010\queuemanager.exe] => (Block) C:\program files (x86)\poser pro 2010\queuemanager.exe
FirewallRules: [TCP Query User{209216BB-83F4-4939-9CCC-C9367DFCE908}C:\program files (x86)\poser pro 2012\poserpro.exe] => (Block) C:\program files (x86)\poser pro 2012\poserpro.exe
FirewallRules: [UDP Query User{5B76BD28-375E-476D-8B0E-84A240788436}C:\program files (x86)\poser pro 2012\poserpro.exe] => (Block) C:\program files (x86)\poser pro 2012\poserpro.exe
FirewallRules: [TCP Query User{0C03E2B0-711B-4A5C-8998-C93F038F8C78}C:\program files\poser pro 2012\poserpro.exe] => (Block) C:\program files\poser pro 2012\poserpro.exe
FirewallRules: [UDP Query User{AA55846C-8FB0-4B0A-84B1-D856F4358AD5}C:\program files\poser pro 2012\poserpro.exe] => (Block) C:\program files\poser pro 2012\poserpro.exe
FirewallRules: [TCP Query User{541D8FE6-D618-4708-A47A-E79E50F4A75C}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{2587350F-0072-476F-9EB5-5492F513A8FB}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [TCP Query User{E3C1E615-6124-459E-9287-A62171EE11D6}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{282C0EA9-677C-482E-BB16-093280E161F5}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [{77764FF9-CA04-4DC3-9930-3A569721B3BF}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe
FirewallRules: [{A4F8A8A6-A5CD-479F-A0A6-052B9AA0C39E}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe
FirewallRules: [{0480994D-634B-4E72-B37C-37416731FB97}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe
FirewallRules: [{37176372-CFDC-4E13-B541-7A4166A717A6}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe
FirewallRules: [{02DCA100-2AA6-4068-B663-1446ECB79ACC}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
FirewallRules: [{319FB5C8-DC3C-4CBF-9B79-CB97254E150F}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
FirewallRules: [{004BFC16-9E25-4A8F-8BB8-C58908A7BA2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{61657BE5-B4B4-4591-8F78-4EEFD9331588}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [TCP Query User{87035BE9-508A-440C-AD9B-A4A6AA7B330A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{F80A62D0-ECCA-41BF-BDE4-ABA251AE5997}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{4F0E3C17-DC23-4B0F-9211-3CA2DE716630}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E625CB11-6E54-4167-8EDE-F0D4B5368463}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9195E6FB-9EA5-44A0-9512-63AB867322A8}] => (Allow) C:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{96062F0E-0710-4450-953C-800FB53E2A19}] => (Allow) C:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5BBF6625-33CF-47BC-B666-79E8FC30B5B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{B9C0D3CB-BF57-485E-91D7-110A934D4BF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{60DDBC8C-F9DE-4AD0-B445-C37FEB61D66A}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{B37326FE-BE98-457E-9C0E-8C6183110A15}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{0EDD2CB4-00D7-4578-9414-AC22876118C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{14DC547C-321E-42D9-B3CB-04982F7C3CA1}C:\program files (x86)\armada online alpha\armadaalpha\armadaonline.exe] => (Allow) C:\program files (x86)\armada online alpha\armadaalpha\armadaonline.exe
FirewallRules: [UDP Query User{F36C062C-B5E7-4377-998F-644B155575FF}C:\program files (x86)\armada online alpha\armadaalpha\armadaonline.exe] => (Allow) C:\program files (x86)\armada online alpha\armadaalpha\armadaonline.exe
FirewallRules: [{639D69F3-2D51-4D06-89A1-072318BB054D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{2D1FB1C1-F4CA-4600-BCDC-52927D06766B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [TCP Query User{4FBAF1EE-E46B-4842-BD2F-CE98894E4977}H:\unity4.3_install\editor\unity.exe] => (Allow) H:\unity4.3_install\editor\unity.exe
FirewallRules: [UDP Query User{8A38DD8D-6AF5-472B-A27C-2BFAB4BB7D9A}H:\unity4.3_install\editor\unity.exe] => (Allow) H:\unity4.3_install\editor\unity.exe
FirewallRules: [TCP Query User{D4FC08C6-97B6-4F43-9BC2-986291BF1D21}C:\users\neal\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\neal\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7DAE8AD0-A7AA-4B3E-A337-BAC8AE233A9A}C:\users\neal\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\neal\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C65B895E-866F-48FB-BF3C-D82CF9A657CE}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{B972209C-5ED3-4884-A6B6-290CB8A8003C}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{4F4B7EE3-0041-42EC-819B-05F897BA44CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{F48B74E3-3695-4A30-A2C3-A530332F8755}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [TCP Query User{715B1E0A-5441-488B-A355-8CC8780A0DA8}C:\udk\riftcoaster\binaries\win32\udk.exe] => (Allow) C:\udk\riftcoaster\binaries\win32\udk.exe
FirewallRules: [UDP Query User{D4CF076A-ADCF-4279-B78A-B2CAC9DE116E}C:\udk\riftcoaster\binaries\win32\udk.exe] => (Allow) C:\udk\riftcoaster\binaries\win32\udk.exe
FirewallRules: [TCP Query User{F20E75CC-3378-4934-97C2-714392DE3BE8}G:\program files (x86)\unity3.5\editor\unity.exe] => (Allow) G:\program files (x86)\unity3.5\editor\unity.exe
FirewallRules: [UDP Query User{74DFA530-4FE5-43E0-A4B9-CCD0ED3C0B89}G:\program files (x86)\unity3.5\editor\unity.exe] => (Allow) G:\program files (x86)\unity3.5\editor\unity.exe
FirewallRules: [{1AA9614E-20B1-4BA4-99CB-EAE5DD13245E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{192185D8-06E3-4CE0-A8BE-103F7C9AE033}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{FC84B5D9-461F-471E-A4C0-E824EE9462BE}C:\users\neal\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\neal\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{F5D94B7D-6AB8-4CE1-B59A-00C38D645594}C:\users\neal\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\neal\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E0357756-A2E6-4D1F-A94A-86312B23C337}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{6A32019B-514F-4EED-BCDA-EFF8C3B8F5F6}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{4D3D6599-572D-4760-946F-C779686BE7A4}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{4C491F06-71BC-4B61-B639-B07F81841F81}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{B4D8CF0B-8CEB-4633-A393-FB79D60E291D}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{C77CE8D1-0C0C-4D43-917C-1322CC66449E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{456452D5-7B39-4D4C-B960-7FEC8241DDBA}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{39A4FB2A-7DED-43F6-8641-96CF9DB07C61}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{E01AA92F-736C-413E-9A1D-C153A758A2ED}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{2AF57393-AF44-4F92-95AF-FE48F5DFE810}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{CE26EDDA-20A5-4A5A-B43D-1E7FBCC8F155}] => (Block) %ProgramFiles%\Autodesk\3ds Max 2014\3dsmax.exe
FirewallRules: [TCP Query User{63CC374C-5E9F-4F62-BD23-B2726CAF6EF8}C:\udk\undercurrent α0.5\binaries\win32\udk.exe] => (Allow) C:\udk\undercurrent α0.5\binaries\win32\udk.exe
FirewallRules: [UDP Query User{43453695-74F8-4ACD-951B-5EEA35AA0462}C:\udk\undercurrent α0.5\binaries\win32\udk.exe] => (Allow) C:\udk\undercurrent α0.5\binaries\win32\udk.exe
FirewallRules: [{172A48EA-F296-4B00-9A74-3549C5F69067}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4BE72158-4807-46A3-AB99-9119842B3D9E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D8B896BF-A1B2-4F62-8322-ED3302C34BA6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{70026558-7DDD-4766-A446-E0EF0F15FB25}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B6486D76-E3FC-4BB4-867A-93615FB9186A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{9B910147-0CB4-4FB5-AF9F-8F43F06DEFB0}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{90982B54-B205-43A6-A7BA-9C65F7731EC4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{AB029EB8-F6F0-4EC1-A022-0ED7E10BF81F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{640618F6-5E9D-476A-ADF7-2B2D7FFF2330}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{74A36EB6-003F-43DF-8D6F-48D3898840D3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{B34EF25D-AF33-4E4A-8F19-ABE52CFD2556}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{CF8A80CE-F2DF-4B81-8E05-B2636CB53D0A}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{DE9320C9-CF6A-4B3F-90A2-5DA3E4C52AFD}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{CF092DDD-34FF-4677-AE55-714A8DB03533}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{82F5547D-71E9-4515-9994-4E47753E8CB4}] => (Allow) LPort=2869
FirewallRules: [{C2919C05-44DC-490B-92C2-0BCC5035F881}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{E4CE3C62-1E13-4B61-BFEE-B48F76A92319}C:\users\neal\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\neal\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{35C5B859-7943-49B3-843D-EB4CA6C2BBA3}C:\users\neal\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\neal\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{E91321D5-278E-4DFC-94BC-A2387DE036BA}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{FDDBEF14-6398-4AA4-8D02-5CFE11D6CBE9}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [TCP Query User{64DB25C8-803A-49DB-93E2-E558C23E6770}C:\users\neal\desktop\riftdemos\escape_velocity_2_dogfight-pc\escapevelocity2dogfight_win.exe] => (Block) C:\users\neal\desktop\riftdemos\escape_velocity_2_dogfight-pc\escapevelocity2dogfight_win.exe
FirewallRules: [UDP Query User{0F782FA5-3ED7-41F9-8788-2C6F0AD44278}C:\users\neal\desktop\riftdemos\escape_velocity_2_dogfight-pc\escapevelocity2dogfight_win.exe] => (Block) C:\users\neal\desktop\riftdemos\escape_velocity_2_dogfight-pc\escapevelocity2dogfight_win.exe
FirewallRules: [TCP Query User{B32361A7-EC2B-4B81-A704-AE9321B2B8F1}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [UDP Query User{1DAB031E-9D7A-439C-BD6A-4CA4F1A09332}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [TCP Query User{522B8EF4-4018-4177-B746-9568653B5687}C:\program files (x86)\outerra\anteworld\outerra.exe] => (Allow) C:\program files (x86)\outerra\anteworld\outerra.exe
FirewallRules: [UDP Query User{CE4E0EB8-C393-42B0-AC06-CD4F51344583}C:\program files (x86)\outerra\anteworld\outerra.exe] => (Allow) C:\program files (x86)\outerra\anteworld\outerra.exe
FirewallRules: [TCP Query User{9787043D-C3FE-4586-9068-46A7D3A0450A}C:\users\neal\desktop\riftdemos\xing_the_land_beyond_-_rainforest_demo-pc\xing the land beyond - rainforest demo oculus share\xing\binaries\win64\xing.exe] => (Allow) C:\users\neal\desktop\riftdemos\xing_the_land_beyond_-_rainforest_demo-pc\xing the land beyond - rainforest demo oculus share\xing\binaries\win64\xing.exe
FirewallRules: [UDP Query User{2C387139-8DDC-4604-9C21-FD55E509F4C1}C:\users\neal\desktop\riftdemos\xing_the_land_beyond_-_rainforest_demo-pc\xing the land beyond - rainforest demo oculus share\xing\binaries\win64\xing.exe] => (Allow) C:\users\neal\desktop\riftdemos\xing_the_land_beyond_-_rainforest_demo-pc\xing the land beyond - rainforest demo oculus share\xing\binaries\win64\xing.exe
FirewallRules: [TCP Query User{1EE83438-7FF5-48BB-999F-D4FE837E676D}C:\users\neal\desktop\riftdemos\dgl_win64 (1)\dgl.exe] => (Block) C:\users\neal\desktop\riftdemos\dgl_win64 (1)\dgl.exe
FirewallRules: [UDP Query User{B72DD484-82E7-4A62-A986-39F12484C3FA}C:\users\neal\desktop\riftdemos\dgl_win64 (1)\dgl.exe] => (Block) C:\users\neal\desktop\riftdemos\dgl_win64 (1)\dgl.exe
FirewallRules: [TCP Query User{F44106B8-0985-4208-9FFD-DCC1D52694A9}C:\users\neal\desktop\riftdemos\caffeine_demo_v03\windowsnoeditor\caffeine\binaries\win64\caffeine.exe] => (Allow) C:\users\neal\desktop\riftdemos\caffeine_demo_v03\windowsnoeditor\caffeine\binaries\win64\caffeine.exe
FirewallRules: [UDP Query User{F99D15AE-D433-4262-9768-003C2D001553}C:\users\neal\desktop\riftdemos\caffeine_demo_v03\windowsnoeditor\caffeine\binaries\win64\caffeine.exe] => (Allow) C:\users\neal\desktop\riftdemos\caffeine_demo_v03\windowsnoeditor\caffeine\binaries\win64\caffeine.exe
FirewallRules: [TCP Query User{9769445E-5604-40FA-944F-730DF1105BF1}C:\users\neal\desktop\riftdemos\dk2_saved\geocore_oculus_rift\gc_start.exe] => (Block) C:\users\neal\desktop\riftdemos\dk2_saved\geocore_oculus_rift\gc_start.exe
FirewallRules: [UDP Query User{205CEA21-2764-4D5A-B666-61D76841934A}C:\users\neal\desktop\riftdemos\dk2_saved\geocore_oculus_rift\gc_start.exe] => (Block) C:\users\neal\desktop\riftdemos\dk2_saved\geocore_oculus_rift\gc_start.exe
FirewallRules: [{71CA5C99-BCC4-48F5-B096-D749EC697B7A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{0A9DAF1B-FA45-4E6E-AC88-60E1A74926CE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{D171D731-CF42-4B30-9FCB-8C19DE9D673F}C:\users\neal\desktop\riftdemos\dk2_saved\desertrallyrace\windowsnoeditor\vehiclegame\binaries\win64\vehiclegame.exe] => (Allow) C:\users\neal\desktop\riftdemos\dk2_saved\desertrallyrace\windowsnoeditor\vehiclegame\binaries\win64\vehiclegame.exe
FirewallRules: [UDP Query User{DA1168F1-DCC3-4B85-970F-7BC2AB75C97E}C:\users\neal\desktop\riftdemos\dk2_saved\desertrallyrace\windowsnoeditor\vehiclegame\binaries\win64\vehiclegame.exe] => (Allow) C:\users\neal\desktop\riftdemos\dk2_saved\desertrallyrace\windowsnoeditor\vehiclegame\binaries\win64\vehiclegame.exe
FirewallRules: [{08304C72-CA4C-416A-A9E0-236ECB0869BE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2BA20F75-4AE1-4EBC-9275-569A51E8B6C8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{0EFACA72-3E5C-4C2B-9F96-9C65A119771B}C:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe
FirewallRules: [UDP Query User{E742E30C-573A-4FB1-A97C-06627822A2AC}C:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe
FirewallRules: [{C024760E-A881-45A3-99B2-51388D3B49FF}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{50302E9D-929F-4C3A-859C-EF5C3623130C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{A9CC1616-F985-4A5B-901E-B0BC581A402C}C:\users\neal\desktop\riftdemos\dk2_saved\technolust - a way out\technolust win 4.4.exe] => (Block) C:\users\neal\desktop\riftdemos\dk2_saved\technolust - a way out\technolust win 4.4.exe
FirewallRules: [UDP Query User{09B83936-5476-49D5-A405-76BB55766572}C:\users\neal\desktop\riftdemos\dk2_saved\technolust - a way out\technolust win 4.4.exe] => (Block) C:\users\neal\desktop\riftdemos\dk2_saved\technolust - a way out\technolust win 4.4.exe
FirewallRules: [TCP Query User{28332D86-4577-48CD-AF4A-B3B8B74A6CC0}C:\users\neal\desktop\riftdemos\dk2_saved\ge_subsea_experience-pc\ge_sub\binaries\win64\ge_sub.exe] => (Allow) C:\users\neal\desktop\riftdemos\dk2_saved\ge_subsea_experience-pc\ge_sub\binaries\win64\ge_sub.exe
FirewallRules: [UDP Query User{E3331033-9EFC-4305-A638-8F04073A035E}C:\users\neal\desktop\riftdemos\dk2_saved\ge_subsea_experience-pc\ge_sub\binaries\win64\ge_sub.exe] => (Allow) C:\users\neal\desktop\riftdemos\dk2_saved\ge_subsea_experience-pc\ge_sub\binaries\win64\ge_sub.exe
FirewallRules: [TCP Query User{110ACF3A-8A8D-4C21-8BD0-55370806A148}C:\users\neal\desktop\downloads\nuren\nuren\binaries\win64\nuren.exe] => (Allow) C:\users\neal\desktop\downloads\nuren\nuren\binaries\win64\nuren.exe
FirewallRules: [UDP Query User{2FA60F86-6F08-4543-80BE-1431E46E7119}C:\users\neal\desktop\downloads\nuren\nuren\binaries\win64\nuren.exe] => (Allow) C:\users\neal\desktop\downloads\nuren\nuren\binaries\win64\nuren.exe
FirewallRules: [{0A5F857C-DF43-4D59-A840-89A762B3EEE9}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{B4647C23-9EDA-4B8C-8401-457F595F652D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{96CAC01D-E43A-4984-9768-0FECA283D40C}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B539ECA6-0AC7-4420-96A2-A00D3E8AA233}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{544BF8B0-CCA3-40ED-A037-DB1A644DDCC2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0F3A1D66-AE4B-475E-9DC2-1D32F30810E1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8B0BC8A8-C7F7-459A-85FB-737A4A90947B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7112218E-0799-4EF8-B57B-3E20A87C035B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{9B315BEA-7B33-47E9-9790-88CC65BDE5CE}C:\users\neal\desktop\riftdemos\insurgent_shatter_reality-pc\insurgentvr-1.1.3-x64\windowsnoeditor\insurgent\binaries\win64\insurgent.exe] => (Allow) C:\users\neal\desktop\riftdemos\insurgent_shatter_reality-pc\insurgentvr-1.1.3-x64\windowsnoeditor\insurgent\binaries\win64\insurgent.exe
FirewallRules: [UDP Query User{75B4BF61-C737-4319-ADA6-235719E29587}C:\users\neal\desktop\riftdemos\insurgent_shatter_reality-pc\insurgentvr-1.1.3-x64\windowsnoeditor\insurgent\binaries\win64\insurgent.exe] => (Allow) C:\users\neal\desktop\riftdemos\insurgent_shatter_reality-pc\insurgentvr-1.1.3-x64\windowsnoeditor\insurgent\binaries\win64\insurgent.exe
FirewallRules: [{2E1826E0-18A2-40C6-8842-B1050108A6A4}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{DE9CFFAC-13AE-402F-9013-CAF7A5CD5BA2}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{9FC7CC9C-F4F9-43F6-98CB-54B0E833EE97}C:\users\neal\desktop\riftdemos\oculus rift vr olive locomotion demo by carlos coronado dk2\vrolive\windowsnoeditor\vrolive\binaries\win64\riftcwithplugins.exe] => (Allow) C:\users\neal\desktop\riftdemos\oculus rift vr olive locomotion demo by carlos coronado dk2\vrolive\windowsnoeditor\vrolive\binaries\win64\riftcwithplugins.exe
FirewallRules: [UDP Query User{AA9CB832-9490-4244-8DD7-1473F6569FFB}C:\users\neal\desktop\riftdemos\oculus rift vr olive locomotion demo by carlos coronado dk2\vrolive\windowsnoeditor\vrolive\binaries\win64\riftcwithplugins.exe] => (Allow) C:\users\neal\desktop\riftdemos\oculus rift vr olive locomotion demo by carlos coronado dk2\vrolive\windowsnoeditor\vrolive\binaries\win64\riftcwithplugins.exe
FirewallRules: [{59E7C6F6-A0DF-4655-AE90-0CF9C7C78727}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{4CB11C6B-E8A7-49FF-A6EA-7510489CED6A}C:\users\neal\documents\thehumuniverse\extract\thehumabductionsdemo1\thehumabductions\binaries\win64\thehumabductions.exe] => (Allow) C:\users\neal\documents\thehumuniverse\extract\thehumabductionsdemo1\thehumabductions\binaries\win64\thehumabductions.exe
FirewallRules: [UDP Query User{10B3FE7C-A010-43DD-B8C2-E83F500D47DE}C:\users\neal\documents\thehumuniverse\extract\thehumabductionsdemo1\thehumabductions\binaries\win64\thehumabductions.exe] => (Allow) C:\users\neal\documents\thehumuniverse\extract\thehumabductionsdemo1\thehumabductions\binaries\win64\thehumabductions.exe
FirewallRules: [TCP Query User{C85816E2-A2EF-4080-9ACA-2534C62194A4}C:\users\neal\desktop\riftdemos\cyberphobia-pc\cyberphobia_w64_v3\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\neal\desktop\riftdemos\cyberphobia-pc\cyberphobia_w64_v3\windowsnoeditor\engine\binaries\win64\ue4game.exe
FirewallRules: [UDP Query User{D244696E-F8F3-4887-883D-6213FE2D0682}C:\users\neal\desktop\riftdemos\cyberphobia-pc\cyberphobia_w64_v3\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\neal\desktop\riftdemos\cyberphobia-pc\cyberphobia_w64_v3\windowsnoeditor\engine\binaries\win64\ue4game.exe
FirewallRules: [{276E8A6B-C386-4766-9D00-2A6879CD61CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Meltdown\Meltdown.exe
FirewallRules: [{B43BCC8C-A985-4B6E-AA10-D7428C3C84A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Meltdown\Meltdown.exe
FirewallRules: [{9A0B062B-76BD-4538-A1FB-BA43C0EF7B21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{91B30C02-70F1-40C2-817A-50569961FE87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [TCP Query User{4C95BB4B-895D-475A-9EF7-D3FCE30D8E7F}C:\program files (x86)\steam\steamapps\common\pneuma breath of life\observer\binaries\win64\observer-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pneuma breath of life\observer\binaries\win64\observer-win64-shipping.exe
FirewallRules: [UDP Query User{0AB69548-E0D1-4B7E-8A7A-95A564DC67EB}C:\program files (x86)\steam\steamapps\common\pneuma breath of life\observer\binaries\win64\observer-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pneuma breath of life\observer\binaries\win64\observer-win64-shipping.exe
FirewallRules: [TCP Query User{CD347FC7-B02A-434C-9248-47A66C543E85}C:\users\neal\desktop\riftdemos\mona lisa room oculus rift_v1.1\monalisa_room_v1.1\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\neal\desktop\riftdemos\mona lisa room oculus rift_v1.1\monalisa_room_v1.1\engine\binaries\win64\ue4game.exe
FirewallRules: [UDP Query User{1401BC1A-8127-4E34-BB8C-8181625D190B}C:\users\neal\desktop\riftdemos\mona lisa room oculus rift_v1.1\monalisa_room_v1.1\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\neal\desktop\riftdemos\mona lisa room oculus rift_v1.1\monalisa_room_v1.1\engine\binaries\win64\ue4game.exe
FirewallRules: [TCP Query User{107EE030-1BBD-49A0-B0E4-8A065125F906}C:\program files\unity5\editor\unity.exe] => (Allow) C:\program files\unity5\editor\unity.exe
FirewallRules: [UDP Query User{1C14A33B-0F0A-4C4D-B51C-118468791AA7}C:\program files\unity5\editor\unity.exe] => (Allow) C:\program files\unity5\editor\unity.exe
FirewallRules: [TCP Query User{A0B02E92-CE39-401B-93AF-2079534C0E98}C:\users\neal\desktop\riftdemos\steampuffvr\steampuffvr\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\neal\desktop\riftdemos\steampuffvr\steampuffvr\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{C953854C-66DC-4D7B-A31E-B1E348194369}C:\users\neal\desktop\riftdemos\steampuffvr\steampuffvr\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\neal\desktop\riftdemos\steampuffvr\steampuffvr\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{6BD95CBA-62F0-4442-BBC4-289F7C2E8926}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VR Mod\bin\win64\vr.exe
FirewallRules: [{66271BF9-2A99-4DBC-8405-779D5DEBABF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VR Mod\bin\win64\vr.exe
FirewallRules: [{03ECF8CD-0CB3-48D4-ACA9-4481D4923275}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\JobSimulator\jobsimulator.exe
FirewallRules: [{43F5F9D0-BDB8-46AB-B4A0-08358FBDEB91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\JobSimulator\jobsimulator.exe
FirewallRules: [{1A7DF14A-8778-4CDB-B95B-791054DF4C05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tilt Brush\TiltBrush.exe
FirewallRules: [{7C61A2F1-10CA-4C54-B6B0-67B8F756321D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tilt Brush\TiltBrush.exe
FirewallRules: [{9BAC8661-91A8-4F9E-8007-E959B7648E5E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{5EC0159D-5CB5-4C0D-BB3C-1EB3ED707430}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Minigolf VR\MinigolfVR\MinigolfVR.exe
FirewallRules: [{51B777E7-70CD-4598-BE3A-BFAD66B290FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Minigolf VR\MinigolfVR\MinigolfVR.exe
FirewallRules: [TCP Query User{E517B634-29FC-48FC-B2EA-69170DFADA0A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{FA0E8C2E-83B4-4297-9AE8-8F3CC690B2D9}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1BE8A066-55AD-4A31-868B-AA637DE2A39B}] => (Allow) C:\Program Files (x86)\SCE\ORBIS\Tools\Target Manager Server\bin\orbis-tm.exe
FirewallRules: [{BBD8CF63-4E13-4738-A417-8328BAA30B92}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{C65B8780-CE79-44A0-91DE-60C17C26933F}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{60F0A8CA-6A60-4696-BEEF-B2BB66208B52}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{826EF97C-AC95-4A95-9C21-F5BFF815B153}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{3B65CC29-2629-4F95-A4F0-2B0CC917A2B5}] => (Allow) LPort=5357
FirewallRules: [{43EEEB00-F0A6-40E4-B9F8-C2FB25B62ADA}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{E95461A4-88F8-44CC-978E-038279354703}C:\program files (x86)\oculus\software\oculus-test-app\henry\binaries\win64\henry.exe] => (Allow) C:\program files (x86)\oculus\software\oculus-test-app\henry\binaries\win64\henry.exe
FirewallRules: [UDP Query User{24C6785F-AB6D-4B63-94B4-A7B4945929DF}C:\program files (x86)\oculus\software\oculus-test-app\henry\binaries\win64\henry.exe] => (Allow) C:\program files (x86)\oculus\software\oculus-test-app\henry\binaries\win64\henry.exe
FirewallRules: [{439715F4-FF33-4724-B81C-A2A9EA5B8029}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8FB4726C-8527-40BD-98F6-16FBA7E603C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3209BFB5-D7B8-4C38-BF7B-738DA6D68D86}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{05101362-8D07-49DE-BB48-7214B008D813}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{835F6EE2-6541-4D2A-90CC-A14177EB4DB7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{517C0160-E52C-4B81-8041-7F314855CD17}] => (Allow) C:\Users\Neal\AppData\Local\Temp\7zS7AF9\HPDiagnosticCoreUI.exe
FirewallRules: [{A6DA72FC-15FD-42E5-A61E-ED157B689B0D}] => (Allow) C:\Users\Neal\AppData\Local\Temp\7zS7AF9\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{A2471B31-0849-443B-9821-59361D58A225}C:\users\neal\desktop\downloads\vrgames\the_hunger_games_-_virtual_reality_experience-pc\thehungergamesvr\windowsnoeditor\hungergames\binaries\win64\hungergames-win64-shipping.exe] => (Allow) C:\users\neal\desktop\downloads\vrgames\the_hunger_games_-_virtual_reality_experience-pc\thehungergamesvr\windowsnoeditor\hungergames\binaries\win64\hungergames-win64-shipping.exe
FirewallRules: [UDP Query User{6CAAB577-59EA-4796-9410-1D57A8ED38E6}C:\users\neal\desktop\downloads\vrgames\the_hunger_games_-_virtual_reality_experience-pc\thehungergamesvr\windowsnoeditor\hungergames\binaries\win64\hungergames-win64-shipping.exe] => (Allow) C:\users\neal\desktop\downloads\vrgames\the_hunger_games_-_virtual_reality_experience-pc\thehungergamesvr\windowsnoeditor\hungergames\binaries\win64\hungergames-win64-shipping.exe
FirewallRules: [{4C6D2049-24E1-46E8-9B4E-BA3E01ED3496}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{55FEBD95-37F4-4487-8739-9E234FA0AD54}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D682EAAF-EE75-4F07-8C96-16E916156920}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{FBC136BD-3068-458F-9F3A-307F70702FA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{BD9A93C1-4A88-4D59-8CA9-F59CE817859A}C:\users\neal\desktop\downloads\processing-3.0.2-windows64\processing-3.0.2\java\bin\java.exe] => (Allow) C:\users\neal\desktop\downloads\processing-3.0.2-windows64\processing-3.0.2\java\bin\java.exe
FirewallRules: [UDP Query User{2D276299-82BE-4814-96B6-9674EA7250B2}C:\users\neal\desktop\downloads\processing-3.0.2-windows64\processing-3.0.2\java\bin\java.exe] => (Allow) C:\users\neal\desktop\downloads\processing-3.0.2-windows64\processing-3.0.2\java\bin\java.exe
FirewallRules: [{C8E008E8-96D8-446D-8434-D9DD8AB60ECF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{AF827C2C-0CB0-4D7C-8741-03BA31531E24}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{A9EC65AB-1A3A-46A7-AE48-8B8E221BC2D8}] => (Allow) C:\PROGRA~1\Unity5\Editor\Unity.exe
FirewallRules: [TCP Query User{9ADFF608-08A4-44C0-9229-8BC4FE3AAD01}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{870C2B7A-0320-42D9-A9E8-E65A3BE86C0F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4789D6A3-B31C-4EFD-A7A5-76B9017C9D93}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{075C0A2F-EDC6-4810-BF62-54A79ACFF5DB}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{F049513A-D5AA-42AA-866F-90987B41DD49}C:\program files (x86)\oculus\software\oculus-lost\lost\binaries\win64\previsrock-win64-shipping.exe] => (Allow) C:\program files (x86)\oculus\software\oculus-lost\lost\binaries\win64\previsrock-win64-shipping.exe
FirewallRules: [UDP Query User{8443E670-D76B-48CF-9A9C-6AAAF0709BB1}C:\program files (x86)\oculus\software\oculus-lost\lost\binaries\win64\previsrock-win64-shipping.exe] => (Allow) C:\program files (x86)\oculus\software\oculus-lost\lost\binaries\win64\previsrock-win64-shipping.exe
FirewallRules: [TCP Query User{1FBC2C29-7C0B-4808-85BF-D5CB28B4E21A}C:\program files (x86)\oculus\support\oculus-dreamdeck-nux\dreamdeck\binaries\win64\dreamdeck-win64-test.exe] => (Allow) C:\program files (x86)\oculus\support\oculus-dreamdeck-nux\dreamdeck\binaries\win64\dreamdeck-win64-test.exe
FirewallRules: [UDP Query User{4DDCD249-0A6A-429C-9BBF-B985A0A51C3E}C:\program files (x86)\oculus\support\oculus-dreamdeck-nux\dreamdeck\binaries\win64\dreamdeck-win64-test.exe] => (Allow) C:\program files (x86)\oculus\support\oculus-dreamdeck-nux\dreamdeck\binaries\win64\dreamdeck-win64-test.exe
FirewallRules: [TCP Query User{82B2BCD0-A23B-4C37-A7E4-4F83EA479C80}C:\program files\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) C:\program files\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{AA81F6D3-8958-4699-B47A-6DD1F9B32FB8}C:\program files\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) C:\program files\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [TCP Query User{00626E72-74DE-4EBC-ABA4-5802C56FF978}C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{A159C435-39FD-4A92-BF53-CED658EA8D63}C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [{F4CD3C15-AAF5-4DE6-96B4-68E7E9516FA9}] => (Allow) LPort=2869
FirewallRules: [{CE848A95-7CEF-4441-9789-97D85FAB2593}] => (Allow) LPort=1900
FirewallRules: [{72970F3A-87C4-4A80-ADCF-F6EF79D9B7EE}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{D1A39951-B749-4EA0-A81C-981AF74BB3A1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{ADAA37F3-C68A-4D88-89F9-32A017976706}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{D09F2C84-B8E5-48D1-BD12-BF0E4143F7F0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{A454845A-226D-4064-A9EF-789B19D044EB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D20E6FB9-1366-460B-94D6-576CFA284F51}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{83EF35A6-D517-4CF5-A29B-FC13545225EA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{BEBC0482-5E28-4D91-86EF-55E93C4F6DB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirate Trainer VR\SpacePirateVR.exe
FirewallRules: [{7BAF8E50-3A2F-491D-A50D-337C4744FA72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirate Trainer VR\SpacePirateVR.exe
FirewallRules: [{34E29F32-6450-4E4C-AA5E-92A385E72BE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Minigolf VR\MinigolfVR\MinigolfVR.exe
FirewallRules: [{22C500AC-0973-4144-B594-D94762B93A61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Minigolf VR\MinigolfVR\MinigolfVR.exe
FirewallRules: [TCP Query User{2F0CCE4E-EC45-4970-8E1A-1E2EB7C30CC8}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{3A588334-2389-4B98-ACED-FD5B9D7D5BA2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{50F97B03-615A-4FEE-AC1B-C471A98472D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cloudlands\Cloudlands.exe
FirewallRules: [{C35A4A6D-E936-4D23-963D-F3C2A9AAEAA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cloudlands\Cloudlands.exe
FirewallRules: [{64D184F9-0416-4BCC-8077-BEB233235722}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PITCH-HIT\pitch-hit-demo.exe
FirewallRules: [{D9597AB8-8E83-47BB-874A-350D2A2783F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PITCH-HIT\pitch-hit-demo.exe
FirewallRules: [{BFD0438E-7EBF-4B52-BF82-9CBCCDAA667E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocksmith\Rocksmith.exe
FirewallRules: [{A70EA2C5-EBCA-4118-9780-406E2EA16236}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocksmith\Rocksmith.exe
FirewallRules: [{F57B1A23-2F3B-4DAA-BAEF-4AF611A943A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jeeboman\Jeeboman.exe
FirewallRules: [{F1FF0F8D-002A-4860-A584-FA78EDE97CA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jeeboman\Jeeboman.exe
FirewallRules: [{4B2F9D3C-2558-4B27-8BB8-20D184C83B12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Gallery Call of the Starseed\gdc\GDC_Demo_Unity5.exe
FirewallRules: [{4ADA3B1B-84A4-49D3-8395-0E496E7F9910}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Gallery Call of the Starseed\gdc\GDC_Demo_Unity5.exe
FirewallRules: [TCP Query User{D5BC9E4F-39EE-4872-929C-5423D202BE93}C:\program files (x86)\steam\steamapps\common\theroseandi\roseandi\binaries\win64\roseandi-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theroseandi\roseandi\binaries\win64\roseandi-win64-shipping.exe
FirewallRules: [UDP Query User{36A82AD1-7D68-47B9-8B19-7B1AD85E0EAC}C:\program files (x86)\steam\steamapps\common\theroseandi\roseandi\binaries\win64\roseandi-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theroseandi\roseandi\binaries\win64\roseandi-win64-shipping.exe
FirewallRules: [{F7403782-FC98-459A-9636-674EAF94C0CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRDemos\customizable_controller_intro.exe
FirewallRules: [{A6012B64-E4BA-4005-8D07-447FAE7BE7F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRDemos\customizable_controller_intro.exe
FirewallRules: [{FD0F80F6-45E4-40B2-97A2-B007D0097569}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRDemos\ValveDemoRoom.exe
FirewallRules: [{EE2736BC-D4D2-46BE-8F82-D9925A7ADE83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRDemos\ValveDemoRoom.exe
FirewallRules: [{07076984-899E-4475-AC76-A5EB5BF858EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRDemos\ValveDemoRoom2.exe
FirewallRules: [{66866E41-47F4-49E5-9B97-C84219BB99C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRDemos\ValveDemoRoom2.exe
FirewallRules: [{ED5BF942-70DA-4447-8401-C2F88D901CD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRDemos\SecretShop.exe
FirewallRules: [{CAAB2D89-64B1-4886-9504-B9AEB8D70543}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRDemos\SecretShop.exe
FirewallRules: [{B203767B-87F3-4571-8BE1-0F086C228017}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRDemos\CinderCone.exe
FirewallRules: [{1B173FD7-3938-4EB3-A15D-EA3B677E3BBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRDemos\CinderCone.exe
FirewallRules: [{3B80ECAB-04D5-4A19-9B5D-8CE0644A19EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Approach\FinalApproachVR.exe
FirewallRules: [{68434239-DEA5-4C94-AC36-96E5C019A1AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Approach\FinalApproachVR.exe
FirewallRules: [TCP Query User{694CE255-2247-49FD-80A6-B679C9D78D65}C:\program files (x86)\steam\steamapps\common\sculptrvr\sculptrvr\binaries\win64\sculptrvr-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sculptrvr\sculptrvr\binaries\win64\sculptrvr-win64-shipping.exe
FirewallRules: [UDP Query User{4329A848-4761-4DF3-AF80-141745EAAC7C}C:\program files (x86)\steam\steamapps\common\sculptrvr\sculptrvr\binaries\win64\sculptrvr-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sculptrvr\sculptrvr\binaries\win64\sculptrvr-win64-shipping.exe
FirewallRules: [TCP Query User{E73A7A49-3C60-4BD8-A986-B5207B1BFB62}C:\program files (x86)\steam\steamapps\common\realities\riobeta\binaries\win64\riobeta.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\realities\riobeta\binaries\win64\riobeta.exe
FirewallRules: [UDP Query User{2C91D43D-93C8-419E-9FE9-2E0B0BA99C2C}C:\program files (x86)\steam\steamapps\common\realities\riobeta\binaries\win64\riobeta.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\realities\riobeta\binaries\win64\riobeta.exe
FirewallRules: [TCP Query User{F28DF0B3-BA89-4914-B3A0-C763BB22EF64}C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{DEDEC35B-A215-4E2C-B06A-A1078F21011F}C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{CCC2B59F-A2D4-4CE7-B423-0EE9218C3607}C:\program files (x86)\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files (x86)\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{EDCC362C-721C-4207-91F7-7B9DDC8915CD}C:\program files (x86)\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files (x86)\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [{CB1C01CF-478E-423A-BA37-C45C95C34D6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Water Bears VR\WaterBearsVR.exe
FirewallRules: [{48956D55-A690-4444-8AA7-902CE0C81FA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Water Bears VR\WaterBearsVR.exe
FirewallRules: [{A1912F75-9F9C-46ED-8B72-C81B11FA491E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gumball Drift\GumballDrift_SteamVR.exe
FirewallRules: [{73A22F4C-4B6A-41CA-8777-5838C1E18415}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gumball Drift\GumballDrift_SteamVR.exe
FirewallRules: [{579DED6C-85D5-4B23-98EA-23DD0E07A69C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jaunt VR\Jaunt VR.exe
FirewallRules: [{144F25C5-1B97-447D-8F80-91976D4C44F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jaunt VR\Jaunt VR.exe
FirewallRules: [{48FAC5AD-0C60-404E-9686-36D389D33F5D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{221FADBC-106B-4382-9BE1-20D455326D65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audioshield\Audioshield.exe
FirewallRules: [{3FC4BF83-918A-4E1C-9A91-FF5EF2A35890}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audioshield\Audioshield.exe
FirewallRules: [{A6485EBE-06C8-4D05-9E00-1C5D80292C9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realities\rioBeta.exe
FirewallRules: [{D0827439-CE55-4092-8136-488CF54226D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realities\rioBeta.exe
FirewallRules: [{7182953B-AA9A-41EF-B235-C9E2AFEE9F58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{19696BAE-822E-4009-A917-22F4BF211B40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [TCP Query User{4FD6C73E-9FC2-485E-99AD-04B740D4F225}C:\program files (x86)\steam\steamapps\common\the divergent series allegiant vr\allegiant\binaries\win64\allegiant-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the divergent series allegiant vr\allegiant\binaries\win64\allegiant-win64-shipping.exe
FirewallRules: [UDP Query User{E96BA10E-5C57-4204-9DFF-186A76D00738}C:\program files (x86)\steam\steamapps\common\the divergent series allegiant vr\allegiant\binaries\win64\allegiant-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the divergent series allegiant vr\allegiant\binaries\win64\allegiant-win64-shipping.exe
FirewallRules: [{9490DA3C-02F4-4ECC-BF7F-CBA42BA7DCA5}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{92B12BD5-9A0E-4BCA-8938-2FB7E6583206}] => (Allow) C:\Program Files\Vuze\Azureus.exe
 
==================== Restore Points =========================
 
31-03-2016 20:03:03 Removed Java SE Development Kit 7 Update 21
01-04-2016 07:38:06 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: ASMedia XHCI Controller
Description: ASMedia XHCI Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: ASMedia Technology Inc
Service: asmtxhci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: ASMedia XHCI Controller
Description: ASMedia XHCI Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: ASMedia Technology Inc
Service: asmtxhci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/01/2016 10:49:40 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: 10:49:40.456 {!ERROR!} [FBNS] ClientImpl.cpp:160 Failed to connect to the MQTT server
 
Error: (04/01/2016 10:49:10 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: 10:49:10.116 {!ERROR!} [FBNS] ClientImpl.cpp:160 Failed to connect to the MQTT server
 
Error: (04/01/2016 10:48:39 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: 10:48:39.778 {!ERROR!} [FBNS] ClientImpl.cpp:160 Failed to connect to the MQTT server
 
Error: (04/01/2016 10:48:09 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: 10:48:09.418 {!ERROR!} [FBNS] ClientImpl.cpp:160 Failed to connect to the MQTT server
 
Error: (04/01/2016 10:47:39 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: 10:47:39.077 {!ERROR!} [FBNS] ClientImpl.cpp:160 Failed to connect to the MQTT server
 
Error: (04/01/2016 10:47:08 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: 10:47:08.739 {!ERROR!} [FBNS] ClientImpl.cpp:160 Failed to connect to the MQTT server
 
Error: (04/01/2016 10:46:38 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: 10:46:38.479 {!ERROR!} [FBNS] ClientImpl.cpp:160 Failed to connect to the MQTT server
 
Error: (04/01/2016 10:46:08 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: 10:46:08.130 {!ERROR!} [FBNS] ClientImpl.cpp:160 Failed to connect to the MQTT server
 
Error: (04/01/2016 10:45:37 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: 10:45:37.870 {!ERROR!} [FBNS] ClientImpl.cpp:160 Failed to connect to the MQTT server
 
Error: (04/01/2016 10:45:07 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: 10:45:07.525 {!ERROR!} [FBNS] ClientImpl.cpp:160 Failed to connect to the MQTT server
 
 
System errors:
=============
Error: (04/01/2016 07:47:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
 
Error: (04/01/2016 07:45:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (04/01/2016 07:45:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (04/01/2016 07:44:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (04/01/2016 07:44:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (04/01/2016 07:43:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sptd
 
Error: (04/01/2016 07:41:35 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
Error: (04/01/2016 07:40:48 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
 
Error: (04/01/2016 07:40:48 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
 
Error: (04/01/2016 07:40:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
 
 
CodeIntegrity:
===================================
  Date: 2016-04-01 07:47:58.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-31 23:57:29.472
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-31 19:10:20.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-31 16:01:03.753
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 21:13:43.319
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 16:04:35.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 15:29:33.004
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-27 21:56:13.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-27 21:43:13.734
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-27 21:01:47.600
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 28%
Total physical RAM: 16384 MB
Available physical RAM: 11668.41 MB
Total Virtual: 32766.21 MB
Available Virtual: 28303.29 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:698.54 GB) (Free:62.17 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Fixed) (Total:931.41 GB) (Free:472.9 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:931.51 GB) (Free:109.92 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: BABD33E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9A9E53A8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2F3D14CA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 PM

Posted 01 April 2016 - 12:41 PM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CloseProcesses:

FirewallRules: [{2E1826E0-18A2-40C6-8842-B1050108A6A4}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{DE9CFFAC-13AE-402F-9013-CAF7A5CD5BA2}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{9490DA3C-02F4-4ECC-BF7F-CBA42BA7DCA5}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{92B12BD5-9A0E-4BCA-8938-2FB7E6583206}] => (Allow) C:\Program Files\Vuze\Azureus.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

========

Vuze Remote Toolbar v10.0 (HKLM-x32\...\{2A567123-6435-476E-9529-54F5F9A9F4E0}) (Version: 10.0 - Spigot, Inc.) <==== ATTENTION


A remnant item in the registry.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :regfind
    2A567123-6435-476E-9529-54F5F9A9F4E0
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===

Your copy of Chrome has been compromised

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Keep me posted.

#8 muglore

muglore
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 01 April 2016 - 01:53 PM

OK, those steps have been completed. Result of the fixlog scan:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Neal (2016-04-01 14:40:35) Run:4
Running from C:\Users\Neal\Desktop\downloads
Loaded Profiles: Neal (Available Profiles: Neal & OVRLibraryService)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CloseProcesses:
 
FirewallRules: [{2E1826E0-18A2-40C6-8842-B1050108A6A4}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{DE9CFFAC-13AE-402F-9013-CAF7A5CD5BA2}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{9490DA3C-02F4-4ECC-BF7F-CBA42BA7DCA5}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{92B12BD5-9A0E-4BCA-8938-2FB7E6583206}] => (Allow) C:\Program Files\Vuze\Azureus.exe
 
End
*****************
 
Processes closed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E1826E0-18A2-40C6-8842-B1050108A6A4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE9CFFAC-13AE-402F-9013-CAF7A5CD5BA2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9490DA3C-02F4-4ECC-BF7F-CBA42BA7DCA5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92B12BD5-9A0E-4BCA-8938-2FB7E6583206} => value removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 14:40:35 ====
 
 
///////////////////////////////////////////////////////////////////////////////////////////
 
and result of the systemlook scan:
 
SystemLook 30.07.11 by jpshortstuff
Log created at 14:46 on 01/04/2016 by Neal
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "2A567123-6435-476E-9529-54F5F9A9F4E0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\321765A25346E6745992455F9F9A4F0E]
"Transforms"="C:\Windows\Installer\{2A567123-6435-476E-9529-54F5F9A9F4E0}\1033.MST"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\321765A25346E6745992455F9F9A4F0E]
"ProductIcon"="C:\Windows\Installer\{2A567123-6435-476E-9529-54F5F9A9F4E0}\ARPPRODUCTICON.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Windows\Installer\{2A567123-6435-476E-9529-54F5F9A9F4E0}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\321765A25346E6745992455F9F9A4F0E\InstallProperties]
"ModifyPath"="MsiExec.exe /X{2A567123-6435-476E-9529-54F5F9A9F4E0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\321765A25346E6745992455F9F9A4F0E\InstallProperties]
"UninstallString"="MsiExec.exe /X{2A567123-6435-476E-9529-54F5F9A9F4E0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A567123-6435-476E-9529-54F5F9A9F4E0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A567123-6435-476E-9529-54F5F9A9F4E0}]
"ModifyPath"="MsiExec.exe /X{2A567123-6435-476E-9529-54F5F9A9F4E0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A567123-6435-476E-9529-54F5F9A9F4E0}]
"UninstallString"="MsiExec.exe /X{2A567123-6435-476E-9529-54F5F9A9F4E0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Vuze Remote]
"uninstall"="{2A567123-6435-476E-9529-54F5F9A9F4E0}"
 
-= EOF =-
 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 PM

Posted 02 April 2016 - 08:14 AM

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\321765A25346E6745992455F9F9A4F0E]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Windows\Installer\{2A567123-6435-476E-9529-54F5F9A9F4E0}\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\321765A25346E6745992455F9F9A4F0E\InstallProperties]
"ModifyPath"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\321765A25346E6745992455F9F9A4F0E\InstallProperties]
"UninstallString"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A567123-6435-476E-9529-54F5F9A9F4E0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Vuze Remote]


Restart the when completed.

You can delete the fixme.reg file when done.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#10 muglore

muglore
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 04 April 2016 - 10:38 PM

Everything working great until I require a restart, then the popups start at random intervals. 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 PM

Posted 05 April 2016 - 08:25 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#12 muglore

muglore
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 05 April 2016 - 10:06 PM

RogueKiller V12.1.1.0 [Apr  4 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Neal [Administrator]
Started from : C:\Users\Neal\Downloads\RogueKiller.exe
Mode : Delete -- Date : 04/05/2016 23:04:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 3 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F62DD939-4B62-4BF1-BABC-DCABCB63CF66} | DhcpNameServer : 172.16.42.1 ([X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F62DD939-4B62-4BF1-BABC-DCABCB63CF66} | DhcpNameServer : 172.16.42.1 ([X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F62DD939-4B62-4BF1-BABC-DCABCB63CF66} | DhcpNameServer : 172.16.42.1 ([X])  -> Replaced ()
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP][CHROME:Addon] Default : AVG Secure Search [ndibdjnfmopecpmkdieinmbadjfpblof] -> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3750640NS +++++
--- User ---
[MBR] 5ac60b162aa4a54c511c68f8b65eccd6
[BSP] 1437f7d1aa3331cdc249bf2ccd26421c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 715302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST1000LM014-1EJ164 +++++
--- User ---
[MBR] 48a9aebf3895d5353c2ea7fd2364d79a
[BSP] 381ee2b91b49cf6c5d04f08a29ed7c80 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: WDC WD10EALX-559BA0 +++++
--- User ---
[MBR] 9f423e8848009b23f74ce391261d31b8
[BSP] 82fbbbe0f5722fb5b342e8d99a9260c8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 PM

Posted 06 April 2016 - 08:20 AM

How is the computer running now?

#14 muglore

muglore
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 06 April 2016 - 08:52 AM

Unfortunately tab popups are still happening with the rogue re-direct. :( 

Your instructions have removed the Vuze remote toolbar app pointer from the list of installed programs, which I'm happy about.


Edited by muglore, 06 April 2016 - 08:53 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 PM

Posted 06 April 2016 - 01:03 PM

Chrome must be compromised.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users