Jump to content

Change Mode

A simple solve for browser hijacks!


Ron Smorynski
 Share

Recommended Posts

This may be old hat to you all, I don't know, but I searched and searched and to no avail.. but I got one of those annoying browser hijacks that 50/50 sent me to their lame virus warning and advertising websites.

 

The simple solve was mentioned once but I didn't realize how it was in every browser, under properties! It was coded in all of my browsers but the last one was Internet Explorer, which I don't use. But the other browsers must use it as their start off then run theirs.

 

So right click on the icon of all browsers, on toolbar or desktop, go to properties then tab shortcut. In target, there will be a "quotes" with some strange nefarious website. If you select in there and move mouse right, it will back up and reveal the regular chrome.exe or IE.exe... in quotes. You keep that one and delete the nefarious "quoted website". But you have to do it for all of the browsers and especially internet explorer!

 

Plus removing apps and programs and running anti-virus anti-adwares I suppose. But that nefarious little link was what was hijacking my browsers!!! And it was only in the Internet Explorer one!

 

Let me know if I got this off or wrong but it certainly FINALLY ended my hijacked browser!!

 

Link to comment
Share on other sites

Hello Ron Smorynski and welcome to the The Pit.

My name is Satchfan and I would be glad to help you with your computer problem.

 

It’s possible that you have temporarily solved the hijack problem but unlikely that you’ve rid your computer of all bad components completely so, let’s run some scans and have a look.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 

Link to comment
Share on other sites

Thanks for your help. My little fix dramatically dropped the amount of hijacks however there lingered one that kept coming up for a specific website. Which was weird. Same stuff but seemed to only come when I clicked furiously in that website and not others.

 

But I ran through your instructions. Checking my browsers and so far so good. HOWEVER... I was unable to run either of the Farbar Recovery Scan Tools? I tried both, run as admin, etc.. but kept popping up: Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item. (and I am admin) UPDATE: It is now working? About an hour later! Will add in another post.

I am clicking around browsers and seems clear... at the moment.

 

But here is AdwCleaner log and JRT txt.

 

 

# AdwCleaner v5.022 - Logfile created 24/11/2015 at 09:50:44
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [server]
# Operating system : Windows 10 Home (x64)
# Username : Daddyo - TROOPER
# Running from : C:\Users\Daddyo\Desktop\adwcleaner_5.022.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\Tarma Installer
[-] Folder Deleted : C:\Users\Daddyo\AppData\Roaming\One System Care
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default\user.js
[-] File Deleted : C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default\searchplugins\bing-lavasoft.xml
[-] File Deleted : C:\WINDOWS\SysNative\drivers\{eeea1470-a34b-421d-8578-085229e78f50}Gw64.sys
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [itibiti.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [dply_en_015020152]
[-] Key Deleted : HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2E22E1C9-9DDB-40DA-85C7-0753217FFF76}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{04FEAF9C-DC32-41C7-95CA-790E93488E7D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCAD7AF4-2975-4BFD-96A0-15F67DB62A78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D406F9C6-6014-44B6-AB45-1C97DDE0040E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E22E1C9-9DDB-40DA-85C7-0753217FFF76}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E22E1C9-9DDB-40DA-85C7-0753217FFF76}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2E22E1C9-9DDB-40DA-85C7-0753217FFF76}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\AVG SafeGuard toolbar
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\WEDLMNGR
[-] Key Deleted : HKCU\Software\DriverTuner_Init
[-] Key Deleted : HKCU\Software\DriverTuner
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 307880
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\weDownload Manager Pro
***** [ Web browsers ] *****
[-] [C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5529 bytes] ##########
_______________________________________________________________________________________________________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 10 Home x64
Ran by Daddyo (Administrator) on Tue 11/24/2015 at 9:54:54.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 10
Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder)
Successfully deleted: C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage (File)
Successfully deleted: C:\Users\Daddyo\AppData\Roaming\lavasoft\web companion (Folder)
Successfully deleted: C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default\extensions\bingsearch.full@microsoft.com\search.xml (File)
Successfully deleted: C:\Program Files (x86)\lavasoft\web companion (Folder)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERCTRL.EXE-5B71A077.pf (File)
Successfully deleted: C:\WINDOWS\SysWOW64\RENB8BD.tmp (File)
Successfully deleted: C:\WINDOWS\SysWOW64\RENCE96.tmp (File)
Successfully deleted: C:\WINDOWS\SysWOW64\RENFE0B.tmp (File)
Registry: 3
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{eeea1470-a34b-421d-8578-085229e78f50}Gw64 (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1e47a2-d7d2-4bb1-8fa8-2055f856c8ea} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfa55139-82af-4663-a19b-e135dac8d043} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/24/2015 at 9:56:52.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Edited by Ron Smorynski
Link to comment
Share on other sites

Thanks for the logs and that seems to have cleared up a lot.

 

However, your FRST logs, (FRST.txt and Addition.txt), were incomplete: please resend them and make sure that you include the complete logs.

 

Thanks

 

Satchfan

Link to comment
Share on other sites

Oh it won't take the whole thing. So I will split it.

 

FRST.txt part 1

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by Daddyo (administrator) on TROOPER (24-11-2015 11:43:04)
Running from C:\Users\Daddyo\Desktop
Loaded Profiles: Daddyo (Available Profiles: Daddyo & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader4.exe [2055168 2015-08-27] (Vitzo)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [2144064 2015-11-20] (PC Pitstop LLC)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3634687137-1423883221-2431650080-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-3634687137-1423883221-2431650080-1000\...\Run: [Download Nitro] => C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe [3597520 2011-06-30] (PC Pitstop, LLC)
HKU\S-1-5-21-3634687137-1423883221-2431650080-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3634687137-1423883221-2431650080-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [s-1-5-21-3634687137-1423883221-2431650080-1000] => hxxp://get-access.me/wpad.dat?a77ebccfbee30e3d8367a804797f62eb1868834
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5b8e0314-35c7-4f76-a07a-5ff69054dab3}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8e0edbe1-13c9-4c04-9842-25fff502d3bf}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://files.pcpitstop.com/cab/pcmatic.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll [2013-02-28] (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3634687137-1423883221-2431650080-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Daddyo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3634687137-1423883221-2431650080-1000: @talk.google.com/O1DPlugin -> C:\Users\Daddyo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3634687137-1423883221-2431650080-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3634687137-1423883221-2431650080-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3634687137-1423883221-2431650080-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daddyo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-06] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3634687137-1423883221-2431650080-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Daddyo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Daddyo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-06] [not signed]
FF Extension: Bing Search Engine - C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default\Extensions\bingsearch.full@microsoft.com [2015-11-24] [not signed]
FF Extension: Gmail - C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default\Extensions\jid0-JOhQqMYyzbBUNMCqaDAlT1nrk4o@jetpack.xpi [2013-12-19] [not signed]
FF Extension: Razor Web - C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default\Extensions\{2538b37c-2900-4194-8bd8-e0699a1f15de}.xpi [2015-05-29] [not signed]
FF Extension: Discover Treasure - C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default\Extensions\{8235101a-1cb6-47a9-8cb4-fe76a3068128}.xpi [2015-11-20] [not signed]
FF Extension: Video DownloadHelper - C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-08-22]
FF Extension: Adblock Plus - C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF Extension: See More Results Hub - C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default\Extensions\{d42b7947-1802-4bcd-8ade-959e9e235b61}.xpi [2015-11-20] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-20]
CHR Extension: (Google Drive) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-20]
CHR Extension: (BibleTalk.tv) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\biomlfidkagkicdjokbpbojjmdcknpcn [2015-11-20]
CHR Extension: (YouTube) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-20]
CHR Extension: (Bible) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljbeanmjklkbfnppfedajbgeongccb [2015-11-20]
CHR Extension: (Google Search) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-20]
CHR Extension: (Bible Search) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\enlaminhpdcdeemcnfnecpjbafhhajff [2015-11-20]
CHR Extension: (Google Sheets) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2015-11-20]
CHR Extension: (ThemeForest Thumb) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikeaeahbcbddkapeolpmhncjjaojjep [2015-11-20]
CHR Extension: (Drudge Report News Reader) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdflcgbpfkkkomlfkbfokkbcgofcamgl [2015-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-20]
CHR Extension: (Gmail) - C:\Users\Daddyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-20]
CHR HKU\S-1-5-21-3634687137-1423883221-2431650080-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3634687137-1423883221-2431650080-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [238376 2015-05-28] (EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2015-09-23] (Microsoft Corporation)
S3 mi-raysat_3dsmax2011_32; C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [86016 2010-03-10] () [File not signed]
S3 mi-raysat_3dsmax2011_64; C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [86016 2010-03-10] () [File not signed]
S3 mi-raysat_3dsmax2013_32; C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe [86016 2011-09-14] () [File not signed]
S3 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-14] () [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-09-23] (Microsoft Corporation)
U2 OneSyncSvc_Session33; C:\WINDOWS\system32\svchost.exe [39856 2015-07-09] (Microsoft Corporation)
U2 OneSyncSvc_Session33; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-09] (Microsoft Corporation)
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [668992 2015-11-20] (PC Pitstop LLC)
U3 PimIndexMaintenanceSvc_Session33; C:\WINDOWS\system32\svchost.exe [39856 2015-07-09] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session33; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-09] (Microsoft Corporation)
S3 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2013-03-13] (Realtek Semiconductor.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
U3 UnistoreSvc_Session33; C:\WINDOWS\System32\svchost.exe [39856 2015-07-09] (Microsoft Corporation)
U3 UnistoreSvc_Session33; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-09] (Microsoft Corporation)
U3 UserDataSvc_Session33; C:\WINDOWS\system32\svchost.exe [39856 2015-07-09] (Microsoft Corporation)
U3 UserDataSvc_Session33; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-09] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-09-23] (Microsoft Corporation)
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [72192 2015-09-23] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-09-23] (Microsoft Corporation)
R2 W3SVC; C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll [504832 2015-09-23] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
S3 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-09-23] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-09] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-09] (Microsoft Corporation)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2015-08-03] (Wondershare)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Link to comment
Share on other sites

FRST.txt part 2

 

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-24 11:42 - 2015-11-24 11:42 - 00090831 _____ C:\Users\Daddyo\Desktop\Addition.txt
2015-11-24 11:41 - 2015-11-24 11:43 - 00027335 _____ C:\Users\Daddyo\Desktop\FRST.txt
2015-11-24 11:41 - 2015-11-24 11:43 - 00000000 ____D C:\FRST
2015-11-24 09:58 - 2015-11-24 09:58 - 01718784 _____ (Farbar) C:\Users\Daddyo\Desktop\FRST.exe
2015-11-24 09:57 - 2015-11-24 09:57 - 02348544 _____ (Farbar) C:\Users\Daddyo\Downloads\FRST64 (1).exe
2015-11-24 09:57 - 2015-11-24 09:57 - 01733632 _____ C:\Users\Daddyo\Downloads\adwcleaner_5.022 (1).exe
2015-11-24 09:56 - 2015-11-24 09:56 - 00001944 _____ C:\Users\Daddyo\Desktop\JRT.txt
2015-11-24 09:52 - 2015-11-24 09:52 - 02348544 _____ (Farbar) C:\Users\Daddyo\Downloads\FRST64.exe
2015-11-24 09:52 - 2015-11-24 09:52 - 01733632 _____ C:\Users\Daddyo\Downloads\adwcleaner_5.022.exe
2015-11-24 09:51 - 2015-11-24 09:51 - 00016148 _____ C:\WINDOWS\system32\TROOPER_Daddyo_HistoryPrediction.bin
2015-11-24 09:48 - 2015-11-24 09:50 - 00000000 ____D C:\AdwCleaner
2015-11-24 09:48 - 2015-11-24 09:48 - 02348544 _____ (Farbar) C:\Users\Daddyo\Desktop\FRST64.exe
2015-11-24 09:48 - 2015-11-24 09:48 - 01599080 _____ (Malwarebytes) C:\Users\Daddyo\Desktop\JRT.exe
2015-11-24 09:47 - 2015-11-24 09:47 - 01733632 _____ C:\Users\Daddyo\Desktop\adwcleaner_5.022.exe
2015-11-23 23:08 - 2015-11-23 23:08 - 00000000 _____ C:\WINDOWS\SysWOW64\SBRC.dat
2015-11-23 20:48 - 2015-11-23 20:49 - 132293912 _____ (Microsoft Corporation) C:\Users\Daddyo\Downloads\msert.exe
2015-11-23 20:46 - 2015-11-23 20:46 - 00717264 _____ (Opera Software) C:\Users\Daddyo\Downloads\Opera_NI_stable (1).exe
2015-11-23 20:30 - 2015-11-23 20:33 - 00000000 ____D C:\Users\Daddyo\AppData\Local\NPE
2015-11-23 20:30 - 2015-11-23 20:30 - 03088296 _____ (Symantec Corporation) C:\Users\Daddyo\Downloads\NPE.exe
2015-11-23 20:30 - 2015-11-23 20:30 - 00000000 ____D C:\ProgramData\Norton
2015-11-23 20:27 - 2015-11-23 20:27 - 00717264 _____ (Opera Software) C:\Users\Daddyo\Downloads\Opera_NI_stable.exe
2015-11-23 20:27 - 2015-11-23 20:27 - 00003930 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1448232644
2015-11-23 20:16 - 2015-11-23 20:16 - 00000005 _____ C:\Users\Daddyo\Downloads\download
2015-11-21 13:55 - 2015-11-21 13:55 - 00000000 ____D C:\ProgramData\BitDefender
2015-11-21 13:39 - 2015-11-24 09:55 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\Lavasoft
2015-11-21 13:39 - 2015-11-24 09:55 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-11-21 13:39 - 2015-11-21 13:39 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\LavasoftStatistics
2015-11-21 13:38 - 2015-11-23 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-11-21 13:33 - 2015-11-21 13:33 - 00000000 ____D C:\Program Files\Lavasoft
2015-11-21 13:28 - 2015-11-21 13:28 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-21 13:26 - 2015-11-24 09:55 - 00000000 ____D C:\ProgramData\Lavasoft
2015-11-21 12:55 - 2015-11-21 12:55 - 00000000 ____D C:\Users\Daddyo\Documents\Sound recordings
2015-11-21 11:00 - 2015-11-21 11:00 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\Sun
2015-11-20 12:27 - 2014-04-15 12:02 - 00082872 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbapifs.sys
2015-11-20 12:00 - 2015-11-20 12:01 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\SpringFiles
2015-11-20 12:00 - 2015-11-20 12:00 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-20 11:59 - 2015-11-24 05:46 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1F0C91EA-7BEA-4218-85C9-5717BC6BCF50}
2015-11-18 12:20 - 2015-11-18 14:12 - 344263315 _____ C:\Users\Daddyo\Downloads\Rachael.Rays.Kds.Cook.Off.S01E03.HDTV.x264-ALTEREGO.mp4
2015-11-18 09:04 - 2015-11-18 11:09 - 383749537 _____ C:\Users\Daddyo\Downloads\rachael.rays.kids.cook-off.s01e02.hdtv.x264-daview.mp4
2015-11-17 21:13 - 2015-11-17 22:54 - 310704848 _____ C:\Users\Daddyo\Downloads\rachael.rays.kids.cook-off.s01e02.hdtv.x264-daview.mp4.crdownload
2015-11-17 17:05 - 2015-11-17 18:54 - 334998876 _____ C:\Users\Daddyo\Downloads\Rachael.Rays.Kds.Cook.Off.S01E05.HDTV.x264-ALTEREGO.mp4
2015-11-17 13:26 - 2015-11-17 15:26 - 369109268 _____ C:\Users\Daddyo\Downloads\rachael.rays.Kds.cook-off.s01e04.hdtv.x264-daview.mp4
2015-11-17 10:12 - 2015-11-17 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-17 10:11 - 2015-11-24 11:16 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-17 10:11 - 2015-11-24 10:16 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-17 10:11 - 2015-11-17 10:12 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-17 10:11 - 2015-11-17 10:11 - 00003984 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-11-17 10:11 - 2015-11-17 10:11 - 00003752 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-11-17 10:10 - 2015-11-17 10:10 - 00660960 _____ (Dropbox, Inc.) C:\Users\Daddyo\Downloads\DropboxInstaller.exe
2015-11-16 14:17 - 2015-11-16 14:17 - 00000474 _____ C:\Users\Daddyo\Downloads\text_calendar.ics
2015-11-10 12:44 - 2015-11-10 12:44 - 34033992 _____ (Mozilla) C:\Users\Daddyo\Downloads\Thunderbird Setup 38.3.0.exe
2015-11-10 12:44 - 2015-11-10 12:44 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\Thunderbird
2015-11-10 12:44 - 2015-11-10 12:44 - 00000000 ____D C:\Users\Daddyo\AppData\Local\Thunderbird
2015-11-08 08:40 - 2015-11-08 08:40 - 00348192 _____ C:\WINDOWS\Minidump\110815-10671-01.dmp
2015-11-08 08:40 - 2015-11-08 08:40 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-07 12:59 - 2015-11-07 12:59 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\.mono
2015-11-07 12:59 - 2015-11-07 12:59 - 00000000 ____D C:\Users\Daddyo\AppData\LocalLow\PlayfulCorp
2015-11-07 12:59 - 2015-11-07 12:59 - 00000000 ____D C:\ProgramData\.mono
2015-11-07 12:34 - 2015-11-07 12:34 - 00718916 _____ C:\Users\Daddyo\Downloads\CustomMobSpawner 3.4.0.jar
2015-11-07 12:33 - 2015-11-07 12:33 - 03429006 _____ C:\Users\Daddyo\Downloads\forge-1.8-11.14.1.1334-installer-win.exe
2015-11-07 12:31 - 2015-11-07 12:33 - 21556740 _____ C:\Users\Daddyo\Downloads\DrZharks MoCreatures Mod v6.3.1 (2).zip
2015-11-07 12:08 - 2015-11-07 12:09 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-11-07 12:08 - 2015-11-07 12:08 - 02314240 _____ C:\Users\Daddyo\Downloads\MinecraftInstaller.msi
2015-11-07 12:08 - 2015-11-07 12:08 - 00001030 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-11-07 12:08 - 2015-11-07 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-11-07 11:50 - 2015-11-21 10:59 - 00000000 ____D C:\Users\Daddyo\.oracle_jre_usage
2015-11-02 19:16 - 2015-11-02 19:16 - 00001397 _____ C:\Users\Daddyo\Desktop\iTunes.exe - Shortcut.lnk
2015-11-02 13:07 - 2015-11-23 21:57 - 00247032 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2015-10-29 16:26 - 2015-10-27 15:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-29 16:26 - 2015-10-27 15:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-29 16:26 - 2015-10-21 04:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-29 16:26 - 2015-10-21 04:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-29 16:26 - 2015-10-21 04:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-29 16:26 - 2015-10-21 04:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-29 16:26 - 2015-10-21 04:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-29 16:26 - 2015-10-21 04:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-29 16:26 - 2015-10-21 03:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-29 16:26 - 2015-10-21 03:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-29 16:26 - 2015-10-21 03:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-29 16:26 - 2015-10-21 03:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-29 16:26 - 2015-10-21 03:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-29 16:26 - 2015-10-21 03:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-29 16:26 - 2015-10-21 03:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-29 16:26 - 2015-10-21 03:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-29 16:26 - 2015-10-21 03:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-29 16:26 - 2015-10-21 03:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-29 16:26 - 2015-10-21 03:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-29 16:26 - 2015-10-21 03:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-29 16:26 - 2015-10-21 03:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-29 16:26 - 2015-10-21 03:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-29 16:26 - 2015-10-21 03:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-29 16:26 - 2015-10-20 21:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-29 16:26 - 2015-10-20 21:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-29 16:26 - 2015-10-20 21:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-29 16:26 - 2015-10-20 21:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-29 16:26 - 2015-10-20 21:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-29 16:26 - 2015-10-20 21:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-29 16:26 - 2015-10-20 21:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-29 16:26 - 2015-10-20 21:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-29 16:26 - 2015-10-20 20:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-29 16:26 - 2015-10-20 20:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-29 16:26 - 2015-10-20 20:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-29 16:26 - 2015-10-09 23:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-29 16:26 - 2015-10-05 19:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-29 16:26 - 2015-10-05 18:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-29 16:26 - 2015-09-30 20:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-29 16:26 - 2015-09-30 20:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-29 16:26 - 2015-09-30 20:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-29 16:26 - 2015-09-30 20:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-29 16:26 - 2015-09-30 20:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-29 16:26 - 2015-09-30 19:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-29 16:26 - 2015-09-24 20:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-29 16:26 - 2015-09-24 20:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-29 16:26 - 2015-09-24 19:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-29 16:26 - 2015-09-24 19:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-29 16:26 - 2015-09-24 19:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-29 16:26 - 2015-09-24 19:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-29 16:26 - 2015-09-24 19:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-29 16:26 - 2015-09-24 19:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-29 16:26 - 2015-09-24 19:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-29 16:26 - 2015-09-24 19:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-29 16:26 - 2015-09-24 19:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-29 16:26 - 2015-09-24 19:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-29 16:26 - 2015-09-24 19:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-29 16:26 - 2015-09-24 19:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-29 16:26 - 2015-09-24 19:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-29 16:26 - 2015-09-24 19:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-29 16:26 - 2015-09-24 19:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-29 16:26 - 2015-09-24 19:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-29 16:26 - 2015-09-24 19:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-29 16:26 - 2015-09-24 19:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-29 16:26 - 2015-09-24 19:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-29 16:26 - 2015-09-24 19:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-29 16:26 - 2015-09-24 19:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-29 16:26 - 2015-09-24 18:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-29 16:26 - 2015-09-24 18:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-29 16:26 - 2015-09-24 18:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-29 16:26 - 2015-09-24 18:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-29 16:26 - 2015-09-24 18:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-29 16:26 - 2015-09-24 18:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-29 16:26 - 2015-09-24 18:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-29 16:26 - 2015-09-24 18:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-29 16:26 - 2015-09-24 18:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-29 16:26 - 2015-09-24 18:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-29 16:26 - 2015-09-24 18:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-29 16:26 - 2015-09-24 18:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-29 16:26 - 2015-09-24 18:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-29 16:26 - 2015-09-24 18:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-29 16:26 - 2015-09-24 18:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-29 16:26 - 2015-09-24 18:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-29 16:26 - 2015-09-24 18:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-29 16:26 - 2015-09-24 18:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-29 16:26 - 2015-09-24 18:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-29 16:26 - 2015-09-24 18:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-29 16:26 - 2015-09-24 18:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-29 16:26 - 2015-09-24 18:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-29 16:26 - 2015-09-24 18:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-29 16:26 - 2015-09-24 18:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-29 16:26 - 2015-09-24 18:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-29 16:26 - 2015-09-24 18:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-29 16:26 - 2015-09-18 21:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-29 16:26 - 2015-09-16 22:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-29 16:26 - 2015-09-16 22:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-29 16:26 - 2015-09-16 22:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-29 16:26 - 2015-09-16 22:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-29 16:26 - 2015-09-16 22:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-29 16:26 - 2015-09-16 22:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-29 16:26 - 2015-09-16 22:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-29 16:26 - 2015-09-16 22:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-29 16:26 - 2015-09-16 22:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-29 16:26 - 2015-09-16 22:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-29 16:26 - 2015-09-16 22:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-29 16:26 - 2015-09-16 22:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-29 16:26 - 2015-09-16 22:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-29 16:26 - 2015-09-16 22:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-29 16:26 - 2015-09-16 22:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-29 16:26 - 2015-09-16 22:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-29 16:26 - 2015-09-16 22:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-29 16:26 - 2015-09-16 22:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-29 16:26 - 2015-09-16 22:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-29 16:26 - 2015-09-16 22:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-29 16:26 - 2015-09-16 22:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-29 16:26 - 2015-09-16 22:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-29 16:26 - 2015-09-16 22:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-29 16:26 - 2015-09-16 22:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-29 16:26 - 2015-09-16 22:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-29 16:26 - 2015-09-16 22:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-29 16:26 - 2015-09-16 22:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-29 16:26 - 2015-09-16 22:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-29 16:26 - 2015-09-16 22:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-29 16:26 - 2015-09-16 22:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-29 16:26 - 2015-09-16 22:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-29 16:26 - 2015-09-16 22:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-29 16:26 - 2015-09-16 22:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-29 16:26 - 2015-09-16 22:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-29 16:26 - 2015-09-16 22:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-29 16:26 - 2015-09-16 22:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-29 16:26 - 2015-09-16 22:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-29 16:26 - 2015-09-16 22:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-29 16:26 - 2015-09-16 22:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-29 16:26 - 2015-09-16 22:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-29 16:26 - 2015-09-16 22:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-29 16:26 - 2015-09-16 22:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-29 16:26 - 2015-09-16 22:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-29 16:26 - 2015-09-16 22:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-29 16:26 - 2015-09-16 22:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-29 16:26 - 2015-09-16 22:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-29 16:26 - 2015-09-16 22:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-29 16:26 - 2015-09-16 22:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-29 16:26 - 2015-09-16 22:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-29 16:26 - 2015-09-16 22:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-29 16:26 - 2015-09-16 22:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-29 16:26 - 2015-09-16 22:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-29 16:26 - 2015-09-16 22:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-29 16:26 - 2015-09-16 22:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-29 16:26 - 2015-09-16 22:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-29 16:26 - 2015-09-16 22:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-29 16:26 - 2015-09-16 22:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-29 16:26 - 2015-09-16 22:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-29 16:26 - 2015-09-16 22:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-29 16:26 - 2015-09-16 22:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-29 16:26 - 2015-09-16 22:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-29 16:26 - 2015-09-16 21:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-29 16:26 - 2015-09-16 21:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-29 16:26 - 2015-09-16 21:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-29 16:26 - 2015-09-16 21:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-29 16:26 - 2015-09-16 21:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-29 16:26 - 2015-09-16 21:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-29 16:26 - 2015-09-16 21:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-29 16:26 - 2015-09-16 21:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-29 16:26 - 2015-09-16 21:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-29 16:26 - 2015-09-16 21:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-29 16:26 - 2015-09-16 21:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-29 16:26 - 2015-09-16 21:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-29 16:26 - 2015-09-16 21:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-29 16:26 - 2015-09-16 21:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-29 16:26 - 2015-09-16 21:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-29 16:26 - 2015-09-16 21:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-29 16:26 - 2015-09-16 21:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-29 16:26 - 2015-09-16 21:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-29 16:26 - 2015-09-16 21:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-29 16:26 - 2015-09-16 21:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-29 16:26 - 2015-09-16 21:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-29 16:26 - 2015-09-16 21:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-29 16:26 - 2015-09-16 21:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-29 16:26 - 2015-09-16 21:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-29 16:26 - 2015-09-16 21:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-29 16:26 - 2015-09-16 21:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-29 16:26 - 2015-09-16 21:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-29 16:26 - 2015-09-16 21:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-29 16:26 - 2015-09-16 21:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-29 16:26 - 2015-09-16 21:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-29 16:26 - 2015-09-16 21:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-29 16:26 - 2015-09-16 21:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-29 16:26 - 2015-09-16 21:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-29 16:26 - 2015-09-16 21:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-29 16:26 - 2015-09-16 21:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-29 16:26 - 2015-09-16 21:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-29 16:26 - 2015-09-16 21:50 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-10-29 16:26 - 2015-09-16 21:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-29 16:26 - 2015-09-16 21:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-29 16:26 - 2015-09-16 21:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-29 16:26 - 2015-09-16 21:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-29 16:26 - 2015-09-16 21:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-29 16:26 - 2015-09-16 21:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-29 16:26 - 2015-09-16 21:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-29 16:26 - 2015-09-16 21:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-29 16:26 - 2015-09-16 21:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-29 16:26 - 2015-09-16 21:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-29 16:26 - 2015-09-16 21:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-29 16:26 - 2015-09-16 21:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-29 16:26 - 2015-09-16 21:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-29 16:26 - 2015-09-16 21:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-29 16:26 - 2015-09-16 21:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-29 16:26 - 2015-09-16 21:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-29 16:26 - 2015-09-16 21:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-29 16:26 - 2015-09-16 21:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-29 16:26 - 2015-09-16 21:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-29 16:26 - 2015-09-16 21:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-29 16:26 - 2015-09-16 21:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-29 16:26 - 2015-09-16 21:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-29 16:26 - 2015-09-16 21:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-29 16:26 - 2015-09-16 21:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-29 16:26 - 2015-09-16 21:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-29 16:26 - 2015-09-16 21:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-29 16:26 - 2015-09-16 21:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-29 16:26 - 2015-09-16 21:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-29 16:26 - 2015-09-16 21:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-29 16:26 - 2015-09-16 21:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-29 16:26 - 2015-09-16 21:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-29 16:26 - 2015-09-16 21:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-29 16:26 - 2015-09-16 21:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-29 16:26 - 2015-09-16 21:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-29 16:26 - 2015-09-16 21:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-29 16:26 - 2015-09-16 21:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-29 16:26 - 2015-09-16 21:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-29 16:26 - 2015-09-16 21:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-29 16:26 - 2015-09-16 21:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-29 16:26 - 2015-09-16 21:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-29 16:26 - 2015-09-16 21:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-29 16:26 - 2015-09-16 21:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-29 16:26 - 2015-09-16 21:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-29 16:26 - 2015-09-16 21:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-29 16:26 - 2015-09-16 21:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-29 16:26 - 2015-09-16 21:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-29 16:26 - 2015-09-16 21:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-29 16:26 - 2015-09-16 21:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-29 16:26 - 2015-09-16 21:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-29 16:26 - 2015-09-16 21:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-29 16:26 - 2015-09-16 21:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-29 16:26 - 2015-09-16 21:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-29 16:26 - 2015-09-16 21:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-29 16:26 - 2015-09-16 21:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-29 16:26 - 2015-09-16 21:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-29 16:26 - 2015-09-16 21:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-29 16:26 - 2015-09-16 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-29 16:26 - 2015-09-16 21:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-29 16:26 - 2015-09-16 21:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-29 16:26 - 2015-09-16 21:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-29 16:26 - 2015-09-16 21:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-29 16:26 - 2015-09-16 21:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-29 16:26 - 2015-09-16 21:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-29 16:26 - 2015-09-16 21:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-29 16:26 - 2015-09-16 21:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-29 16:26 - 2015-09-16 21:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-29 16:26 - 2015-09-16 21:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-29 16:26 - 2015-09-16 21:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-29 16:26 - 2015-09-16 21:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-28 20:07 - 2015-10-28 20:08 - 04464148 _____ C:\Users\Daddyo\Downloads\HHAF4034-Digest (2).zip
2015-10-27 20:13 - 2015-10-27 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-27 20:13 - 2015-10-27 20:13 - 00000000 ____D C:\Program Files\iTunes
2015-10-27 20:13 - 2015-10-27 20:13 - 00000000 ____D C:\Program Files\iPod
2015-10-27 20:13 - 2015-10-27 20:13 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-25 15:19 - 2015-10-25 15:20 - 00158568 _____ C:\Users\Daddyo\Downloads\fixed_winmm_win10.zip
2015-10-25 15:19 - 2015-10-25 15:19 - 00158568 _____ C:\Users\Daddyo\Downloads\fixed_winmm_win10 (1).zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-24 11:43 - 2014-08-04 09:12 - 00000000 ____D C:\ProgramData\PCPitstopDat
2015-11-24 11:41 - 2013-04-24 17:49 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-24 11:19 - 2015-10-14 13:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-24 10:54 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-24 10:00 - 2013-03-13 11:15 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-24 09:58 - 2015-09-23 13:02 - 01012654 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-24 09:55 - 2015-01-09 08:42 - 00000000 ___RD C:\SHORTCUTS
2015-11-24 09:53 - 2014-08-04 09:10 - 00000000 ____D C:\ProgramData\PCPitstop
2015-11-24 09:52 - 2013-05-15 06:31 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\Dropbox
2015-11-24 09:51 - 2015-07-30 13:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-24 09:51 - 2015-07-10 01:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-24 09:51 - 2013-12-18 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-24 09:49 - 2014-08-04 11:32 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\Free Download Manager
2015-11-23 22:14 - 2013-10-15 12:17 - 00000000 ____D C:\Users\Daddyo\AppData\Local\Battle.net
2015-11-23 22:08 - 2013-10-15 12:17 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-23 21:19 - 2015-10-09 12:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-23 21:19 - 2015-09-25 08:10 - 00001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-23 21:19 - 2015-09-25 08:10 - 00001144 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-23 20:37 - 2014-08-04 09:10 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2015-11-23 20:27 - 2014-04-04 06:52 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-11-23 20:27 - 2014-04-04 06:52 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-23 20:26 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-23 20:25 - 2014-08-07 08:56 - 00000000 ____D C:\Users\Daddyo\AppData\Local\CrashDumps
2015-11-23 20:21 - 2015-09-23 13:05 - 00000000 ____D C:\Users\Daddyo
2015-11-23 20:20 - 2015-09-23 13:39 - 00000000 ____D C:\Users\Daddyo\AppData\Local\Packages
2015-11-23 20:20 - 2015-09-23 13:05 - 00000000 ____D C:\Users\DefaultAppPool
2015-11-23 20:20 - 2015-08-03 16:43 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-11-23 20:20 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\registration
2015-11-23 20:20 - 2014-04-04 06:52 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\Opera Software
2015-11-23 20:20 - 2014-01-06 18:44 - 00000000 ____D C:\Program Files\Logitech
2015-11-23 20:20 - 2013-12-19 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-23 20:20 - 2013-10-15 12:17 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\Battle.net
2015-11-23 20:20 - 2013-04-03 17:36 - 00000000 ____D C:\Program Files\Java
2015-11-23 20:20 - 2013-03-19 10:02 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-11-22 14:50 - 2014-04-04 06:52 - 00000000 ____D C:\Users\Daddyo\AppData\Local\Opera Software
2015-11-21 16:38 - 2015-09-09 21:32 - 00074946 _____ C:\WINDOWS\PFRO.log
2015-11-21 13:34 - 2015-07-30 13:50 - 00035651 _____ C:\WINDOWS\setupact.log
2015-11-20 12:02 - 2009-07-13 18:34 - 00000505 _____ C:\WINDOWS\win.ini
2015-11-20 12:00 - 2015-08-10 21:40 - 00002352 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-20 10:39 - 2014-10-16 09:41 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-11-19 09:19 - 2014-06-04 15:04 - 00003938 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1396623157
2015-11-17 10:51 - 2015-06-19 07:10 - 00000000 ____D C:\Users\Daddyo\AppData\Local\Dropbox
2015-11-16 18:12 - 2014-01-22 11:32 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\vlc
2015-11-16 17:23 - 2014-01-19 15:56 - 00000000 ____D C:\Users\Daddyo\Documents\ACID Music 5.0 Projects
2015-11-16 17:22 - 2014-01-19 15:56 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\Publish Providers
2015-11-16 12:04 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-16 11:26 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-11-15 14:30 - 2013-10-24 13:25 - 00000355 _____ C:\Users\Daddyo\Desktop\Computer.lnk
2015-11-14 16:17 - 2015-06-25 09:29 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-11-13 08:02 - 2014-03-09 08:59 - 752799079 _____ C:\WINDOWS\MEMORY.DMP
2015-11-11 09:17 - 2015-07-30 14:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 20:19 - 2015-06-25 09:29 - 00004020 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-11-10 19:19 - 2015-10-14 13:07 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-09 15:22 - 2013-03-13 19:40 - 00000000 ____D C:\Users\Daddyo\Documents\StarCraft II
2015-11-07 08:44 - 2015-07-30 14:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-11-07 08:44 - 2015-07-30 14:42 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-11-07 08:44 - 2015-07-30 14:42 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-11-07 08:44 - 2015-07-30 14:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-11-07 08:44 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-11-07 08:44 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-11-07 08:44 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-07 08:44 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\Provisioning
2015-11-07 08:44 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-11-06 22:31 - 2013-07-24 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-06 22:27 - 2013-03-17 07:53 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-06 22:25 - 2015-09-23 13:59 - 00000000 ____D C:\Windows.old
2015-11-06 21:57 - 2015-02-20 14:33 - 00000000 ____D C:\Users\Daddyo\AppData\Local\Steam
2015-10-30 20:05 - 2015-04-19 07:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-30 20:03 - 2015-04-19 07:46 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 15:49 - 2015-09-23 13:41 - 00002378 _____ C:\Users\Daddyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-30 15:49 - 2015-09-23 13:41 - 00000000 ___RD C:\Users\Daddyo\OneDrive
2015-10-27 20:13 - 2013-05-05 17:40 - 00000000 ____D C:\Program Files\Common Files\Apple
==================== Files in the root of some directories =======
2014-01-23 09:08 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2014-07-09 11:05 - 2015-05-21 14:53 - 0000132 _____ () C:\Users\Daddyo\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-05-21 10:43 - 2015-09-25 08:41 - 0000132 _____ () C:\Users\Daddyo\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-03 12:09 - 2014-02-26 14:53 - 0000132 _____ () C:\Users\Daddyo\AppData\Roaming\Adobe Targa Format CS5 Prefs
2013-05-31 11:20 - 2015-06-10 10:27 - 0001456 _____ () C:\Users\Daddyo\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-04-04 11:38 - 2014-02-01 18:15 - 0007627 _____ () C:\Users\Daddyo\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\Daddyo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgvg3ss.dll
C:\Users\Daddyo\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-06 22:25
==================== End of FRST.txt ============================
Link to comment
Share on other sites

Addition.txt

 

part 1

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by Daddyo (2015-11-24 11:43:26)
Running from C:\Users\Daddyo\Desktop
Windows 10 Home (X64) (2015-09-23 21:39:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3634687137-1423883221-2431650080-500 - Administrator - Disabled)
Daddyo (S-1-5-21-3634687137-1423883221-2431650080-1000 - Administrator - Enabled) => C:\Users\Daddyo
DefaultAccount (S-1-5-21-3634687137-1423883221-2431650080-503 - Limited - Disabled)
Guest (S-1-5-21-3634687137-1423883221-2431650080-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: PC Matic Super Shield (Enabled - Up to date) {A75D148F-9EA0-5C05-DCC3-E2888D63FFEC}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: PC Matic Super Shield (Enabled - Up to date) {1C3CF56B-B89A-538B-E673-D9FAF6E4B551}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3d-io BonesPro 4.70.00 (HKLM-x32\...\3d-io BonesPro) (Version: 4.70.00 - 3d-io GmbH)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Production Premium (HKLM-x32\...\{626B3D60-A661-4444-AAF5-6C75E55936E8}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\{A4488E5C-1022-432A-8066-72E1C4023310}) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3634687137-1423883221-2431650080-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
Autodesk 3ds Max 2011 32-bit (HKLM-x32\...\{67574624-BF0F-0409-AF6D-19FBD86FF7F7}) (Version: 13.0 - Autodesk)
Autodesk 3ds Max 2011 32-bit Components (HKLM-x32\...\{99F80251-DAE8-0409-BD08-DCBBEF56B8CB}) (Version: 13.0 - Autodesk)
Autodesk 3ds Max 2011 64-bit (HKLM\...\{39BFB02A-9692-0409-A808-3F5C7B1F8953}) (Version: 13.6.0.118 - Autodesk)
Autodesk 3ds Max 2011 64-bit Components (HKLM\...\{7563F495-80F5-0409-A514-747C66C22449}) (Version: 13.0 - Autodesk)
Autodesk 3ds Max 2013 32-bit (HKLM-x32\...\Autodesk 3ds Max 2013 32-bit) (Version: 15.0.0.347 - Autodesk)
Autodesk 3ds Max 2013 32-bit (x32 Version: 15.0.0.347 - Autodesk) Hidden
Autodesk 3ds Max 2013 64-bit (HKLM\...\Autodesk 3ds Max 2013 64-bit) (Version: 15.6.164.0 - Autodesk)
Autodesk 3ds Max 2013 64-bit (Version: 15.6.164.0 - Autodesk) Hidden
Autodesk 3ds Max 2013 64-bit Product Update 6 (HKLM\...\Autodesk 3ds Max 2013 64-bit SP6) (Version: 15.6.164.0 - Autodesk)
Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.)
Autodesk Essential Skills Movies for 3ds Max 2013 32-bit (HKLM-x32\...\{5061ACBA-7A0A-42FE-93FF-403B2099D200}) (Version: 1.0.0.1 - Autodesk)
Autodesk Essential Skills Movies for 3ds Max 2013 64-bit (HKLM\...\{7EDE5B68-1FB0-405D-88F0-A34236002DA8}) (Version: 1.0.0.1 - Autodesk)
Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 (HKLM-x32\...\Autodesk FBX Plug-in 2011.1 - 3ds Max 2011) (Version: - Autodesk)
Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit (HKLM\...\Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit) (Version: - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 (HKLM-x32\...\Autodesk FBX Plug-in 2013.1 - 3ds Max 2013) (Version: - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit) (Version: - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2013 32-bit (HKLM-x32\...\{696BB53C-28E6-1632-974E-D42FFF5B8E04}) (Version: 15.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2013 64-bit (HKLM\...\{696BB53C-28E6-1664-974E-D42FFF5B8E04}) (Version: 15.0 - Autodesk)
Autodesk MatchMover 2011 64-bit (HKLM\...\{DDE113EA-5DB0-4F68-BB58-5F67DD2308B4}) (Version: 13.00.0000 - Autodesk)
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.100 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Medium Image library (HKLM-x32\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit (HKLM\...\{06E18300-BB64-1664-8E6A-2593FC67BB74}) (Version: 1.0.0.1 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 2 (HKLM-x32\...\Steam App 24860) (Version: - DICE)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.3 - EA Digital Illusions CE AB)
Blender (HKLM\...\Blender) (Version: 2.73 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.51.2 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.2.1 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.0.1.32 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.12.2.0 - Canon Inc.)
Composite 2011 (64-bit) (HKLM\...\{DBF6B4E9-CD43-476A-895D-4D688D41CE63}) (Version: 6.0.0 - Autodesk)
Composite 2011 (HKLM-x32\...\{6406E3EA-9777-45B7-A0C0-89741E629352}) (Version: 6.0.0 - Autodesk)
Composite 2013 (HKLM-x32\...\{92203FA0-7C43-429F-857C-0AE197D8199C}) (Version: 8.0.0 - Autodesk)
Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Creativerse (HKLM-x32\...\Steam App 280790) (Version: - Playful Corporation)
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.28) (Version: 1.1.0.28 - DAZ 3D)
DAZ Studio 4.5 (64bit) (HKLM-x32\...\DAZ Studio 4.5 (64bit) 4.5.1.56) (Version: 4.5.1.56 - DAZ 3D)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{4B22C430-7EA8-4534-8358-376FD900B953}) (Version: 3.10.0042 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.53.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Forsaken Fortress Strategy (HKLM-x32\...\Steam App 344820) (Version: - Photon Arena)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Infested Planet (HKLM-x32\...\Steam App 204530) (Version: - Rocket Bear Games)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Kingdom Rush (HKLM-x32\...\Steam App 246420) (Version: - Ironhide Game Studio)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version: - 4A GAMES)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (English (United Kingdom)) (HKLM-x32\...\{C4323563-3468-4F05-8BDF-ADB0C5C96D3C}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (French) (HKLM-x32\...\{2319074D-5C2A-433D-91C6-16587FDFDC1D}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (German) (HKLM-x32\...\{68AF7AB8-E018-40D9-B703-0129274FDBAE}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (Italian) (HKLM-x32\...\{B41169C3-310D-4438-8A87-35C0643E92EA}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (Japanese) (HKLM-x32\...\{8DE1C68C-18D2-4BC1-90F7-A8E4ECFFA6A6}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (Portuguese (Brazil)) (HKLM-x32\...\{02BEDCC6-844E-4659-9111-E9C6175CC368}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (Spanish) (HKLM-x32\...\{4EB950F8-0B89-4C9D-B63C-30599FA1218D}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 33.0.1990.115 (HKLM-x32\...\Opera 33.0.1990.115) (Version: 33.0.1990.115 - Opera Software)
Opera Stable 33.0.1990.121 (HKLM-x32\...\Opera 33.0.1990.121) (Version: 33.0.1990.121 - Opera Software)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
PC Matic 1.1.0.51 (HKLM-x32\...\PC Matic_is1) (Version: 1.1.0.51 - PC Pitstop LLC)
PC Matic Super Shield 1.0.0.59 (HKLM-x32\...\PC Pitstop SuperShield_is1) (Version: 1.0.0.59 - PC Pitstop LLC)
PC Pitstop Download Nitro 1.5.0.0 (HKLM-x32\...\PC Pitstop Download Nitro_is1) (Version: 1.5.0.0 - PC Pitstop, LLC)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sony ACID Music Studio 5.0a (HKLM-x32\...\{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}) (Version: 5.0.152 - Sony)
Space Hulk Ascension (HKLM-x32\...\Steam App 317620) (Version: - Full Control Studios)
Spore (HKLM-x32\...\Steam App 17390) (Version: - Maxis™)
STAR WARS Tie Fighter 95 Compatibility Fix (HKLM\...\{e54a1223-e3e6-4c2f-84ba-02c5c1c57da1}.sdb) (Version: - )
Star Wars X-Wing 95 Compatibility Fix (HKLM\...\{43b2876b-3e34-4e6e-ac3f-4da816b782e0}.sdb) (Version: - )
Star Wars X-Wing Alliance (HKLM\...\{a218c2db-d769-44eb-b757-b7fc41b6596c}.sdb) (Version: - )
STAR WARS™: TIE Fighter Special Edition (HKLM-x32\...\Steam App 355250) (Version: - Totally Games)
STAR WARS™: X-Wing Alliance™ (HKLM-x32\...\Steam App 361670) (Version: - Totally Games)
STAR WARS™: X-Wing Special Edition (HKLM-x32\...\Steam App 354430) (Version: - Lucasfim)
STAR WARS™: X-Wing vs. TIE Fighter (HKLM-x32\...\Steam App 361690) (Version: - Totally Games)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Subnautica (HKLM-x32\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - )
The Battle for Middle-earth II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E}) (Version: - )
Unity Web Player (HKU\S-1-5-21-3634687137-1423883221-2431650080-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VDownloader 4.1.1463 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
Warhammer 40,000: Dawn of War – Dark Crusade (HKLM-x32\...\Steam App 4580) (Version: - Relic Entertainment)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version: - Relic Entertainment)
Warhammer 40,000: Dawn of War – Soulstorm (HKLM-x32\...\Steam App 9450) (Version: - Relic Entertainment)
Warhammer 40,000: Dawn of War – Winter Assault (HKLM-x32\...\Steam App 9310) (Version: - Relic Entertainment)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Driver Package - NVIDIA (nvlddmkm) Display (01/09/2015 9.18.13.4725) (HKLM\...\042A5A31E2DF24347B3656476FA382ACD88B6789) (Version: 01/09/2015 9.18.13.4725 - NVIDIA)
Windows Driver Package - NVIDIA (nvlddmkm) Display (07/02/2014 9.18.13.4052) (HKLM\...\B4DC3397A1885C35A712348C589DFD91C7811AC5) (Version: 07/02/2014 9.18.13.4052 - NVIDIA)
Windows Driver Package - NVIDIA (nvlddmkm) Display (07/22/2015 10.18.13.5362) (HKLM\...\E7B9464D5F8E0C7397053D8EBE7F668C2230ACD1) (Version: 07/22/2015 10.18.13.5362 - NVIDIA)
Windows Driver Package - Realtek (RTL8167) Net (06/12/2012 7.061.0612.2012) (HKLM\...\D7AE157A02BBDD2AFDC7ACDBE7652D398B0B265E) (Version: 06/12/2012 7.061.0612.2012 - Realtek)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
World of Tanks (HKU\S-1-5-21-3634687137-1423883221-2431650080-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
Zombie Army Trilogy (HKLM-x32\...\Steam App 301640) (Version: - Rebellion)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Daddyo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{83B0E426-D4EE-11D4-BEDF-BAB7F1EEA455}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2011\addflow4.ocx (Lassalle Technologies)
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
==================== Restore Points =========================
20-11-2015 14:48:07 PC Pitstop Restore Point
21-11-2015 15:24:03 PC Pitstop Restore Point
23-11-2015 20:19:01 Restore Operation
24-11-2015 09:54:55 JRT Pre-Junkware Removal
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2013-03-15 09:59 - 00001659 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 hl2rcv.adobe.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06B20F82-7AC4-4DDF-A868-BB0328E7EA68} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0C953F6A-C9B7-4047-800E-E57775A071BD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {1092DE73-445B-434C-9345-7214EB0CED30} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {1146E0A1-B537-4FE9-B94E-979440F8FA1B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {145738DD-E261-494D-95CF-C909B4123E1A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {1974ED4E-FB4B-4CD5-B4FB-1E56339038DC} - System32\Tasks\Opera scheduled Autoupdate 1448232644 => C:\Program Files (x86)\Opera\launcher.exe [2015-11-17] (Opera Software)
Task: {1A361726-B3FE-4C9E-8920-116D8005F7CB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1C320156-0EA8-4CFA-8252-F5437E2CF851} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation)
Task: {211F88C3-4A1D-4EBA-9BCF-EC09E10C7158} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {28A09C77-2D3B-4F74-A20F-09D3B1C6B422} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {32C5DD2A-3EFE-4215-9B98-98F75A9ABCAC} - System32\Tasks\Google Updater and Installer => C:\Users\Daddyo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {37E418CB-751C-4B36-84A3-76743E8CF647} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {39507AF1-5F00-4FB2-AAA9-3FFA9D62BA57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3E6A704D-C647-4754-A223-0F5BD538AB5B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {3FDF35D5-7647-4C72-922D-6FE01014F733} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3FF87E47-229D-48C2-BC49-4148F77A70B1} - System32\Tasks\AdobeAAMUpdater-1.0-TROOPER-Daddyo => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {4340A9DA-FA88-441B-B12A-ACA4E1947E05} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {49820782-6C6B-49EE-8DDE-CC7D94541E0B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4DEF8985-3F91-422F-A070-1F82AB0B385D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {50B2BB88-7BC7-42F2-B843-8EB688A2626F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-17] (Dropbox, Inc.)
Task: {59481762-6D07-46E6-BDAF-235450FF0038} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5A6414C7-F072-489A-B9B0-394934672AB5} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5C1C2F60-A5E7-4864-89C1-653A6B638B80} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {62C6661A-CF88-415C-9258-D64CE092CD17} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6981B6C2-423D-4979-9DF8-7B3940E03DC6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {7ACF3044-A4B5-4AC6-98C0-D43BFB3C003A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {7E9D7F0F-2A88-466A-84D3-4B5E5540A21C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-17] (Dropbox, Inc.)
Task: {88444588-2A04-49EA-AFDD-D376ED6D6A29} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {888C00CF-1478-4F94-B879-48ADDF22FAD5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {8E226A0F-EB28-4D50-AD4B-F9CB5F829531} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9627577C-8E50-43BA-BAE5-70CF8076A011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {97464131-333B-4534-BA90-B5264E4B807C} - System32\Tasks\Opera scheduled Autoupdate 1396623157 => C:\Program Files (x86)\Opera\launcher.exe [2015-11-17] (Opera Software)
Task: {9D293029-E1D2-4BEA-8FCF-374C95EFDD93} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {A26D3B70-EFE2-46C5-9811-AF2D018E6927} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {A3A08AA2-46A5-4C11-A880-857808B0EF51} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {A86D00E3-CF75-4293-9C5A-39FBD3342ADF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A8A86E8D-DB58-4F36-AEFA-6CB62CE343BF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {A999C3EB-40DF-4594-B13F-A44644D0D9C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {AC2D0421-578D-4171-A9DE-9D490E1FEB9F} - System32\Tasks\{BD425968-9137-4D16-86B0-29AC3B9B2374} => pcalua.exe -a E:\rescue2usb.exe -d E:\
Task: {B07F35AF-E407-4A80-A2E1-0CA2F455E73B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B3076FE1-DBAC-47BC-85A6-5051E8084BAC} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C64E0885-53E2-4F22-8AAE-6E1630D1BC19} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {D6233A7F-3458-4D97-A0D3-FBC571A49E76} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {D871B9DC-2399-45CD-8788-75629000D50F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DA857BF8-4FEB-4E82-9F76-938DA8C6AE2A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {DF738F78-E402-4746-AB28-ED67924F9166} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E7740F18-A4B5-41DD-B614-CD00C3157DE2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {EC344C0A-C994-4945-A3B4-87745E3084C3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {EF3C9C71-4B4E-4934-86BA-0938BE2887F4} - System32\Tasks\{7DB21B98-2054-439E-BFC7-AD272E8403EC} => pcalua.exe -a E:\rescue2usb.exe -d E:\
Task: {EF9BBC21-D248-449E-8AA2-B42D3F351035} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F16289AD-41E5-447F-A67D-DE7DED4097A4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F50944A4-2F8C-4F24-A138-8BAB57A1B638} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FB9C03AA-F16E-475A-B898-B11F906836E9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {FC66EAC3-95D4-42C4-8A59-2FF283E87947} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Daddyo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1448049587&a=1024132" <==== ATTENTION
ShortcutWithArgument: C:\Users\Daddyo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1448049587&a=1024132" <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2015-09-09 21:08 - 2015-09-09 21:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-09 21:08 - 2015-09-09 21:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-29 16:26 - 2015-09-16 22:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-03-14 06:16 - 2009-07-20 13:16 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-12 01:49 - 2014-05-12 01:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-10-29 16:26 - 2015-09-16 21:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-29 16:26 - 2015-09-16 21:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-29 16:26 - 2015-09-16 21:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-29 16:26 - 2015-09-16 21:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-29 16:26 - 2015-09-16 21:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 19:13 - 2015-09-09 21:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-23 13:02 - 2015-08-06 16:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-20 12:27 - 2014-04-15 12:02 - 00524288 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\SQLiteEncrypt.dll
2014-08-04 09:16 - 2015-06-26 02:13 - 00184184 _____ () C:\ProgramData\PCPitstopDat\dat\libBase64.dll
2014-08-04 09:16 - 2015-06-26 02:13 - 00175992 _____ () C:\ProgramData\PCPitstopDat\dat\libMachoUniv.dll
2015-11-20 12:27 - 2015-11-20 09:46 - 00187200 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRTen.dll
2013-03-25 13:23 - 2015-10-05 08:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 11:29 - 2015-07-03 08:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-22 06:47 - 2015-11-09 18:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 17:49 - 2015-09-23 16:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 17:49 - 2015-09-23 16:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 17:49 - 2015-09-23 16:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 17:49 - 2015-09-23 16:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 17:49 - 2015-09-23 16:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-20 11:29 - 2015-07-03 08:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 11:29 - 2015-07-03 08:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2013-04-19 12:10 - 2015-11-09 18:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 19:46 - 2015-11-03 14:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2013-03-26 15:16 - 2015-10-08 14:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-20 11:29 - 2015-09-24 15:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-11-10 15:46 - 2015-11-06 20:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-10 15:46 - 2015-11-06 20:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3634687137-1423883221-2431650080-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daddyo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Daddyo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Daddyo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: ADSK DLMSession => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: VDownloader => C:\Program Files\VDownloader\VDownloader.exe /silent
Link to comment
Share on other sites

Addition.txt

part 2

 

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{831A5152-CAEA-4F02-AD43-B70A9ADFC508}] => (Allow) X:\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{8F7D2198-81A0-490B-9172-1933FCF3947E}] => (Allow) X:\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{959C240C-6754-4A96-AC0C-99F0AF55B7D6}] => (Allow) X:\SteamLibrary\SteamApps\common\Zombie Army Trilogy\Launcher\ZATLauncher.exe
FirewallRules: [{A38C2B23-84A9-4FEF-9476-9D17B43517B1}] => (Allow) X:\SteamLibrary\SteamApps\common\Zombie Army Trilogy\Launcher\ZATLauncher.exe
FirewallRules: [{37B8F78D-AD58-4386-9108-CB41CEC2B18B}] => (Allow) X:\SteamLibrary\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{8D552B34-7500-4C71-B7DB-6EAD3057C21D}] => (Allow) X:\SteamLibrary\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{86F698EE-66C4-47E6-A986-4E4877D614BC}] => (Allow) X:\SteamLibrary\SteamApps\common\STAR WARS Tie Fighter\classic\DOSBOX\dosbox.exe
FirewallRules: [{CF22BFFD-0B34-4E4C-90C5-A335FF0AB1E2}] => (Allow) X:\SteamLibrary\SteamApps\common\STAR WARS Tie Fighter\classic\DOSBOX\dosbox.exe
FirewallRules: [{B019CA3C-99A7-4088-BDEF-65453A57820E}] => (Allow) X:\SteamLibrary\SteamApps\common\STAR WARS Tie Fighter\remastered\TIE95.EXE
FirewallRules: [{A5D16231-DFB7-4EE3-A54F-938D7BEF436C}] => (Allow) X:\SteamLibrary\SteamApps\common\STAR WARS Tie Fighter\remastered\TIE95.EXE
FirewallRules: [{A736B464-0F7F-4213-8BB4-D3F946ACAB5B}] => (Allow) X:\SteamLibrary\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{F442CD9E-8436-4F75-9EB0-C273F7DB73C2}] => (Allow) X:\SteamLibrary\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{BF041137-8969-4F5B-BD63-A4B4C3752E84}] => (Allow) X:\SteamLibrary\SteamApps\common\Star Wars X-Wing Alliance\alliance.exe
FirewallRules: [{EA95F621-5FC5-4F0A-A3C7-60F2FA2AC484}] => (Allow) X:\SteamLibrary\SteamApps\common\Star Wars X-Wing Alliance\alliance.exe
FirewallRules: [{A5D66A37-D164-48F7-AB24-F3293E453D6A}] => (Allow) X:\SteamLibrary\SteamApps\common\STAR WARS X-Wing\classic\DOSBOX\DOSBox.exe
FirewallRules: [{A4E99024-F440-46F2-8C38-1DBD1A681D97}] => (Allow) X:\SteamLibrary\SteamApps\common\STAR WARS X-Wing\classic\DOSBOX\DOSBox.exe
FirewallRules: [{3CCFE315-0A2D-4036-A942-A3F9DB825EF9}] => (Allow) X:\SteamLibrary\SteamApps\common\STAR WARS X-Wing\remastered\XWING95.EXE
FirewallRules: [{92717C61-F5EE-422A-9A5C-2EA10E6D00AC}] => (Allow) X:\SteamLibrary\SteamApps\common\STAR WARS X-Wing\remastered\XWING95.EXE
FirewallRules: [{9DE07F17-6403-433A-80B9-3BCBE9D3164E}] => (Allow) X:\SteamLibrary\SteamApps\common\STAR WARS X-Wing vs TIE Fighter\xwingtie.exe
FirewallRules: [{653F6286-85B2-4DDF-AFDC-38FB82B744FC}] => (Allow) X:\SteamLibrary\SteamApps\common\STAR WARS X-Wing vs TIE Fighter\xwingtie.exe
FirewallRules: [{A69A8050-9F9F-4B4F-9E00-94522A88A4FD}] => (Allow) X:\SteamLibrary\SteamApps\common\Savage Lands\SavageLands.exe
FirewallRules: [{FDDA73C3-4798-4FB0-B9F7-76B7E449A36D}] => (Allow) X:\SteamLibrary\SteamApps\common\Savage Lands\SavageLands.exe
FirewallRules: [uDP Query User{1DF90D5C-C261-474F-AF55-B70A8582E2B0}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{43E37F24-A6D9-40F0-A041-57655C9801FE}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{56981626-ED51-4C81-A91D-0A76796BC444}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [uDP Query User{151FB2DB-9796-413A-A919-26DAF1390735}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{C39585C1-77AF-4702-B6F9-A6EB0AB0E809}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [uDP Query User{8C380968-539F-4444-896A-0DCC957CDAC0}X:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) X:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{942A53C4-2D93-417E-B22A-53982339BE7A}X:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) X:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F2456D21-D7B8-4960-8D5E-81577833476F}] => (Allow) %ProgramFiles% (x86)\3d-io plugins\licensing_v2\LicenseManagerV2.exe
FirewallRules: [{16822D53-04AD-42E5-9286-48FF52558824}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{FBBD89C8-A57A-4FF8-99D3-C9A63B82FCFF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [uDP Query User{E057DA67-B6ED-4E6C-BD6B-FC3293147A16}X:\games\starcraft ii\versions\base32283\sc2.exe] => (Allow) X:\games\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{D8B808AF-E662-4BB3-ADCD-1BE80DC4E06C}X:\games\starcraft ii\versions\base32283\sc2.exe] => (Allow) X:\games\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{019098F0-615B-45F3-8B80-701FEC03C21B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{4247346A-A1C3-4777-84D9-2650C604EAA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [uDP Query User{4E941BD0-B196-4F02-B902-B00911F9E321}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [TCP Query User{E76392AC-0024-4748-BFDE-0A99127EDE43}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [{B6F62693-DC49-4F5D-B096-917E71EA6583}] => (Allow) X:\SteamLibrary\SteamApps\common\Space Hulk Ascension\game.exe
FirewallRules: [{F39E2BDD-95F3-4754-AAB6-F921B53C647D}] => (Allow) X:\SteamLibrary\SteamApps\common\Space Hulk Ascension\game.exe
FirewallRules: [uDP Query User{FBBA02EC-E42A-438D-A6CD-B21E031BEAF0}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{07A003A4-61DD-4B38-8A75-D55F28A8AF20}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [uDP Query User{A72FD1AC-C82B-4C1C-83A5-2EF68E6EB38F}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{3FD00438-B331-4DAD-BA8C-912F7210F686}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{6B863DCC-51D4-4D42-A8E6-2EDC6A991C74}] => (Block) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [{74B1D2CD-9AA4-4CA3-9769-2258C07B2E21}] => (Block) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [uDP Query User{44E07ED5-96DF-4331-BF1C-931C139741C8}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [TCP Query User{EE2D7E08-CEF8-45ED-B2F6-A13CD104423E}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [{9882B48B-6C94-472D-B589-D108D6CC9202}] => (Allow) X:\SteamLibrary\SteamApps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{9498B5C3-A557-4949-B772-B1614BCF0A09}] => (Allow) X:\SteamLibrary\SteamApps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{AEE7E50A-26EF-42DD-9912-7461DDE01C1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{C9978978-4180-4D10-8335-645FD9E4019D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [uDP Query User{9B1579EE-4AE8-4D27-8F39-2DC5DAE74C32}C:\programdata\battle.net\agent\agent.3235\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3235\agent.exe
FirewallRules: [TCP Query User{F97BD7F1-979C-4D72-A351-3E8FB75770CB}C:\programdata\battle.net\agent\agent.3235\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3235\agent.exe
FirewallRules: [{2CD28873-EE33-42A4-A200-5315C6B1311F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{69441C49-3509-45A0-A3BF-189EAA3DF3D2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8A34CF22-667D-4223-A567-41E4367E8724}] => (Allow) X:\Games\My The Lord of the Rings, The Rise of the Witchking\game.dat
FirewallRules: [{216A8C11-D490-4DA4-B7F6-403A6599A1F5}] => (Allow) X:\Games\My The Lord of the Rings, The Rise of the Witchking\game.dat
FirewallRules: [{E00C6A8E-86E9-4CA2-87A4-9A94906F00F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{9A36DAF0-7053-4137-801E-2D65F3305A4C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{4DA2338C-42C2-418E-9793-01734536D133}] => (Allow) X:\SteamLibrary\SteamApps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{0B3407E6-35B8-4CAE-A8E8-5807B6C090F6}] => (Allow) X:\SteamLibrary\SteamApps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{31DD190A-589B-470C-AC5A-5437E19FAAA4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{2CECEBDB-C69B-4287-B908-5D8C87740482}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{4BBF97D6-8107-4076-A872-BB5C0464EB77}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{74A01D1B-F122-4AC4-BBE9-BCB925DC4F2A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{633FCC67-DEED-4F8F-9FF5-54B98EB37F9B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{63F3FE78-4437-416B-839E-B6962B3B3911}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [uDP Query User{A1239D5B-240E-4DDD-A489-4075C24092D0}X:\games\starcraft ii\versions\base28667\sc2.exe] => (Allow) X:\games\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [TCP Query User{077A1286-FDC6-4917-BB04-94A83BB0416F}X:\games\starcraft ii\versions\base28667\sc2.exe] => (Allow) X:\games\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{ECF8241F-2B47-4D19-A1D0-5DF24B74F4DB}] => (Allow) X:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{A90BB94E-631B-417F-8919-B4073979741C}] => (Allow) X:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{F639AB08-1FB2-4B6B-B8B8-3C49CADEDFBD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{A4645B2E-891F-44F5-BE05-574D0AA052DB}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{CD62C43F-476D-458D-99D5-934E21E0060A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0E199973-C70F-4A13-940C-6E69389DCD2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2336C293-F134-481C-B808-7F1352A83708}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A888CBCC-38C5-45BD-9677-CC117B413BAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{81508D84-C766-4A23-8185-3FB3B134E777}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{12DC2EDD-2640-443F-AE75-52B159BAEC73}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{16E77E17-B92C-44A3-AA6B-8A90A9762264}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CE96F021-42CD-419A-AEC7-27EE63C9A52D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C0722745-D419-40E6-8497-4B978E630529}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CA924E9D-4EB1-4DB3-9F71-FE86FF1DC632}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EE64E7EF-B633-4CF9-B94F-9BBB6F3A68CD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B60271D5-CE3C-4BE3-9731-FFF534EAC96A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [uDP Query User{52252F5B-20DF-4986-AC21-31D086C51273}X:\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) X:\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [TCP Query User{0AEC9221-3186-41A9-A9C8-0786BCDE949F}X:\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) X:\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [{C929D677-878D-4B1B-AC42-8D1E8C02F1AC}] => (Allow) X:\SteamLibrary\SteamApps\common\Kingdom Rush\Kingdom Rush.exe
FirewallRules: [{5E2A271E-C721-4BB5-B5FC-2B6E1431C807}] => (Allow) X:\SteamLibrary\SteamApps\common\Kingdom Rush\Kingdom Rush.exe
FirewallRules: [{E83FC35B-C492-466D-86A1-5FA0676DF7FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{65348318-C34E-4C32-91E5-EE04A3276998}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{08AC7F09-21AF-44EE-B8F1-B801A12E8E26}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2481EBB6-2D6D-48DC-92E0-FAE9D1B95BB7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3991A301-AABF-43A5-99AD-B63C99D73654}] => (Allow) X:\Games\Diablo III\Diablo III.exe
FirewallRules: [{A63ACC51-A131-4B2B-9E36-AFA9FCBA49E3}] => (Allow) X:\Games\Diablo III\Diablo III.exe
FirewallRules: [{F2AA554F-6ECF-414E-A87E-D0D5F3DA6EEC}] => (Allow) X:\SteamLibrary\SteamApps\common\Battlefield 2\BF2.exe
FirewallRules: [{F0895B65-0DC6-4F91-B529-AA0625F7187C}] => (Allow) X:\SteamLibrary\SteamApps\common\Battlefield 2\BF2.exe
FirewallRules: [uDP Query User{E4EB1761-66CB-4171-8036-A21270BD454A}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [TCP Query User{3F507E08-4833-475E-9ED6-A1E4D10C73EF}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{C5910B1F-60F3-495D-BBAD-509AD170574C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{1035CD44-C803-4AB0-B9EC-73D3C0A7A2BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{B5C748EC-AA4C-48C4-AA94-7F4B818BE824}] => (Allow) X:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FE43E798-276D-46B7-A470-0B7BE5D9F310}] => (Allow) X:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8160F85E-6F06-4C85-AA9C-179D7219DDE2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{864BF4BC-1A2C-4315-A4D5-550178655610}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{9BF720D9-FB65-49E1-9F09-A4A1D10F2D81}] => (Allow) X:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6A65BE8A-87D0-4C51-A95F-7BE31A24988D}] => (Allow) X:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3066C901-B329-4FF5-A3E5-8F0CCC7D7321}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{3BCA7828-A959-420A-B62D-8A3FCAEE10F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{4B977535-6004-4657-AD61-F9B2AF62CACD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{282198F0-D773-43D0-84E2-03242B43BBAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{36F33137-3550-4492-9C06-62DC8DF7D6A4}] => (Allow) Y:\SteamLibrary\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{DE815A86-9661-4F71-B92D-94A8A371E14A}] => (Allow) Y:\SteamLibrary\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{435C2BD1-E283-4830-8EF7-9BC6C90C3E97}] => (Allow) X:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E8A2B445-A5B9-4783-B1A3-1CE6021C79FB}] => (Allow) X:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E05C8E84-E61B-45D4-ACC7-41314A5F113C}] => (Allow) X:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{A78FD9BA-B1D7-4DB4-8031-96521D72B31A}] => (Allow) X:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{0EE19CA0-7B1E-4C25-ACF1-86E2F1C33822}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9A045843-2E01-44E5-AB17-CC015D35F8D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AE96DD21-3AC5-4BD1-ABB5-13ED1671C8F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0442B180-6F3C-4DCE-AE93-F595C0582E16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{293AEBC8-7534-432D-BD92-AD1167882D8F}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2013\3dsmax.exe
FirewallRules: [{38D97B98-07AA-4482-B59E-BCD7454A6C20}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2013\3dsmax.exe
FirewallRules: [{93A92C88-77DE-4111-9509-9526963BDF83}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32.exe
FirewallRules: [{B401A172-66DA-4746-BB46-1C35E25F78B9}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32.exe
FirewallRules: [{82FF095B-2E52-4F7E-82F7-F25A7E61D942}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
FirewallRules: [{F8260F3F-06A1-4244-A9BE-E72B66C348A0}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
FirewallRules: [uDP Query User{5C3B6167-18C5-404E-A75E-29E7603E1B08}C:\users\daddyo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\daddyo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{C77F0CC7-02E0-424C-B4FF-AE4870B52643}C:\users\daddyo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\daddyo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{99BC3466-A913-47BD-A8D7-04A3FDB53719}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [TCP Query User{986C273E-09A2-4815-9707-CBD40246D4A0}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [uDP Query User{1BFF5FA9-C732-4A86-A934-285F14E9D51A}C:\users\daddyo\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\daddyo\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{40182C99-4595-43FF-94B0-C859FAE74080}C:\users\daddyo\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\daddyo\appdata\local\akamai\netsession_win.exe
FirewallRules: [{F1A81F95-90DF-4C8C-A90C-1239A27C6246}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{E71A9B6E-831F-4B33-9D83-4F08C7E7190F}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{C1EE9A0C-61D1-4984-9B4F-DC585CCBFE3D}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{5C86FB1B-E85B-4341-B166-C5C70E02522B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{74CB119A-912C-4857-B1C0-344C3E3C6D1D}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{2CB3D665-E499-41B7-BCA7-C775DD0A4BB1}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{84ECCD29-F14D-4F68-99A8-89B1BAD67090}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\3dsmax.exe
FirewallRules: [{3B6B2A21-5142-4F29-97BC-436BACCF2479}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\3dsmax.exe
FirewallRules: [{AEA74A9B-008B-45B6-981D-31BD8A4FCEB5}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{5566522C-4E8E-4812-9ADB-8246CB4EDDB0}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{3D9622CB-2261-432D-BE08-63ABF26D18F7}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{DA4580AD-9F02-4DD9-B4B9-C79EFA71691A}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [uDP Query User{583589DA-4E36-4CFC-A4FC-31D779EA0D12}C:\users\daddyo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\daddyo\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{8985860F-F491-4994-BB0E-A96BF2D846EE}C:\users\daddyo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\daddyo\appdata\local\akamai\netsession_win.exe
FirewallRules: [uDP Query User{309DD731-D23B-4650-ADC1-DC47A1BEF9DA}Y:\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) Y:\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{4A685FBB-5C3F-480A-B99B-192AFAA6F57D}Y:\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) Y:\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [uDP Query User{C62CC5AA-1C29-413A-BCAB-E7EBC00739C1}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{D3818B75-6739-4003-B30B-F6E6A3A4F81B}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [uDP Query User{0A8D5161-2278-442A-B6A7-7FE6D04C1C33}E:\steamlibrary\steamapps\common\team fortress 2\hl2.exe] => (Allow) E:\steamlibrary\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{5F91C960-A941-4FD3-B3A4-A00AA19619DD}E:\steamlibrary\steamapps\common\team fortress 2\hl2.exe] => (Allow) E:\steamlibrary\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [uDP Query User{0E746215-065B-48B7-85E7-594B37391125}E:\steamlibrary\steamapps\common\battlefield 2\bf2.exe] => (Allow) E:\steamlibrary\steamapps\common\battlefield 2\bf2.exe
FirewallRules: [TCP Query User{DAEE0637-2BDC-4609-8FAC-A7C074CC3771}E:\steamlibrary\steamapps\common\battlefield 2\bf2.exe] => (Allow) E:\steamlibrary\steamapps\common\battlefield 2\bf2.exe
FirewallRules: [{4808450C-F7FB-4D6F-8181-E9AB1F36DC57}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{71271D2C-5482-4645-B7FC-F4B09ECB4FFB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D1AB283B-7678-496F-B7BD-07B7A98E8471}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{39BA5222-C1D3-44CF-B0CB-5D3B5275EC69}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9EC77328-97A2-46BD-A6AD-D87A37981548}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{31D25D87-8DE3-4D85-B34A-89E5AA669169}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [uDP Query User{9751E938-D458-4B17-8243-1974DC15FB5F}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{C96C61BF-72A9-4AD2-88C5-56B880505851}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [uDP Query User{CDF8D191-ADCD-4374-850F-3CA36F011F79}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [TCP Query User{C68C0940-98F6-491F-97A5-C89BAD581C50}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{92F5AF93-F2FB-4937-BA62-8646EBD6D91A}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{49BE9021-2796-48B8-A799-1782BB293D59}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{AFDCF584-055D-4164-A221-2EEA1B5D2ED7}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{8D595D80-A461-46C8-81C7-27C2C9146DE6}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{55F148A9-EC3D-483A-B451-2E1B8ED71B98}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{8EE7FE32-1263-46E8-9C22-F550980B1AD7}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{EA9B4477-0A35-4AAD-8353-64DEF3F5E538}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
FirewallRules: [{779694DE-B9A0-4357-85C1-E65D81D4792F}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
FirewallRules: [{892902C1-9FFD-4C4C-9C3B-272D10799556}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
FirewallRules: [{6615CB99-BEC8-48F4-8938-356596F734F1}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
FirewallRules: [{0F64254C-428B-4F43-88AB-92DA45D1B719}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64.exe
FirewallRules: [{91A83AA7-80D4-405D-949E-24ED6165527F}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64.exe
FirewallRules: [{DD039DE2-E3CB-46EA-AF80-B1AA4D303F68}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe
FirewallRules: [{96639707-2EB7-4390-8729-A6C8C1207F1A}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe
FirewallRules: [{6ED9AE26-6842-4FB6-95E9-EBF995A6FEC2}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{82C2FE38-9C93-4318-B5BC-D1E0D5BFC445}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{714F2414-369C-470A-8339-6EC28879C8EA}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{7EABE951-DB23-4856-A8BD-0B4D842C8A21}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [uDP Query User{1E0A840E-C999-46E6-B4A1-70ECEA672314}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{59CBB156-0663-44CB-96AB-97759611BF6A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{2E214839-4601-4EB5-B1B4-48E21B09E9AF}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{B5BAEFA9-92E7-4ACA-857A-41721CDC949E}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{A0C7D03C-4CEB-41DF-9B27-CBA2D83CCE10}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
FirewallRules: [{BA5E75AB-F21C-4FB8-B1A5-EF3C2CB0308B}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
FirewallRules: [{2A7D7986-57CA-4C2B-8914-436E4539355F}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64.exe
FirewallRules: [{EE60FFA5-C110-4AA0-8703-3D411DB03515}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64.exe
FirewallRules: [{FEEF438F-8B14-4066-A355-34BAD7A2E9A8}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{99136AB2-5340-4530-A358-B29ABB995577}] => (Allow) C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{3C02E8F1-DA1C-4FE3-B624-A1ADFDE7E87E}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe
FirewallRules: [{74467875-D534-40D9-8594-D6B1532685E7}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe
FirewallRules: [{879C416B-0E99-4D23-A5B1-708087B3EBF6}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
FirewallRules: [{F80225E0-55E7-4020-AF16-B086084CF734}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
FirewallRules: [{9AAE842F-D17C-484D-9E20-3DF30D9D9101}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{630BC89F-B99F-40FA-B6D9-27AE5BAB9C25}] => (Allow) C:\Program Files (x86)\Autodesk\3ds Max 2011\3dsmax.exe
FirewallRules: [{3BDE5139-2B1A-465A-B461-6357775C7332}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{E3F302CD-7B09-4384-8F04-266BE9B2B5C6}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{9B8273F7-37C2-4E35-B828-46B68647F9A3}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{53F6F09D-7BE3-4138-95B7-1D0FE693514E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{8249B2D2-0496-4978-BB57-46F093424F3E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{48956666-CCF5-4B86-B116-C6FDBB8AA904}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{90166D29-1A2D-4DF1-9A07-AA512BD0BEEA}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{808AE4DA-B639-499D-B939-C4A203179C06}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{2021C576-0D4E-46FE-9405-400255EE79A9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{35B7A8F1-5EBF-438F-B5D4-6FDA58300F99}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{9E1886CD-7DC6-4280-8866-051E4339F011}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{68D4B3B6-0A26-4C5B-9B86-A391BFD54C24}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E21A3802-2636-4D41-817C-F63CECE772B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{323D0777-AA7D-4708-B00B-E700525AC726}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [uDP Query User{46CC5038-CCDD-4866-A308-4CFCFBA1ABB5}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [TCP Query User{E8154557-B63A-4921-920A-87B24B7D0EE1}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [uDP Query User{60E6A9AE-723F-4155-B6FA-7D886FE2230B}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{40496CD0-AF7D-4D63-9DE4-2BF9B955CE7A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{9641C928-FD3D-4D84-A3B0-7C7EC6FD0B8B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{032C080A-4B7F-40D4-8D9F-C74678FA506F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{46863CCE-D178-4496-8332-052E84042476}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{2237AA44-C3E7-4E2D-917F-14F75664BD39}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{8F75A549-5DD0-4A72-803F-108D3E239650}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{078B6792-CC6A-4ECB-B6C6-986EAB09D068}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{45B2A22F-98D4-4C6B-838F-97CBC5DB92D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{486355A6-8CA9-452C-B1CB-49A7A97695AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{11F9CDA5-85B8-4CF5-A18F-4FE65C42904E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BE171893-BB6D-4E0C-8DE5-DAC83030CF60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4B674AAA-7D6F-4916-9657-A160B84BCF09}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7FEE021C-2E55-4324-A51C-5829D6BFB1CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{43356F5F-E9C4-42BE-8B4A-30011A9EE869}X:\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe] => (Allow) X:\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe
FirewallRules: [uDP Query User{C9A3220F-D93F-4005-A13F-C969B4596E7D}X:\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe] => (Allow) X:\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe
FirewallRules: [{2198EA69-D13D-4993-A7A7-CE6B3389043B}] => (Allow) X:\SteamLibrary\SteamApps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{AC9CA037-F0F5-4A6D-9551-218EAD4D2F4F}] => (Allow) X:\SteamLibrary\SteamApps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{DA87F547-F7DB-4BD8-9488-1929D609E9A6}] => (Allow) X:\SteamLibrary\SteamApps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{AD5124AF-61D9-4CF3-96B1-557B74BF5E61}] => (Allow) X:\SteamLibrary\SteamApps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{EB407851-A886-4A45-A8C4-DE949358B5C1}] => (Allow) X:\SteamLibrary\SteamApps\common\Dawn of War Gold\W40kWA.exe
FirewallRules: [{06F01155-B548-4D04-8BDF-B5A8F0F52FF6}] => (Allow) X:\SteamLibrary\SteamApps\common\Dawn of War Gold\W40kWA.exe
FirewallRules: [{678314AE-BC1F-4313-A051-D9142C67D3D0}] => (Allow) X:\SteamLibrary\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{6D8549E0-D44D-40D1-857D-60073D39EEFB}] => (Allow) X:\SteamLibrary\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{890A16E0-299A-4E3C-84CE-EB6FD23357FD}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{8C57E58C-E95B-462A-B6B4-1362C01316F0}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{C3279760-4181-4DE3-9E00-7B6783BF530B}] => (Allow) C:\Users\Daddyo\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{621BDAB9-691E-4DAB-A566-D0FE2C3CD7D3}] => (Allow) C:\Users\Daddyo\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{F4CC4EB3-627D-4968-A222-49A029C18B10}] => (Allow) X:\SteamLibrary\SteamApps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{BFFDA763-D500-42D4-B143-E0B2FF2C972B}] => (Allow) X:\SteamLibrary\SteamApps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{8475AF86-ACEE-47DA-8C19-CD5E021ADF72}] => (Allow) X:\SteamLibrary\SteamApps\common\Forsaken Fortress Strategy\ffs2.exe
FirewallRules: [{047B493C-C5D0-4959-BDB9-B700B5107845}] => (Allow) X:\SteamLibrary\SteamApps\common\Forsaken Fortress Strategy\ffs2.exe
FirewallRules: [{5635DCE4-81FB-48FF-9C2C-43E71713AFBF}] => (Allow) X:\SteamLibrary\SteamApps\common\Infested Planet\InfestedPlanet.exe
FirewallRules: [{6E2C75DE-9CD9-4F38-97EA-DA15300D349A}] => (Allow) X:\SteamLibrary\SteamApps\common\Infested Planet\InfestedPlanet.exe
FirewallRules: [{4A80BBE9-5369-4DFB-8146-38473952312F}] => (Allow) X:\SteamLibrary\SteamApps\common\Forsaken Fortress Strategy\Forsaken Fortress Strategy.exe
FirewallRules: [{302DB94F-1E7F-4944-8E39-F76F5C69CA93}] => (Allow) X:\SteamLibrary\SteamApps\common\Forsaken Fortress Strategy\Forsaken Fortress Strategy.exe
FirewallRules: [{F9AEEEBD-7EE3-43F2-AD46-820578C26C96}] => (Allow) X:\SteamLibrary\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{7DB6508D-CDBD-47FD-9E29-0A8A11ADFAFD}] => (Allow) X:\SteamLibrary\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{3E10D48B-0605-4257-A833-C1AE4CEDD35A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{59294AAF-29E1-49B1-AEBD-83E4744E688F}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [uDP Query User{D4F37B22-D906-491A-8B37-4AC8D73259B0}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [TCP Query User{9A6F2E93-702E-4074-BFDE-F5D7800E57D5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [uDP Query User{144F5E71-A694-4FFB-B4B1-2DD57A7F7F08}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{7BF2BBCC-EB47-47D4-B0AC-88D253794FC0}] => (Allow) X:\SteamLibrary\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{3BAA09DD-99FB-4316-A6D9-542A92AF32D5}] => (Allow) X:\SteamLibrary\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [TCP Query User{A2667069-9FDE-4D83-877C-ECBC636C5D07}X:\games\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) X:\games\starcraft ii\versions\base38749\sc2_x64.exe
FirewallRules: [uDP Query User{9B036E62-1F10-4078-A490-5172A65EB361}X:\games\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) X:\games\starcraft ii\versions\base38749\sc2_x64.exe
FirewallRules: [TCP Query User{8C16A699-C1ED-43B5-B9BD-3FE06A52B05A}X:\games\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) X:\games\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [uDP Query User{7CC20BD2-4F3D-4C5A-B9EC-7D7C8DA15F19}X:\games\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) X:\games\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [{5B2053DC-F82F-41C1-B44B-4B789B72F682}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B0D5B261-4E8B-4FD7-A300-6C104C3F3526}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{93229E2B-38F1-40A8-8475-DC6D766A61BF}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
FirewallRules: [{18E446A7-8545-4A8F-AA6B-52CBFC9E3DDA}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{260AF1CD-0586-4E60-A08F-AB8BFBF633AD}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{80ADC167-F1F3-43EF-8B8A-D7C0399EB915}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{24CF6A6F-0836-4C5C-BD5B-FA70A2413F00}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{B5450577-73FE-40A8-9B89-DCAF8086A09F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E861B19-469C-4C7E-A255-70EC30E21B69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/24/2015 09:54:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (11/23/2015 10:08:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program 7DaysToDie.exe version 5.1.1.40921 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 53c
Start Time: 01d1267d0fd82e58
Termination Time: 24
Application Path: X:\SteamLibrary\SteamApps\common\7 Days To Die\7DaysToDie.exe
Report Id: bd5b691b-9271-11e5-8d77-00268333b615
Faulting package full name:
Faulting package-relative application ID:
Error: (11/23/2015 08:37:52 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (11/23/2015 08:37:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ISAPISearchC:\WINDOWS\system32\query.dll4
Error: (11/23/2015 08:37:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ContentIndexC:\WINDOWS\system32\query.dll4
Error: (11/23/2015 08:37:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ContentFilterC:\WINDOWS\System32\query.dll4
Error: (11/23/2015 08:33:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TROOPER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/23/2015 08:25:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera.exe, version: 33.0.1990.115, time stamp: 0x5649994e
Faulting module name: opera.dll, version: 0.0.0.0, time stamp: 0x564998eb
Exception code: 0x80000003
Fault offset: 0x0008e569
Faulting process id: 0x8dc
Faulting application start time: 0xopera.exe0
Faulting application path: opera.exe1
Faulting module path: opera.exe2
Report Id: opera.exe3
Faulting package full name: opera.exe4
Faulting package-relative application ID: opera.exe5
Error: (11/23/2015 08:25:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera.exe, version: 33.0.1990.115, time stamp: 0x5649994e
Faulting module name: opera.dll, version: 0.0.0.0, time stamp: 0x564998eb
Exception code: 0x80000003
Fault offset: 0x0008e569
Faulting process id: 0x2020
Faulting application start time: 0xopera.exe0
Faulting application path: opera.exe1
Faulting module path: opera.exe2
Report Id: opera.exe3
Faulting package full name: opera.exe4
Faulting package-relative application ID: opera.exe5
Error: (11/23/2015 08:24:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera.exe, version: 33.0.1990.115, time stamp: 0x5649994e
Faulting module name: opera.dll, version: 0.0.0.0, time stamp: 0x564998eb
Exception code: 0x80000003
Fault offset: 0x0008e569
Faulting process id: 0x11f0
Faulting application start time: 0xopera.exe0
Faulting application path: opera.exe1
Faulting module path: opera.exe2
Report Id: opera.exe3
Faulting package full name: opera.exe4
Faulting package-relative application ID: opera.exe5
System errors:
=============
Error: (11/24/2015 09:55:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/24/2015 09:51:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058
Error: (11/24/2015 09:51:52 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\WINDOWS\system32\athExt.dll
Error Code: 126
Error: (11/24/2015 09:51:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069
Error: (11/24/2015 09:51:13 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (11/24/2015 09:51:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (11/24/2015 09:51:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (11/24/2015 09:51:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (11/24/2015 09:51:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (11/24/2015 09:50:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).
==================== Memory info ===========================
Processor: Intel® Core i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 14%
Total physical RAM: 16328.79 MB
Available physical RAM: 13949.37 MB
Total Virtual: 32712.79 MB
Available Virtual: 30171.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:223.03 GB) (Free:54.39 GB) NTFS
Drive e: (Backup) (Fixed) (Total:2794.39 GB) (Free:2194.16 GB) NTFS
Drive w: (BondMinistry) (Fixed) (Total:1863.01 GB) (Free:1028.21 GB) NTFS
Drive x: (WofG) (Fixed) (Total:931.51 GB) (Free:280.26 GB) NTFS
Drive y: (WorkingFortheLord) (Fixed) (Total:223.57 GB) (Free:52.79 GB) NTFS
Drive z: (Zombie) (Fixed) (Total:1863.01 GB) (Free:1182.71 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: D53A2792)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 42966758)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 6F7C6789)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 98057593)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E05A60F9)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Link to comment
Share on other sites

I haven’t had a chance to see the completed logs that I asked for so I’m sending a response on what I found based on your first logs alone so we'll deal with that and take it from there.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.


GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Extension: See More Results Hub - C:\Users\Daddyo\AppData\Roaming\Mozilla\Firefox\Profiles\yrt2b1iq.default\Extensions\{d42b7947-1802-4bcd-8ade-959e9e235b61}.xpi [2015-11-20] [not signed]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2015-11-23 23:08 - 2015-11-23 23:08 - 00000000 _____ C:\WINDOWS\SysWOW64\SBRC.dat
2015-11-23 20:30 - 2015-11-23 20:33 - 00000000 ____D C:\Users\Daddyo\AppData\Local\NPE
2015-11-23 20:30 - 2015-11-23 20:30 - 03088296 _____ (Symantec Corporation) C:\Users\Daddyo\Downloads\NPE.exe
2015-11-23 20:30 - 2015-11-23 20:30 - 00000000 ____D C:\ProgramData\Norton
2015-11-21 13:55 - 2015-11-21 13:55 - 00000000 ____D C:\ProgramData\BitDefender
2015-11-21 13:39 - 2015-11-24 09:55 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\Lavasoft
2015-11-21 13:39 - 2015-11-24 09:55 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-11-21 13:39 - 2015-11-21 13:39 - 00000000 ____D C:\Users\Daddyo\AppData\Roaming\LavasoftStatistics
2015-11-21 13:38 - 2015-11-23 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-11-21 13:33 - 2015-11-21 13:33 - 00000000 ____D C:\Program Files\Lavasoft
2015-11-21 13:28 - 2015-11-21 13:28 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-21 13:26 - 2015-11-24 09:55 - 00000000 ____D C:\ProgramData\Lavasoft
2015-11-20 12:27 - 2014-04-15 12:02 - 00082872 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbapifs.sys
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3634687137-1423883221-2431650080-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daddyo\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {1146E0A1-B537-4FE9-B94E-979440F8FA1B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1A361726-B3FE-4C9E-8920-116D8005F7CB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {28A09C77-2D3B-4F74-A20F-09D3B1C6B422} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {39507AF1-5F00-4FB2-AAA9-3FFA9D62BA57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4340A9DA-FA88-441B-B12A-ACA4E1947E05} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {49820782-6C6B-49EE-8DDE-CC7D94541E0B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {59481762-6D07-46E6-BDAF-235450FF0038} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {62C6661A-CF88-415C-9258-D64CE092CD17} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8E226A0F-EB28-4D50-AD4B-F9CB5F829531} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9627577C-8E50-43BA-BAE5-70CF8076A011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DF738F78-E402-4746-AB28-ED67924F9166} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Daddyo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1448049587&a=1024132" <==== ATTENTION
ShortcutWithArgument: C:\Users\Daddyo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1448049587&a=1024132" <==== ATTENTION
FirewallRules: [{F639AB08-1FB2-4B6B-B8B8-3C49CADEDFBD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{A4645B2E-891F-44F5-BE05-574D0AA052DB}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
C:\Program Files (x86)\AVG
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

===================================================

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Logs to include with next post:

Fixlog.txt
CKFiles.txt


Thanks

Satchfan

Edited by Satchfan
Link to comment
Share on other sites

Hi Satchfan,

 

Thanks so much for your help. I haven't yet done your final fix. I found some posts describing my exact predicament, that last bit of the malware, and they discovered and solved that the malware/virus changed their DNS routing iP (?). The solve was to reset the router. I did that and so far it seems to be working. I'm going to try that for a few days to see if anything comes back but so far nothing. But I'll come back in a couple days or sooner (if it does appear)... to let you know.

 

Happy Thanksgiving!!! ...oh wait... UK.... uhh... Long Live the Queen!

Link to comment
Share on other sites

oh wait... UK.... uhh... Long Live the Queen!

 

:clap:

 

I'll leave this open for 48 hours and if I hear nothing I'll assume that all is OK and close the topic accordingly.

 

If you do reply, please include the two logs I asked for.

 

Thanks

 

Satchfan.

Link to comment
Share on other sites

 

 

they are now tweaking router DNS ip addresses!
We are aware of everything that "they" are doing because our colleagues, (who are have more expertise than they do), are aware of what they are doing and keep us informed.

 

Thank you!

You're welcome.

 

Take care and get in touch if there are any more problems.

Satchfan

Edited by Satchfan
Link to comment
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Link to comment
Share on other sites

 Share

×
×
  • Create New...