Malware Removal Assistance
Spybot has detected malware and removed it, but it keeps coming back as soon as I open my browser.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by havoc (administrator) on BEAST (08-09-2015 08:08:47)
Running from C:\Users\havoc\Desktop
Loaded Profiles: havoc & UpdatusUser (Available Profiles: havoc & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(Bitvise Limited) C:\Program Files\Bitvise SSH Server\BvSshServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\Bitvise SSH Server\SftpServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Google Inc.) C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Mobile Stream) C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files\Synergy\synergys.exe
(Microsoft Corporation) C:\Users\havoc\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\McUICnt.exe
(WinArchiver Computing, Inc.) C:\Program Files (x86)\WinArchiver Virtual Drive\WAHELPER.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Bitvise SSH Server Activation State Checker] => C:\Program Files\Bitvise SSH Server\BssActStateCheck.exe [245576 2015-06-03] (Bitvise Limited)
HKLM-x32\...\Run: [WAHELPER.EXE] => C:\Program Files (x86)\WinArchiver Virtual Drive\WAHELPER.EXE [475136 2012-01-12] (WinArchiver Computing, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [Google Update] => C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-07] (Google Inc.)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [MusicManager] => C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-11] (Google Inc.)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-06-04] (AMD)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [EasyTether] => C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [73728 2014-09-02] (Mobile Stream)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [Synergy Server] => C:\Program Files\Synergy\synergys.exe [733184 2006-04-02] ()
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [OneDrive] => C:\Users\havoc\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-19] (Microsoft Corporation)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Lsa: [Authentication Packages] msv1_0 BvLsa
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012-11-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk [2012-06-18]
ShortcutTarget: Online plug-in.lnk -> C:\Windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\havoc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012-10-18] ()
Startup: C:\Users\havoc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-07-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicyUsers\S-1-5-21-1583409717-3979321060-2320764336-1005\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{01AFDB59-DFCC-47A7-96C5-7128FEB1A811}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{62399DFD-5DC7-4A93-A733-296AA3D46A10}: [NameServer] 82.163.143.169,82.163.142.171
Tcpip\..\Interfaces\{8E4CCC50-A3BA-4403-A479-CD13832AD84D}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-26] (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-12-14] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1583409717-3979321060-2320764336-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\havoc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-10-29] (Google)
FF Plugin HKU\S-1-5-21-1583409717-3979321060-2320764336-1000: @talk.google.com/O1DPlugin -> C:\Users\havoc\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-10-29] (Google)
FF Plugin HKU\S-1-5-21-1583409717-3979321060-2320764336-1000: @talk.google.com/O3DPlugin -> C:\Users\havoc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-10-29] ()
FF Plugin HKU\S-1-5-21-1583409717-3979321060-2320764336-1000: @tools.google.com/Google Update;version=3 -> C:\Users\havoc\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-11-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-1583409717-3979321060-2320764336-1000: @tools.google.com/Google Update;version=9 -> C:\Users\havoc\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-11-23] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-09-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-09-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-09-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-09-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-09-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\havoc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-10-29] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\havoc\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-10-29] ()
FF Plugin ProgramFiles/Appdata: C:\Users\havoc\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-10-29] (Google)
FF Extension: LastPass - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\support@lastpass.com [2015-09-03]
FF Extension: YouTube™ Flash® Player - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-08-26]
FF Extension: Session Manager - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-08-26]
FF Extension: Share Button for Pinterest - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2015-08-26]
FF Extension: NoScript - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-08-26]
FF Extension: Adblock Plus - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-26]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-09]
Chrome:
=======
CHR Profile: C:\Users\havoc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\havoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibdcpffccodechbhdlfpbgpjfmillpb [2013-01-15]
CHR Extension: (SaveLoTs) - C:\Users\havoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gknnhaindocppopkjchenapajheodeig [2013-12-30]
CHR Extension: (AllSaver) - C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd\ []
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 BvSshServer; C:\Program Files\Bitvise SSH Server\BvSshServer.exe [14578032 2015-06-03] (Bitvise Limited)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HPSLPSVC; C:\Users\havoc\AppData\Local\Temp\7zS7F23\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed]
R2 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [1971384 2015-06-22] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinArchiver Service; C:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe [196608 2012-01-12] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2014-07-21] (Mobile Stream)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-02-19] (ASUSTeK Computer Inc.)
S4 LMIRfsClientNP; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2012-04-12] (Oracle Corporation)
R0 WAEMU; C:\Windows\System32\Drivers\waemu.sys [141368 2012-01-12] (WinArchiver Computing, Inc.)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-08 08:08 - 2015-09-08 08:09 - 00026725 _____ C:\Users\havoc\Desktop\FRST.txt
2015-09-08 08:07 - 2015-09-08 08:08 - 00000000 ____D C:\FRST
2015-09-08 08:03 - 2015-09-08 08:03 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BEAST-Windows-7-Ultimate-(64-bit).dat
2015-09-08 08:03 - 2015-09-08 08:03 - 00000000 ____D C:\RegBackup
2015-09-08 08:02 - 2015-09-08 08:02 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-09-08 08:02 - 2015-09-08 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-09-08 08:02 - 2015-09-08 08:02 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-09-06 22:18 - 2015-09-06 22:18 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2015-09-06 22:18 - 2015-09-06 22:18 - 00000000 ____D C:\Users\TEMP
2015-09-06 22:18 - 2015-07-18 15:59 - 00002104 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-06 22:18 - 2013-10-27 03:02 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2015-09-06 22:18 - 2009-07-14 00:54 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-06 22:18 - 2009-07-14 00:49 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-06 22:00 - 2015-09-06 22:00 - 00000000 ___HD C:\OneDriveTemp
2015-09-06 21:52 - 2015-09-06 21:50 - 14243008 _____ (Microsoft Corporation) C:\Users\havoc\Desktop\mseinstall.exe
2015-09-04 16:40 - 2015-09-04 16:40 - 05198336 _____ (AVAST Software) C:\Users\havoc\Downloads\aswMBR.exe
2015-09-04 16:37 - 2015-09-04 16:36 - 02188800 _____ (Farbar) C:\Users\havoc\Desktop\FRST64.exe
2015-09-04 16:29 - 2015-09-04 16:29 - 04687184 _____ (Tweaking.com) C:\Users\havoc\Desktop\tweaking.com_registry_backup_setup.exe
2015-09-04 11:15 - 2015-09-04 15:59 - 00001062 _____ C:\Users\Public\Desktop\Comodo IceDragon.lnk
2015-09-04 11:15 - 2015-09-04 11:15 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2015-09-04 11:15 - 2015-09-04 11:15 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2015-09-04 11:15 - 2015-09-04 11:15 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-09-04 11:15 - 2015-09-04 11:15 - 00000000 ____D C:\Users\havoc\AppData\Roaming\Comodo
2015-09-04 11:15 - 2015-09-04 11:15 - 00000000 ____D C:\Users\havoc\AppData\Local\Comodo
2015-09-04 11:15 - 2015-09-04 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-09-04 11:15 - 2015-09-04 11:15 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-09-04 10:26 - 2015-09-04 10:26 - 00431188 _____ C:\Users\havoc\Desktop\TeamSpybot-20150904-102621.cab
2015-09-04 08:57 - 2015-09-04 08:57 - 00022548 _____ C:\Windows\SysWOW64\bddel.dat
2015-09-03 09:52 - 2015-09-03 09:52 - 00000000 ____D C:\Users\havoc\Documents\ProcAlyzer Dumps
2015-09-03 09:44 - 2015-09-03 09:24 - 00000979 _____ C:\Windows\system32\Drivers\etc\hosts.20150903-094415.backup
2015-09-03 09:27 - 2015-09-03 09:27 - 00000000 ____D C:\Users\havoc\AppData\Roaming\Macromedia
2015-09-03 08:13 - 2015-09-03 08:13 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-03 08:13 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-03 08:08 - 2015-09-03 08:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-09-03 08:07 - 2015-09-04 07:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-03 08:07 - 2015-09-03 09:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-03 08:07 - 2015-09-03 08:07 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-03 08:07 - 2015-09-03 08:07 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-09-03 08:07 - 2015-09-03 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-03 08:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-09-03 08:04 - 2015-09-03 08:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\havoc\Downloads\spybot-2.4.exe
2015-08-26 18:23 - 2015-08-26 18:23 - 00000000 ____D C:\Users\havoc\Desktop\Old Firefox Data
2015-08-25 20:43 - 2015-09-03 10:03 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-25 20:42 - 2015-08-25 20:43 - 05685584 _____ (AVAST Software) C:\Users\havoc\Downloads\avast_free_antivirus_setup_online.exe
2015-08-25 13:09 - 2015-08-25 13:15 - 00000000 ____D C:\Users\havoc\Downloads\Windows 8 - Retail
2015-08-20 17:12 - 2015-08-20 17:50 - 00000000 ____D C:\Users\havoc\AppData\Roaming\vlc
2015-08-20 15:04 - 2015-08-20 15:04 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-08-20 15:04 - 2015-08-20 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-08-20 15:04 - 2015-08-20 15:04 - 00000000 ____D C:\Program Files\VideoLAN
2015-08-20 15:02 - 2015-08-20 15:03 - 29833438 _____ C:\Users\havoc\Downloads\vlc-2.2.1-win64.exe
2015-08-19 03:00 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 03:00 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 03:00 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 03:00 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-17 12:54 - 2015-09-03 10:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-16 01:00 - 2015-08-26 10:45 - 00000000 ____D C:\ProgramData\{5679e186-c22c-2bac-5679-9e186c22861b}
2015-08-16 01:00 - 2015-08-26 07:00 - 00000340 _____ C:\Windows\Tasks\Superclean.job
2015-08-12 13:56 - 2015-08-12 13:57 - 01187032 _____ (Adobe Systems Incorporated) C:\Users\havoc\Downloads\flashplayer18_ha_install.exe
2015-08-12 12:41 - 2015-08-12 12:41 - 00242832 _____ C:\Users\havoc\Downloads\Firefox Setup Stub 40.0.exe
2015-08-12 10:01 - 2015-08-26 09:16 - 00242688 _____ C:\Users\havoc\Desktop\Stats.xls
2015-08-12 09:44 - 2015-08-12 09:57 - 00028905 _____ C:\Users\havoc\Desktop\HotS - Match History.xlsx
2015-08-12 09:40 - 2015-09-03 09:48 - 00017699 _____ C:\Users\havoc\Documents\ArcSight Systems.xlsx
2015-08-12 09:37 - 2015-08-12 09:37 - 00016148 _____ C:\Users\havoc\Documents\Heros of the Storm.xlsx
2015-08-12 03:39 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:39 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 15:34 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 15:34 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 15:34 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 15:34 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 15:34 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 15:34 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 15:34 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 15:34 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 15:34 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 15:34 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 15:34 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 15:34 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 15:34 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 15:34 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 15:34 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 15:34 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 15:34 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 15:34 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 15:34 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 15:34 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 15:34 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 15:34 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 15:34 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 15:34 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 15:34 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 15:34 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 15:34 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 15:34 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 15:34 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 15:34 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 15:34 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 15:34 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 15:34 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 15:34 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 15:34 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 15:34 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 15:34 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 15:34 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 15:34 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 15:34 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 15:34 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 15:34 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 15:34 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 15:34 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 15:34 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 15:34 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 15:33 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 15:33 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 15:33 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 15:33 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 15:33 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 15:33 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 15:33 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 15:33 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 15:33 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 15:33 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 15:33 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 15:33 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 15:33 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 15:33 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 15:33 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 15:33 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 15:33 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 15:33 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 15:33 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 15:33 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 15:33 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 15:33 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 15:33 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 15:33 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 15:33 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 15:33 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 15:33 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 15:33 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 15:33 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 15:33 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 15:33 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 15:33 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 15:33 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 15:33 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 15:33 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 15:33 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 15:33 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 15:33 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 15:33 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 15:33 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 15:33 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 15:33 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 15:33 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 15:33 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 15:33 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 15:33 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 15:33 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 15:33 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 15:33 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 15:33 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 15:33 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 15:33 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 15:33 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 15:33 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 15:33 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 15:33 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 15:33 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 15:32 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 15:32 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 15:32 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 15:32 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 15:32 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 15:32 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 15:32 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 15:32 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 15:32 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 15:32 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 15:32 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 15:32 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 15:32 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 15:32 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 15:32 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 15:32 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 15:32 - 2015-07-16 15:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 15:32 - 2015-07-16 15:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 15:32 - 2015-07-16 15:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 15:32 - 2015-07-16 15:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 15:32 - 2015-07-16 15:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 15:32 - 2015-07-16 15:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 15:32 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 15:32 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 15:32 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 15:32 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 15:32 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 15:32 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 15:32 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 15:32 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 15:32 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 15:32 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 15:32 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 15:32 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 15:32 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 15:32 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 15:32 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 15:32 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 15:32 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 15:32 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-08 08:06 - 2013-10-07 19:49 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000UA.job
2015-09-08 08:02 - 2012-04-26 21:16 - 01454094 _____ C:\Windows\WindowsUpdate.log
2015-09-08 07:51 - 2009-07-14 00:45 - 00027360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-08 07:51 - 2009-07-14 00:45 - 00027360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-08 07:50 - 2012-10-18 20:54 - 00000000 ____D C:\Users\havoc\AppData\Local\Deployment
2015-09-08 07:46 - 2014-06-26 06:18 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-08 07:23 - 2014-06-26 06:18 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-08 07:12 - 2012-04-29 14:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-07 20:06 - 2013-10-07 19:49 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000Core.job
2015-09-06 22:15 - 2012-11-17 23:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-06 22:15 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-06 22:15 - 2009-07-14 00:51 - 00070377 _____ C:\Windows\setupact.log
2015-09-06 22:02 - 2015-07-18 15:59 - 00000000 ____D C:\Users\havoc\OneDrive
2015-09-06 22:01 - 2014-06-26 06:21 - 00000000 ___RD C:\Users\havoc\Google Drive
2015-09-06 21:59 - 2010-11-20 23:47 - 00822774 _____ C:\Windows\PFRO.log
2015-09-06 21:54 - 2014-06-09 21:37 - 00002150 _____ C:\Windows\epplauncher.mif
2015-09-06 21:54 - 2014-06-09 21:37 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-09-06 21:54 - 2014-06-09 21:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-09-05 17:53 - 2014-03-29 00:47 - 00000000 ____D C:\Users\havoc\AppData\Local\Battle.net
2015-09-05 17:24 - 2015-06-03 18:56 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-09-04 16:37 - 2015-07-07 17:55 - 00000000 ____D C:\Users\havoc\Desktop\From Laptop
2015-09-04 08:57 - 2013-01-15 23:55 - 00000000 ____D C:\ProgramData\Zoomex
2015-09-04 07:33 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-03 10:14 - 2012-10-17 18:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-09-03 10:07 - 2012-04-29 15:03 - 00000000 ____D C:\Users\havoc\AppData\Roaming\Adobe
2015-09-03 09:58 - 2012-05-06 10:07 - 00000000 ____D C:\Users\havoc\.VirtualBox
2015-09-03 09:20 - 2014-06-05 21:06 - 00000000 ____D C:\Program Files (x86)\Kingo Android ROOT
2015-09-03 09:16 - 2012-10-15 18:48 - 00000000 ____D C:\Windows\system32\appmgmt
2015-09-02 10:16 - 2015-07-14 13:00 - 00000000 ____D C:\Users\havoc\Documents\ArcSight
2015-08-28 16:52 - 2014-03-29 00:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-08-26 10:45 - 2013-12-30 21:18 - 00000000 ____D C:\ProgramData\WinWeb protection
2015-08-26 10:44 - 2014-01-06 19:58 - 00000000 ____D C:\ProgramData\System Booster
2015-08-26 09:26 - 2012-04-26 21:16 - 00000000 ____D C:\Users\havoc
2015-08-25 21:00 - 2013-12-30 22:12 - 00000000 ____D C:\ProgramData\WebPlat
2015-08-25 21:00 - 2013-01-15 23:55 - 00000000 ____D C:\Program Files (x86)\ZoomEx
2015-08-25 18:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spool
2015-08-25 13:13 - 2012-11-12 11:02 - 00002220 ____H C:\Users\havoc\Documents\Default.rdp
2015-08-25 13:02 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-21 10:15 - 2014-03-29 00:51 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-08-19 16:01 - 2015-07-18 15:59 - 00002157 _____ C:\Users\havoc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-08-18 13:13 - 2012-04-30 17:26 - 00000000 ____D C:\Users\havoc\AppData\Local\Microsoft Help
2015-08-14 03:00 - 2012-04-30 17:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 08:04 - 2015-03-12 07:00 - 00000000 ___RD C:\Users\havoc\Podcasts
2015-08-12 04:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 04:07 - 2009-07-14 00:45 - 00437688 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 04:05 - 2013-10-26 12:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 04:05 - 2013-10-26 12:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 04:01 - 2014-12-10 04:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 04:01 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:41 - 2015-07-16 11:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-12 03:39 - 2013-10-26 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 03:17 - 2009-07-13 22:34 - 00000478 _____ C:\Windows\win.ini
2015-08-12 03:10 - 2013-08-14 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:02 - 2012-04-28 19:01 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 22:12 - 2012-04-29 14:20 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 22:12 - 2012-04-29 14:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 22:12 - 2012-04-29 14:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2015-06-03 10:15 - 2015-06-09 20:50 - 0000600 _____ () C:\Users\havoc\AppData\Roaming\winscp.rnd
2012-10-26 21:20 - 2015-06-04 18:24 - 0000600 _____ () C:\Users\havoc\AppData\Local\PUTTY.RND
2013-03-09 09:14 - 2014-08-13 01:14 - 0007596 _____ () C:\Users\havoc\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\havoc\AppData\Local\setup.txt
Some files in TEMP:
====================
C:\Users\havoc\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-03 15:23
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by havoc (2015-09-08 08:09:41)
Running from C:\Users\havoc\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1583409717-3979321060-2320764336-500 - Administrator - Disabled)
Guest (S-1-5-21-1583409717-3979321060-2320764336-501 - Limited - Enabled)
havoc (S-1-5-21-1583409717-3979321060-2320764336-1000 - Administrator - Enabled) => C:\Users\havoc
HomeGroupUser$ (S-1-5-21-1583409717-3979321060-2320764336-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-1583409717-3979321060-2320764336-1005 - Limited - Enabled) => C:\Users\TEMP
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B7908254-D208-7C46-8201-7EBC1BFF8D12}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
ArcSight ESM Console 6.5c (HKLM-x32\...\ArcSight ESM Console 6.5c) (Version: 6.5.0.0 - HP Software)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.2.4 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{9D29D67C-315D-46A1-A3A9-3CAF24871578}) (Version: 1.0.022 - ASUSTek Computer Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitvise SSH Client 6.31 (remove only) (HKLM-x32\...\BvSshClient) (Version: - )
Bitvise SSH Server 6.31 (remove only) (HKLM-x32\...\Bitvise SSH Server) (Version: - )
calibre (HKLM-x32\...\{6C086582-8A0F-49D8-9E0D-82AAF2912118}) (Version: 2.33.0 - Kovid Goyal)
Citrix online plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 38.0.5.2 - COMODO)
Curse Client (HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Duplicate Cleaner Free 3.2.1 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.1 - DigitalVolcano Software Ltd) <==== ATTENTION
DVD-Cloner V10.10 Build 1203 (HKLM-x32\...\DVD-Cloner 2013_is1) (Version: 10.10.0.1203 - OpenCloner Inc.)
EasyTether (HKLM-x32\...\{58b5cbff-7ea4-4fd1-b6c0-9d569faea882}) (Version: 1.3.1 - Mobile Stream)
EasyTether (Version: 1.3.1 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{50DD726D-E167-4237-9C26-6057E421753B}) (Version: 1.0.4 - Mobile Stream)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.6401 - HRB Technology, LLC.)
H&R Block South Carolina 2014 (HKLM-x32\...\{3E2F022A-BAC6-4CD4-9C02-1DDDD32C52DA}) (Version: 1.14.2601 - HRB Technology, LLC.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\MusicManager) (Version: - Google, Inc.)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Oracle VM VirtualBox 4.1.14 (HKLM\...\{C6400179-A2BD-4491-AD13-CEC9DD066246}) (Version: 4.1.14 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: - )
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
Software Updater (HKLM-x32\...\{7B3A525D-9D3D-4618-AE52-A31DE98C8AC3}) (Version: 4.1.4 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Synergy (HKLM-x32\...\Synergy) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version: - EffectMatrix Inc.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.2.0 - Tweaking.com)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinArchiver Virtual Drive (HKLM-x32\...\WinArchiver Virtual Drive) (Version: 2.8 - WinArchiver Computing, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.7.3 (HKLM-x32\...\winscp3_is1) (Version: 5.7.3 - Martin Prikryl)
Wireshark 1.8.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.0 - The Wireshark developer community, http://www.wireshark.org)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Youtube Downloader HD v. 2.9.9.21 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)
Youtube to MP3 Converter v. 1.4 (HKLM-x32\...\Youtube to MP3 Converter_is1) (Version: - YoutubeDownloaderHD.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{3ff50c7e-7820-4f54-afaa-c3b1b967f0a9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{c74c84a3-42b5-482b-8ce3-ca56e10ccf16}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
03-09-2015 06:06:03 Scheduled Checkpoint
03-09-2015 08:11:23 avast! antivirus system restore point
03-09-2015 09:20:38 Removed Apple Software Update
03-09-2015 10:14:05 Windows Update
06-09-2015 22:27:11 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2015-09-03 09:44 - 00450926 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 http://subscribermgmt.rr.com
192.168.2.216 esm-65
192.168.2.202 halemi2
127.0.0.1 adnetworkperformance.com
127.0.0.1 live.topupdateup.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {38F3B3A9-5973-4CDF-B4A3-0276C33F6E6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000Core => C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-07] (Google Inc.)
Task: {540FD2A1-5956-4EE7-9518-7A21814E77A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-26] (Google Inc.)
Task: {5DE7E962-B767-4C70-844C-20F71F24134B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {736F5830-092C-4ECB-94BE-DABE65F32BAB} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {766C73BF-C1C4-41EB-B1D0-CAC2B7EEA5B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {8BBCE216-1477-4DEE-8A97-B028307AEDD1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9C3FC109-2086-4121-B633-7102CCB2CC76} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {9D1B3033-E673-4E0F-B47C-38120F575122} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {A1CD42F7-89DF-4557-BE87-9768C22DFA5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-26] (Google Inc.)
Task: {A59B16EB-57B0-4DFD-8747-0BCC6DCBDAB5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000UA => C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-07] (Google Inc.)
Task: {B2D8B47E-2E0C-4B24-990C-E9E555F5F60A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {C0265AEA-B5AF-4DE0-8981-87B2D15D9C38} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {C1236EA7-8207-43AC-979A-C31BAFBEA462} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {C37400E0-B234-4111-B7C3-02C6B003DECD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {C3A92E25-834D-4312-AC9C-14C7422BAFD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {E9644C70-8B10-4994-9425-A279A533CCC1} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-06-21] (ASUSTek Computer Inc.)
Task: {EA663482-CAAC-4DA8-BDBA-B71F919ED1C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000Core.job => C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000UA.job => C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{5679e186-c22c-2bac-5679-9e186c22861b}\hqghumeaylnlf.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2012-01-12 09:56 - 2012-01-12 09:56 - 00196608 _____ () C:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe
2012-11-17 23:27 - 2013-10-23 04:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-24 15:10 - 2012-04-26 16:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2013-08-30 20:47 - 2013-08-30 20:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 15:41 - 2012-10-22 15:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 15:42 - 2012-10-22 15:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2015-06-03 15:15 - 2015-06-03 15:15 - 00710000 _____ () C:\Program Files\Bitvise SSH Server\CiProv64.dll
2015-06-22 06:12 - 2015-06-22 06:12 - 01971384 _____ () C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
2015-06-03 15:15 - 2015-06-03 15:15 - 02470192 _____ () C:\Program Files\Bitvise SSH Server\SftpServer.exe
2015-06-16 16:31 - 2015-06-16 16:31 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2006-04-02 16:20 - 2006-04-02 16:20 - 00733184 _____ () C:\Program Files\Synergy\synergys.exe
2013-08-30 20:47 - 2013-08-30 20:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-05 16:51 - 2013-06-05 16:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 16:51 - 2013-06-05 16:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2015-09-03 08:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-03 08:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-03 08:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-03 08:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-06-20 12:01 - 2013-06-20 12:01 - 00258048 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2013-05-14 16:11 - 2013-05-14 16:11 - 00049152 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2006-04-02 16:20 - 2006-04-02 16:20 - 00024576 _____ () C:\Program Files\Synergy\synrgyhk.DLL
2013-02-27 15:33 - 2013-02-27 15:33 - 10683392 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-02-27 15:32 - 2013-02-27 15:32 - 07741952 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-02-27 15:32 - 2013-02-27 15:32 - 02248192 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-02-27 15:33 - 2013-02-27 15:33 - 01681408 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-11-11 21:03 - 2013-11-11 21:03 - 00117248 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2013-11-11 21:04 - 2013-11-11 21:04 - 00231936 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2013-11-11 21:03 - 2013-11-11 21:03 - 00253440 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2013-11-11 21:05 - 2013-11-11 21:05 - 00344064 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-02-27 15:33 - 2013-02-27 15:33 - 00026624 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2015-09-08 07:48 - 2015-09-08 07:48 - 00098816 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32api.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00110080 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\pywintypes27.dll
2015-09-08 07:48 - 2015-09-08 07:48 - 00364544 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\pythoncom27.dll
2015-09-08 07:48 - 2015-09-08 07:48 - 00045568 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_socket.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 01160704 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_ssl.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00320512 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32com.shell.shell.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00713216 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_hashlib.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 01175040 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._core_.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00805888 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._gdi_.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00811008 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._windows_.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 01062400 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._controls_.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00735232 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._misc_.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00128512 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_elementtree.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00127488 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\pyexpat.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00557056 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\pysqlite2._sqlite.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00007168 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\hashobjs_ext.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00087552 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_ctypes.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00119808 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32file.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00108544 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32security.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00018432 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32event.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00038912 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32inet.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00070656 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._html2.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00167936 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32gui.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00011264 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32crypt.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00027136 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_multiprocessing.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00122368 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._wizard.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00010240 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\select.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00024064 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32pipe.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00686080 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\unicodedata.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00025600 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32pdh.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00525640 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\windows._lib_cacheinvalidation.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00035840 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32process.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00017408 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32profile.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00022528 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32ts.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00078336 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._animate.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7866 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 82.163.143.169 - 82.163.142.171
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{73CC6B70-D36A-4D6C-9035-3475A366D9D4}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{BF5D7C98-38E9-4AD4-A696-5292D794F0C9}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{7442F97C-191F-49A1-88D7-385045BB045D}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{75D7EA13-4157-4F12-855D-4C7263F30523}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{BFF4A905-D952-4BA6-AB49-38B9990BEC43}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{DF11BAE7-85BB-482A-A8B2-8D9E02F374FB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{69E30CC9-161F-4D5C-801F-6EAFE05E397A}] => (Allow) C:\Users\havoc\AppData\Local\Temp\7zS7F23\hppiw.exe
FirewallRules: [{30F3A50F-B455-4041-9846-B1FF33969729}] => (Allow) C:\Users\havoc\AppData\Local\Temp\7zS7F23\hppiw.exe
FirewallRules: [{05B75711-9FBC-4FE6-80E1-835B14403EB4}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{A257720E-4197-45EF-9EF9-95174AC3C4B9}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{C5EABFF4-8D18-466A-8E8E-F8AA06B25E2A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{DCFDA838-34E2-4097-926A-0E0AA91BA3DD}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{344E0E01-CD90-4670-9124-D716D52726DB}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\FixLauncher.exe
FirewallRules: [{B25EAE0E-4A18-4798-A716-07A9788D7E37}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\FixLauncher.exe
FirewallRules: [{85C15765-BD4D-4C49-8890-B45D6B35980C}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\FixLauncher.exe
FirewallRules: [{836AE6CA-2908-4F0F-A5DC-15CDAF09545C}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\FixLauncher.exe
FirewallRules: [{15C7F58B-33E7-4C4B-873E-E24DB66A962E}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{6AF567B7-7113-4649-AC3B-42321EE0B05A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{C85C3B08-5867-4D76-9792-1654E48CE0BC}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{864F2230-0BDF-4FAC-B55A-9D3B0EDC5600}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{11E9EF00-9EDC-45B4-BEF2-78AF838D9DA4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{45DD72ED-7E51-434E-8144-4EE968E57CD2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{40F52CDE-652D-4E4C-9926-3616051A9FC1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{9779022B-1446-4DC4-AD9D-59767569B0B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{3F53A99D-3DA1-4E53-9703-02C1483BE05C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{FED5F176-E5D9-4C3A-9D12-42211333B533}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{5815BDD2-6206-4071-860B-80A86D813367}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{660C6131-CACF-4A5F-924E-876A39961B3B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{ACC883FF-CD54-43CB-B406-032D7A6E40E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{32D22323-C449-4788-9BCA-2F193DBAA8FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{29A76A61-4252-4826-AA33-FAA7D5629DD1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{D6355FA0-B9A7-4774-84FB-F24BC57FD71D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{A46C3B71-807E-41DA-9561-9E79B56FE7C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{77E52FF8-2EBB-49E4-8F1A-67240AC0595D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{DFCF0FD5-3D0F-4014-8984-0E0C3C1D368F}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{6A99E4C8-C9F1-47B4-919D-7CEB41FA87E2}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{E06CFF97-5F60-455B-8769-B1E6E5F6BF17}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{055B710B-B756-49BC-847A-56BE2B7BEB3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [TCP Query User{65D9A7F1-0F7B-4DF1-8B7B-9085CACDD502}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [UDP Query User{3CA9E34F-B144-404D-93B4-A0E049DDB34B}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [{E7A04078-67AD-4184-A4E0-2C16E85E0060}] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [{2962435F-E7BD-4A73-8B81-90C6FEA4ED0A}] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [{76A56D17-2D2B-4309-B727-74E4DDD2ABBA}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{7F8A0366-AF18-48C7-9BFC-95F9565048B8}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{281B81E0-C998-46DA-9172-E4958A4B9990}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{9DFE9F52-9C33-4CAE-8A67-5B67D18E383D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{8C360730-FCD1-4768-9F0B-765804BC6512}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{41BB5886-52E3-4BC5-8568-989537E0476C}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{A95087A8-B25F-4532-947A-1A90C1F69431}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{E1EC9AF7-5CA6-4023-A75C-574384C30B83}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{19AFF2C2-E1CB-47A5-B619-7DBC632B221D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{52A7E2BE-D54F-45C1-9FFD-9F8A2E9DA702}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{A66B6067-57B5-41E8-AFB7-286A152D9131}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [UDP Query User{EC357B65-9EC0-41C8-8538-6B5A9C7D9666}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{51259C96-9769-44C3-8602-7F854BB869DC}] => (Block) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{D7994EA6-7AF0-46F2-A6EF-CEDAFB12015A}] => (Block) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{55DA6352-1B95-4357-950E-EAF8710B2486}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7E7D45F4-5B97-487C-A3B8-72F47E296264}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0D763686-C4B2-4CCF-80E1-CE60A71186BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{B59F415C-1999-45C6-967D-88785E1C8B13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{C9F2F6A3-3F37-453E-B950-0778682FC7C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{C30DCE8D-CEB7-456E-B702-1120668CC3C7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{FB01FDD6-6EC2-4EAF-9E09-864B28BBAEAA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C8109DD9-DBDC-4C0C-BB30-3B7680B828B2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F5F8191F-7DED-4C3D-A881-C6E868F9C129}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0C2CC23C-1D13-459B-8F02-90A160BA97B9}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E19B7441-9DF9-40CC-80F3-F02474C51649}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{65C75036-1D56-411C-B2AC-30A5DA58DCDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{7C667566-A423-4F35-B0AF-467B1DEF7375}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{E3B478B2-760F-4231-890A-A27881531882}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{DA9427D6-995F-4E9A-A22B-A742258AFAEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{45457675-6EA9-44E6-AFDB-9B7D801BB6A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{5079AF01-7A78-4A49-AB5F-2B75A8FC2AA7}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{167977FC-55A4-4918-8767-117503ECA4E0}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{FDE2F4D2-2908-4B94-B413-D8812AFC5571}] => (Block) C:\windows\explorer.exe
FirewallRules: [{913C8377-3C17-409E-A6C0-74CDB7FCBBEA}] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{973A4FED-4BF0-4F82-844A-62D9636D574A}C:\programdata\battle.net\agent\agent.3023\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.exe
FirewallRules: [UDP Query User{22DCEC76-12B1-417E-BE8B-B6002FFBACEF}C:\programdata\battle.net\agent\agent.3023\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.exe
FirewallRules: [{C4FD064E-E2E0-4568-8008-F3504FC6BC92}] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.exe
FirewallRules: [{45FBDB26-8466-45EE-B702-6589400B4A72}] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.exe
FirewallRules: [{329B8311-709F-4929-85F9-E928E900EDEF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{5E647BE5-BC9D-4E5F-80DF-0F9F7B078826}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{0FA931EA-1749-4129-AC12-D485FF740991}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{32B547C0-517F-45BC-8066-21BE1C7A8B2F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{390421F5-B767-40BC-A2BD-662F72CEE8A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{C783034B-4765-4F85-843F-1A784A467533}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [TCP Query User{A9A0383D-639B-4ED0-87AA-E2AA651EEC9A}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{6474A88B-A3A0-485E-8DC6-25C957FA69A3}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{2E48F9BD-4362-4054-AE2C-763CDA842EDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{BB6AF502-8D07-40EC-9167-6B20120EDA99}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{0A8E2DD6-5F5E-4AD6-912C-ADA3405F0971}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{FEAF538F-ED11-48E1-B862-1DC4901466EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{E866C970-008A-4BC8-BDDC-6EAB12C40CD5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{F2FDF403-F3EF-4963-A2EF-8ACBEF40D296}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{1BF29E8D-DBF5-4060-BD9E-7284286E1482}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B5102D75-34CD-4D0E-9FBC-1ED90AAEAA5C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [TCP Query User{41A8B462-65B2-4D78-834F-049FBBBD1E60}C:\programdata\battle.net\agent\agent.3322\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3322\agent.exe
FirewallRules: [UDP Query User{4B589251-4E15-415D-AB85-8EAD1D5CFDA8}C:\programdata\battle.net\agent\agent.3322\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3322\agent.exe
FirewallRules: [{DCF7D69F-5741-4DE9-815B-14234A4FD5C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{11869FE5-376F-4EF1-8883-711E0EFF1F12}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [TCP Query User{665FC0D7-EED6-4FE9-87F7-54C022093AAB}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [UDP Query User{EA0728EA-6658-4E5B-83C7-9B823E0585D3}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [{AC0B278F-EEF6-4E7A-A0DE-E7361110F238}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{3C9C3B88-9687-4A77-97B3-897276E7B8B2}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [UDP Query User{063FC79D-EAEE-49FA-B42F-DA3A4CDBF0A2}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [TCP Query User{30311C7A-16D0-4B36-97CD-EAB75318A108}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [UDP Query User{6C40C5B4-2949-4A90-8080-C3DF2F4E7A09}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [{C59B4768-BD92-4CF6-98EA-0C04B31A972F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{D12B031E-6F2F-458A-86A8-BE2F782AB5FF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{D68A4F1E-A018-43C1-854F-F7BF275191A4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{ACB2EA39-9222-4D16-9B51-0A1742B7F0C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{B9693B46-7E00-4290-9A77-E9B9787D0B53}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{472A5A39-495E-430C-9E16-7C2BF8884516}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{68375084-C780-46CF-ABFF-9E709DBB3650}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{176D5BB4-2F6D-4F3E-BAD7-A3D3EBFE3D1B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{88D2EAB3-CD28-49CD-AE79-714300FFCADD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{C7045A69-F312-4425-981E-03223E62C44D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{455E74C0-71B6-4594-AA94-CDD57FD95E0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{61B8A0AC-8A56-4508-8E6D-20DC6529CF49}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{FE444A11-563F-4E1D-946B-1CF85CBFC426}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{BC6C9C10-6246-41E7-B940-E7FCF21B46EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [TCP Query User{199876D3-9516-413E-99CA-076B723CC78B}C:\programdata\battle.net\agent\agent.3688\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [UDP Query User{F5BCB9CD-06A6-4588-B324-E1EBF538EAD2}C:\programdata\battle.net\agent\agent.3688\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [{1C42E836-5A2B-40BF-ADF0-1B0F5C6E40A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{2857FFB3-80CB-4041-A8E8-A255FD2915C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{F9E637B6-FFBF-4C69-998A-E21E326DF840}C:\program files\openssh\usr\sbin\sshd.exe] => (Allow) C:\program files\openssh\usr\sbin\sshd.exe
FirewallRules: [UDP Query User{1ED21FE6-833D-44E6-AF4F-62FF5979F458}C:\program files\openssh\usr\sbin\sshd.exe] => (Allow) C:\program files\openssh\usr\sbin\sshd.exe
FirewallRules: [TCP Query User{271FE21D-3ABF-4168-955B-1F85A7093A97}C:\program files\synergy\synergys.exe] => (Allow) C:\program files\synergy\synergys.exe
FirewallRules: [UDP Query User{4F1F75C4-A547-42C1-A72B-EF6F3597BDE8}C:\program files\synergy\synergys.exe] => (Allow) C:\program files\synergy\synergys.exe
FirewallRules: [TCP Query User{1A44ED49-C1D1-485D-A0EB-9CB0B7A9C945}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2543C287-2D4F-4E38-A5FD-35B893CCE427}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C0B8C541-E649-4D9B-9E8D-B0708380AF39}C:\program files\synergy\synergys.exe] => (Allow) C:\program files\synergy\synergys.exe
FirewallRules: [UDP Query User{74C663A3-46B6-4DF0-BA97-0A22F1F30AEC}C:\program files\synergy\synergys.exe] => (Allow) C:\program files\synergy\synergys.exe
FirewallRules: [TCP Query User{4668F675-3E6C-4D0A-A375-AEC64D88E8A4}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3EB0F1C7-1E68-4883-B4F7-31B771FA8373}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E9BF9402-9D48-462B-B740-681C49CD0397}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7B5E3B53-2536-42CE-BCD2-5E52BD469B37}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{994113F5-5A17-4FAE-95B9-7962F7F78469}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{FD195709-94E8-4D5E-AA5D-AA6FAB380876}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A02BE46E-21A6-4EC1-81A5-04D22A628D6E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0FB59C5C-50A8-4005-9D1F-4F7BBB4F87F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6FFDDDD5-E141-41F8-B67D-D985A66FD189}] => (Allow) C:\Users\havoc\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{A1BB2469-8A00-4225-9EF9-FBE8CC28B116}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{57158E1E-33C2-4CAC-A95B-DF746E1D526C}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3866FFBF-D341-44E3-BAD0-D5222CF47252}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6D05FCA5-1470-4CAE-A084-291CB9907DC0}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B76BF865-ADEB-43FB-9914-B8B4A428813D}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{79E29BBE-3A7A-4F1E-AFE5-94ECA4B18CA7}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [{1DEC7125-7310-4A64-89CF-8B709092A16F}] => (Allow) C:\Program Files\Bitvise SSH Server\BvSshServer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
Name: EasyTether Network Adapter
Description: EasyTether Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Mobile Stream
Service: easytether
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: LogMeIn Mirror Driver
Description: LogMeIn Mirror Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: lmimirr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet 200 color M251nw
Description: HP LaserJet 200 color M251nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet 200 color M251nw
Description: HP LaserJet 200 color M251nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/08/2015 08:02:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This network connection does not exist.
.
Error: (09/08/2015 08:02:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This network connection does not exist.
.
Error: (09/08/2015 08:02:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This network connection does not exist.
.
Error: (09/08/2015 08:01:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This operation returned because the timeout period expired.
.
Error: (09/08/2015 08:01:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This operation returned because the timeout period expired.
.
Error: (09/08/2015 08:01:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This operation returned because the timeout period expired.
.
Error: (09/08/2015 07:49:40 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
Error: (09/08/2015 07:49:30 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
Error: (09/06/2015 10:27:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1583409717-3979321060-2320764336-1005.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {98eb28fd-489c-473f-a2e7-bb7f4d8d9676}
Error: (09/06/2015 10:18:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: BEAST)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
System errors:
=============
Error: (09/07/2015 10:27:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 115.18.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (09/07/2015 10:26:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.205.1746.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (09/07/2015 10:26:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.205.1746.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (09/07/2015 10:26:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.205.1746.0
Update Source: %NT AUTHORITY59
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (09/06/2015 10:27:58 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Microsoft Network Inspection service depends the following service: NisDrv. This service might not be installed.
Error: (09/06/2015 10:27:58 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
Feature: %%886
Error Code: 0x80070433
Error description: The dependency service does not exist or has been marked for deletion.
Reason: %%858
Error: (09/06/2015 10:25:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5
Error: (09/06/2015 10:25:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (09/06/2015 10:16:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (09/06/2015 10:15:58 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Microsoft Network Inspection service depends the following service: NisDrv. This service might not be installed.
Microsoft Office:
=========================
Error: (09/08/2015 08:02:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdow...7A8CB4.crtThis network connection does not exist.
Error: (09/08/2015 08:02:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdow...7A8CB4.crtThis network connection does not exist.
Error: (09/08/2015 08:02:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdow...7A8CB4.crtThis network connection does not exist.
Error: (09/08/2015 08:01:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdow...7A8CB4.crtThis operation returned because the timeout period expired.
Error: (09/08/2015 08:01:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdow...7A8CB4.crtThis operation returned because the timeout period expired.
Error: (09/08/2015 08:01:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdow...7A8CB4.crtThis operation returned because the timeout period expired.
Error: (09/08/2015 07:49:40 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5
Error: (09/08/2015 07:49:30 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5
Error: (09/06/2015 10:27:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1583409717-3979321060-2320764336-1005.bak)0x80070539, The security ID structure is invalid.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {98eb28fd-489c-473f-a2e7-bb7f4d8d9676}
Error: (09/06/2015 10:18:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: BEAST)
Description:
CodeIntegrity:
===================================
Date: 2015-09-08 08:06:57.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-08 08:01:02.318
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-08 07:46:04.933
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-25 12:17:52.318
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD FX(tm)-8120 Eight-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 16328.28 MB
Available physical RAM: 13138.34 MB
Total Virtual: 32654.48 MB
Available Virtual: 29344.72 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:109.54 GB) NTFS
Drive v: (Virtuals) (Fixed) (Total:298.09 GB) (Free:223.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EFA8E477)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A3DC4663)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-09-08 17:58:42
-----------------------------
17:58:42.935 OS Version: Windows x64 6.1.7601 Service Pack 1
17:58:42.935 Number of processors: 8 586 0x102
17:58:42.936 ComputerName: BEAST UserName: havoc
17:58:44.798 Initialize success
17:58:44.863 VM: initialized successfully
17:58:44.864 VM: Amd CPU supported
18:01:52.630 AVAST engine defs: 15090803
18:02:02.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
18:02:02.693 Disk 0 Vendor: ST500DM002-1BD142 KC44 Size: 476940MB BusType: 11
18:02:02.696 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
18:02:02.698 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 11
18:02:02.835 Disk 0 MBR read successfully
18:02:02.838 Disk 0 MBR scan
18:02:02.872 Disk 0 Windows 7 default MBR code
18:02:02.883 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:02:02.888 Disk 0 default boot code
18:02:02.922 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
18:02:02.994 Disk 0 scanning C:\Windows\system32\drivers
18:02:18.696 Service scanning
18:02:53.469 Modules scanning
18:02:53.474 Disk 0 trace - called modules:
18:02:53.482 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:02:53.486 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dc63790]
18:02:53.490 3 CLASSPNP.SYS[fffff880019a743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa800da48060]
18:02:56.876 AVAST engine scan C:\Windows
18:02:59.189 AVAST engine scan C:\Windows\system32
18:07:27.965 AVAST engine scan C:\Windows\system32\drivers
18:07:46.413 AVAST engine scan C:\Users\havoc
18:50:11.932 AVAST engine scan C:\ProgramData
18:53:49.812 Disk 0 statistics 5240656/0/0 @ 1.42 MB/s
18:53:49.818 Scan finished successfully
19:03:54.921 Disk 0 MBR has been saved successfully to "C:\Users\havoc\Desktop\MBR.dat"
19:03:54.954 The log file has been saved successfully to "C:\Users\havoc\Desktop\aswMBR.txt"
Thanks in advance.
P2P Warning
AdwCleaner
Run as administrator to run the programme.
