Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Getting ADS on Chrome/Firefox/Internet Explorer

ads popupads redirectlinks

  • Please log in to reply

#1
wdzthursday

wdzthursday

    New Member

  • Member
  • Pip
  • 4 posts

Hi I turned on my computer this morning and when I started up chrome I'm getting lots of ads and popup ads.. everything I click same with firefox and internet explorer. I checked chrome extensions and ad block is enabled... I scanned with Emsisoft Emergency Kit and malwarebytes and adwcleaner.. but still didn't fix it..

 

Here are the OTL logs:

 

 

OTL logfile created on: 1/4/2015 12:10:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\arian\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
31.96 Gb Total Physical Memory | 27.34 Gb Available Physical Memory | 85.54% Memory free
31.96 Gb Paging File | 26.85 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 43.89 Gb Free Space | 39.27% Space Free | Partition Type: NTFS
Drive F: | 596.17 Gb Total Space | 499.59 Gb Free Space | 83.80% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 981.72 Gb Free Space | 52.70% Space Free | Partition Type: NTFS
 
Computer Name: ARIAN | User Name: Arian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/04 12:02:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe
PRC - [2015/01/03 10:59:12 | 003,618,648 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2014/12/31 02:48:06 | 000,675,256 | ---- | M] (NVIDIA Corporation) -- C:\Users\Arian\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/13 19:17:12 | 006,737,976 | ---- | M] (Spotify Ltd) -- C:\Users\Arian\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/12/13 19:17:12 | 001,676,344 | ---- | M] (Spotify Ltd) -- C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/12/13 19:17:12 | 000,374,840 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/12/12 16:47:37 | 000,410,768 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/12/12 16:13:07 | 002,531,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/12/12 16:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/12/08 19:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\Arian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/18 12:23:36 | 001,519,808 | ---- | M] (Valve Corporation) -- H:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2014/11/18 12:23:34 | 001,940,160 | ---- | M] (Valve Corporation) -- H:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/08/11 22:31:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2014/01/18 13:10:00 | 000,357,500 | ---- | M] (Hyperdesktop) -- C:\Users\Arian\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
PRC - [2013/11/07 08:45:48 | 000,693,288 | ---- | M] (LG Electronics) -- C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe
PRC - [2013/10/08 08:50:08 | 000,065,064 | ---- | M] (LG Electronics Inc) -- C:\Program Files (x86)\LG Electronics\Auto Resolution\bin\Auto Resolution.exe
PRC - [2013/10/08 08:49:56 | 000,338,984 | ---- | M] (LG Electronics) -- C:\Program Files (x86)\LG Electronics\Auto Resolution\bin\AppResUtilityService.exe
PRC - [2013/08/21 20:17:05 | 000,374,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2013/07/03 15:44:24 | 000,112,640 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHdaSvc.exe
PRC - [2013/06/26 09:56:18 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\LG Electronics\Screen Split\bin\DDCCI.exe
PRC - [2013/02/27 12:45:12 | 000,735,744 | ---- | M] (Creative Technology Ltd) -- F:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
PRC - [2012/10/08 17:53:22 | 000,423,424 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/09/09 13:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/04 12:08:41 | 000,043,008 | ---- | M] () -- c:\Users\Arian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfkclqo.dll
MOD - [2015/01/03 10:59:12 | 001,007,104 | ---- | M] () -- C:\Program Files (x86)\Origin\platforms\qwindows.dll
MOD - [2015/01/03 10:59:11 | 000,337,408 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff.dll
MOD - [2015/01/03 10:59:11 | 000,261,120 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng.dll
MOD - [2015/01/03 10:59:11 | 000,216,576 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
MOD - [2015/01/03 10:59:11 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico.dll
MOD - [2015/01/03 10:59:11 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif.dll
MOD - [2015/01/03 10:59:11 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtga.dll
MOD - [2015/01/03 10:59:11 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
MOD - [2014/12/13 19:17:12 | 036,966,968 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/12/13 19:17:12 | 000,886,840 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/12/13 19:17:12 | 000,867,896 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
MOD - [2014/12/13 19:17:12 | 000,374,840 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/12/13 19:17:12 | 000,108,600 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2014/11/18 12:23:50 | 002,227,904 | ---- | M] () -- H:\Program Files (x86)\Steam\video.dll
MOD - [2014/11/18 12:23:34 | 000,690,880 | ---- | M] () -- H:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/11/16 13:16:02 | 007,785,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll
MOD - [2014/11/16 13:15:59 | 001,874,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll
MOD - [2014/11/16 13:15:58 | 012,856,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\70c6bf4a51d18b4a9a1805cd48d1caad\System.Windows.Forms.ni.dll
MOD - [2014/11/16 13:15:44 | 001,635,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll
MOD - [2014/11/16 13:15:40 | 018,744,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\377e9afc870e7d53922fbcfd6023b2f7\PresentationFramework.ni.dll
MOD - [2014/11/16 13:15:33 | 011,027,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1799dc618cfa61adb75b82311884c3d\PresentationCore.ni.dll
MOD - [2014/11/16 13:15:28 | 003,957,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b8e2e79f70d09551560548cda72e2c51\WindowsBase.ni.dll
MOD - [2014/11/16 13:15:22 | 010,030,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll
MOD - [2014/11/11 10:48:12 | 001,171,456 | ---- | M] () -- H:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2014/11/11 10:48:12 | 000,485,888 | ---- | M] () -- H:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2014/11/11 10:48:12 | 000,442,368 | ---- | M] () -- H:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2014/11/11 10:48:12 | 000,403,968 | ---- | M] () -- H:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2014/11/11 10:48:12 | 000,332,800 | ---- | M] () -- H:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2014/11/11 10:48:04 | 034,589,888 | ---- | M] () -- H:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/11/11 10:47:56 | 000,774,656 | ---- | M] () -- H:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/10/21 16:22:50 | 000,750,080 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2014/10/21 16:22:50 | 000,047,616 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014/10/21 16:22:48 | 000,863,744 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2014/10/21 16:22:46 | 000,200,704 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2014/01/27 03:52:41 | 017,395,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2013/06/26 09:56:18 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\LG Electronics\Screen Split\bin\DDCCI.exe
MOD - [2013/06/14 09:23:06 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\LGErrorHandler.dll
MOD - [2013/06/12 14:54:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplitterHook.dll
MOD - [2013/04/24 16:47:06 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\LG Electronics\Screen Split\bin\EngRes.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/12 16:13:04 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/12/12 16:13:03 | 019,823,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/10/30 20:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/06 17:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/21 19:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 19:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/17 11:18:22 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2014/08/15 19:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/15 16:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/15 16:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/23 23:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/06/03 10:15:50 | 000,638,272 | ---- | M] (RealVNC Ltd) [Auto | Running] -- C:\Program Files\RealVNC\VNC Server\vncservice.exe -- (vncserver)
SRV:64bit: - [2014/03/07 21:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/05 23:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 07:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 01:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 01:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 01:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 01:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/01/23 02:41:17 | 011,936,560 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2013/12/09 23:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/19 11:25:58 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/22 11:11:18 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2013/08/22 11:11:17 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2013/08/22 03:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 03:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 03:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 03:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 03:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 02:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 02:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 01:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 01:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 01:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 01:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 01:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 01:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 01:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 01:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2015/01/03 10:59:12 | 001,903,472 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/12 16:47:37 | 000,410,768 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/12/12 16:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/12/09 16:41:46 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/22 20:32:08 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/09/09 14:02:50 | 000,175,136 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2014/08/15 19:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/08/11 22:31:42 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/05/18 00:58:26 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 17:57:38 | 000,359,936 | ---- | M] () [Auto | Running] -- F:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2014/01/18 12:32:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2014/01/18 12:32:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013/11/19 11:25:57 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/11/06 17:30:44 | 000,758,224 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- F:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/08/21 19:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 18:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/07/03 15:44:24 | 000,112,640 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CtHdaSvc.exe -- (CtHdaSvc)
SRV - [2012/10/08 17:53:22 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/04 10:33:47 | 000,056,432 | ---- | M] (Corsica) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\webinstrNHK.sys -- (webinstrNHK)
DRV:64bit: - [2014/12/12 16:13:03 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/11/22 02:46:30 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/11/21 06:14:26 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/10/12 18:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/12 18:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/12 18:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/09 17:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/09 09:02:39 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/09/21 19:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 19:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 18:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/14 16:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/24 07:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 07:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 03:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/05/08 17:52:14 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetbus64.sys -- (AndnetBus)
DRV:64bit: - [2014/05/01 05:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/28 14:41:18 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetadb.sys -- (andnetadb)
DRV:64bit: - [2014/03/28 14:25:16 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2014/03/28 14:25:16 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2014/03/19 19:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 04:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 12:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/02/22 07:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 07:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 07:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 07:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 04:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/11/27 16:24:18 | 000,175,480 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2013/11/19 11:29:24 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/19 11:25:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/10/25 17:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/08/22 11:11:19 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013/08/22 11:11:12 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013/08/22 11:11:12 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013/08/22 11:11:12 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2013/08/22 11:11:12 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013/08/22 11:11:12 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 05:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 05:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 04:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 04:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 04:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 04:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 04:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 04:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 04:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 04:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 04:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 04:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 04:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 04:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 04:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 04:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 04:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 04:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 04:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 04:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 04:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 04:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 04:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 04:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 04:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 04:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 04:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/08/22 04:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 04:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 04:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 03:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 03:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 03:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013/08/22 03:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 03:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 03:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 03:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 03:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 03:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 03:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 03:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 03:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 03:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 03:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 03:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 03:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 03:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 03:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 03:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 03:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 03:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 03:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 00:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 15:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 16:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 10:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 11:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/24 00:09:20 | 000,359,120 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ks2m2avs.sys -- (ks2m2avs)
DRV:64bit: - [2013/07/24 00:09:20 | 000,085,200 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ks2m2usb.sys -- (ks2m2usb_svc)
DRV:64bit: - [2013/07/03 15:52:38 | 000,034,072 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cthdb.sys -- (cthdb)
DRV:64bit: - [2013/07/03 15:52:16 | 001,060,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cthda.sys -- (cthda)
DRV:64bit: - [2013/06/18 06:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2013/06/18 06:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/16 20:41:48 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/09/16 06:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV - [2015/01/04 00:14:28 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\bin\cleanhlp64.sys -- (cleanhlp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 82 50 32 F3 B4 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: F:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\arian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\arian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\arian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/15 23:13:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\arian\AppData\Roaming\IDM\idmmzcc5 [2014/01/18 13:02:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\arian\AppData\Roaming\IDM\idmmzcc5 [2014/01/18 13:02:25 | 000,000,000 | ---D | M]
 
[2014/11/01 08:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\Mozilla\Extensions
[2014/12/04 20:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\Mozilla\Firefox\Profiles\t5a4mn8y.default\extensions
[2014/12/04 20:09:36 | 000,556,240 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\Mozilla\Firefox\Profiles\t5a4mn8y.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/12/09 16:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/09 16:41:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/03 00:49:30 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\arian\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = F:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = F:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = F:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = F:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = F:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Battlelog Game Launcher (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\arian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\arian\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
CHR - plugin: Picasa (Enabled) = F:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: No name found = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.8_0\
CHR - Extension: No name found = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\2.23_0\
CHR - Extension: No name found = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnplbjaccenflfhoilephaokaacdmmgk\1.2_0\
CHR - Extension: No name found = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/04/13 11:04:18 | 000,000,886 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - F:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [PWRISOVM.EXE] F:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [Sound Blaster Z-Series Control Panel] F:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Hyperdesktop] C:\Users\Arian\AppData\Roaming\Hyperdesktop\hyperdesktop.exe (Hyperdesktop)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [ScreenSplitter] C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe (LG Electronics)
O4 - HKCU..\Run: [Spotify] C:\Users\arian\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] H:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Arian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk = F:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar448.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - F:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - F:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0243C9C3-112C-478A-B4D8-C49B926DD82D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0243C9C3-112C-478A-B4D8-C49B926DD82D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56A876C1-F696-487B-8EE5-B6255BB5D16A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56A876C1-F696-487B-8EE5-B6255BB5D16A}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B37199D9-6D2E-4FB0-9C3F-CD295300B79D}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2632ca9e-c033-11e3-825f-902b34320e66}\Shell - "" = AutoRun
O33 - MountPoints2\{2632ca9e-c033-11e3-825f-902b34320e66}\Shell\AutoRun\command - "" = "J:\ToolLauncher-Bootstrap.exe" 
O33 - MountPoints2\{62b47295-829f-11e4-8292-902b34320e66}\Shell - "" = AutoRun
O33 - MountPoints2\{62b47295-829f-11e4-8292-902b34320e66}\Shell\AutoRun\command - "" = "G:\ToolLauncher-Bootstrap.exe" 
O33 - MountPoints2\{85c08764-80a2-11e3-8252-902b34320e66}\Shell - "" = AutoRun
O33 - MountPoints2\{85c08764-80a2-11e3-8252-902b34320e66}\Shell\AutoRun\command - "" = "I:\ToolLauncher-Bootstrap.exe" 
O33 - MountPoints2\{c8a9c074-0e32-11e4-8270-902b34320e66}\Shell - "" = AutoRun
O33 - MountPoints2\{c8a9c074-0e32-11e4-8270-902b34320e66}\Shell\AutoRun\command - "" = "G:\LG_PC_Programs.exe" 
O33 - MountPoints2\{cbfda3ff-8a7a-11e3-8255-902b34320e56}\Shell - "" = AutoRun
O33 - MountPoints2\{cbfda3ff-8a7a-11e3-8255-902b34320e56}\Shell\AutoRun\command - "" = "J:\ToolLauncher-Bootstrap.exe" 
O33 - MountPoints2\{cbfda44e-8a7a-11e3-8255-902b34320e56}\Shell - "" = AutoRun
O33 - MountPoints2\{cbfda44e-8a7a-11e3-8255-902b34320e56}\Shell\AutoRun\command - "" = "J:\VZW_Software_upgrade_assistant.exe" 
O33 - MountPoints2\{ddc4a2ff-1af6-11e4-8272-902b34320e66}\Shell - "" = AutoRun
O33 - MountPoints2\{ddc4a2ff-1af6-11e4-8272-902b34320e66}\Shell\AutoRun\command - "" = "G:\ToolLauncher-Bootstrap.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/04 12:01:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\arian\Desktop\OTL.exe
[2015/01/04 11:33:52 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2015/01/04 11:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/01/04 11:24:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/04 11:12:17 | 000,000,000 | ---D | C] -- C:\EEK
[2015/01/04 10:34:03 | 000,056,432 | ---- | C] (Corsica) -- C:\Windows\SysNative\drivers\webinstrNHK.sys
[2015/01/03 11:12:31 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/03 11:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/03 11:12:06 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/01/03 11:12:06 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/01/03 11:12:06 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/01/03 11:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/01/03 11:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/01/03 11:04:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/12/30 22:09:21 | 000,000,000 | ---D | C] -- C:\Users\arian\Desktop\Shotty_Horroh-Dead_Bodies_And_Junk_Food-2012
[2014/12/14 16:03:40 | 000,000,000 | ---D | C] -- C:\Users\arian\AppData\Roaming\dvdcss
[2014/12/13 08:12:09 | 000,000,000 | ---D | C] -- C:\Users\arian\AppData\Roaming\TaiG
[2014/12/09 16:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/01/18 12:49:39 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\arian\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/04 12:12:47 | 000,863,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/04 12:12:47 | 000,730,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/04 12:12:47 | 000,135,520 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/04 12:10:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/04 12:08:46 | 000,001,041 | ---- | M] () -- C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar448.lnk
[2015/01/04 12:08:28 | 000,000,189 | ---- | M] () -- C:\.dir
[2015/01/04 12:08:24 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/04 12:02:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\arian\Desktop\OTL.exe
[2015/01/04 11:35:45 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/04 11:33:52 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2015/01/04 11:25:37 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/04 11:23:58 | 002,173,952 | ---- | M] () -- C:\Users\arian\Desktop\AdwCleaner.exe
[2015/01/04 11:12:24 | 000,000,755 | ---- | M] () -- C:\Users\arian\Desktop\Start Emsisoft Emergency Kit.lnk
[2015/01/04 10:56:47 | 000,000,600 | ---- | M] () -- C:\Users\arian\AppData\Local\PUTTY.RND
[2015/01/04 10:34:03 | 000,001,984 | ---- | M] () -- C:\Windows\patsearch.bin
[2015/01/04 10:33:47 | 000,056,432 | ---- | M] (Corsica) -- C:\Windows\SysNative\drivers\webinstrNHK.sys
[2015/01/03 10:59:56 | 000,001,182 | ---- | M] () -- C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/12/31 19:58:49 | 000,000,218 | ---- | M] () -- C:\Users\arian\AppData\Local\recently-used.xbel
[2014/12/22 21:20:31 | 305,854,835 | ---- | M] () -- C:\Users\arian\Desktop\Japanese Wallpaper - 2014 Remixes.zip
[2014/12/13 19:54:29 | 000,002,294 | -H-- | M] () -- C:\Users\arian\Documents\Default.rdp
[2014/12/13 02:08:08 | 000,834,880 | ---- | M] () -- C:\Windows\SysNative\nvmcumd.dll
[2014/12/13 02:08:08 | 000,074,056 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/12/13 02:08:08 | 000,060,560 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/12/13 02:08:08 | 000,027,983 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/12/12 15:11:01 | 004,151,176 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/12/11 19:09:18 | 000,117,598 | ---- | M] () -- C:\Users\arian\Desktop\1418353027600.jpg
[2014/12/11 01:27:13 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/07 19:50:01 | 007,548,596 | ---- | M] () -- C:\Users\arian\Documents\Mumble-2014-12-07-19-49-08-hyphygaming.com-Mixdown.wav
 
========== Files Created - No Company Name ==========
 
[2015/01/04 12:08:46 | 000,001,041 | ---- | C] () -- C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar448.lnk
[2015/01/04 11:23:56 | 002,173,952 | ---- | C] () -- C:\Users\arian\Desktop\AdwCleaner.exe
[2015/01/04 11:12:24 | 000,000,755 | ---- | C] () -- C:\Users\arian\Desktop\Start Emsisoft Emergency Kit.lnk
[2015/01/04 10:34:03 | 000,001,984 | ---- | C] () -- C:\Windows\patsearch.bin
[2015/01/03 11:19:07 | 000,000,299 | ---- | C] () -- C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
[2014/12/31 19:58:49 | 000,000,218 | ---- | C] () -- C:\Users\arian\AppData\Local\recently-used.xbel
[2014/12/25 13:44:42 | 000,834,880 | ---- | C] () -- C:\Windows\SysNative\nvmcumd.dll
[2014/12/22 21:14:46 | 305,854,835 | ---- | C] () -- C:\Users\arian\Desktop\Japanese Wallpaper - 2014 Remixes.zip
[2014/12/11 19:09:21 | 000,117,598 | ---- | C] () -- C:\Users\arian\Desktop\1418353027600.jpg
[2014/12/07 19:49:08 | 007,548,596 | ---- | C] () -- C:\Users\arian\Documents\Mumble-2014-12-07-19-49-08-hyphygaming.com-Mixdown.wav
[2014/11/15 08:25:44 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2014/11/15 08:25:39 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2014/10/31 23:53:29 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2014/08/24 02:04:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/08/16 12:25:16 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
[2014/08/16 10:10:20 | 000,001,888 | ---- | C] () -- C:\Users\arian\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2014/07/13 09:28:41 | 000,000,600 | ---- | C] () -- C:\Users\arian\AppData\Local\PUTTY.RND
[2014/06/03 19:00:18 | 000,000,299 | ---- | C] () -- C:\Users\arian\AppData\Roaming\BreakingPoint_Login.ini
[2014/06/03 18:48:57 | 000,001,333 | ---- | C] () -- C:\Users\arian\AppData\Roaming\BreakingPoint_Options.ini
[2014/06/01 15:41:15 | 000,007,605 | ---- | C] () -- C:\Users\arian\AppData\Local\Resmon.ResmonCfg
[2014/04/22 17:23:09 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/04/13 21:03:38 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/03/26 17:23:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2014/03/11 16:25:10 | 000,207,624 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/02/20 17:14:02 | 000,179,377 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2014/02/05 19:49:12 | 000,012,625 | ---- | C] () -- C:\ProgramData\mptmqteo.hmi
[2014/01/18 19:50:55 | 000,000,131 | ---- | C] () -- C:\Users\arian\AppData\Roaming\Network Monitor II_Traffic.ini
[2014/01/18 15:33:57 | 000,215,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/01/18 15:33:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/01/18 14:35:24 | 005,653,224 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2014/01/18 14:35:24 | 000,015,347 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2014/01/18 14:13:10 | 000,000,123 | ---- | C] () -- C:\Users\arian\AppData\Roaming\System Monitor II_UptimeRecord.ini
[2014/01/18 14:05:20 | 000,000,459 | ---- | C] () -- C:\Users\arian\AppData\Roaming\Drives Monitor_Settings.ini
[2014/01/18 14:02:38 | 000,000,624 | ---- | C] () -- C:\Users\arian\AppData\Roaming\All CPU MeterV3_Settings.ini
[2014/01/18 13:28:56 | 000,000,402 | RHS- | C] () -- C:\Users\arian\ntuser.pol
[2014/01/18 12:49:39 | 000,099,384 | ---- | C] () -- C:\Users\arian\AppData\Roaming\inst.exe
[2014/01/18 12:49:39 | 000,007,859 | ---- | C] () -- C:\Users\arian\AppData\Roaming\pcouffin.cat
[2014/01/18 12:49:39 | 000,001,167 | ---- | C] () -- C:\Users\arian\AppData\Roaming\pcouffin.inf
[2013/08/22 07:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 07:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 06:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/21 23:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 19:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 15:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 15:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2014/01/18 13:54:28 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 16:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 14:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 01:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 18:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 01:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/02 17:26:25 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\.mono
[2014/01/18 15:53:42 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\4Front
[2014/01/18 16:20:12 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Ableton
[2014/10/26 16:22:08 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Actual Tools
[2014/11/01 00:40:28 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\AimerSoft
[2014/11/01 00:35:43 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Apowersoft
[2014/11/01 09:29:32 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Audacity
[2014/04/29 15:55:06 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Awesomium
[2014/04/22 20:08:15 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Battle.net
[2014/04/08 14:31:49 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Canon
[2014/04/28 19:50:40 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Curse
[2014/04/28 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Curse Advertising
[2014/01/18 15:52:53 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Cytomic
[2014/03/28 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\dBpoweramp
[2014/11/25 15:45:20 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\deluge
[2014/12/25 11:35:19 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\DMCache
[2015/01/04 12:08:43 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Dropbox
[2014/10/04 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\FabFilter
[2014/01/18 15:46:53 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\FlowStone
[2014/02/08 12:22:58 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Globalscape
[2014/08/14 06:40:35 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\HLSW
[2014/01/18 13:09:59 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Hyperdesktop
[2014/11/02 15:21:15 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\IDM
[2014/04/12 14:17:13 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\iFunBox.NXGen
[2014/04/12 14:19:13 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\iFunbox_UserCache
[2014/01/18 15:47:02 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Image-Line
[2014/02/01 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\ImgBurn
[2014/01/18 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\iZotope
[2014/01/18 16:25:19 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\LolClient
[2015/01/04 11:56:07 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Mumble
[2014/07/26 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\New Technology Studio
[2014/11/15 12:21:05 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\OBS
[2014/01/18 16:42:31 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Origin
[2014/01/18 14:48:20 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Riot Games
[2015/01/04 12:08:40 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Spotify
[2014/11/01 00:49:22 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\SpotifyRecorder
[2014/10/31 23:39:25 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Spotydl
[2014/12/13 08:12:09 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\TaiG
[2014/06/08 15:02:29 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\TeamViewer
[2014/05/18 09:43:04 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Tencent
[2014/07/13 12:57:22 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\TightVNC
[2014/03/26 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Tunngle
[2014/03/18 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Unity
[2014/01/18 12:49:39 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Vso
[2014/01/25 20:08:42 | 000,000,000 | ---D | M] -- C:\Users\arian\AppData\Roaming\Waves Audio
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 195 bytes -> C:\Users\arian\SkyDrive:ms-properties
@Alternate Data Stream - 161 bytes -> C:\Users\arian\Desktop\1418353027600.jpg:com.dropbox.attributes
 
< End of report >

Edited by wdzthursday, 04 January 2015 - 05:18 PM.

  • 0

Advertisements


#2
wdzthursday

wdzthursday

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Here's the Extra's from the OTL log"

 

OTL Extras logfile created on: 1/4/2015 12:10:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\arian\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
31.96 Gb Total Physical Memory | 27.34 Gb Available Physical Memory | 85.54% Memory free
31.96 Gb Paging File | 26.85 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 43.89 Gb Free Space | 39.27% Space Free | Partition Type: NTFS
Drive F: | 596.17 Gb Total Space | 499.59 Gb Free Space | 83.80% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 981.72 Gb Free Space | 52.70% Space Free | Partition Type: NTFS
 
Computer Name: ARIAN | User Name: Arian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "F:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "F:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UACDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BCC4F2-BFFA-4966-90EF-7E10BA9A977E}" = lport=6004 | protocol=17 | dir=in | app=f:\program files\microsoft office\office15\outlook.exe | 
"{041B97DD-00F7-4FF4-988E-FD2C6985D3EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0F015B0D-4BA6-4E9A-BDA8-32EC0A774C89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{137E9C2E-412E-44B0-A7D8-B6BBA86ACF22}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1B168A95-9876-435E-B1E4-D08B3393969A}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{1D079243-D2FC-478E-A23B-99C88B43DC3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{260D2B63-ED2F-4F16-B8DD-D0FA59B71448}" = lport=138 | protocol=17 | dir=in | app=system | 
"{28BE10C5-DEFB-4356-B153-B54003EB9FF0}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{30817BB8-6840-4E0E-B3CA-FC9F47972337}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{336C1781-A4D9-4B53-A901-AD4EE6C46971}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{35349B14-C9D8-43C0-96E1-ACE1659AF91B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3AC4449A-257F-4AEF-8E46-815225445F82}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{407558CF-8508-4898-8739-1EF895A67280}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{40E09BE0-BAE0-4B35-891D-313422171EDB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{44BD9B80-48CD-4B60-87DE-82DF01E39D67}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{47350B73-F050-4323-9FB3-05E1BE043AD6}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{4800B919-9668-4533-949F-3F5C6F10F169}" = rport=139 | protocol=6 | dir=out | app=system | 
"{524B34FE-62FC-428A-93AC-6298130D93DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{57A78CC3-B0FD-4FC9-8A71-20FAC25BC891}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5A0913D9-DD6F-4297-A36A-C94C84946EFC}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{5A73ECB0-820B-4CA5-B9AC-7C3FEAA220F8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{608A1618-BB3E-4DEE-9E50-F236E264B3FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6325F07B-507B-4205-B53A-73909DF14AB3}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{786721D6-BD42-46F6-855E-B14F8C009073}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{80543702-224C-4EEC-85E4-F68EC76CE1B2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{85884561-C413-4B96-8CDB-54B3BE639B74}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{8DFD465F-DD2E-4CF1-8AB2-26FF348916CE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E504E7E-E2BE-4CFB-95ED-F2E56DEBC6DD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{92B2F142-E9EC-4B98-B1B8-8FF24A92C037}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9573AB8A-335C-4700-91CE-53284249E351}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9AA1C354-B6A9-4063-8B3C-38DCFDC7FD4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9FE8CFBB-FCCF-4E57-8DDD-4F2338A41ECF}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe | 
"{AC7AA296-6354-4A6E-BAF1-3C7C8525AD14}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B390BAC8-7D95-41A5-9342-BCA13E320081}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{BB41F067-FAC7-43C2-9D51-5DD7B651A8CF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC0E74DB-1E6A-4BF6-95C1-332AEF301A1A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{BF98933F-4348-4361-BFEA-3A5F6F75A1F9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C375DEE5-51EF-41F1-A71B-CF6C849FB3F9}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{CBFE7FCA-EFBF-4978-9681-9CB629649D42}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CC3919C8-8F6A-4827-AAE7-777B3D205220}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CEF31EDA-1D14-4504-BFA8-11ADA1A2D267}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CFB3A48C-953C-4BCA-9F16-E89895E61CC1}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{D30E57CF-D028-4507-8363-932E4F46E64B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DEFE4257-592C-44D3-BF38-BCB14B944175}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ECB7AEAE-641E-46B4-B460-C89F23BD593E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{ED963947-3B9B-4AC5-8D30-03E80FCA3698}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F475B494-FDF4-4FB8-B534-F10CC2A33E49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F8CD80B4-1B36-4496-8A35-D66880470F17}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FF859325-061F-431B-B995-CF3E43E93042}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008F4DBA-BE76-4A8C-916B-B9C1D406877C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{01B9E1B4-8DB8-4614-B532-9DF8E1A5C792}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\rust\rust.exe | 
"{03B5A972-24E7-46D9-BB04-81ED95F9710B}" = protocol=6 | dir=in | app=c:\users\arian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{06158A13-400C-40EB-A078-FF38562264AE}" = protocol=17 | dir=in | app=c:\users\arian\appdata\roaming\spotify\spotify.exe | 
"{08155FA2-F939-43FA-B344-F842C7D2A92F}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe | 
"{0EAAAC54-B821-461A-B6B1-18F619BDFDB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F43E645-F855-4333-A9CB-FAFC8836E4CB}" = protocol=17 | dir=in | app=f:\program files\microsoft office\office15\lync.exe | 
"{1498D2BC-80D4-49D2-85B3-5E4CBB1B1952}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{14A035EF-E334-4AF8-B02C-4EE74665F188}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{1935C59D-C66A-4E18-8F6B-3B2D1A7682B5}" = dir=out | [email protected]{microsoft.bingfinance_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{198FB095-8C52-4391-AE7A-FFF667576AD8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1AD020A0-1252-4BDA-8303-73FC25259F1B}" = protocol=6 | dir=in | app=h:\program files (x86)\origin games\battlefield 4\bf4.exe | 
"{1EA3CD5B-A396-4DFC-A27E-72AF8D86B583}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{200B88F8-5400-4A81-9736-E3EC9AAF235B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{23D61942-7BC2-4D3C-976E-703FE3138AB2}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe | 
"{25EE8898-B345-4CEC-894D-DD90A44D5C81}" = dir=out | [email protected]{microsoft.bingweather_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{260F2956-BBFF-4AE1-BD68-DD0E1B8D3221}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | 
"{262980D5-DAD2-4649-AFA4-C6EB93EADD23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2848E4BB-5D6C-47CF-95C7-FA3DDAEE3995}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe | 
"{29F51E69-2A73-4EAE-9D11-3F1DA6DEE1F6}" = protocol=1 | dir=out | [email protected],-28544 | 
"{2BCAD9C6-EF41-4065-B686-1F97E9474BE0}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe | 
"{2BFFBD8F-CB75-4C15-A12D-51727D0ABDEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C0EF6E9-963C-4612-AE4B-56AEE64DCEA4}" = protocol=6 | dir=in | app=f:\program files (x86)\tunngle\tnglctrl.exe | 
"{2DC5CCEB-65FA-4D6E-A3BE-139E155EA00E}" = protocol=58 | dir=out | [email protected],-28546 | 
"{2E0AD870-B363-4C2E-B914-CE0C953C6D36}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{329C974D-626A-4983-961E-446598B36627}" = protocol=58 | dir=out | [email protected],-503 | 
"{36DF0444-2B95-4517-A606-1F928E178CAF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{37582A0B-C5AF-48EA-AFBD-1B28ABD9649F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{390237F2-4820-40FF-9360-34E8B8D4889B}" = protocol=17 | dir=in | app=f:\program files (x86)\tunngle\tunngle.exe | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4351F4A2-1E5F-40ED-AD26-4DC1A4549385}" = protocol=17 | dir=in | app=c:\users\arian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{44977FF4-6264-4524-BE97-007F953792BA}" = dir=out | [email protected]{microsoft.zunevideo_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{44F0137A-3564-4D57-9282-C0CEE191C9DC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{4705BEC8-A5E2-4A94-86DC-83E1B6A347CE}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steam.exe | 
"{48256B95-F9AD-439B-9A3D-F40DBD65DEB5}" = protocol=58 | dir=in | app=system | 
"{4C49FDB3-2F05-4F84-9E3D-FDB375B28068}" = protocol=17 | dir=in | app=c:\users\arian\appdata\roaming\spotify\spotify.exe | 
"{4CE32DE5-2C34-434E-B816-327F4998733D}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{4E3569CA-9F4D-4D50-9970-DCDE940D7F5A}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\rust\rust.exe | 
"{53BEDD95-8A4E-4B96-B227-DE09C9D74A05}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{5ABD42CC-D189-4BDF-B39D-C7FB78B88DC7}" = protocol=17 | dir=in | app=f:\program files (x86)\tunngle\tnglctrl.exe | 
"{5B15137E-A019-44DA-8F03-A1BAD50D238C}" = protocol=6 | dir=in | app=h:\program files (x86)\origin games\bejeweled 3\bejeweled3.exe | 
"{5DE8B5AC-417E-43E6-9985-6EC8ABB55289}" = dir=out | [email protected]{microsoft.zunemusic_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{5E0A72BA-8A12-4F5B-AE98-8AADC4CF0960}" = protocol=17 | dir=in | app=f:\program files\microsoft office\office15\ucmapi.exe | 
"{5E2BC74D-D2A7-4191-8CB3-54E8A54ADC5D}" = protocol=1 | dir=in | name=hlsw icmp | 
"{5E8D5BAF-28AE-428B-BAE0-2A3E5324F684}" = dir=out | [email protected]{microsoft.bingnews_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{5EED5532-99B8-460F-B26C-6648EBB34F29}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{60726173-C52A-42BF-8A8F-2E5918A870FC}" = dir=out | [email protected]{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{6250F873-1E1B-4D40-BBEE-F4165C5F2BE8}" = dir=out | [email protected]{microsoft.xboxlivegames_2.0.20.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{65A3C586-E9AA-4D8A-B07B-00D6843AA25C}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{673FFE30-4D68-4CB7-9E18-017D450C5AEB}" = protocol=17 | dir=in | app=f:\program files\serviio\bin\serviioservice.exe | 
"{6899FF39-BD3F-4E8D-8A9B-DE0FDE1D5F27}" = dir=out | name=skype | 
"{69CD4013-BEDB-46DD-84DE-4D267DBFCB99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F43B4F2-5680-4A2A-9572-837C17AB5E4E}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe | 
"{718E1444-20D3-428F-8282-8E8808113311}" = protocol=17 | dir=in | app=h:\program files (x86)\origin games\bejeweled 3\bejeweled3.exe | 
"{726A7C6A-54C6-4BF1-A178-03A162A7BC84}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{734E4565-ABB9-4246-8C74-76C5D62470DF}" = dir=out | [email protected]{microsoft.bingsports_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{76C9CD5C-9CD3-4513-8D40-EE18FE16D155}" = dir=out | [email protected]{microsoft.bingmaps_2.0.2009.2356_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{79423D0C-4D8E-40DC-8320-4620E96B2CFD}" = protocol=6 | dir=in | app=h:\program files (x86)\origin games\battlefield 4\bf4_x86.exe | 
"{7996EE42-37CC-4281-8665-2BF82BF34726}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\arma 3\arma3launcher.exe | 
"{79CC0C47-EFFF-4C3C-BC11-85D27DA1C10A}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\arma 3\arma3launcher.exe | 
"{7B615728-4D18-4FCB-8170-64AF046C5AF3}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\rust\legacy\rust.exe | 
"{7CBC4C43-73D6-42EB-8D96-A6B942722474}" = protocol=6 | dir=in | app=f:\program files\serviio\bin\serviioconsole.exe | 
"{7F31779C-340D-45FA-AFAE-130CBD34F861}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{7F3364B1-735C-4D2F-B421-152D9DF9C26F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{82C98660-F1B5-479D-93A1-F9CB16BCA433}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89A542A7-6761-42EF-818E-369B97FFDD64}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8F2F9F9B-BD9B-4019-A3FE-EC375AE08EDF}" = protocol=6 | dir=in | app=f:\program files\microsoft office\office15\lync.exe | 
"{9042B5A1-3E12-451D-9B91-57EBED24547E}" = protocol=6 | dir=in | app=c:\users\arian\appdata\roaming\spotify\spotify.exe | 
"{9085D3A8-492A-4EE1-8F33-14AEC2B82E0B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{92534222-91B4-48E2-9CB7-E88ADC93CE6C}" = protocol=6 | dir=out | app=system | 
"{92732F39-5207-4E6E-B3D7-2DF68A388537}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc server\vncserver.exe | 
"{94739853-2938-4D6A-9114-00989C7B3787}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | 
"{95459CF6-CAD5-425B-9A3E-666E1D9BB809}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe | 
"{9998A928-19CA-4FF9-A3FB-7B8956F35744}" = protocol=6 | dir=in | app=c:\users\arian\appdata\roaming\spotify\spotify.exe | 
"{99A77425-B81D-4D53-9CD2-D16E4B53F2CB}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{9AFA149A-10E7-493D-B278-24F701960C3F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A11AE950-5687-4ACC-A99E-743EDB24FF0C}" = dir=in | name=skype | 
"{A282975D-34D3-486B-BE76-8FC0C0627F84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6B4DE04-EFA9-4EE5-A905-D928B2A5BCF5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A6CF65D3-F5F7-4BB3-B3C9-8BE57EAB27E1}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{A7A86588-2283-48FA-9B10-F9C3DDDD67A3}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe | 
"{B0D2A1C7-7ADC-494E-944C-02EA18F07CF7}" = protocol=6 | dir=in | app=f:\program files\microsoft office\office15\ucmapi.exe | 
"{B4282869-0443-4F9F-BCA6-90998BD2E7F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BBC8F379-7349-48BF-A9D5-5533F9EB11E8}" = protocol=58 | dir=in | [email protected],-28545 | 
"{BFE81168-853D-44A2-BA53-98C4875F9740}" = protocol=1 | dir=in | [email protected],-28543 | 
"{C4FBEC5D-7058-44BC-A7A7-C7329C76ABE3}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\123\tencentdl.exe | 
"{C6E31FA4-9EE1-4903-9689-FC175AB2A71D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{C7B6E144-F76D-4F92-8132-C144045053BB}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\123\tencentdl.exe | 
"{C8A62A1C-5841-4DA2-B98F-809F99EE3A19}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{C90C0BC4-2B75-4141-9FCF-E49F7C54DE11}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\rust\legacy\rust.exe | 
"{CC64AEC3-64BF-47BD-A830-4D0B51C99946}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D1A148E0-179D-44E1-B4D3-2D600BAE1189}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{D364CDE4-EEA2-41BC-95BD-17535760EAA2}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D50CC04B-125D-4907-A95B-0F0C7563AC89}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D7BD69EA-AE38-45D0-AAEF-86A446F561E3}" = protocol=17 | dir=in | app=h:\program files (x86)\origin games\battlefield 4\bf4_x86.exe | 
"{D7F04F12-A61B-45D5-AED4-784EA825FEFE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D83C9D24-809D-4509-A94D-BBA4F22EF280}" = protocol=17 | dir=in | app=h:\program files (x86)\origin games\battlefield 4\bf4.exe | 
"{D8CFB3E7-4615-4CE0-9E48-363766564EC0}" = protocol=6 | dir=in | app=f:\program files\serviio\bin\serviioservice.exe | 
"{DAC1B551-CA66-4AF7-B8B2-B7E7FF65009E}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DB65AA3C-B0A3-462A-8E22-4C84730C7FF1}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steam.exe | 
"{E445A17F-D1DB-4BD0-8099-10A8FF060B94}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\123\tencentdl.exe | 
"{E4D63318-F56E-4C7C-A6DB-AFA48FFE2E63}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E76EB629-503D-4FD2-9F75-7049EF499EA0}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{EBAE1127-26B0-4660-9649-48ACF9BD6FC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{F18D770F-0BE2-438E-B115-8B35E7E2BCB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F1EBDFBF-0A54-4CC7-A6ED-BDCAC7FD264B}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{F56DE139-BADB-42B8-8460-F69BC8502E09}" = dir=in | app=f:\program files (x86)\itunes\itunes.exe | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F9CBF1A0-B3BC-4DE8-B8FC-8FC47DDEE4C9}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{FA1E0870-9E2B-4C90-A20D-FD97BDF4FFB4}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc server\vncserver.exe | 
"{FBC69EAD-A853-40AC-A5FD-C28A8983A448}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{FE8E6363-A162-42E2-B556-0AE412BBF297}" = protocol=6 | dir=in | app=f:\program files (x86)\tunngle\tunngle.exe | 
"TCP Query User{1FFE70D0-D155-4AF4-B298-CA84E170A583}H:\torrent downloads\watch_dogs-deluxe.edition-sc\bin\watch_dogs.exe" = protocol=6 | dir=in | app=h:\torrent downloads\watch_dogs-deluxe.edition-sc\bin\watch_dogs.exe | 
"TCP Query User{3479062E-4ECA-4200-9280-9DC6208DF692}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{3D869F5E-2CC5-4FC4-8197-FC8A432D9680}H:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{480B184A-4DB7-4C89-A4F3-ABC07CDBE00A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{5F900F9C-AB54-45AD-BE14-F80C88596230}F:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{694D5F48-F4A9-437F-A14E-AA9B797B103B}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe | 
"TCP Query User{6EFC19C2-FF0B-4F0B-8B1E-61DF3E8CD891}H:\breaking point\breakingpoint.exe" = protocol=6 | dir=in | app=h:\breaking point\breakingpoint.exe | 
"TCP Query User{7C07D791-E628-46CE-B8C4-30341A4C5BBE}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{7D989BDF-2E36-4EA1-8FC9-E4E8A54D951E}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe | 
"TCP Query User{81343CF5-7FCF-43DC-9B1D-8D42B46DEEF0}H:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe | 
"TCP Query User{A1B68248-253D-473B-A28E-5211022D1AB2}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{A2D4A73D-3CC1-4B65-8D09-8F78C17C1C25}H:\program files (x86)\deluge\deluge.exe" = protocol=6 | dir=in | app=h:\program files (x86)\deluge\deluge.exe | 
"TCP Query User{ADFE854B-E9FF-4E55-9D66-018623B7CE5C}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe | 
"TCP Query User{CEFE26D1-5D91-4A1F-8808-99215A848EFA}F:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=f:\program files (x86)\hlsw\hlsw.exe | 
"TCP Query User{D7697EE4-BCF4-47E8-AF59-7F7B77756A0D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{EDD5D13D-76C9-49CA-BF3C-EC3FD5CBF27A}C:\program files (x86)\java\jre7\bin\jp2launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\jp2launcher.exe | 
"TCP Query User{FAE7C0FD-A43E-4E54-B6D9-EE689B785C44}H:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"UDP Query User{0F46E91E-5C83-44A5-B736-BC061DA018B6}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{1D5BED10-AFFF-4142-93B0-0EC7CF29C6D0}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{1F329947-402A-42E0-9029-A042BCAB3859}H:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"UDP Query User{36628D49-9E55-42B9-A0CE-43F14656593E}H:\program files (x86)\deluge\deluge.exe" = protocol=17 | dir=in | app=h:\program files (x86)\deluge\deluge.exe | 
"UDP Query User{3F1C94CD-2EEF-4A7D-A755-BD0E5E4E6F0B}H:\breaking point\breakingpoint.exe" = protocol=17 | dir=in | app=h:\breaking point\breakingpoint.exe | 
"UDP Query User{41CB5C08-CA9F-48B1-9D4E-4BD2446E6A04}C:\program files (x86)\java\jre7\bin\jp2launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\jp2launcher.exe | 
"UDP Query User{53F3E031-E212-4C11-91C1-42C9B9587776}F:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=f:\program files (x86)\hlsw\hlsw.exe | 
"UDP Query User{6422C18C-61EC-4167-94FC-D6024B21E212}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe | 
"UDP Query User{7A7F8401-BAA7-47DD-B44F-6371D8B799D0}H:\torrent downloads\watch_dogs-deluxe.edition-sc\bin\watch_dogs.exe" = protocol=17 | dir=in | app=h:\torrent downloads\watch_dogs-deluxe.edition-sc\bin\watch_dogs.exe | 
"UDP Query User{7C86E08F-4A79-42FA-A068-B4A482ECD0CC}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{804BCDB0-E2D1-4123-BB5B-FE2C7432B47E}H:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe | 
"UDP Query User{87327415-0727-445A-9D3C-15BF0E9B0168}F:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{94E82683-1D74-4DA6-94B2-50F4BDA43FB1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{AF3464F5-4BEF-48CE-A6C8-CFB68DF2C550}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{CCCC5BC4-F761-48D2-99CC-15EC14E71613}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe | 
"UDP Query User{CE1EEA9F-7182-41EA-8A9D-61189FB1F253}H:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{E79EB03A-63D9-435E-92B4-E8FF4F5B07FA}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F06417065FF}" = Java 7 Update 65 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{47047AA6-C62D-4334-B9CB-84E0630269EC}" = Native Instruments Traktor Kontrol S2 MK2 Driver
"{481F95A7-229D-4116-82EB-4760F320907A}" = Native Instruments Transient Master FX
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4AAE0833-3348-469C-AB09-95B421356900}" = VNC Server 5.2.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.18.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.33.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio" = NVIDIA Miracast Virtual Audio 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.18.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27
"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes
"CCleaner" = CCleaner
"jdownloader2" = JDownloader 2
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"Serviio" = Serviio
"The Glue_is1" = The Glue
"WinRAR archiver" = WinRAR 5.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{13B87C04-33E8-4D92-9102-2C109F8DB6BD}" = Sound Blaster Z-Series
"{16E46BCF-3D36-4353-9BCB-344F7812CEDE}" = Photo Gallery
"{16eca963-68c5-4756-80f9-db9094a4d6f0}" = Plex Media Server
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{2395BEE6-92D4-4D91-8665-5BAB6B78A346}" = Ableton Live 9 Suite
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.22
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{403F1594-BC16-47A5-B365-F73CD69D720E}" = Auto Resolution
"{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer
"{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}" = Microsoft Games for Windows - LIVE Redistributable
"{4769E972-2E92-49C5-B6F9-465EFD0C4D94}" = VirtualDJ PRO Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5909A89E-C97F-407C-AE2B-47BDED86BF5D}" = Prerequisite installer
"{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform
"{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}" = Microsoft Games for Windows Marketplace
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7F0C2357-33B0-4408-A9AD-A7623FAA22B1}" = Screen Split
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89B9E358-75C6-4C6B-BD38-803FF156CC4B}" = CuteFTP 9
"{8C22A294-DBBA-445F-B55C-E26817CCFE69}" = Movie Maker
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}" = Sound Blaster Z-Series Extras
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A2F4B74E-D722-4D9E-817B-F58F32A55A51}" = Windows Live UX Platform Language Pack
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A6BF4853-41E9-4DA1-AD81-4B16FEE938C2}" = Plex Media Server
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8187B41-3541-49AC-8587-C0C75127E92C}" = 8GadgetPack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{B166374C-105E-445E-8E5D-A86CA5742645}" = Nero Burning Core
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B791E0AB-87A9-41A4-8D98-D13C2E37D928}" = Nero Info
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C201BDF9-1C27-46F8-A248-F4469C9FC27C}" = Photo Common
"{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}" = Mumble 1.2.5
"{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE
"{C95AEB53-7FAE-4257-97AF-7136E8D9F9CA}" = Movie Maker
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1" = VSO ConvertXToDVD
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D5115C78-2D22-4668-A5E2-6C87DED3ED1B}" = Nero Launcher
"{DF7DC45D-8A3C-490C-A70F-8C6A6189EDF9}" = Photo Gallery
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}" = Bejeweled® 3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}" = Nero Burning ROM
"{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}" = Nero 2014
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FA66245E-0E77-40D5-94A4-CB7AB753034F}" = TUSB3410
"{FCEDADE3-1C8A-4858-BE93-360168178BB2}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Battlelog Web Plugins" = Battlelog Web Plugins
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CDex" = CDex - Open Source Digital Audio CD Extractor
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Deluge" = Deluge 1.3.6
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"ESN Sonar-0.70.4" = ESN Sonar
"FabFilter Pro-C 1.23 (64-bit)" = FabFilter Pro-C 1.23 (64-bit)
"FabFilter Saturn 1.13 (64-bit)" = FabFilter Saturn 1.13 (64-bit)
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"Google Chrome" = Google Chrome
"HLSW_is1" = HLSW v1.4.0.3
"IL Shared Libraries" = IL Shared Libraries
"ImgBurn" = ImgBurn
"InstallShield_{FA66245E-0E77-40D5-94A4-CB7AB753034F}" = Texas Instruments TUSB3410 drivers.
"Internet Download Manager" = Internet Download Manager
"League of Legends 3.0.0" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 34.0.5 (x86 en-US)" = Mozilla Firefox 34.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktor Kontrol S2 MK2 Driver" = Native Instruments Traktor Kontrol S2 MK2 Driver
"Native Instruments Transient Master FX" = Native Instruments Transient Master FX
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"Origin" = Origin
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Spotydl_is1" = Spotydl 0.9.36.0
"Steam App 107410" = Arma 3
"Steam App 12210" = Grand Theft Auto IV
"Steam App 252490" = Rust
"Sylenth1_is1" = Sylenth1 v2.21
"Tone2 ElectraX full_is1" = ElectraX full
"Tone2 Gladiator full_is1" = Gladiator v1.2.2
"Tunngle beta_is1" = Tunngle beta
"VLC media player" = VLC media player 2.1.2
"Waves Complete V8_is1" = Waves Complete v8.0.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MusicManager" = Music Manager
"Spotify" = Spotify
"StartIsBack" = StartIsBack+
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/15/2014 5:54:31 PM | Computer Name = Arian | Source = VNC Server | ID = 256
Description = SConnection: Client asked for invalid protocol version 3.4
 
Error - 10/15/2014 5:54:31 PM | Computer Name = Arian | Source = VNC Server | ID = 256
Description = SConnection: Assuming compatibility with version 3.3
 
Error - 10/15/2014 5:54:50 PM | Computer Name = Arian | Source = VNC Server | ID = 256
Description = SConnection: Client asked for invalid protocol version 3.4
 
Error - 10/15/2014 5:54:50 PM | Computer Name = Arian | Source = VNC Server | ID = 256
Description = SConnection: Assuming compatibility with version 3.3
 
Error - 10/15/2014 6:07:35 PM | Computer Name = Arian | Source = VNC Server | ID = 256
Description = SConnection: Client asked for invalid protocol version 3.4
 
Error - 10/15/2014 6:07:35 PM | Computer Name = Arian | Source = VNC Server | ID = 256
Description = SConnection: Assuming compatibility with version 3.3
 
Error - 10/15/2014 6:15:11 PM | Computer Name = Arian | Source = VNC Server | ID = 256
Description = SConnection: Client asked for invalid protocol version 3.4
 
Error - 10/15/2014 6:15:11 PM | Computer Name = Arian | Source = VNC Server | ID = 256
Description = SConnection: Assuming compatibility with version 3.3
 
Error - 10/15/2014 6:29:58 PM | Computer Name = Arian | Source = VNC Server | ID = 256
Description = SConnection: Client asked for invalid protocol version 3.4
 
Error - 10/15/2014 6:29:58 PM | Computer Name = Arian | Source = VNC Server | ID = 256
Description = SConnection: Assuming compatibility with version 3.3
 
[ System Events ]
Error - 1/4/2015 3:25:37 PM | Computer Name = Arian | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly.  It has done this 1 
time(s).
 
Error - 1/4/2015 3:25:37 PM | Computer Name = Arian | Source = Service Control Manager | ID = 7034
Description = The Serviio service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 1/4/2015 3:25:37 PM | Computer Name = Arian | Source = Service Control Manager | ID = 7034
Description = The VNC Server service terminated unexpectedly.  It has done this 
1 time(s).
 
Error - 1/4/2015 3:25:37 PM | Computer Name = Arian | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 1/4/2015 3:25:37 PM | Computer Name = Arian | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
 unexpectedly.  It has done this 1 time(s).  The following corrective action will
 be taken in 30000 milliseconds: Restart the service.
 
Error - 1/4/2015 3:25:37 PM | Computer Name = Arian | Source = Service Control Manager | ID = 7031
Description = The WMI Performance Adapter service terminated unexpectedly.  It has
 done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds:
 Restart the service.
 
Error - 1/4/2015 3:26:07 PM | Computer Name = Arian | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
 
Error - 1/4/2015 3:26:10 PM | Computer Name = Arian | Source = Service Control Manager | ID = 7000
Description = The UAC File Virtualization service failed to start due to the following
 error:   %%1275
 
Error - 1/4/2015 4:08:10 PM | Computer Name = Arian | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
 
Error - 1/4/2015 4:08:23 PM | Computer Name = Arian | Source = Service Control Manager | ID = 7000
Description = The UAC File Virtualization service failed to start due to the following
 error:   %%1275
 
 
< End of report >

  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I'm thinking it's this driver:
 
DRV:64bit: - [2015/01/04 10:33:47 | 000,056,432 | ---- | M] (Corsica) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\webinstrNHK.sys -- (webinstrNHK)
 
but OTL doesn't of a good job of removing them so:
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #4
    wdzthursday

    wdzthursday

      New Member

    • Topic Starter
    • Member
    • Pip
    • 4 posts

     

    I'm thinking it's this driver:
     
    DRV:64bit: - [2015/01/04 10:33:47 | 000,056,432 | ---- | M] (Corsica) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\webinstrNHK.sys -- (webinstrNHK)
     
    but OTL doesn't of a good job of removing them so:
     
    Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
     
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
     
    Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
     
    scan-results.jpg
     
    Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
     
    The report will be saved in the C:\AdwCleaner folder.
     
     
     
    Junkware-Removal-Tool
     
    Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
    • Pause your anti-virus.  Close all browsers.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
     
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    •  
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
    • Press Scan button. 
    • It will produce a log called FRST.txt in the same directory the tool is run from.  
    • Please copy and paste log back here. 
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
     

     

    thanks for the reply!

     

    here are the logs..

     

    # AdwCleaner v4.106 - Report created 08/01/2015 at 14:57:43
    # Updated 21/12/2014 by Xplode
    # Database : 2015-01-03.1 [Live]
    # Operating System : Windows 8.1 Pro  (64 bits)
    # Username : Arian - ARIAN
    # Running from : C:\Users\arian\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    File Deleted : C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
    File Deleted : C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17416
     
     
    -\\ Mozilla Firefox v34.0.5 (x86 en-US)
     
     
    -\\ Google Chrome v39.0.2171.95
     
    [C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
     
    *************************
     
    AdwCleaner[R0].txt - [5236 octets] - [04/01/2015 11:24:09]
    AdwCleaner[R1].txt - [1186 octets] - [04/01/2015 22:31:53]
    AdwCleaner[R2].txt - [1327 octets] - [04/01/2015 23:15:08]
    AdwCleaner[R3].txt - [1307 octets] - [05/01/2015 15:44:44]
    AdwCleaner[R4].txt - [4465 octets] - [07/01/2015 07:35:45]
    AdwCleaner[R5].txt - [1487 octets] - [07/01/2015 15:19:39]
    AdwCleaner[R6].txt - [1837 octets] - [08/01/2015 14:56:56]
    AdwCleaner[S0].txt - [5186 octets] - [04/01/2015 11:25:36]
    AdwCleaner[S1].txt - [4558 octets] - [07/01/2015 07:36:39]
    AdwCleaner[S2].txt - [1766 octets] - [08/01/2015 14:57:43]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1826 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 8.1 Pro x64
    Ran by Arian on Thu 01/08/2015 at 15:01:19.62
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 01/08/2015 at 15:02:39.22
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
    Ran by Arian (administrator) on ARIAN on 08-01-2015 15:03:25
    Running from C:\Users\arian\Desktop
    Loaded Profile: Arian (Available profiles: Arian)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Windows\System32\PnkBstrA.exe
    () F:\Program Files\Serviio\bin\ServiioService.exe
    () F:\Program Files\Serviio\bin\ServiioService.exe
    (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncservice.exe
    (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
    (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Users\arian\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Valve Corporation) H:\Program Files (x86)\Steam\Steam.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
    (Google Inc.) C:\Users\arian\AppData\Local\Google\Update\GoogleUpdate.exe
    (LG Electronics) C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe
    (TODO: <Company name>) C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplitterHook64App.exe
    () C:\Program Files (x86)\LG Electronics\Screen Split\bin\DDCCI.exe
    (Spotify Ltd) C:\Users\arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Valve Corporation) H:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Spotify Ltd) C:\Users\arian\AppData\Roaming\Spotify\spotify.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    () C:\Users\arian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\arian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\arian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\arian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\arian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    (LG Electronics) C:\Program Files (x86)\LG Electronics\Auto Resolution\bin\AppResUtilityService.exe
    (Creative Technology Ltd) F:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
    (Dropbox, Inc.) C:\Users\arian\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    () F:\Program Files\Serviio\bin\ServiioConsole.exe
    (LG Electronics Inc) C:\Program Files (x86)\LG Electronics\Auto Resolution\bin\Auto Resolution.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => F:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => F:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => F:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-16] (Power Software Ltd)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
    HKLM-x32\...\Run: [iTunesHelper] => F:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM-x32\...\runonceex: [Flags] => 128
    HKLM-x32\...\runonceex: [Title] => UnHackMe Rootkit Check
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Run: [Steam] => H:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2015-01-03] (Electronic Arts)
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Run: [Google Update] => C:\Users\arian\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-25] (Google Inc.)
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Run: [ScreenSplitter] => C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe [693288 2013-11-07] (LG Electronics)
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Run: [Spotify Web Helper] => C:\Users\arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Run: [Spotify] => C:\Users\arian\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-13] (Spotify Ltd)
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5127304 2014-11-20] (Plex, Inc.)
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\MountPoints2: {2632ca9e-c033-11e3-825f-902b34320e66} - "J:\ToolLauncher-Bootstrap.exe" 
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\MountPoints2: {62b47295-829f-11e4-8292-902b34320e66} - "G:\ToolLauncher-Bootstrap.exe" 
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\MountPoints2: {85c08764-80a2-11e3-8252-902b34320e66} - "I:\ToolLauncher-Bootstrap.exe" 
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\MountPoints2: {c8a9c074-0e32-11e4-8270-902b34320e66} - "G:\LG_PC_Programs.exe" 
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\MountPoints2: {cbfda3ff-8a7a-11e3-8255-902b34320e56} - "J:\ToolLauncher-Bootstrap.exe" 
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\MountPoints2: {cbfda44e-8a7a-11e3-8255-902b34320e56} - "J:\VZW_Software_upgrade_assistant.exe" 
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\MountPoints2: {ddc4a2ff-1af6-11e4-8272-902b34320e66} - "G:\ToolLauncher-Bootstrap.exe" 
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Auto Resolution.lnk
    ShortcutTarget: Auto Resolution.lnk -> C:\Program Files (x86)\LG Electronics\Auto Resolution\bin\AppResUtilityService.exe (LG Electronics)
    Startup: C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\arian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
    ShortcutTarget: Serviio.lnk -> F:\Program Files\Serviio\bin\ServiioConsole.exe ()
    Startup: C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar260.lnk
    ShortcutTarget: Sidebar260.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\arian\AppData\Roaming\Mozilla\Firefox\Profiles\t5a4mn8y.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
    FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
    FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> F:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2231558442-1345113691-1245548305-1001: @tools.google.com/Google Update;version=3 -> C:\Users\arian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2231558442-1345113691-1245548305-1001: @tools.google.com/Google Update;version=9 -> C:\Users\arian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2231558442-1345113691-1245548305-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\arian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Adblock Edge - C:\Users\arian\AppData\Roaming\Mozilla\Firefox\Profiles\t5a4mn8y.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-01]
    FF HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\arian\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\arian\AppData\Roaming\IDM\idmmzcc5 [2014-01-18]
    FF HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\arian\AppData\Roaming\IDM\idmmzcc5
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://google.com/
    CHR StartupUrls: Default -> "hxxp://www.geekstogo.com/forum/forum/37-virus-spyware-malware-removal/?prune_day=100&sort_by=Z-A&sort_key=last_post&topicfilter=all", "hxxp://www.geekstogo.com/forum/topic/346129-getting-ads-on-chromefirefoxinternet-explorer/"
    CHR Profile: C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-04]
    CHR Extension: (Google Docs) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-04]
    CHR Extension: (Google Drive) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-04]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-04]
    CHR Extension: (YouTube) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-04]
    CHR Extension: (Adblock Plus) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-06]
    CHR Extension: (Adblock for Youtube™) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-01-04]
    CHR Extension: (Google Search) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-04]
    CHR Extension: (Google Sheets) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-04]
    CHR Extension: (Steam Link Filter Redirect) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnplbjaccenflfhoilephaokaacdmmgk [2015-01-04]
    CHR Extension: (Google Wallet) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-04]
    CHR Extension: (Gmail) - C:\Users\arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-04]
    CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-01-16]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-18] () [File not signed]
    S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-01-18] (Creative Labs) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-01-18] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
    R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-03] (Electronic Arts)
    R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-17] ()
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-11] ()
    R2 Serviio; F:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-20] () [File not signed]
    R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
    S3 TunngleService; F:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
    R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-06-03] (RealVNC Ltd)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-03-28] (Google Inc)
    S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [19456 2014-05-08] (LG Electronics Inc.)
    S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
    S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
    S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-04] (Emsisoft GmbH)
    R3 cthda; C:\Windows\system32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
    R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
    S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
    S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
    S3 ks2m2avs; C:\Windows\System32\Drivers\ks2m2avs.sys [359120 2013-07-24] (Native Instruments GmbH)
    S3 ks2m2usb_svc; C:\Windows\System32\Drivers\ks2m2usb.sys [85200 2013-07-24] (Native Instruments GmbH)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
    R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    R2 webinstrNHK; C:\Windows\system32\Drivers\webinstrNHK.sys [56432 2015-01-04] (Corsica)
    S3 ALSysIO; \??\C:\Users\arian\AppData\Local\Temp\ALSysIO64.sys [X]
    U0 Partizan; system32\drivers\Partizan.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-08 15:03 - 2015-01-08 15:03 - 00025087 _____ () C:\Users\arian\Desktop\FRST.txt
    2015-01-08 15:02 - 2015-01-08 15:02 - 00000626 _____ () C:\Users\arian\Desktop\JRT.txt
    2015-01-08 14:55 - 2015-01-08 14:56 - 02124288 _____ (Farbar) C:\Users\arian\Desktop\FRST64.exe
    2015-01-08 14:55 - 2015-01-08 14:56 - 01707939 _____ (Thisisu) C:\Users\arian\Desktop\JRT.exe
    2015-01-07 21:52 - 2015-01-07 21:52 - 00000218 _____ () C:\Users\arian\AppData\Local\recently-used.xbel
    2015-01-07 20:56 - 2015-01-07 20:56 - 00000000 ____D () C:\Users\arian\Desktop\hnggg
    2015-01-07 15:03 - 2015-01-07 15:03 - 00000002 RSHOT () C:\Windows\winstart.bat
    2015-01-07 15:03 - 2015-01-07 15:03 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
    2015-01-07 15:03 - 2015-01-07 15:03 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
    2015-01-07 15:03 - 2015-01-07 15:03 - 00000000 ____D () C:\Users\arian\Documents\RegRun2
    2015-01-07 07:24 - 2015-01-07 07:24 - 00000000 ____D () C:\Windows\pss
    2015-01-06 07:26 - 2015-01-08 15:03 - 00000000 ____D () C:\FRST
    2015-01-05 23:29 - 2015-01-05 23:29 - 00002278 _____ () C:\sh4_service.log
    2015-01-05 23:28 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr
    2015-01-05 22:58 - 2015-01-05 22:58 - 00002304 _____ () C:\Users\arian\Desktop\SpyHunter.lnk
    2015-01-05 22:58 - 2015-01-05 22:58 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
    2015-01-05 22:58 - 2015-01-05 22:58 - 00000000 ____D () C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2015-01-05 22:58 - 2015-01-05 22:58 - 00000000 ____D () C:\sh4ldr
    2015-01-05 22:58 - 2015-01-05 22:58 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
    2015-01-05 22:44 - 2015-01-08 14:58 - 00001124 _____ () C:\Windows\PFRO.log
    2015-01-05 17:36 - 2015-01-08 14:59 - 00633469 _____ () C:\Windows\WindowsUpdate.log
    2015-01-05 15:42 - 2015-01-05 15:42 - 00000000 ____D () C:\Program Files\HitmanPro
    2015-01-05 15:35 - 2015-01-05 15:35 - 00086238 _____ () C:\Users\arian\Documents\cc_20150105_153458.reg
    2015-01-05 15:29 - 2015-01-05 15:29 - 00005804 _____ () C:\spyhunter.log
    2015-01-04 23:09 - 2015-01-04 23:09 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-04 23:02 - 2015-01-04 23:02 - 02347384 _____ (ESET) C:\Users\arian\Downloads\esetsmartinstaller_enu (1).exe
    2015-01-04 23:00 - 2015-01-04 23:00 - 02347384 _____ (ESET) C:\Users\arian\Downloads\esetsmartinstaller_enu.exe
    2015-01-04 23:00 - 2015-01-04 23:00 - 00000000 ____D () C:\Program Files (x86)\ESET
    2015-01-04 22:36 - 2015-01-04 22:36 - 00000000 _____ () C:\autoexec.bat
    2015-01-04 11:33 - 2015-01-04 11:33 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
    2015-01-04 11:30 - 2015-01-04 11:34 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-01-04 11:24 - 2015-01-08 14:57 - 00000000 ____D () C:\AdwCleaner
    2015-01-04 11:23 - 2015-01-04 11:23 - 02173952 _____ () C:\Users\arian\Desktop\AdwCleaner.exe
    2015-01-04 11:12 - 2015-01-04 11:12 - 00000755 _____ () C:\Users\arian\Desktop\Start Emsisoft Emergency Kit.lnk
    2015-01-04 11:12 - 2015-01-04 11:12 - 00000000 ____D () C:\EEK
    2015-01-04 10:34 - 2015-01-04 10:34 - 00001984 _____ () C:\Windows\patsearch.bin
    2015-01-04 10:34 - 2015-01-04 10:33 - 00056432 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNHK.sys
    2015-01-03 11:19 - 2015-01-03 11:19 - 00000299 _____ () C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
    2015-01-03 11:12 - 2015-01-08 14:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-03 11:12 - 2015-01-03 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-03 11:12 - 2015-01-03 11:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-03 11:12 - 2015-01-03 11:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-03 11:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-03 11:12 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-03 11:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-03 11:03 - 2014-11-09 18:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
    2015-01-03 11:03 - 2014-11-09 17:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
    2015-01-03 11:03 - 2014-10-30 15:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-01-03 11:03 - 2014-10-30 15:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-01-03 11:02 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-01-03 11:02 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-01-03 11:02 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-01-03 11:02 - 2014-11-21 18:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-01-03 11:02 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-01-03 11:02 - 2014-11-21 18:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-01-03 11:02 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-01-03 11:02 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-01-03 11:02 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-01-03 11:02 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-01-03 11:02 - 2014-11-21 18:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-01-03 11:02 - 2014-11-21 18:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-01-03 11:02 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-01-03 11:02 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-01-03 11:02 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-01-03 11:02 - 2014-11-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-01-03 11:02 - 2014-11-21 17:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-01-03 11:02 - 2014-11-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-01-03 11:02 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-01-03 11:02 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-01-03 11:02 - 2014-11-21 17:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-01-03 11:02 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-01-03 11:02 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-01-03 11:02 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-01-03 11:02 - 2014-11-21 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-01-03 11:02 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-01-03 11:02 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-01-03 11:02 - 2014-11-21 17:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-01-03 11:02 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-01-03 11:02 - 2014-11-21 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-01-03 11:02 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-01-03 11:02 - 2014-11-21 17:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-01-03 11:02 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-01-03 11:02 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-01-03 11:02 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-01-03 11:02 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-01-03 11:02 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-01-03 11:02 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-01-03 11:02 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-01-03 11:02 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-01-03 11:02 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-01-03 11:02 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-01-03 11:02 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2015-01-03 11:02 - 2014-11-06 20:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-01-03 11:02 - 2014-11-06 19:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-01-03 11:02 - 2014-10-31 15:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
    2015-01-03 11:02 - 2014-10-31 15:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
    2015-01-03 11:02 - 2014-10-30 14:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-01-03 11:02 - 2014-10-30 14:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-01-03 11:02 - 2014-10-12 18:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
    2015-01-03 11:02 - 2014-10-12 18:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
    2015-01-03 11:02 - 2014-10-12 18:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
    2015-01-03 11:02 - 2014-10-12 18:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
    2015-01-03 11:00 - 2015-01-03 11:00 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2014-12-25 13:45 - 2014-12-12 16:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2014-12-25 13:44 - 2014-12-13 02:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2014-12-25 13:44 - 2014-12-13 02:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00834880 _____ () C:\Windows\system32\nvmcumd.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2014-12-25 13:44 - 2014-12-13 02:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2014-12-25 13:44 - 2014-10-09 09:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2014-12-25 13:44 - 2014-10-09 09:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2014-12-25 13:44 - 2014-10-08 23:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
    2014-12-25 13:42 - 2014-11-22 02:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2014-12-25 13:42 - 2014-11-22 02:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2014-12-14 16:03 - 2014-12-14 16:03 - 00000000 ____D () C:\Users\arian\AppData\Roaming\dvdcss
    2014-12-13 19:54 - 2014-12-13 19:54 - 00000029 _____ () C:\Users\arian\Documents\di.fm.txt
    2014-12-13 08:12 - 2014-12-13 08:12 - 00000000 ____D () C:\Users\arian\AppData\Roaming\TaiG
    2014-12-11 21:10 - 2014-12-11 21:10 - 00000012 _____ () C:\Users\arian\Desktop\costco.txt
    2014-12-09 16:41 - 2014-12-09 16:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-08 15:00 - 2014-01-18 12:11 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-08 15:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-01-08 14:59 - 2014-01-18 13:31 - 00000000 ____D () C:\Users\arian\AppData\Roaming\Skype
    2015-01-08 14:58 - 2014-07-26 21:46 - 00000000 ____D () C:\Users\arian\AppData\Roaming\Spotify
    2015-01-08 14:58 - 2014-04-13 21:57 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-08 14:58 - 2014-01-18 15:15 - 00000000 ___RD () C:\Users\arian\Dropbox
    2015-01-08 14:58 - 2014-01-18 15:13 - 00000000 ____D () C:\Users\arian\AppData\Roaming\Dropbox
    2015-01-08 14:58 - 2014-01-18 14:47 - 00000000 ____D () C:\Program Files (x86)\Origin
    2015-01-08 14:58 - 2014-01-18 13:32 - 00000189 _____ () C:\.dir
    2015-01-08 14:58 - 2014-01-18 12:11 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-01-08 14:58 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-08 14:56 - 2014-01-18 13:06 - 00000000 ____D () C:\Users\arian\AppData\Roaming\vlc
    2015-01-08 14:25 - 2014-04-13 21:57 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-08 09:56 - 2014-01-18 12:09 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7AF0D009-565D-4AD3-AE80-36A4FB62D4FB}
    2015-01-07 21:26 - 2014-01-19 01:09 - 04356608 ___SH () C:\Users\arian\Desktop\Thumbs.db
    2015-01-07 20:54 - 2014-01-18 13:11 - 00000000 ____D () C:\Users\arian\AppData\Roaming\Mumble
    2015-01-07 15:35 - 2014-01-18 14:48 - 00000000 ____D () C:\ProgramData\Origin
    2015-01-07 07:24 - 2014-07-26 21:46 - 00000000 ____D () C:\Users\arian\AppData\Local\Spotify
    2015-01-06 20:10 - 2014-01-18 13:02 - 00000000 ____D () C:\Users\arian\AppData\Roaming\DMCache
    2015-01-06 07:21 - 2014-01-18 13:55 - 00000000 ____D () C:\Users\arian\AppData\Local\cache
    2015-01-05 23:40 - 2014-01-18 12:13 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2231558442-1345113691-1245548305-1001
    2015-01-05 22:55 - 2014-01-18 13:02 - 00000000 ____D () C:\Users\arian\AppData\Roaming\IDM
    2015-01-05 15:35 - 2014-01-18 12:49 - 00000000 ____D () C:\ProgramData\VSO
    2015-01-05 00:50 - 2014-01-18 13:09 - 00000000 ____D () C:\Users\arian\Documents\TitaniumBackup
    2015-01-04 22:37 - 2014-01-18 12:18 - 00000000 ____D () C:\Users\arian\AppData\Local\Google
    2015-01-04 14:50 - 2014-07-13 12:58 - 00002296 ____H () C:\Users\arian\Documents\Default.rdp
    2015-01-04 14:06 - 2014-06-08 14:53 - 00000000 ____D () C:\Users\arian\AppData\Roaming\TeamViewer
    2015-01-04 11:25 - 2014-01-18 12:07 - 00000000 ____D () C:\Users\arian
    2015-01-04 11:03 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-01-04 10:56 - 2014-07-13 09:28 - 00000600 _____ () C:\Users\arian\AppData\Local\PUTTY.RND
    2015-01-04 03:17 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
    2015-01-03 11:10 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-01-03 11:09 - 2014-01-18 13:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-01-03 11:09 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
    2015-01-03 11:09 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
    2015-01-03 11:09 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-01-03 11:08 - 2014-01-18 16:37 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-03 11:08 - 2014-01-18 13:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-01-03 11:06 - 2014-01-18 16:37 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-03 10:59 - 2014-01-18 15:14 - 00000000 ____D () C:\Users\arian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-01-01 23:17 - 2014-07-13 09:28 - 00000000 ____D () C:\Users\arian\Desktop\linux stuff
    2015-01-01 13:38 - 2014-01-18 13:09 - 00089600 _____ () C:\Users\arian\Documents\Aria.xls
    2014-12-26 15:37 - 2014-01-18 13:09 - 00000000 ___RD () C:\Users\arian\Documents\trance mix 11 Project
    2014-12-25 13:45 - 2014-01-18 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2014-12-15 23:13 - 2014-01-18 13:20 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-15 23:12 - 2014-10-19 13:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-12-15 23:12 - 2014-01-18 13:31 - 00000000 ____D () C:\ProgramData\Skype
    2014-12-15 23:11 - 2014-11-01 08:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-12-14 16:02 - 2014-01-19 16:40 - 00000000 ____D () C:\Users\arian\Documents\ConvertXtoDVD
    2014-12-13 02:08 - 2014-11-16 13:10 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2014-12-13 02:08 - 2014-01-18 12:11 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2014-12-13 02:08 - 2014-01-18 12:11 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2014-12-13 02:08 - 2014-01-18 12:11 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2014-12-13 02:08 - 2014-01-18 12:11 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2014-12-13 02:08 - 2014-01-18 12:11 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2014-12-13 02:08 - 2014-01-18 12:11 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2014-12-13 02:08 - 2014-01-18 12:11 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2014-12-13 02:08 - 2014-01-18 12:11 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
    2014-12-13 00:03 - 2014-10-25 09:20 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2014-12-13 00:03 - 2014-01-18 12:11 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2014-12-13 00:03 - 2014-01-18 12:11 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2014-12-13 00:03 - 2014-01-18 12:11 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2014-12-13 00:03 - 2014-01-18 12:11 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2014-12-13 00:03 - 2014-01-18 12:11 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2014-12-12 16:12 - 2014-08-10 18:04 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2014-12-12 16:12 - 2014-08-10 18:04 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2014-12-12 16:12 - 2014-01-18 12:12 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2014-12-12 16:12 - 2014-01-18 12:12 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2014-12-12 15:11 - 2014-01-18 12:11 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
    2014-12-11 01:27 - 2014-04-13 21:57 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
     
    Some content of TEMP:
    ====================
    C:\Users\arian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpivvlft.dll
    C:\Users\arian\AppData\Local\Temp\Quarantine.exe
    C:\Users\arian\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-01 04:14
     
    ==================== End Of Log ============================
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
    Ran by Arian at 2015-01-08 15:03:44
    Running from C:\Users\arian\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    8GadgetPack (HKLM-x32\...\{A8187B41-3541-49AC-8587-C0C75127E92C}) (Version: 9.0.0 - Helmut Buhler)
    Ableton Live 9 Suite (HKLM-x32\...\{2395BEE6-92D4-4D91-8665-5BAB6B78A346}) (Version: 9.0.0.0 - Ableton)
    Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
    Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
    Auto Resolution (HKLM-x32\...\{403F1594-BC16-47A5-B365-F73CD69D720E}) (Version: 1.9 - LG Electronics Inc.)
    AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
    Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
    Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
    Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
    Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
    CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.72.1.2014 - Georgy Berdyshev)
    CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.0 - Globalscape)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13.5 - Illustrate)
    Deluge 1.3.6 (HKLM-x32\...\Deluge) (Version:  - )
    Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
    Dropbox (HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
    ElectraX full (HKLM-x32\...\Tone2 ElectraX full_is1) (Version:  - Tone2)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
    FabFilter Pro-C 1.23 (64-bit) (HKLM-x32\...\FabFilter Pro-C 1.23 (64-bit)) (Version:  - )
    FabFilter Saturn 1.13 (64-bit) (HKLM-x32\...\FabFilter Saturn 1.13 (64-bit)) (Version:  - )
    FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
    FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
    Gladiator v1.2.2 (HKLM-x32\...\Tone2 Gladiator full_is1) (Version:  - Tone2)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
    HLSW v1.4.0.3 (HKLM-x32\...\HLSW_is1) (Version:  - Stripf Software)
    IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
    League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
    League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
    LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
    Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
    Music Manager (HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\MusicManager) (Version:  - Google, Inc.)
    Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.2.1863 - Native Instruments)
    Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
    Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
    Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
    Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
    Native Instruments Transient Master FX (HKLM-x32\...\Native Instruments Transient Master FX) (Version:  - Native Instruments)
    Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
    NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA Miracast Virtual Audio 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
    OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
    Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1104 - Plex, Inc.) Hidden
    PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
    Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
    Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
    Screen Split (HKLM-x32\...\{7F0C2357-33B0-4408-A9AD-A7623FAA22B1}) (Version: 6.29 - LG Electronics Inc.)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
    Serviio (HKLM\...\Serviio) (Version:  - )
    SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
    Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
    Sound Blaster Z-Series (HKLM-x32\...\{13B87C04-33E8-4D92-9102-2C109F8DB6BD}) (Version: 1.00.22 - Creative Technology Limited)
    Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
    Spotify (HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    Spotydl 0.9.36.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.36.0 - spotydl.com)
    StartIsBack+ (HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\StartIsBack) (Version: 1.5.1 - startisback.com)
    Sylenth1 v2.21 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
    Texas Instruments TUSB3410 drivers. (HKLM-x32\...\InstallShield_{FA66245E-0E77-40D5-94A4-CB7AB753034F}) (Version: 6.5.9019.1 - Texas Instruments Inc.)
    The Glue (HKLM\...\The Glue_is1) (Version: 1.2.1 - )
    Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
    TUSB3410 (x32 Version: 6.5.9019.1 - Texas Instruments Inc.) Hidden
    Unity Web Player (HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
    VirtualDJ PRO Full (HKLM-x32\...\{4769E972-2E92-49C5-B6F9-465EFD0C4D94}) (Version: 7.0.5 - Atomix Productions)
    VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
    VNC Server 5.2.0 (HKLM\...\{4AAE0833-3348-469C-AB09-95B421356900}) (Version: 5.2.0 - RealVNC Ltd)
    VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.27 - VSO-Software SARL)
    Waves Complete v8.0.11 (HKLM-x32\...\Waves Complete V8_is1) (Version:  - )
    Winamp (HKLM-x32\...\Winamp) (Version: 5.7 Beta - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    WinDirStat 1.1.2 (HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\WinDirStat) (Version:  - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
    WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\arian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\arian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{61625667-893E-4707-B925-A82B528C00B9}\InprocServer32 -> C:\Users\arian\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\InprocServer32 -> C:\Users\arian\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\arian\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\arian\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{E5C31EC8-C5E6-4E07-957E-944DB4AAD85E}\InprocServer32 -> C:\Users\arian\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\arian\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2231558442-1345113691-1245548305-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
     
    ==================== Restore Points  =========================
     
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 05:25 - 2014-04-13 11:04 - 00000886 ____N C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {007B69E5-C716-46AD-9766-684F399E3599} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.)
    Task: {1E41468F-5F44-47E6-929A-5310842D7796} - System32\Tasks\{663CD220-992D-41EF-ABE8-BD1DD78BE978} => pcalua.exe -a "C:\Program Files (x86)\Actual Multiple Monitors\unins000.exe"
    Task: {3F230B2F-0E27-4A86-AA9B-DE7C00F8DCF0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
    Task: {6CDF26F6-55BA-4B19-854C-2574493F66F0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {8806DC90-3930-4B4B-B1D7-1FF6D3A8C577} - System32\Tasks\KMS Server Daily Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [2013-11-19] (MDL)
    Task: {99195426-6EE4-4502-B12C-C84CC278C26F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {B21DA812-9F87-4BB4-99ED-B3A0F4E726AB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-03] (Microsoft Corporation)
    Task: {C63C1C1B-9DC0-41ED-B237-CA6A2A3EA3A4} - System32\Tasks\KMS Server OnLogon Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [2013-11-19] (MDL)
    Task: {D6B4815F-D8A7-47B7-B98B-6FE5C5F09B5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.)
    Task: {E55D064D-CE5E-4CD8-BD02-C4B6BA52C86F} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
    Task: {EA71A78D-F766-4BB2-8967-2F32DF02FEA4} - System32\Tasks\{A6C61C78-5BBD-47A2-BB37-A01CBC56BC55} => pcalua.exe -a "C:\Program Files (x86)\ClearThink\ClearThinkuninstall.exe"
    Task: {F8AE9364-4D86-49BF-BB4D-4D90E2C2D649} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2231558442-1345113691-1245548305-1001Core1cf8d8a61fa78b.job => C:\Users\arian\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2231558442-1345113691-1245548305-1001Core1cfed21d5b7037.job => C:\Users\arian\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2231558442-1345113691-1245548305-1001Core1d000fc374b0182.job => C:\Users\arian\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-01-18 12:11 - 2014-12-13 00:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-08-16 12:25 - 2013-06-12 14:54 - 00066048 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplitterHook64.dll
    2014-08-17 11:18 - 2014-08-17 11:18 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
    2014-03-20 17:57 - 2014-03-20 17:57 - 00359936 _____ () F:\Program Files\Serviio\bin\ServiioService.exe
    2014-08-16 12:25 - 2013-06-26 09:56 - 00241664 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\DDCCI.exe
    2014-07-26 21:46 - 2014-12-13 19:17 - 00374840 _____ () C:\Users\arian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    2014-03-20 17:57 - 2014-03-20 17:57 - 00399360 _____ () F:\Program Files\Serviio\bin\ServiioConsole.exe
    2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () F:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-12-11 01:27 - 2014-12-05 17:16 - 01408328 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2014-12-11 01:27 - 2014-12-05 17:16 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2014-12-11 01:27 - 2014-12-05 17:17 - 10689352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-11 01:27 - 2014-12-05 17:16 - 01856840 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
    2014-12-11 01:27 - 2014-12-05 17:17 - 26725192 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
    2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-08-16 12:25 - 2013-06-12 14:54 - 00063488 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplitterHook.dll
    2014-11-12 20:08 - 2014-11-11 10:48 - 01171456 _____ () H:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-11-12 20:08 - 2014-11-11 10:48 - 00332800 _____ () H:\Program Files (x86)\Steam\libavresample-2.dll
    2014-11-12 20:08 - 2014-11-11 10:48 - 00442368 _____ () H:\Program Files (x86)\Steam\libavutil-54.dll
    2014-11-12 20:08 - 2014-11-11 10:47 - 00774656 _____ () H:\Program Files (x86)\Steam\SDL2.dll
    2014-11-21 20:32 - 2014-11-18 12:23 - 02227904 _____ () H:\Program Files (x86)\Steam\video.dll
    2014-11-12 20:08 - 2014-11-11 10:48 - 00403968 _____ () H:\Program Files (x86)\Steam\libavformat-56.dll
    2014-11-12 20:08 - 2014-11-11 10:48 - 00485888 _____ () H:\Program Files (x86)\Steam\libswscale-3.dll
    2014-11-21 20:32 - 2014-11-18 12:23 - 00690880 _____ () H:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2014-02-01 15:58 - 2015-01-03 10:59 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
    2014-02-01 15:58 - 2015-01-03 10:59 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
    2014-02-01 15:58 - 2015-01-03 10:59 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
    2014-02-01 15:58 - 2015-01-03 10:59 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
    2014-02-01 15:58 - 2015-01-03 10:59 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
    2014-02-01 15:58 - 2015-01-03 10:59 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
    2014-02-01 15:58 - 2015-01-03 10:59 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
    2014-02-01 15:58 - 2015-01-03 10:59 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
    2014-08-16 12:25 - 2013-04-24 16:47 - 00004608 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\EngRes.dll
    2014-11-12 20:08 - 2014-11-11 10:48 - 34589888 _____ () H:\Program Files (x86)\Steam\bin\libcef.dll
    2014-07-26 21:46 - 2014-12-13 19:17 - 36966968 _____ () C:\Users\arian\AppData\Roaming\Spotify\Data\libcef.dll
    2014-07-26 21:46 - 2014-12-13 19:17 - 00867896 _____ () C:\Users\arian\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
    2014-07-26 21:46 - 2014-12-13 19:17 - 00886840 _____ () C:\Users\arian\AppData\Roaming\Spotify\Data\libglesv2.dll
    2014-07-26 21:46 - 2014-12-13 19:17 - 00108600 _____ () C:\Users\arian\AppData\Roaming\Spotify\Data\libegl.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00750080 _____ () C:\Users\arian\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-01-08 14:58 - 2015-01-08 14:58 - 00043008 _____ () c:\users\arian\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpivvlft.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00047616 _____ () C:\Users\arian\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00863744 _____ () C:\Users\arian\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00200704 _____ () C:\Users\arian\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Users\arian\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\arian\Desktop\1418353027600.jpg:com.dropbox.attributes
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    HKLM\...\StartupApproved\Run: => "tvncontrol"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
    HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\StartupApproved\Run: => "NextLive"
    HKU\S-1-5-21-2231558442-1345113691-1245548305-1001\...\StartupApproved\Run: => "Plex Media Server"
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-2231558442-1345113691-1245548305-500 - Administrator - Disabled)
    Arian (S-1-5-21-2231558442-1345113691-1245548305-1001 - Administrator - Enabled) => C:\Users\arian
    Guest (S-1-5-21-2231558442-1345113691-1245548305-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-2231558442-1345113691-1245548305-1003 - Limited - Enabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
     
    Microsoft Office Sessions:
    =========================
     
    CodeIntegrity Errors:
    ===================================
      Date: 2015-01-07 02:59:01.025
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2015-01-05 23:40:27.698
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2015-01-04 03:00:40.569
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-16 05:55:55.374
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-10 03:09:15.552
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-10 03:09:15.490
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-10 03:09:15.417
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-10 03:09:15.072
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-10 03:09:14.960
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-08 05:46:30.749
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
    Percentage of memory in use: 9%
    Total physical RAM: 32726.04 MB
    Available physical RAM: 29609.87 MB
    Total Pagefile: 32726.04 MB
    Available Pagefile: 29527.02 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:111.79 GB) (Free:43.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive f: () (Fixed) (Total:596.17 GB) (Free:499.59 GB) NTFS
    Drive h: (Games/Media) (Fixed) (Total:1863.01 GB) (Free:977.56 GB) NTFS
    Drive i: (ARIAN'S IPO) (Removable) (Total:148.79 GB) (Free:94.02 GB) FAT32
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 17E39648)
    Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 0F6B1E0E)
    Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
    Partition 2: (Active) - (Size=596.2 GB) - (Type=42)
    Partition 3: (Not Active) - (Size=1368 KB) - (Type=42)
     
    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E49FF29C)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=42)
    Attempted reading MBR returned 0 bytes.
     Could not read MBR for disk 3.
     
    ==================== End Of Log ============================

    • 0

    #5
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

    • 0

    #6
    wdzthursday

    wdzthursday

      New Member

    • Topic Starter
    • Member
    • Pip
    • 4 posts

    Sorry i just got back from work.. 

    Here you go.

    Attached Files


    Edited by wdzthursday, 08 January 2015 - 11:01 PM.

    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    Could I see the fix log?  


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: ads, popupads, redirectlinks

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP