Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware or malware is running on my computer [Solved]

Started by Trippycruise , Jun 13 2015 05:34 AM
malware adware coupoon infected

  • This topic is locked This topic is locked

#1
Trippycruise
Posted 13 June 2015 - 05:34 AM

Trippycruise

    Member

  • Member
  • PipPip
  • 11 posts

Recently my computer has started to install new programs without permission, they are numerous and will not let me delete them or stop the processes under the task manager. The programs vary from coupoon and Tencent to a chinese antivirus software.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Josh (administrator) on SERGEANT on 13-06-2015 12:26:28
Running from C:\Users\Josh\Desktop
Loaded Profiles: Josh (Available Profiles: Josh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Apache Software Foundation) C:\Users\Josh\Desktop\UniServer\usr\local\apache2\bin\Apache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Users\Josh\Desktop\UniServer\usr\local\mysql\bin\mysqld-opt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Apache Software Foundation) C:\Users\Josh\Desktop\UniServer\usr\local\apache2\bin\Apache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(                                                            ) C:\Windows\Temp\nsv50E2.tmp\1171.exe
() C:\Windows\Temp\is-F2R07.tmp\1171.tmp
Failed to access process -> abengine.exe
() C:\Windows\Temp\is-K71JM.tmp\MYPCBU.tmp
(                                                            ) C:\Windows\Temp\is-TVEU7.tmp\MyPCBU
() C:\Windows\Temp\is-S8KJI.tmp\MyPCBU.tmp
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\QQPCNetFlow.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMAutoClean.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\QQPCMgrUpdate.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
(Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
(Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
(Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
(Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
(Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
(Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49976 2014-08-01] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [43871584 2015-06-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rising\Rs.exe
HKLM-x32\...\Run: [mbot_gb_014010002] => [X]
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe [355296 2015-06-13] (Tencent)
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\utorrent\utorrent.exe <====== ATTENTION
HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\...\MountPoints2: {548dca6b-b820-11e4-bff8-74d435e5c444} - F:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll [2015-06-13] (Tencent)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3488561027-3919077454-2296592760-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSWebMon64.dat [2015-06-13] (Tencent)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-16] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-16] (Oracle Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine)
Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine)
Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine)
Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine)
Winsock: Catalog9-x64 15 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll [2015-06-13] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\.DEFAULT: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF Plugin HKU\S-1-5-21-3488561027-3919077454-2296592760-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-02-15] ()
FF Plugin HKU\S-1-5-21-3488561027-3919077454-2296592760-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
 
Chrome: 
=======
CHR Profile: C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-04]
CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-04]
CHR Extension: (Google Search) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-04]
CHR Extension: (AdBlock) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]
CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [ooebklgpfnbcnpokahmdidgbmlcdepkm] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ApacheS1; C:\Users\Josh\Desktop\UniServer\usr\local\apache2\bin\Apache.exe [24645 2009-09-28] (Apache Software Foundation) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-01] (Dropbox, Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1744952 2015-05-16] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6507576 2015-05-16] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MySQLS1; C:\Users\Josh\Desktop\UniServer\usr\local\mysql\bin\mysqld-opt.exe [6041600 2009-09-22] () [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-10] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-04] ()
R4 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe [297608 2015-06-13] (Tencent)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe [293856 2015-06-13] (Tencent)
R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-06-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.)
R2 abengine; C:\Program Files (x86)\HighlightSearches\abengine.exe [X]
S2 CoupoonService64; No ImagePath
S3 FlexNet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-19] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUdisk64.sys [62264 2015-06-13] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQSysMonX64.sys [129336 2015-06-13] (电脑管家)
S3 SaiK0CFA; C:\Windows\System32\DRIVERS\SaiK0CFA.sys [174600 2010-08-10] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek)
S3 SaiU0CFA; C:\Windows\System32\DRIVERS\SaiU0CFA.sys [41352 2010-08-10] (Saitek)
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99640 2015-06-13] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-06-13] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-06-13] (电脑管家)
R1 TSCPM; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\tscpm64.sys [42296 2015-06-13] (电脑管家)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSDefenseBT64.sys [28472 2015-06-13] (Tencent)
R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-13] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSSysKit64.sys [87352 2015-06-13] (电脑管家)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
S3 XBCD; C:\Windows\System32\DRIVERS\XBCD.sys [27608 2011-10-08] (XBCD Project)
S3 cpuz137; \??\C:\Users\Josh\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-13 12:26 - 2015-06-13 12:26 - 00052711 _____ C:\Users\Josh\Desktop\FRST.txt
2015-06-13 12:25 - 2015-06-13 12:26 - 00000000 ____D C:\FRST
2015-06-13 12:25 - 2015-06-13 12:25 - 02108928 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2015-06-13 11:08 - 2015-06-13 11:35 - 00000000 ___RD C:\RavBin
2015-06-13 11:08 - 2015-06-13 11:08 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-06-13 05:06 - 2015-06-13 05:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-13 03:51 - 2015-06-13 03:51 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-13 03:41 - 2015-06-13 03:41 - 00122608 ____H C:\Windows\SysWOW64\mlfcache.dat
2015-06-13 03:36 - 2015-06-13 12:01 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Tencent
2015-06-13 03:36 - 2015-06-13 03:36 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-13 03:36 - 2015-06-13 03:36 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-13 03:36 - 2015-06-13 03:36 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-13 03:36 - 2015-06-13 03:36 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-13 03:36 - 2015-06-13 03:36 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-06-13 03:35 - 2015-06-13 03:51 - 00000000 ____D C:\ProgramData\Tencent
2015-06-13 03:35 - 2015-06-13 03:35 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-06-13 03:27 - 2015-06-13 05:34 - 00000000 ____D C:\ProgramData\abc
2015-06-13 03:25 - 2015-06-13 03:25 - 00000000 ____D C:\ProgramData\PastaLeadsAgent
2015-06-13 03:24 - 2015-06-13 03:25 - 00000000 ____D C:\ProgramData\LolliScan
2015-06-13 03:24 - 2015-06-13 03:24 - 00000000 ____D C:\ProgramData\Rising
2015-06-13 03:22 - 2015-06-13 11:36 - 00000000 ____D C:\Program Files (x86)\Coupoon
2015-06-13 03:13 - 2015-06-13 03:13 - 00003092 _____ C:\Windows\System32\Tasks\iren3006
2015-06-13 03:12 - 2015-06-13 03:13 - 00009032 _____ C:\Windows\SysWOW64\abengineOff.ini
2015-06-13 03:12 - 2015-06-13 03:13 - 00009032 _____ C:\Windows\system32\abengineOff.ini
2015-06-13 03:12 - 2015-04-22 15:51 - 00409168 _____ (Abengine) C:\Windows\system32\abengine64.dll
2015-06-13 00:00 - 2015-06-13 10:23 - 00000000 ____D C:\GOG Games
2015-06-12 23:55 - 2015-06-12 23:55 - 00001059 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk
2015-06-12 23:55 - 2015-06-12 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-06-12 23:55 - 2015-06-12 23:55 - 00000000 ____D C:\ProgramData\GOG.com
2015-06-12 23:55 - 2015-06-12 23:55 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2015-06-12 23:53 - 2015-06-12 23:55 - 62776056 _____ (GOG.com ) C:\Users\Josh\Downloads\setup_galaxy_1.0.2.958.exe
2015-06-12 00:25 - 2015-06-12 00:25 - 00215388 _____ C:\Users\Josh\Desktop\Modi_Gun.fbx
2015-06-11 23:07 - 2015-06-11 23:07 - 00001397 _____ C:\Users\Josh\Desktop\nDo - Shortcut.lnk
2015-06-11 23:02 - 2015-06-11 23:02 - 00001426 _____ C:\Users\Josh\Desktop\dDo - Shortcut.lnk
2015-06-11 10:47 - 2015-06-11 10:47 - 00000332 _____ C:\Windows\PFRO.log
2015-06-11 02:48 - 2015-06-11 02:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-10 22:44 - 2015-06-10 22:44 - 00079041 _____ C:\Users\Josh\Downloads\Mega Man (USA).zip
2015-06-10 20:49 - 2015-06-13 10:26 - 00017900 _____ C:\Windows\DirectX.log
2015-06-10 12:02 - 2015-06-10 12:02 - 00000000 ____D C:\Users\Josh\AppData\Local\I Am Bread
2015-06-10 12:02 - 2015-06-01 20:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 12:02 - 2015-06-01 19:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 12:02 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 12:02 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 12:02 - 2015-05-25 18:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 12:02 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 12:02 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 12:02 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 12:02 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 12:02 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 12:02 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 12:02 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 12:02 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 12:02 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 12:02 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 12:02 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 12:02 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 12:02 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 12:02 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 12:02 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 12:02 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 12:02 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 12:02 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 12:02 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 12:02 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 12:02 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 12:02 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 12:02 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 12:02 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 12:02 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 12:02 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 12:02 - 2015-05-22 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 12:02 - 2015-05-22 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 12:02 - 2015-05-22 20:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 12:02 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 12:02 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 12:02 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 12:02 - 2015-05-22 20:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 12:02 - 2015-05-22 19:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 12:02 - 2015-05-22 19:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 12:02 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 12:02 - 2015-05-22 19:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 12:02 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 12:02 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 12:02 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 12:02 - 2015-05-22 19:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 12:02 - 2015-05-22 19:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 12:02 - 2015-05-22 19:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 12:02 - 2015-05-22 19:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 12:02 - 2015-05-22 19:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 12:02 - 2015-05-22 19:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 12:02 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 12:02 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 12:02 - 2015-05-22 19:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 12:02 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 12:02 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 12:02 - 2015-05-22 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 12:02 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 12:02 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 12:02 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 12:02 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 11:59 - 2015-06-10 11:59 - 00003374 _____ C:\Windows\System32\Tasks\SystemSoundsService
2015-06-10 11:59 - 2015-06-10 11:59 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Logic
2015-06-10 11:59 - 2015-05-25 19:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 11:59 - 2015-05-25 19:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 11:59 - 2015-05-25 19:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 11:59 - 2015-05-25 19:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 11:59 - 2015-05-25 19:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 11:59 - 2015-05-25 19:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 11:59 - 2015-05-25 19:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 11:59 - 2015-05-25 19:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 11:59 - 2015-05-25 19:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 11:59 - 2015-05-25 19:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 11:59 - 2015-05-25 19:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 11:59 - 2015-05-25 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 11:59 - 2015-05-25 19:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 11:59 - 2015-05-25 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 11:59 - 2015-05-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 11:59 - 2015-05-25 19:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 11:59 - 2015-05-25 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 11:59 - 2015-05-25 19:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 11:59 - 2015-05-25 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 11:59 - 2015-05-25 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 11:59 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 11:59 - 2015-05-25 19:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 11:59 - 2015-05-25 19:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 11:59 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 11:59 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 11:59 - 2015-05-25 19:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 11:59 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 11:59 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 11:59 - 2015-05-25 19:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 11:59 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 11:59 - 2015-05-25 18:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 11:59 - 2015-05-25 18:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 11:59 - 2015-05-25 18:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 11:59 - 2015-05-25 18:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 11:59 - 2015-05-25 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 11:59 - 2015-05-25 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 18:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 11:59 - 2015-05-25 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 11:59 - 2015-05-25 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 11:59 - 2015-05-25 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 11:59 - 2015-05-25 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 11:59 - 2015-05-22 19:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 11:59 - 2015-05-22 19:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 11:59 - 2015-05-22 19:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 11:59 - 2015-05-22 19:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 11:59 - 2015-05-22 19:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 11:59 - 2015-05-22 19:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 11:59 - 2015-05-22 19:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 11:59 - 2015-05-21 14:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 11:59 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 11:59 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 11:59 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 11:59 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 11:59 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 11:59 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 11:59 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 11:59 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 11:59 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 11:59 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 11:58 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 11:58 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 11:41 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 11:36 - 2015-06-10 11:59 - 00000000 ____D C:\Users\Josh\Downloads\I am Bread cracked
2015-06-09 23:57 - 2015-06-09 23:57 - 00002966 _____ C:\Windows\System32\Tasks\{87D62E7B-A547-4AEB-B91A-61F273B5BAD2}
2015-06-09 23:57 - 2015-06-09 23:57 - 00002966 _____ C:\Windows\System32\Tasks\{84882BF0-8F4D-4E5F-A61F-EB1AD341037F}
2015-06-09 23:55 - 2015-06-09 23:55 - 01998432 _____ (BitTorrent Inc.) C:\Users\Josh\Downloads\uTorrent.exe
2015-06-09 18:09 - 2015-06-09 18:09 - 04491776 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\Sonic_Unfair.exe
2015-06-09 00:46 - 2015-06-09 01:13 - 00165810 _____ C:\Users\Josh\Desktop\S&W_Render.tbscene
2015-06-08 23:22 - 2015-06-09 01:13 - 00000000 ____D C:\Users\Josh\AppData\Local\Marmoset Toolbag
2015-06-08 23:22 - 2015-06-08 23:22 - 00000000 ____D C:\ProgramData\Marmoset Toolbag
2015-06-08 23:05 - 2015-06-09 00:16 - 00000919 _____ C:\Users\Josh\Desktop\Marmoset Toolbag 2.lnk
2015-06-08 23:05 - 2015-06-08 23:05 - 00000905 _____ C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marmoset Toolbag 2.lnk
2015-06-08 23:04 - 2015-06-08 23:05 - 00000000 ____D C:\Program Files\Marmoset Toolbag 2
2015-06-08 22:51 - 2015-06-08 22:56 - 175459176 _____ C:\Users\Josh\Downloads\toolbag_install_207.exe
2015-06-08 20:35 - 2015-06-08 20:35 - 00451672 _____ C:\Users\Josh\Downloads\1339867132cycles_rubber.blend
2015-06-05 22:50 - 2015-06-11 23:07 - 00000000 ____D C:\Users\Josh\AppData\Local\Quixel_AB
2015-06-05 22:47 - 2015-06-12 00:29 - 00001131 _____ C:\Users\Josh\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat
2015-06-05 22:47 - 2015-06-11 23:04 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Quixel
2015-06-05 21:33 - 2015-06-05 21:33 - 00000000 ____D C:\Users\Josh\AppData\Local\Quixel
2015-06-05 21:32 - 2015-06-05 21:32 - 00000000 ____D C:\Users\Josh\AppData\Local\IsolatedStorage
2015-06-05 21:31 - 2015-06-11 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quixel
2015-06-05 21:31 - 2015-06-05 21:31 - 00000000 ____D C:\ProgramData\Quixel
2015-06-05 20:09 - 2015-06-05 21:22 - 2995353911 _____ C:\Users\Josh\Downloads\Quixel dDo (5.2) and nDo2 (1.16) complete package.rar
2015-06-04 09:13 - 2015-06-12 23:35 - 00002016 _____ C:\Windows\setupact.log
2015-06-04 09:13 - 2015-06-04 09:13 - 00000000 _____ C:\Windows\setuperr.log
2015-06-03 23:10 - 2015-06-03 23:10 - 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-03 23:10 - 2015-06-03 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-03 23:10 - 2015-06-03 23:10 - 00000000 ____D C:\Program Files\CCleaner
2015-06-03 23:09 - 2015-06-03 23:09 - 06549184 _____ (Piriform Ltd) C:\Users\Josh\Downloads\ccsetup506.exe
2015-06-03 22:36 - 2015-06-03 22:36 - 00053248 _____ C:\Windows\SysWOW64\zlib.dll
2015-06-03 22:36 - 2015-06-03 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-06-03 22:36 - 2015-06-03 22:36 - 00000000 ____D C:\ProgramData\Foolish IT
2015-06-03 22:36 - 2015-06-03 22:36 - 00000000 ____D C:\Program Files (x86)\Foolish IT
2015-06-01 20:42 - 2015-06-12 23:36 - 00000000 ___RD C:\Users\Josh\Dropbox
2015-06-01 20:40 - 2015-06-01 20:40 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Dropbox
2015-06-01 20:39 - 2015-06-13 11:44 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-06-01 20:39 - 2015-06-12 23:36 - 00000000 ____D C:\Users\Josh\AppData\Local\Dropbox
2015-06-01 20:39 - 2015-06-12 23:35 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-06-01 20:39 - 2015-06-11 02:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-06-01 20:39 - 2015-06-01 20:39 - 00003900 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-06-01 20:39 - 2015-06-01 20:39 - 00003648 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-06-01 20:39 - 2015-06-01 20:39 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-01 13:14 - 2015-06-01 13:14 - 00000000 ____D C:\Users\Josh\AppData\Local\GWX
2015-05-28 11:13 - 2015-05-28 11:13 - 00000000 ____D C:\Program Files\Blender Foundation
2015-05-14 18:46 - 2015-05-14 18:46 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-14 18:45 - 2015-05-14 18:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-13 12:17 - 2014-08-31 23:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-13 12:13 - 2014-08-04 15:33 - 00065200 _____ C:\Users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-13 11:57 - 2014-08-04 14:01 - 01992243 _____ C:\Windows\WindowsUpdate.log
2015-06-13 11:55 - 2014-08-04 15:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-13 10:55 - 2014-08-04 15:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-13 09:25 - 2014-08-23 21:08 - 00000000 ____D C:\Users\Josh\AppData\Local\Akamai
2015-06-13 05:06 - 2009-07-14 05:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-13 05:06 - 2009-07-14 05:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-13 03:36 - 2014-08-04 14:02 - 00000000 ____D C:\Users\Josh\AppData\Local\VirtualStore
2015-06-13 03:29 - 2014-08-19 10:30 - 00000005 _____ C:\end
2015-06-13 00:15 - 2014-12-18 22:41 - 00000000 ____D C:\Users\Josh\AppData\Local\CrashDumps
2015-06-12 23:56 - 2014-08-04 15:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-12 23:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-12 23:34 - 2014-08-23 18:23 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-11 23:05 - 2014-11-02 16:04 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-06-11 23:05 - 2014-11-02 16:04 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-06-11 18:45 - 2015-01-25 02:24 - 00000000 ____D C:\tmp
2015-06-11 15:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 10:55 - 2009-07-14 06:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 10:50 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-11 10:50 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-11 10:49 - 2009-07-14 05:45 - 02535984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 10:47 - 2014-12-10 23:48 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 10:47 - 2014-08-06 00:18 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 10:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 03:00 - 2014-08-19 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 02:57 - 2014-11-02 16:12 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 02:54 - 2014-11-02 16:12 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-11 02:47 - 2014-08-06 12:26 - 00000000 ____D C:\Users\Josh\AppData\Roaming\uTorrent
2015-06-11 01:51 - 2014-08-18 15:22 - 00000000 ___RD C:\Users\Josh\Desktop\Games
2015-06-10 20:51 - 2014-08-18 15:15 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-10 15:17 - 2014-08-31 23:47 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 15:17 - 2014-08-31 23:47 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 15:17 - 2014-08-31 23:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 12:39 - 2015-01-12 21:10 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Origin
2015-06-10 12:39 - 2015-01-12 21:08 - 00000000 ____D C:\ProgramData\Origin
2015-06-10 12:35 - 2015-01-12 21:08 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-09 00:33 - 2014-08-12 02:50 - 00000132 _____ C:\Users\Josh\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-05 22:47 - 2014-08-04 14:02 - 00000000 ____D C:\Users\Josh
2015-06-05 12:24 - 2015-01-17 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQLyog - 32 bit Trial
2015-06-04 23:33 - 2014-08-04 16:22 - 00000000 ____D C:\Users\Josh\AppData\Local\Battle.net
2015-06-04 23:33 - 2014-08-04 16:22 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-03 23:16 - 2014-08-19 10:29 - 00000000 ____D C:\Users\Josh\AppData\Roaming\DAEMON Tools Lite
2015-06-03 23:14 - 2015-02-21 00:39 - 00000000 ____D C:\Windows\Minidump
2015-06-03 23:14 - 2014-08-04 22:51 - 00000000 ____D C:\Windows\Panther
2015-06-03 22:59 - 2014-08-04 20:47 - 00000000 ____D C:\Users\Josh\Documents\Photoshop
2015-06-03 22:57 - 2014-08-04 20:47 - 00000000 ____D C:\Users\Josh\Documents\College
2015-06-03 22:51 - 2014-11-11 13:42 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-03 22:49 - 2014-11-11 13:41 - 00000000 ____D C:\ProgramData\Apple
2015-06-03 22:47 - 2014-11-29 03:56 - 00000000 ____D C:\Users\Josh\AppData\Local\Deployment
2015-06-03 22:46 - 2015-01-18 02:43 - 00000023 _____ C:\Windows\ODBCINST.INI
2015-06-03 22:45 - 2015-03-17 21:31 - 00000000 ____D C:\Users\Josh\AppData\Local\Unity
2015-05-22 11:16 - 2014-08-25 20:21 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Skype
2015-05-22 10:47 - 2014-08-25 20:21 - 00000000 ____D C:\ProgramData\Skype
2015-05-21 20:21 - 2014-08-05 09:25 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-05-21 20:19 - 2015-04-05 10:37 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-05-20 06:58 - 2015-04-04 01:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 06:58 - 2015-04-04 01:52 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-17 10:50 - 2014-08-04 15:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 10:50 - 2014-08-04 15:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 20:16 - 2014-08-06 00:23 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Adobe
2015-05-14 18:46 - 2014-09-01 08:41 - 00000000 ____D C:\Users\Josh\AppData\Local\Adobe
2015-05-14 18:46 - 2014-08-10 20:33 - 00000000 ____D C:\ProgramData\Adobe
2015-05-14 18:45 - 2014-08-10 20:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-14 06:31 - 2011-04-12 09:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 06:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
 
==================== Files in the root of some directories =======
 
2014-08-12 02:50 - 2015-06-09 00:33 - 0000132 _____ () C:\Users\Josh\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-11-02 15:59 - 2014-11-02 15:59 - 0000721 _____ () C:\Users\Josh\AppData\Roaming\MPQEditor.ini
2015-04-08 16:15 - 2015-04-08 16:15 - 0007603 _____ () C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
2014-08-04 15:29 - 2014-08-04 15:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-25 01:40 - 2014-12-25 01:42 - 0000347 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Josh\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat
 
 
Some files in TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\770.exe
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1socwy.dll
C:\Users\Josh\AppData\Local\Temp\nsisvc.exe
C:\Users\Josh\AppData\Local\Temp\nvcuda.exe
C:\Users\Josh\AppData\Local\Temp\sppsvc.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-13 04:12
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Josh at 2015-06-13 12:26:56
Running from C:\Users\Josh\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3488561027-3919077454-2296592760-500 - Administrator - Disabled)
Guest (S-1-5-21-3488561027-3919077454-2296592760-501 - Limited - Disabled)
Josh (S-1-5-21-3488561027-3919077454-2296592760-1000 - Administrator - Enabled) => C:\Users\Josh
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
Black & White® 2 Battle of the Gods (HKLM-x32\...\{10631C28-62E5-477C-9B40-40C5EA8219BE}) (Version: 1.00.0000 - Lionhead Studios)
Blender (HKLM\...\Blender) (Version: 2.74 - Blender Foundation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Camtasia Studio 8 (HKLM-x32\...\{765AD29A-7EF5-4456-8F6F-83467E52AB52}) (Version: 8.4.3.1792 - TechSmith Corporation)
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.8 - Electronic Arts)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.19 - Dropbox, Inc.) Hidden
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guitar Hero III (HKLM-x32\...\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}) (Version: 1.00.0000 - Aspyr)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
HP Scanjet G4010 (HKLM\...\{7723DE29-7966-4C5E-B909-A469CAF94DE4}) (Version: 14.5 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
hpg4010 (x32 Version: 140.000.000.000 - Hewlett-Packard) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Marmoset Toolbag 2 (HKLM-x32\...\MSET_Toolbag) (Version:  - Marmoset LLC)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{8057481C-0CFC-43BB-8EEC-C6A0E1C82E19}) (Version: 13.0.1.0 - mental ray)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Excel 2010 (HKLM\...\Office14.EXCEL) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
nitionto (HKLM-x32\...\{46d699b3-6a25-4071-6078-4e96aeed2e07}) (Version: 1.0.0 - canortic)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins (HKLM-x32\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PyFFI 2.1.11 (HKLM-x32\...\PyFFI) (Version: 2.1.11 - Amorilia <[email protected]>)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0016-0000-1000-0000000FF1CE}_Office14.EXCEL_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.2.7 (HKLM\...\{6D41B4C4-FCD7-4F9B-99B9-A01F63F71F0F}) (Version: 7.0.2.7 - Mad Catz)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Tablet (HKLM-x32\...\Tablet Driver) (Version:  - Wacom Technology Corp.)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version:  - Bethesda Softworks)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - XBCD Project HID  (16/05/2008 1.1.0) (HKLM\...\C6DCA6D8EFAB374E8F91A705567555FF4DAF025D) (Version: 16/05/2008 1.1.0 - XBCD Project)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
ZBrush 4R6 (HKLM-x32\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3488561027-3919077454-2296592760-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3488561027-3919077454-2296592760-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
 
==================== Restore Points =========================
 
10-06-2015 20:49:33 Installed DirectX
11-06-2015 02:52:48 Windows Update
12-06-2015 23:55:56 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
13-06-2015 10:24:33 Installed DirectX
13-06-2015 10:27:36 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {048154F1-FEFE-41B2-A40B-5BC351AE5ADF} - System32\Tasks\iren3006 => C:\Program Files (x86)\HighlightSearches\iren3006.exe [2015-04-24] () <==== ATTENTION
Task: {0EFD1D09-4DD1-4C75-87A6-7A85271885D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {16B527EA-D5D7-4FCE-B632-B22100C18740} - System32\Tasks\{84882BF0-8F4D-4E5F-A61F-EB1AD341037F} => C:\Users\Josh\AppData\Roaming\uTorrent\uTorrent.exe [2015-01-03] (BitTorrent Inc.)
Task: {174A653C-A16E-46BF-B9A0-6CD6F18CC447} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-04] (Google Inc.)
Task: {17CE2B9C-BA59-4143-A382-8563AABC111D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-04] (Google Inc.)
Task: {2748334E-CD9D-4FF0-9117-AD41A31AAC4F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {4B926E2C-DF65-4E0F-BD73-A1963DDEC71A} - System32\Tasks\SystemSoundsService => C:\Users\Josh\AppData\Local\Temp\nsisvc.exe [2015-05-27] () <==== ATTENTION
Task: {4EFCA514-1500-42E1-B274-2C764A488E37} - System32\Tasks\{87D62E7B-A547-4AEB-B91A-61F273B5BAD2} => C:\Users\Josh\AppData\Roaming\uTorrent\uTorrent.exe [2015-01-03] (BitTorrent Inc.)
Task: {5743B46F-CA41-4788-89DD-0C3C9E13A2DF} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe
Task: {61D0AB8F-1F41-4C7C-9E55-B1EAB51BAC55} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {7A938D08-9A65-475C-9573-D2219F9D58DD} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-08-05] (Microsoft Corporation)
Task: {7BCDA66E-5011-4573-9C24-D61ACA1DFFE6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {7D4A1CD7-C1FD-4468-B0BC-168FCAB9CD76} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {A2A9825E-31EF-4B23-89A4-8BE51254F2BD} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {A64A6B0F-EC36-4F51-AA94-F77308B95A44} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {A9D1C3B5-8F7A-48A1-A920-4243A042E364} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {B1A793A9-5466-4986-807F-633AB1848EF1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.)
Task: {C1DC1265-640A-4E7B-BDC0-6C4797114F77} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.)
Task: {EA89BE4A-698D-4E40-B123-114EA5E2963C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {FE043DE0-6D9D-484E-869A-1DAEBDECD8F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-08-23 18:34 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-18 02:40 - 2009-09-22 23:36 - 06041600 _____ () C:\Users\Josh\Desktop\UniServer\usr\local\mysql\bin\mysqld-opt.exe
2014-09-04 10:40 - 2014-09-04 10:40 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-10 19:42 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-12-25 01:15 - 2015-02-26 23:16 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-06-13 03:01 - 2015-06-13 03:01 - 00708096 _____ () C:\Windows\TEMP\is-F2R07.tmp\1171.tmp
2015-06-13 03:13 - 2015-06-13 03:13 - 00708096 _____ () C:\Windows\TEMP\is-K71JM.tmp\MYPCBU.tmp
2015-06-13 03:14 - 2015-06-13 03:14 - 00708096 _____ () C:\Windows\TEMP\is-S8KJI.tmp\MyPCBU.tmp
2015-06-13 03:22 - 2015-06-13 03:27 - 00053040 _____ () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
2015-01-18 02:40 - 2008-01-18 01:17 - 00073782 _____ () C:\Users\Josh\Desktop\UniServer\usr\local\apache2\bin\zlib1.dll
2015-01-18 02:40 - 2009-06-21 18:25 - 02076672 _____ () C:\Users\Josh\Desktop\UniServer\usr\local\php\libmysql.dll
2015-01-18 02:40 - 2009-09-18 10:15 - 00166912 _____ () C:\Users\Josh\Desktop\UniServer\usr\local\apache2\bin\libmcrypt.dll
2015-01-18 02:40 - 2009-10-05 18:26 - 00049152 _____ () C:\Users\Josh\Desktop\UniServer\usr\local\php\extensions\eaccelerator.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 00566272 _____ () C:\Program Files (x86)\GalaxyClient\PocoUtil.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 00415744 _____ () C:\Program Files (x86)\GalaxyClient\PocoJSON.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 01784320 _____ () C:\Program Files (x86)\GalaxyClient\PocoFoundation.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 00412672 _____ () C:\Program Files (x86)\GalaxyClient\pcre.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 00094208 _____ () C:\Program Files (x86)\GalaxyClient\zlib.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 00515584 _____ () C:\Program Files (x86)\GalaxyClient\PocoXML.dll
2015-06-12 23:55 - 2015-05-16 18:00 - 00139776 _____ () C:\Program Files (x86)\GalaxyClient\expat.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 01202176 _____ () C:\Program Files (x86)\GalaxyClient\PocoNet.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 02577408 _____ () C:\Program Files (x86)\GalaxyClient\PocoData.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 00477184 _____ () C:\Program Files (x86)\GalaxyClient\PocoDataSQLite.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 00649728 _____ () C:\Program Files (x86)\GalaxyClient\sqlite.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 00340480 _____ () C:\Program Files (x86)\GalaxyClient\PocoZip.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 00332288 _____ () C:\Program Files (x86)\GalaxyClient\PocoNetSSL.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 00172032 _____ () C:\Program Files (x86)\GalaxyClient\PocoCrypto.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 41299456 _____ () C:\Program Files (x86)\GalaxyClient\libcef.dll
2015-06-12 23:55 - 2015-05-16 18:01 - 00107520 _____ () C:\Program Files (x86)\GalaxyClient\ZLIB1.dll
2015-06-12 23:55 - 2015-05-16 18:00 - 00888832 _____ () C:\Program Files (x86)\GalaxyClient\ffmpegsumo.dll
2015-06-13 03:01 - 2008-10-15 16:44 - 00205312 _____ () C:\Windows\TEMP\is-8CBEJ.tmp\itdownload.dll
2015-06-13 03:13 - 2008-10-15 16:44 - 00205312 _____ () C:\Windows\TEMP\is-TVEU7.tmp\itdownload.dll
2015-06-13 03:14 - 2008-10-15 16:44 - 00205312 _____ () C:\Windows\TEMP\is-QL4R6.tmp\itdownload.dll
2015-06-13 03:14 - 2008-10-12 20:10 - 00417280 _____ () C:\Windows\TEMP\is-QL4R6.tmp\ittray.dll
2015-06-13 03:36 - 2015-06-13 03:36 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\zlib.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\libexpatw.dll
2015-06-13 03:36 - 2015-06-13 03:36 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\tinyxml.dll
2015-06-13 03:36 - 2015-06-13 03:36 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\sqlite.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00063840 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2015-06-13 03:36 - 2015-06-13 03:36 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00018784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\oDayProtect.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00203104 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQFileFlt.dll
2015-06-13 03:36 - 2015-06-13 03:36 - 00117088 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TavPedc.dll
2015-06-13 03:36 - 2015-06-13 03:36 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\zlib.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libexpatw.dll
2015-06-13 03:36 - 2015-06-13 03:36 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\tinyxml.dll
2015-06-13 03:36 - 2015-06-13 03:36 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\xGraphic32.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\arkGraphic.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\jgImage.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libpng.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libjpegturbo.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\jgIOStub.dll
2015-06-13 03:36 - 2015-06-13 03:36 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\tinyxml.dll
2015-06-13 03:36 - 2015-06-13 03:36 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\zlib.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\libexpatw.dll
2015-06-13 03:36 - 2015-06-13 03:36 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\xGraphic32.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\arkGraphic.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\jgImage.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\libpng.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\libjpegturbo.dll
2015-06-13 03:35 - 2015-06-13 03:35 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\jgIOStub.dll
2015-06-09 20:56 - 2015-06-05 19:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 20:56 - 2015-06-05 19:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-09 20:56 - 2015-06-05 19:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F265AAEF-D469-4F61-91EA-4906ADC02C89}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E302CFEE-B6DE-477A-8D98-6A805F881EB9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A10ED710-21AD-4985-82A3-3B583E0864E2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{AA4308A9-CD6B-4EF5-9399-6C5E84B244A9}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C6A76937-6D18-4A90-B4E6-32990B4D59F4}] => (Allow) C:\Users\Josh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1307B052-4397-445D-81DF-138C09195C75}] => (Allow) C:\Users\Josh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30CC0175-E6C0-4CA8-94E3-1D3AB48B2F2F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5152B8A1-FCCD-48CF-B40D-0B289FE52DCB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{789B91D9-2B50-4F3D-9CB6-9CA18646A00F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C2504A85-BE72-4EA3-9EAC-E2774E98F5A4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{18FAFFD8-8902-4191-932E-534BB7A0803A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{BBF87568-8F36-426D-8D78-84BD6E3C0A6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{15FB6620-7050-43D0-A9A1-AFA60E07366E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{467E5C22-CB7E-454B-86FA-A89AC0E1604C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9CAD4F17-E2C6-4E18-A8A3-D92BB2D3FF9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2F388D56-0E8E-411D-8070-8D6A2B5F6073}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D3BEE18-B4EE-4AF8-9858-E8F2AEE37436}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2AC54EAB-71C2-422B-A5AE-D8637D737787}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{FBF3377D-8F05-4989-A3F0-D9D0DFA5702B}C:\users\josh\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\josh\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A9D395C8-E621-484A-8012-54A23296F112}C:\users\josh\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\josh\appdata\local\akamai\netsession_win.exe
FirewallRules: [{19A19E9C-C496-4A1D-BFA5-7D7FD6AD697E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{43D4DA51-8BB3-4B21-AB23-B9CBE3D2F952}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{E5564492-DD31-4A3C-9F4F-EC4E37A26192}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{7D82FEB2-9E6F-4936-B9FD-E37903226509}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{313FE80A-E60F-4A3B-B340-FFAC99629C08}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{70878403-7293-4FFC-91D1-99156ADE88F4}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [TCP Query User{A28E3C20-B7C7-42D6-8555-CAE69C445181}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [UDP Query User{087964B2-A1F4-4FD6-939D-BCC6B4DD5C49}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [{AFB0D7CF-40B2-44E3-B6CA-614B8720BBC1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{A8E708CD-1DAC-4184-AF36-830433C82C56}C:\users\josh\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\josh\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E5C17B07-F24B-466D-8D82-D8995878FC02}C:\users\josh\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\josh\appdata\local\akamai\netsession_win.exe
FirewallRules: [{80DA1E7A-DB1C-4BBC-A734-E5E2CDC912DA}] => (Allow) LPort=8317
FirewallRules: [{E6AAD599-9D45-4612-BC6F-86F6AB99529B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{F4107C07-D2EE-4547-B9AF-091E4BD5E206}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{A3165C95-3E68-4F56-BC7C-A250763CD168}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E95EC38E-E746-442B-884B-ED166BCB0E4D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DCCC4CF2-C2B8-43AA-960D-722D3BEA0B3C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B52C8AAC-E868-4A07-B8DD-95D9EF2EC8AA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{571F667F-F654-4D3E-8938-C15EE07D8EF3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{D62CD4C2-33CD-45A5-AC4A-AC568BCD29E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{B7E7ACDF-26DB-494B-8828-86F6ED8B31AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{ADE147EB-CF2A-41DD-9704-4983FB11D692}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{9B12FB6C-8F66-4505-8AF3-EABB291E3D8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{B8B3413D-86A4-4B80-B3A9-1D0CEBD2AA53}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4F2E6BDF-0867-44EE-9D6D-7C0C667F4B8D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C02D92AE-71FD-40BD-9A86-A4DD560105AC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{CA68F8F8-BA15-46BE-AA85-1FC1FA849820}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{642EE579-8FA9-4ECC-9A5A-14B8E71DCAE4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{AA345FA5-A2C2-4E70-8B46-866009B43751}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{465B798A-3076-49D5-A3C8-B58CDC8F1887}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{500DB067-5C13-4F26-ABC1-B3F65497EE40}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{6A09A478-8B65-42EE-B6F9-EBC5327123F7}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{50C261B8-3F66-403F-91B0-3949914CC65F}C:\users\josh\desktop\uniserver\usr\local\mysql\bin\mysqld-opt.exe] => (Block) C:\users\josh\desktop\uniserver\usr\local\mysql\bin\mysqld-opt.exe
FirewallRules: [UDP Query User{352541B2-D813-4972-BE8B-FB806843E614}C:\users\josh\desktop\uniserver\usr\local\mysql\bin\mysqld-opt.exe] => (Block) C:\users\josh\desktop\uniserver\usr\local\mysql\bin\mysqld-opt.exe
FirewallRules: [TCP Query User{2991B701-8BB1-40ED-B715-190F745F14D2}C:\users\josh\desktop\uniserver\usr\local\apache2\bin\apache.exe] => (Block) C:\users\josh\desktop\uniserver\usr\local\apache2\bin\apache.exe
FirewallRules: [UDP Query User{1EE8E73B-6EEA-463B-97A4-7B305ADA5682}C:\users\josh\desktop\uniserver\usr\local\apache2\bin\apache.exe] => (Block) C:\users\josh\desktop\uniserver\usr\local\apache2\bin\apache.exe
FirewallRules: [{74456B50-7187-4994-BBDD-06ACF75A5F45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{0627B968-EC83-4F4F-82D7-BE11ACE9996C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{FF5DF3E5-2CE3-4E0E-8F7D-D6D6DDA25FDA}] => (Allow) C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe
FirewallRules: [{D3ED2403-7480-459E-B464-B068635D2F90}] => (Allow) C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe
FirewallRules: [{A27396CF-B057-4FBE-8791-7CDAC7000938}] => (Allow) C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe
FirewallRules: [{68C89DFF-48E5-438F-B251-5A514D74A39C}] => (Allow) C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe
FirewallRules: [{18EBECB1-E47D-42A6-89EF-8C688DE54FA6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BD13AC06-8167-4F92-9ED7-CBEA054E6332}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{6D308C0C-7B4D-43B2-9A04-805156DF225A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\CreationKit.exe
FirewallRules: [{86E7290F-57FE-4625-9F5D-A963EDEDCB08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\CreationKit.exe
FirewallRules: [TCP Query User{33E93379-C230-46ED-ACAA-582656AEBF9A}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4F55D53D-2497-4526-93B4-02CB69D111B9}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{07A3E8F0-5B95-47CE-9C07-85ED8389BEFF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{543784E0-891A-4A23-BD21-19E51881BA47}C:\users\josh\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\josh\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [UDP Query User{17040003-C28D-468C-B58A-6FBA566F6704}C:\users\josh\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\josh\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [{CCA9BA92-19B0-48A1-A479-E2609B7C8AA3}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{9739D9E3-588A-4D71-8EED-811B8B4A93EC}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{697007C6-3C75-4409-B3FC-4DA862989DEF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{7EEF5AA5-AD16-4741-AA32-CEE40EC968FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{74532B6B-C307-44CC-84F1-87B83C353041}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{B65CB47E-DAC6-4960-BA55-A0023913C8B4}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => (Block) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [UDP Query User{76A24CF4-CF7E-494D-9ABF-95EFDA623895}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => (Block) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{EB8D112E-85B5-454C-89CB-65A70AFC4B02}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{4E5D9486-0338-4500-B0B0-72E4B0640621}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2015 11:37:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program QQPCRealTimeSpeedup.exe version 10.10.16434.218 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2b78
 
Start Time: 01d0a581c77ae7f0
 
Termination Time: 42
 
Application Path: C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRealTimeSpeedup.exe
 
Report Id: 3d16ce2f-11b8-11e5-9e48-74d435e5c444
 
Error: (06/13/2015 11:35:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RsMgrSvc.exe, version: 1.0.0.54, time stamp: 0x5538a1c4
Faulting module name: RsMgrSvc.exe, version: 1.0.0.54, time stamp: 0x5538a1c4
Exception code: 0xc0000005
Fault offset: 0x000137f2
Faulting process id: 0x2ee0
Faulting application start time: 0xRsMgrSvc.exe0
Faulting application path: RsMgrSvc.exe1
Faulting module path: RsMgrSvc.exe2
Report Id: RsMgrSvc.exe3
 
Error: (06/13/2015 10:24:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Rs.exe, version: 0.0.0.0, time stamp: 0x5575a334
Faulting module name: Rs.exe, version: 0.0.0.0, time stamp: 0x5575a334
Exception code: 0xc0000005
Fault offset: 0x0000f489
Faulting process id: 0x19b8
Faulting application start time: 0xRs.exe0
Faulting application path: Rs.exe1
Faulting module path: Rs.exe2
Report Id: Rs.exe3
 
Error: (06/13/2015 09:25:32 AM) (Source: MsiInstaller) (EventID: 11310) (User: Sergeant)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Josh\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (06/13/2015 09:25:08 AM) (Source: MsiInstaller) (EventID: 11310) (User: Sergeant)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Josh\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (06/13/2015 04:30:22 AM) (Source: MsiInstaller) (EventID: 11310) (User: Sergeant)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Josh\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (06/13/2015 04:29:59 AM) (Source: MsiInstaller) (EventID: 11310) (User: Sergeant)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Josh\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (06/13/2015 04:24:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbot_gb_014010002.exe, version: 0.0.0.0, time stamp: 0x557a9faf
Faulting module name: mbot_gb_014010002.exe, version: 0.0.0.0, time stamp: 0x557a9faf
Exception code: 0xc0000005
Fault offset: 0x0000b001
Faulting process id: 0x1634
Faulting application start time: 0xmbot_gb_014010002.exe0
Faulting application path: mbot_gb_014010002.exe1
Faulting module path: mbot_gb_014010002.exe2
Report Id: mbot_gb_014010002.exe3
 
Error: (06/13/2015 03:34:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iiwjljrnpc64.exe, version: 0.0.0.0, time stamp: 0x551bf9ee
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000005162c
Faulting process id: 0x278c
Faulting application start time: 0xiiwjljrnpc64.exe0
Faulting application path: iiwjljrnpc64.exe1
Faulting module path: iiwjljrnpc64.exe2
Report Id: iiwjljrnpc64.exe3
 
Error: (06/13/2015 03:25:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pastaleadss.exe, version: 1.0.0.51, time stamp: 0x55646d7a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe06d7363
Fault offset: 0x000000000000b3dd
Faulting process id: 0x232c
Faulting application start time: 0xpastaleadss.exe0
Faulting application path: pastaleadss.exe1
Faulting module path: pastaleadss.exe2
Report Id: pastaleadss.exe3
 
 
System errors:
=============
Error: (06/13/2015 00:25:24 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video713e9(1f28) 00000000 00000000
 
Error: (06/13/2015 00:23:16 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video713e9(1f28) 00000000 00000000
 
Error: (06/13/2015 00:21:52 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video713e9(1f30) 00000000 00000000
 
Error: (06/13/2015 00:19:47 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video713e9(1f30) 00000000 00000000
 
Error: (06/13/2015 00:19:05 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video713e9(1f30) 00000000 00000000
 
Error: (06/13/2015 00:18:12 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video713e9(1f28) 00000000 00000000
 
Error: (06/13/2015 00:17:54 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video713e9(1f30) 00000000 00000000
 
Error: (06/13/2015 00:17:42 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video713e9(1f28) 00000000 00000000
 
Error: (06/13/2015 00:17:37 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video713e9(1f28) 00000000 00000000
 
Error: (06/13/2015 00:17:11 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video713e9(1f28) 00000000 00000000
 
 
Microsoft Office:
=========================
Error: (06/13/2015 11:37:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QQPCRealTimeSpeedup.exe10.10.16434.2182b7801d0a581c77ae7f042C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRealTimeSpeedup.exe3d16ce2f-11b8-11e5-9e48-74d435e5c444
 
Error: (06/13/2015 11:35:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RsMgrSvc.exe1.0.0.545538a1c4RsMgrSvc.exe1.0.0.545538a1c4c0000005000137f22ee001d0a58488c9ea89C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exeC:\Program Files (x86)\Rising\RSD\RsMgrSvc.exee888846b-11b7-11e5-9e48-74d435e5c444
 
Error: (06/13/2015 10:24:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Rs.exe0.0.0.05575a334Rs.exe0.0.0.05575a334c00000050000f48919b801d0a57fd79535e0C:\Program Files (x86)\Rising\Rs.exeC:\Program Files (x86)\Rising\Rs.exe0b52c37e-11ae-11e5-9e48-74d435e5c444
 
Error: (06/13/2015 09:25:32 AM) (Source: MsiInstaller) (EventID: 11310) (User: Sergeant)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Josh\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (06/13/2015 09:25:08 AM) (Source: MsiInstaller) (EventID: 11310) (User: Sergeant)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Josh\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (06/13/2015 04:30:22 AM) (Source: MsiInstaller) (EventID: 11310) (User: Sergeant)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Josh\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (06/13/2015 04:29:59 AM) (Source: MsiInstaller) (EventID: 11310) (User: Sergeant)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Josh\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (06/13/2015 04:24:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbot_gb_014010002.exe0.0.0.0557a9fafmbot_gb_014010002.exe0.0.0.0557a9fafc00000050000b001163401d0a5800f9813f2C:\Program Files (x86)\mbot_gb_014010002\mbot_gb_014010002.exeC:\Program Files (x86)\mbot_gb_014010002\mbot_gb_014010002.exeb18b18d7-117b-11e5-9e48-74d435e5c444
 
Error: (06/13/2015 03:34:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iiwjljrnpc64.exe0.0.0.0551bf9eentdll.dll6.1.7601.18869556366f2c0000005000000000005162c278c01d0a580c2777eefC:\Program Files (x86)\coupoon\iiwjljrnpc64.exeC:\Windows\SYSTEM32\ntdll.dllb4c00fdd-1174-11e5-9e48-74d435e5c444
 
Error: (06/13/2015 03:25:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: pastaleadss.exe1.0.0.5155646d7aKERNELBASE.dll6.1.7601.18869556366fde06d7363000000000000b3dd232c01d0a5802c6a950cC:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exeC:\Windows\system32\KERNELBASE.dll6baaa6be-1173-11e5-9e48-74d435e5c444
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-22 09:56:25.278
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wacommousefilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-22 09:56:25.247
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wacommousefilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 53%
Total physical RAM: 8060.3 MB
Available physical RAM: 3757 MB
Total Pagefile: 16118.5 MB
Available Pagefile: 10967.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.29 GB) (Free:571.55 GB) NTFS
Drive e: (20070801_2121) (CDROM) (Total:2.07 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2333F24F)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 


  • 0

Advertisements

#2
Essexboy
Posted 13 June 2015 - 07:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, first I would recommend that you upgrade your Antivirus from Windows Security Essentials to a free third party one

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Download the attached fixlist.txt to the desktop
Attached File  fixlist.txt   15.18KB   616 downloads
FRSTfix.JPG
Start FRST and press Fix
On completion a log will be generated please post that
Then run a fresh FRST scan please

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Trippycruise
Posted 13 June 2015 - 07:45 AM

Trippycruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Josh at 2015-06-13 14:29:07 Run:1
Running from C:\Users\Josh\Desktop
Loaded Profiles: Josh (Available Profiles: Josh)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint: 
HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rising\Rs.exe
HKLM-x32\...\Run: [mbot_gb_014010002] => [X]
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe [355296 2015-06-13] (Tencent)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll [2015-06-13] (Tencent)
SearchScopes: HKU\S-1-5-21-3488561027-3919077454-2296592760-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSWebMon64.dat [2015-06-13] (Tencent)
BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine)
Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine)
Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine)
Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine)
Winsock: Catalog9-x64 15 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll [2015-06-13] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin HKU\.DEFAULT: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
R4 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe [297608 2015-06-13] (Tencent)
R3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe [293856 2015-06-13] (Tencent)
R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-06-13] ()
R2 abengine; C:\Program Files (x86)\HighlightSearches\abengine.exe [X]
S2 CoupoonService64; No ImagePath
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUdisk64.sys [62264 2015-06-13] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQSysMonX64.sys [129336 2015-06-13] (电脑管家)
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99640 2015-06-13] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-06-13] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-06-13] (电脑管家)
R1 TSCPM; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\tscpm64.sys [42296 2015-06-13] (电脑管家)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSDefenseBT64.sys [28472 2015-06-13] (Tencent)
R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-13] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSSysKit64.sys [87352 2015-06-13] (电脑管家)
2015-06-13 11:08 - 2015-06-13 11:35 - 00000000 ___RD C:\RavBin
2015-06-13 11:08 - 2015-06-13 11:08 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-06-13 05:06 - 2015-06-13 05:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-13 03:51 - 2015-06-13 03:51 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-13 03:36 - 2015-06-13 12:01 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Tencent
2015-06-13 03:36 - 2015-06-13 03:36 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-13 03:36 - 2015-06-13 03:36 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-13 03:36 - 2015-06-13 03:36 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-13 03:36 - 2015-06-13 03:36 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-13 03:36 - 2015-06-13 03:36 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-06-13 03:35 - 2015-06-13 03:51 - 00000000 ____D C:\ProgramData\Tencent
2015-06-13 03:35 - 2015-06-13 03:35 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-06-13 03:27 - 2015-06-13 05:34 - 00000000 ____D C:\ProgramData\abc
2015-06-13 03:25 - 2015-06-13 03:25 - 00000000 ____D C:\ProgramData\PastaLeadsAgent
2015-06-13 03:24 - 2015-06-13 03:25 - 00000000 ____D C:\ProgramData\LolliScan
2015-06-13 03:24 - 2015-06-13 03:24 - 00000000 ____D C:\ProgramData\Rising
2015-06-13 03:22 - 2015-06-13 11:36 - 00000000 ____D C:\Program Files (x86)\Coupoon
2015-06-13 03:13 - 2015-06-13 03:13 - 00003092 _____ C:\Windows\System32\Tasks\iren3006
2015-06-13 03:12 - 2015-06-13 03:13 - 00009032 _____ C:\Windows\SysWOW64\abengineOff.ini
2015-06-13 03:12 - 2015-06-13 03:13 - 00009032 _____ C:\Windows\system32\abengineOff.ini
2015-06-13 03:12 - 2015-04-22 15:51 - 00409168 _____ (Abengine) C:\Windows\system32\abengine64.dll
2015-06-10 12:02 - 2015-06-10 12:02 - 00000000 ____D C:\Users\Josh\AppData\Local\I Am Bread
2015-06-10 11:36 - 2015-06-10 11:59 - 00000000 ____D C:\Users\Josh\Downloads\I am Bread cracked
2015-06-09 23:57 - 2015-06-09 23:57 - 00002966 _____ C:\Windows\System32\Tasks\{87D62E7B-A547-4AEB-B91A-61F273B5BAD2}
2015-06-09 23:57 - 2015-06-09 23:57 - 00002966 _____ C:\Windows\System32\Tasks\{84882BF0-8F4D-4E5F-A61F-EB1AD341037F}
2015-06-09 23:55 - 2015-06-09 23:55 - 01998432 _____ (BitTorrent Inc.) C:\Users\Josh\Downloads\uTorrent.exe
2015-06-05 22:47 - 2015-06-12 00:29 - 00001131 _____ C:\Users\Josh\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat
AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
Task: {048154F1-FEFE-41B2-A40B-5BC351AE5ADF} - System32\Tasks\iren3006 => C:\Program Files (x86)\HighlightSearches\iren3006.exe [2015-04-24] () <==== ATTENTION
Task: {16B527EA-D5D7-4FCE-B632-B22100C18740} - System32\Tasks\{84882BF0-8F4D-4E5F-A61F-EB1AD341037F} => C:\Users\Josh\AppData\Roaming\uTorrent\uTorrent.exe [2015-01-03] (BitTorrent Inc.)
Task: {4B926E2C-DF65-4E0F-BD73-A1963DDEC71A} - System32\Tasks\SystemSoundsService => C:\Users\Josh\AppData\Local\Temp\nsisvc.exe [2015-05-27] () <==== ATTENTION
Task: {4EFCA514-1500-42E1-B274-2C764A488E37} - System32\Tasks\{87D62E7B-A547-4AEB-B91A-61F273B5BAD2} => C:\Users\Josh\AppData\Roaming\uTorrent\uTorrent.exe [2015-01-03] (BitTorrent Inc.)
C:\Program Files (x86)\Rising
C:\Program Files (x86)\Tencent
C:\Program Files (x86)\Coupoon
C:\Windows\Temp\is-S8KJI.tmp
C:\Windows\Temp\is-TVEU7.tmp
C:\Windows\Temp\is-K71JM.tmp
C:\Windows\Temp\is-F2R07.tmp
C:\Program Files (x86)\Common Files\Tencent
C:\Program Files (x86)\HighlightSearches
C:\Users\Josh\AppData\Local\Temp\nsisvc.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON 
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt 
CMD: ipconfig /release
CMD: ipconfig /renew 
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp: 
CMD: bitsadmin /reset /allusers
 
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Rs => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_gb_014010002 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value could not remove.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
"HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => key removed successfully
"HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully
"HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904}" => key removed successfully
Winsock: Catalog entry 000000000001 => removed successfully
Winsock: Catalog entry 000000000002 => removed successfully
Winsock: Catalog entry 000000000003 => removed successfully
Winsock: Catalog entry 000000000004 => removed successfully
Winsock: Catalog entry 000000000015 => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant" => key removed successfully
C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll => moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr" => key removed successfully
Could not move "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll" => Scheduled to move on reboot.
"HKU\.DEFAULT\Software\MozillaPlugins\@rising.com.cn/nprising" => key removed successfully
C:\Program Files (x86)\Rising\RAV\nprising.dll not found.
QQPCRTP => Unable to stop service.
QQPCRTP => Service could not remove
TAOFrame => Service stopped successfully.
TAOFrame => Service removed successfully
UpdateCheck => Service stopped successfully.
UpdateCheck => Service removed successfully
abengine => Service stopped successfully.
abengine => Service removed successfully
CoupoonService64 => Service removed successfully
QMUdisk => Unable to stop service.
QMUdisk => Service removed successfully
QQSysMonX64 => Unable to stop service.
QQSysMonX64 => Service could not remove
TAOAccelerator => Service stopped successfully.
TAOAccelerator => Service removed successfully
TAOKernelDriver => Unable to stop service.
TAOKernelDriver => Service removed successfully
TFsFlt => Unable to stop service.
TFsFlt => Service could not remove
TSCPM => Unable to stop service.
TSCPM => Service removed successfully
TSDefenseBt => Service stopped successfully.
TSDefenseBt => Service removed successfully
TSSKX64 => Service stopped successfully.
TSSKX64 => Service removed successfully
TSSysKit => Unable to stop service.
TSSysKit => Service could not remove
C:\RavBin => moved successfully.
C:\Windows\SysWOW64\vpatch.dll => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 => moved successfully.
C:\ProgramData\TXQMPC => moved successfully.
C:\Users\Josh\AppData\Roaming\Tencent => moved successfully.
C:\Windows\system32\Drivers\TAOKernel64.sys => moved successfully.
C:\Windows\system32\Drivers\TAOAccelerator64.sys => moved successfully.
Could not move "C:\Windows\system32\Drivers\TFsFltX64.sys" => Scheduled to move on reboot.
C:\Windows\system32\Drivers\TSSKX64.sys => moved successfully.
 
"C:\Program Files\Common Files\Tencent" folder move:
 
Could not move "C:\Program Files\Common Files\Tencent" folder => Scheduled to move on reboot.
 
 
"C:\ProgramData\Tencent" folder move:
 
Could not move "C:\ProgramData\Tencent" folder => Scheduled to move on reboot.
 
 
"C:\Program Files (x86)\Tencent" folder move:
 
Could not move "C:\Program Files (x86)\Tencent" folder => Scheduled to move on reboot.
 
 
"C:\ProgramData\abc" folder move:
 
Could not move "C:\ProgramData\abc" folder => Scheduled to move on reboot.
 
C:\ProgramData\PastaLeadsAgent => moved successfully.
C:\ProgramData\LolliScan => moved successfully.
C:\ProgramData\Rising => moved successfully.
 
"C:\Program Files (x86)\Coupoon" folder move:
 
Could not move "C:\Program Files (x86)\Coupoon" folder => Scheduled to move on reboot.
 
C:\Windows\System32\Tasks\iren3006 => moved successfully.
C:\Windows\SysWOW64\abengineOff.ini => moved successfully.
C:\Windows\system32\abengineOff.ini => moved successfully.
C:\Windows\system32\abengine64.dll => moved successfully.
C:\Users\Josh\AppData\Local\I Am Bread => moved successfully.
C:\Users\Josh\Downloads\I am Bread cracked => moved successfully.
C:\Windows\System32\Tasks\{87D62E7B-A547-4AEB-B91A-61F273B5BAD2} => moved successfully.
C:\Windows\System32\Tasks\{84882BF0-8F4D-4E5F-A61F-EB1AD341037F} => moved successfully.
C:\Users\Josh\Downloads\uTorrent.exe => moved successfully.
C:\Users\Josh\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat => moved successfully.
AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5} => The item is protected. Make sure the software is uninstalled and its services is removed.
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48} => The item is protected. Make sure the software is uninstalled and its services is removed.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{048154F1-FEFE-41B2-A40B-5BC351AE5ADF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{048154F1-FEFE-41B2-A40B-5BC351AE5ADF}" => key removed successfully
C:\Windows\System32\Tasks\iren3006 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iren3006" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16B527EA-D5D7-4FCE-B632-B22100C18740}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16B527EA-D5D7-4FCE-B632-B22100C18740}" => key removed successfully
C:\Windows\System32\Tasks\{84882BF0-8F4D-4E5F-A61F-EB1AD341037F} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84882BF0-8F4D-4E5F-A61F-EB1AD341037F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B926E2C-DF65-4E0F-BD73-A1963DDEC71A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B926E2C-DF65-4E0F-BD73-A1963DDEC71A}" => key removed successfully
C:\Windows\System32\Tasks\SystemSoundsService => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSoundsService" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EFCA514-1500-42E1-B274-2C764A488E37}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EFCA514-1500-42E1-B274-2C764A488E37}" => key removed successfully
C:\Windows\System32\Tasks\{87D62E7B-A547-4AEB-B91A-61F273B5BAD2} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{87D62E7B-A547-4AEB-B91A-61F273B5BAD2}" => key removed successfully
"C:\Program Files (x86)\Rising" => File/Folder not found.
 
"C:\Program Files (x86)\Tencent" folder move:
 
Could not move "C:\Program Files (x86)\Tencent" folder => Scheduled to move on reboot.
 
 
"C:\Program Files (x86)\Coupoon" folder move:
 
Could not move "C:\Program Files (x86)\Coupoon" folder => Scheduled to move on reboot.
 
C:\Windows\Temp\is-S8KJI.tmp => moved successfully.
 
"C:\Windows\Temp\is-TVEU7.tmp" folder move:
 
Could not move "C:\Windows\Temp\is-TVEU7.tmp" folder => Scheduled to move on reboot.
 
C:\Windows\Temp\is-K71JM.tmp => moved successfully.
C:\Windows\Temp\is-F2R07.tmp => moved successfully.
C:\Program Files (x86)\Common Files\Tencent => moved successfully.
C:\Program Files (x86)\HighlightSearches => moved successfully.
C:\Users\Josh\AppData\Local\Temp\nsisvc.exe => moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\abengine" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP" => key removed successfully
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3488561027-3919077454-2296592760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::8c26:3e56:f2a3:9008%11
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter isatap.dlink.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5cf2:8410:20ea:156:3f57:fefb
   Link-local IPv6 Address . . . . . : fe80::20ea:156:3f57:fefb%13
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : dlink.com
   Link-local IPv6 Address . . . . . : fe80::8c26:3e56:f2a3:9008%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.4
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Tunnel adapter isatap.{FCE869E1-A515-4943-9222-729C3F0B2106}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5cf2:8410:3096:3fc:3f57:fefb
   Link-local IPv6 Address . . . . . : fe80::3096:3fc:3f57:fefb%13
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {D9D3CA0D-9B53-462A-AF58-3CEC41C2940D}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 872.9 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-13 14:37:24)<=
 
"C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll" => Could not move
C:\Windows\system32\Drivers\TFsFltX64.sys => moved successfully
"C:\Program Files\Common Files\Tencent" => Could not move
"C:\ProgramData\Tencent" => Could not move
"C:\Program Files (x86)\Tencent" => Could not move
C:\ProgramData\abc => Is moved successfully
C:\Program Files (x86)\Coupoon => Is moved successfully
"C:\Program Files (x86)\Tencent" => Could not move
C:\Program Files (x86)\Coupoon => Is moved successfully
C:\Windows\Temp\is-TVEU7.tmp => Is moved successfully
 
==== End of Fixlog 14:37:58 ====

  • 0

#4
Trippycruise
Posted 13 June 2015 - 07:53 AM

Trippycruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
# AdwCleaner v4.206 - Logfile created 13/06/2015 at 14:48:51
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Josh - SERGEANT
# Running from : C:\Users\Josh\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : netfilter64
[#] Service Deleted : QQPCRTP
Service Deleted : TAOAccelerator
Service Deleted : TSDefenseBt
Service Deleted : TSSysKit
[#] Service Deleted : QMUdisk
Service Deleted : TS888x64
[#] Service Deleted : QQSysMonX64
[#] Service Deleted : TSCPM
[#] Service Deleted : TFsFlt
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\ProgramData\tencent
Folder Deleted : C:\ProgramData\TXQMPC
[!] Folder Deleted : C:\Program Files (x86)\tencent
Folder Deleted : C:\Program Files (x86)\Common Files\tencent
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SSN
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\abengine
[!] Folder Deleted : C:\Program Files\Common Files\tencent
[!] Folder Deleted : C:\Users\Josh\AppData\Roaming\tencent
Folder Deleted : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Users\Josh\AppData\Roaming\MPQEditor.ini
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.DataContainer.1
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.DataController
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.DataController.1
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.DataTable
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.DataTable.1
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.DataTableFields
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.DataTableFields.1
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.DataTableHolder
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.DataTableHolder.1
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.LSPLogic
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.LSPLogic.1
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.ReadOnlyManager
Key Deleted : HKLM\SOFTWARE\Classes\abengineLib.ReadOnlyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\abengine.EXE
Key Deleted : HKLM\SOFTWARE\CLASSES\METNSD
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{028F96B8-C73A-4C60-B82F-3944A19B046E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51F7DE65-A990-4213-BDB9-C2657FA7F3F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{879F721E-7F23-4B7F-B65B-F5A8F518864A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5544F7B-C413-4CAC-8DB4-9A8D1986DD86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9EE49F9-62A3-408D-858F-4ED9A23BAA24}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF6D8439-BAC1-4E73-94FE-9910D098AE00}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4F14684-336F-44FC-8D9E-8A73DAE003EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1BCB34DC-BA6D-4B44-B786-4E259598A7C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{35755863-AD99-4C1A-8E81-E793AD43223E}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{0C02F9B2-CCCC-463E-8581-F23E8F568CF0}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe]
Key Deleted : HKCU\Software\Conduit_Search_Protect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\TabNav
Key Deleted : HKLM\SOFTWARE\coupoon
Key Deleted : HKU\.DEFAULT\Software\powerpack
Key Deleted : HKU\.DEFAULT\Software\Tutorials
Key Deleted : HKU\.DEFAULT\Software\TutoTag
Key Deleted : [x64] HKLM\SOFTWARE\coupoon
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.124
 
[C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [7240 bytes] - [13/06/2015 14:47:15]
AdwCleaner[S0].txt - [7267 bytes] - [13/06/2015 14:48:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7326  bytes] ##########
 

  • 0

#5
Essexboy
Posted 13 June 2015 - 08:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well that removed a lot of junk, the system should now be running a lot smoother. Lets see what AswMBR shows before we proceed
  • 0

#6
Trippycruise
Posted 13 June 2015 - 08:13 AM

Trippycruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-06-13 14:54:33
-----------------------------
14:54:33.992    OS Version: Windows x64 6.1.7601 Service Pack 1
14:54:33.992    Number of processors: 8 586 0x3C03
14:54:33.992    ComputerName: SERGEANT  UserName: Josh
14:54:35.601    Initialize success
14:54:35.679    VM: initialized successfully
14:54:35.679    VM: Intel CPU supported 
14:54:41.154    VM: disk I/O iaStorA.sys
14:59:03.569    AVAST engine defs: 15061300
14:59:14.467    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
14:59:14.467    Disk 0 Vendor: WDC_____ 06.0 Size: 953869MB BusType: 11
14:59:14.577    Disk 0 MBR read successfully
14:59:14.577    Disk 0 MBR scan
14:59:14.593    Disk 0 unknown MBR code
14:59:14.593    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
14:59:14.640    Disk 0 scanning C:\Windows\system32\drivers
14:59:23.856    Service scanning
14:59:47.932    Modules scanning
14:59:47.932    Disk 0 trace - called modules:
14:59:47.947    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys 
14:59:47.947    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cbe790]
14:59:47.947    3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8007bc0c50]
14:59:47.947    5 iaStorF.sys[fffff880019e7f84] -> nt!IofCallDriver -> \Device\00000071[0xfffffa80069ab4e0]
14:59:49.738    AVAST engine scan C:\Windows
14:59:52.618    AVAST engine scan C:\Windows\system32
15:03:25.331    AVAST engine scan C:\Windows\system32\drivers
15:03:37.310    AVAST engine scan C:\Users\Josh
15:10:58.615    AVAST engine scan C:\ProgramData
15:13:26.589    Disk 0 statistics 5044620/0/0 @ 4.89 MB/s
15:13:26.589    Scan finished successfully
15:13:36.785    Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
15:13:36.785    The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"
 
 

  • 0

#7
Essexboy
Posted 13 June 2015 - 08:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I now have a fresh FRST scan please, also what problems are you seeing now ?
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#8
Trippycruise
Posted 13 June 2015 - 08:29 AM

Trippycruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

As of so far I can't see any more programs installing or any pop-ups, but a tencent folder remains in my program files with a .tmp file in the final directory. Should I worry about this? (Tencent appeared to be one of the problem programs).

Attached Files


  • 0

#9
Essexboy
Posted 13 June 2015 - 08:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK one more go to get rid of the last drivers, if this does not work I will get a bigger hammer

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe" /regrun
R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [174392 2015-06-13] (Tencent Technology(Shenzhen) Company Limited)
R1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TsDefenseBT64.sys [X]
2015-06-13 14:50 - 2015-06-13 14:50 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-13 14:37 - 2015-06-13 14:37 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-13 14:37 - 2015-06-13 03:36 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-13 14:37 - 2015-06-13 03:36 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-13 14:36 - 2015-06-13 14:49 - 00000000 ____D C:\ProgramData\Tencent
FirewallRules: [{DC73566F-4AB6-40A6-881F-14E47C8CDEDA}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
C:\Program Files (x86)\Tencent
C:\Windows\system32\Drivers\TAOKernel64.sys
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#10
Trippycruise
Posted 13 June 2015 - 08:51 AM

Trippycruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Josh at 2015-06-13 15:47:36 Run:2
Running from C:\Users\Josh\Desktop
Loaded Profiles: Josh (Available Profiles: Josh)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe" /regrun
R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [174392 2015-06-13] (Tencent Technology(Shenzhen) Company Limited)
R1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TsDefenseBT64.sys [X]
2015-06-13 14:50 - 2015-06-13 14:50 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-13 14:37 - 2015-06-13 14:37 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-13 14:37 - 2015-06-13 03:36 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-13 14:37 - 2015-06-13 03:36 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-13 14:36 - 2015-06-13 14:49 - 00000000 ____D C:\ProgramData\Tencent
FirewallRules: [{DC73566F-4AB6-40A6-881F-14E47C8CDEDA}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
C:\Program Files (x86)\Tencent
C:\Windows\system32\Drivers\TAOKernel64.sys
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value removed successfully
TAOKernelDriver => Unable to stop service.
TAOKernelDriver => Service removed successfully
TSDefenseBt => Service stopped successfully.
TSDefenseBt => Service removed successfully
C:\ProgramData\TXQMPC => moved successfully.
C:\Windows\SysWOW64\Drivers\TS888x64.sys => moved successfully.
C:\Windows\system32\Drivers\TAOKernel64.sys => moved successfully.
C:\Windows\system32\Drivers\TAOAccelerator64.sys => moved successfully.
C:\ProgramData\Tencent => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC73566F-4AB6-40A6-881F-14E47C8CDEDA} => value removed successfully
C:\Program Files (x86)\Tencent => moved successfully.
"C:\Windows\system32\Drivers\TAOKernel64.sys" => File/Folder not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 503.4 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 15:47:58 ====

  • 0

Advertisements

#11
Essexboy
Posted 13 June 2015 - 08:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK looks like that scared it :)

Final sweep now I feel

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#12
Trippycruise
Posted 13 June 2015 - 09:14 AM

Trippycruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/06/2015
Scan Time: 15:59:37
Logfile: malwarebyte_log.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.13.04
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Josh
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395154
Time Elapsed: 8 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.GigaClicks.C, HKLM\SOFTWARE\WOW6432NODE\GigaClicks, Quarantined, [e553ccee9cee33036065d31efd06da26], 
PUP.Optional.Coupoon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\coupoon, Quarantined, [4fe96e4c8a00e55130ee8200bb4a48b8], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.SndVol.A, C:\Windows\SysWOW64\config\systemprofile\sndvol.exe, Quarantined, [182046740e7cf73fc4db1fcf0af914ec], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#13
Essexboy
Posted 13 June 2015 - 09:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
With regards to the Antivirus I would consider replacing Defender

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#14
Trippycruise
Posted 13 June 2015 - 09:51 AM

Trippycruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Thank you so much for your time and help :) I couldn't have asked for better guidance.  


  • 0

#15
Essexboy
Posted 13 June 2015 - 10:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure Keep safe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware, adware, coupoon, infected

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP