Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Dubious entries in FRST log [Solved]

Started by J_P , Aug 05 2015 03:12 PM

This topic is locked

#1
J_P

Posted 05 August 2015 - 03:12 PM

New Member

Member
6 posts

Hello.

After an incident on a previous computer, every now and then I run FRST and look at the logs, just to see if there's anything in there I don't recognise.

Today I've seen a couple suspicious entries, including one that has "<======= ATTENTION" next to it.

A Threat scan with MBAM and a quick scan with Kaspersky Total Security did not discover any malware, and I'm not aware of any signs of malicious activity on my computer. Nontheless, I'm a bit concerned, in case something's gone under the radar.

My FRST logs are below. Am I just being paranoid, or is there something in them?

Regards,

J_P

-------------

EDIT: Updated the logs, this time running FRST from the Desktop

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Joe (administrator) on JOE-PC (05-08-2015 22:44:53)
Running from C:\Users\Joe\Desktop
Loaded Profiles: Joe (Available Profiles: Joe)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
() C:\Windows\System\3DG4me.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Don HO [email protected]) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [3DG4me] => C:\WINDOWS\System\3DG4me.exe [151552 2013-05-28] ()
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1084328 2015-04-13] (The Eraser Project)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3476432 2014-09-18] (Micro-Star International)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenHelper.exe [1599808 2015-02-03] (Razer Inc)
HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\Run: [f.lux] => C:\Users\Joe\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682656 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\Run: [GalaxyClient] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AirStream-Suite.lnk [2014-10-02]
ShortcutTarget: AirStream-Suite.lnk -> C:\Windows\Installer\{8AA06139-F943-41E9-869A-B85BBD7655C0}\_C0BFDEB8BA810929E00EFD.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-07-12]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll [2015-01-03] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll [2015-01-03] (Kaspersky Lab ZAO)
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7D5AB15F-1841-4FF6-8654-DD216CBA8EC4}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default
FF DefaultSearchEngine: Startpage Custom Search
FF SelectedSearchEngine: Startpage (SSL)
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-01-03] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-01-03] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-01-03] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2014-05-14] (Simon Bünzli)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-3329363248-3951650003-3017901274-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\user.js [2015-01-03]
FF user.js: detected! => C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ypkny7fx.Facebook\user.js [2015-01-03]
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\searchplugins\amazon-uk-src.xml [2015-02-07]
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\searchplugins\gamefaqs.xml [2015-02-07]
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\searchplugins\startpage-custom-search.xml [2015-02-07]
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\searchplugins\youtube.xml [2015-02-07]
FF Extension: CLEO - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\[email protected] [2015-05-29]
FF Extension: Foundstone HTML5 Local Storage Explorer - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\[email protected] [2015-05-29]
FF Extension: KeeFox - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\[email protected] [2015-05-29]
FF Extension: FEBE - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-05-29]
FF Extension: Menu Editor - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2014-10-02]
FF Extension: Bloody Vikings! - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\[email protected] [2014-10-02]
FF Extension: Blur - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\[email protected] [2015-07-14]
FF Extension: Ghostery - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\[email protected] [2014-10-02]
FF Extension: keyconfig - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\[email protected] [2014-10-02]
FF Extension: Lazarus: Form Recovery - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\[email protected] [2014-10-02]
FF Extension: New Tab Tools - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\[email protected] [2015-03-07]
FF Extension: OptimizeGoogle - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\[email protected] [2014-10-02]
FF Extension: Cookie Monster - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2014-10-02]
FF Extension: Text Link - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2014-10-02]
FF Extension: Download Status Bar - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-10-02]
FF Extension: NoScript - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-02]
FF Extension: OperaView - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}.xpi [2014-10-02]
FF Extension: BugMeNot Plugin - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2014-10-02]
FF Extension: Modify Headers - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2014-10-02]
FF Extension: Video DownloadHelper - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-02]
FF Extension: BetterPrivacy - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-02]
FF Extension: Tab Mix Plus - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-02]
FF Extension: DownThemAll! - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-10-02]
FF Extension: Menu Editor - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\m31ffn67.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2014-10-02]
FF Extension: KeeFox - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ypkny7fx.Facebook\Extensions\[email protected] [2015-05-30]
FF Extension: Easy Whitelist - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ypkny7fx.Facebook\Extensions\{f01867ef-05d3-4ae4-a82b-5759a6c0ea39} [2015-05-30]
FF Extension: No Name - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ypkny7fx.Facebook\Extensions\[email protected] [2015-07-14]
FF Extension: Ghostery - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ypkny7fx.Facebook\Extensions\[email protected] [2014-10-02]
FF Extension: No Name - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ypkny7fx.Facebook\Extensions\[email protected] [2014-10-02]
FF Extension: Cookie Monster - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ypkny7fx.Facebook\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2014-10-02]
FF Extension: NoScript - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ypkny7fx.Facebook\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-02]
FF Extension: No Name - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ypkny7fx.Facebook\Extensions\{7EE8902C-75BE-4286-A6CE-0C483607A322}.xpi [2014-10-02]
FF Extension: No Name - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ypkny7fx.Facebook\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-01-03]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho

Opera:
=======
OPR Extension: (Ghostery) - C:\Users\Joe\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2015-02-07]
OPR Extension: (Adblock Plus) - C:\Users\Joe\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-02-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [945152 2013-05-07] (ASUSTeK Computer Inc.) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [1639424 2013-05-09] (ASUSTeK Computer Inc.) [File not signed]
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 Ds3Service; C:\Program Files\Scarlet.Crush Productions\ScpService.exe [381952 2014-04-03] (Scarlet.Crush Productions) [File not signed]
S3 GalaxyClientService; S:\GOGGalaxy\GalaxyClientService.exe [1718840 2015-07-26] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6871608 2015-07-26] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1723856 2014-09-18] (Micro-Star International)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S3 Origin Client Service; S:\Origin\OriginClientService.exe [2007048 2015-07-31] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2015-01-03] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [800440 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2015-01-03] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2015-01-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 USBADVAU; C:\Windows\system32\drivers\cm11264.sys [4121088 2012-11-29] (C-Media Electronics Inc)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-10-02] (Microsoft Corporation)
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 VBoxNetAdp; \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VBoxUSB; \SystemRoot\System32\Drivers\VBoxUSB.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 22:44 - 2015-08-05 22:44 - 00029102 _____ C:\Users\Joe\Desktop\FRST.txt
2015-08-05 22:44 - 2015-08-05 21:04 - 02169856 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe
2015-08-05 21:31 - 2015-08-05 21:31 - 07454824 _____ (Dino Nuhagic ) C:\Users\Joe\Downloads\NTLite_setup_x64.exe
2015-08-05 21:19 - 2015-08-05 21:19 - 03545552 _____ (Paramount Software UK Ltd) C:\Users\Joe\Downloads\ReflectDL.exe
2015-08-05 21:19 - 2015-08-05 21:19 - 00839471 _____ C:\Users\Joe\Downloads\esd-decrypter-wimlib-4.7z
2015-08-05 21:11 - 2015-08-05 21:11 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\03446D8E.sys
2015-08-04 19:38 - 2015-08-04 19:38 - 00000000 ____D C:\Users\Joe\Downloads\ForceFix_1.02
2015-08-04 19:37 - 2015-08-04 19:37 - 00085632 _____ C:\Users\Joe\Downloads\ForceFix_1.02..zip
2015-08-04 18:54 - 2015-08-04 18:54 - 00000000 ____D C:\Users\Joe\Documents\MGR
2015-08-02 17:04 - 2015-08-02 17:04 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\49C74629.sys
2015-08-01 12:08 - 2015-08-01 12:08 - 08312264 _____ (The Eraser Project) C:\Users\Joe\Downloads\Eraser 6.2.0.2969.exe
2015-08-01 12:08 - 2015-08-01 12:08 - 00000000 ____D C:\Program Files\Eraser
2015-07-31 20:29 - 2015-07-31 20:29 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Wayforward
2015-07-31 20:19 - 2015-07-31 20:19 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2015-07-31 20:07 - 2015-07-31 20:07 - 00000365 _____ C:\WINDOWS\DirectX.log
2015-07-31 19:25 - 2015-07-31 19:25 - 14345345 _____ ( ) C:\Users\Joe\Downloads\klcp_update_1133_20150730.exe
2015-07-31 19:22 - 2015-07-31 19:22 - 00003778 _____ C:\WINDOWS\System32\Tasks\klcp_update
2015-07-31 19:22 - 2015-07-31 19:22 - 00001221 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
2015-07-31 19:22 - 2015-07-31 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-07-31 19:22 - 2015-07-31 19:22 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-07-31 19:22 - 2015-07-21 19:00 - 00112128 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll
2015-07-31 19:22 - 2015-06-22 14:25 - 00254976 _____ C:\WINDOWS\system32\xvidvfw.dll
2015-07-31 19:22 - 2015-06-22 14:25 - 00240128 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2015-07-31 19:22 - 2015-06-22 14:24 - 00729088 _____ C:\WINDOWS\system32\xvidcore.dll
2015-07-31 19:22 - 2015-06-22 14:24 - 00655872 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2015-07-31 19:22 - 2015-02-28 16:22 - 03571200 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll
2015-07-31 19:22 - 2015-02-28 16:21 - 03591680 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll
2015-07-31 19:22 - 2015-02-25 17:27 - 00473088 _____ (http://www.mp3dev.org/) C:\WINDOWS\SysWOW64\lameACM.acm
2015-07-31 19:22 - 2012-07-21 11:55 - 00180736 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2015-07-31 19:22 - 2012-07-21 11:54 - 00122880 _____ (fccHandler) C:\WINDOWS\SysWOW64\ac3acm.acm
2015-07-31 19:22 - 2012-05-21 22:48 - 00000415 _____ C:\WINDOWS\SysWOW64\lame_acm.xml
2015-07-31 19:22 - 2011-12-07 18:37 - 00148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2015-07-31 19:22 - 2011-12-07 18:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll
2015-07-31 19:22 - 2005-01-22 00:53 - 00055296 _____ C:\WINDOWS\system32\huffyuv.dll
2015-07-31 19:22 - 2004-05-18 19:16 - 00039936 _____ (Disappearing Inc.) C:\WINDOWS\SysWOW64\huffyuv.dll
2015-07-31 19:16 - 2015-07-31 19:18 - 41001433 _____ ( ) C:\Users\Joe\Downloads\K-Lite_Codec_Pack_1130_Mega.exe
2015-07-29 19:32 - 2015-07-23 01:46 - 00572232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-07-29 19:31 - 2015-07-23 05:06 - 42730128 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 30487880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 22950544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 16151688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 15892200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 14503880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 13268712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 11836680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 11055248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-07-29 19:31 - 2015-07-23 05:06 - 02933576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 02600592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435362.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435362.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 01101856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 01061008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 01053000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00983368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00976528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00940104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00879000 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00503592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00117576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll
2015-07-29 19:31 - 2015-07-23 05:06 - 00039056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys
2015-07-29 19:27 - 2015-07-29 19:31 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-07-29 19:27 - 2015-07-03 05:28 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-07-29 19:27 - 2015-07-03 05:28 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-07-28 18:11 - 2015-07-25 14:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-27 23:03 - 2015-08-01 12:36 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-27 23:03 - 2015-07-27 23:03 - 00003848 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-07-27 22:53 - 2015-07-27 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-07-27 22:53 - 2015-07-27 22:53 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-07-27 22:32 - 2015-07-27 22:35 - 224423936 _____ C:\Users\Joe\Downloads\LibreOffice_4.4.4_Win_x86.msi
2015-07-27 19:50 - 2015-07-27 19:50 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\1A5B7106.sys
2015-07-26 20:14 - 2015-07-26 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2015-07-26 19:54 - 2015-07-26 19:54 - 00000000 ____D C:\Users\Joe\AppData\Local\CEF
2015-07-26 19:34 - 2015-07-26 19:34 - 05817448 _____ (Martin Prikryl ) C:\Users\Joe\Downloads\winscp574setup.exe
2015-07-21 08:34 - 2015-07-14 15:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-21 08:34 - 2015-07-14 15:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-21 08:34 - 2015-07-14 15:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-21 08:34 - 2015-07-14 15:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 12:45 - 2015-08-05 22:09 - 01612171 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-18 10:21 - 2015-08-04 21:27 - 00008568 _____ C:\WINDOWS\setupact.log
2015-07-18 10:21 - 2015-07-18 10:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-17 20:04 - 2015-07-17 20:05 - 20555944 _____ ( ) C:\Users\Joe\Downloads\klcp_update_1128_20150713.exe
2015-07-15 21:51 - 2015-07-16 18:19 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\56B023F0.sys
2015-07-15 21:05 - 2015-07-09 20:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 21:05 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 21:05 - 2015-07-09 17:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 21:05 - 2015-07-09 16:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 21:05 - 2015-07-09 16:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 21:05 - 2015-07-09 16:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 21:05 - 2015-07-09 16:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 21:05 - 2015-07-09 16:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 21:05 - 2015-07-09 16:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 21:05 - 2015-07-09 16:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 21:05 - 2015-07-09 16:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 21:05 - 2015-07-09 16:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 21:05 - 2015-07-09 16:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 21:05 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 21:05 - 2015-06-27 04:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 21:05 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 21:04 - 2015-06-29 23:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 21:04 - 2015-06-29 16:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 21:04 - 2015-06-29 16:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 21:04 - 2015-06-29 16:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 21:04 - 2015-06-29 16:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 21:04 - 2015-06-27 00:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 21:04 - 2015-06-27 00:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 21:04 - 2015-06-25 03:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 21:04 - 2015-05-11 19:17 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-15 21:04 - 2015-05-07 18:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-15 21:04 - 2015-05-07 18:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-15 21:04 - 2015-05-07 17:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-15 21:04 - 2015-05-07 17:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-15 21:04 - 2015-05-07 16:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-15 21:04 - 2015-05-07 16:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-15 21:04 - 2015-05-03 16:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 21:04 - 2015-05-03 15:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 21:04 - 2015-05-03 15:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-15 21:04 - 2015-05-03 15:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-15 21:04 - 2015-05-03 01:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-15 21:04 - 2015-04-30 00:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-15 21:04 - 2015-04-25 03:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 18:28 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 18:28 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 18:28 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 18:28 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 18:28 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 18:28 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 18:28 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 18:28 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 18:28 - 2015-07-01 23:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 18:28 - 2015-07-01 22:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 18:28 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 18:28 - 2015-06-28 06:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 18:28 - 2015-06-28 06:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 18:28 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 18:28 - 2015-06-27 17:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 18:28 - 2015-06-27 04:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 18:28 - 2015-06-27 04:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 18:28 - 2015-06-27 04:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 18:28 - 2015-06-27 03:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 18:28 - 2015-06-27 03:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 18:28 - 2015-06-27 03:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 18:28 - 2015-06-27 02:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 18:28 - 2015-06-27 02:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 18:28 - 2015-06-16 06:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 18:28 - 2015-06-16 06:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 18:28 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 18:28 - 2015-06-15 23:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 18:28 - 2015-06-15 23:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 18:28 - 2015-06-15 23:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 18:28 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 18:28 - 2015-06-15 23:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 18:28 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 18:28 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 18:28 - 2015-06-15 22:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 18:28 - 2015-06-15 22:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 18:28 - 2015-06-15 22:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 18:28 - 2015-06-15 22:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 18:28 - 2015-06-15 22:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 18:28 - 2015-06-15 22:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 18:28 - 2015-06-15 22:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 18:28 - 2015-06-15 22:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 18:28 - 2015-06-15 22:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 18:28 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 18:28 - 2015-06-15 22:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 18:28 - 2015-06-15 22:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 18:28 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 18:28 - 2015-06-15 22:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 18:28 - 2015-06-15 22:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 18:28 - 2015-06-15 21:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 18:28 - 2015-06-15 21:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 18:28 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 18:28 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 18:28 - 2015-06-15 21:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 18:28 - 2015-06-15 21:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 18:28 - 2015-06-15 21:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 18:28 - 2015-06-15 21:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 18:28 - 2015-06-15 21:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 18:28 - 2015-06-15 21:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 18:28 - 2015-06-15 21:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 18:28 - 2015-06-15 21:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 18:28 - 2015-06-15 21:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 18:28 - 2015-06-15 21:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 18:28 - 2015-06-15 21:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 18:28 - 2015-06-15 20:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 18:28 - 2015-06-11 04:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 18:28 - 2015-06-10 17:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 18:28 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 18:28 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 18:28 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 18:28 - 2015-05-12 14:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 18:28 - 2015-05-11 17:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 18:28 - 2015-05-07 17:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 18:28 - 2015-05-03 16:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 18:28 - 2015-05-03 15:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 18:28 - 2015-05-02 00:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 18:28 - 2015-04-28 14:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-15 18:28 - 2015-04-28 14:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 18:28 - 2015-04-23 16:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-15 18:28 - 2015-04-23 16:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-15 18:28 - 2015-03-09 03:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2015-07-13 17:53 - 2015-07-13 17:53 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\5F4C5117.sys
2015-07-12 18:34 - 2015-07-12 18:34 - 00000000 ____D C:\Users\Joe\AppData\Roaming\HP
2015-07-12 18:34 - 2015-07-12 18:34 - 00000000 ____D C:\ProgramData\WEBREG
2015-07-12 18:33 - 2015-07-12 18:33 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-07-12 18:33 - 2015-07-12 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-07-12 18:33 - 2015-07-12 18:33 - 00000000 ____D C:\Program Files (x86)\HP
2015-07-12 18:32 - 2015-07-12 18:34 - 00188097 _____ C:\WINDOWS\hpoins13.dat
2015-07-12 18:32 - 2015-07-12 18:34 - 00000822 _____ C:\ProgramData\hpzinstall.log
2015-07-12 18:32 - 2015-07-12 18:33 - 00000000 ____D C:\ProgramData\HP
2015-07-12 18:32 - 2012-09-26 14:18 - 00000462 ____N C:\WINDOWS\hpomdl13.dat
2015-07-12 18:32 - 2009-07-08 11:51 - 01295360 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotiop4.dll
2015-07-12 18:32 - 2009-07-08 11:51 - 00859136 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpowiax4.dll
2015-07-12 18:32 - 2009-07-08 11:51 - 00540672 _____ (Hewlett-Packard) C:\WINDOWS\system32\hppldcoi.dll
2015-07-12 18:32 - 2009-07-08 11:51 - 00488960 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst11.dll
2015-07-12 17:34 - 2015-07-13 18:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-07-10 20:23 - 2015-07-10 20:23 - 20396641 _____ ( ) C:\Users\Joe\Downloads\klcp_update_1127_20150707.exe
2015-07-10 17:51 - 2015-07-28 18:45 - 00000000 ___HD C:\$Windows.~BT
2015-07-09 22:43 - 2015-07-09 22:43 - 02906880 _____ C:\Users\Joe\Downloads\mp3tagv270setup.exe
2015-07-09 22:43 - 2015-07-09 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-07-09 22:37 - 2015-07-09 22:41 - 00000000 ____D C:\Users\Joe\AppData\Roaming\freac
2015-07-09 22:37 - 2015-07-09 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter
2015-07-09 22:37 - 2015-07-09 22:37 - 00000000 ____D C:\Program Files (x86)\freac
2015-07-09 22:36 - 2015-07-09 22:36 - 07531408 _____ C:\Users\Joe\Downloads\freac-1.0.23.exe
2015-07-09 19:55 - 2015-07-09 19:55 - 06565736 _____ (Piriform Ltd) C:\Users\Joe\Downloads\ccsetup507.exe
2015-07-08 23:30 - 2015-07-08 23:30 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-07-08 23:29 - 2015-07-08 23:29 - 16973081 _____ C:\Users\Joe\Downloads\HandBrake-0.10.2-x86_64-Win_GUI.exe
2015-07-08 23:23 - 2015-07-08 23:26 - 00000000 ____D C:\Users\Joe\AppData\Roaming\WinFF
2015-07-08 23:22 - 2015-07-08 23:22 - 21530519 _____ (WinFF.org ) C:\Users\Joe\Downloads\WinFF-1.5.4-Setup-2-ffmpeg-2.5.2.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 22:44 - 2014-10-13 21:05 - 00000000 ____D C:\FRST
2015-08-05 22:06 - 2014-10-02 18:40 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-05 22:00 - 2014-10-02 23:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-05 22:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-05 21:45 - 2014-10-02 18:00 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3329363248-3951650003-3017901274-1001
2015-08-05 21:41 - 2015-01-26 16:39 - 00000000 ____D C:\WINDOWS\system32\1033
2015-08-05 21:41 - 2015-01-26 16:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-08-05 21:41 - 2014-10-02 23:52 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-05 21:41 - 2014-10-02 23:05 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-05 21:41 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-05 21:40 - 2015-01-26 16:39 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-08-05 21:39 - 2015-01-26 16:40 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2015-08-05 21:26 - 2014-10-02 18:38 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-05 21:05 - 2014-09-30 23:05 - 00067372 _____ C:\Users\Joe\Downloads\FRST.txt
2015-08-05 21:04 - 2014-10-15 20:52 - 00000000 ____D C:\Users\Joe\Downloads\FRST-OlderVersion
2015-08-05 21:04 - 2014-09-30 23:05 - 02169856 _____ (Farbar) C:\Users\Joe\Downloads\FRST64.exe
2015-08-05 20:42 - 2014-11-20 23:20 - 00000600 _____ C:\Users\Joe\AppData\Roaming\winscp.rnd
2015-08-05 20:31 - 2014-10-02 21:17 - 00000000 ___DO C:\Users\Joe\OneDrive
2015-08-04 21:44 - 2014-10-09 22:11 - 00000000 ____D C:\Users\Joe\AppData\Roaming\KeePass
2015-08-04 17:58 - 2014-03-18 16:25 - 00915466 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-04 17:52 - 2015-02-14 15:10 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-04 17:52 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-02 18:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-01 12:41 - 2014-10-02 23:54 - 00000000 ____D C:\Users\Joe\AppData\Local\Eraser 6
2015-08-01 12:08 - 2014-10-02 23:28 - 00001771 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2015-07-31 20:19 - 2014-10-02 20:30 - 00000000 ____D C:\Users\Joe\Documents\SavedGames
2015-07-31 19:33 - 2014-10-02 22:32 - 00000000 ____D C:\ProgramData\Origin
2015-07-31 19:10 - 2014-10-02 22:05 - 01339760 _____ (KC Softwares ) C:\Users\Joe\Downloads\dumo_lite.exe
2015-07-31 19:09 - 2014-10-02 22:04 - 01555824 _____ (KC Softwares ) C:\Users\Joe\Downloads\sumo_lite.exe
2015-07-29 19:32 - 2014-10-02 21:09 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-29 19:32 - 2014-10-02 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-29 18:05 - 2014-11-05 21:08 - 00007597 _____ C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
2015-07-28 19:42 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 18:48 - 2014-10-02 22:08 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-27 23:13 - 2015-01-23 20:30 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-27 23:03 - 2014-10-02 23:39 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-27 23:03 - 2014-10-02 23:39 - 00000000 ____D C:\Users\Joe\AppData\Local\Adobe
2015-07-27 22:24 - 2015-04-03 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-07-27 22:24 - 2015-01-23 20:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-07-26 19:43 - 2014-11-20 23:14 - 00001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2015-07-26 19:43 - 2014-11-20 23:14 - 00000000 ____D C:\Program Files (x86)\WinSCP
2015-07-26 17:45 - 2015-04-06 17:59 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-24 05:21 - 2014-10-02 21:23 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-07-24 05:21 - 2014-10-02 21:23 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-07-24 05:21 - 2014-10-02 21:23 - 01423304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-07-24 05:21 - 2014-10-02 21:23 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-07-23 05:06 - 2015-04-15 13:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcvadgenco64.dll
2015-07-23 05:06 - 2015-02-14 15:10 - 17615408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-07-23 05:06 - 2015-02-14 15:10 - 15129192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-07-23 05:06 - 2015-02-14 15:10 - 12876336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-07-23 05:06 - 2015-02-14 15:10 - 03407144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-07-23 05:06 - 2015-02-14 15:10 - 03008880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-07-23 05:06 - 2015-02-14 15:10 - 00112968 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-07-23 05:06 - 2015-02-14 15:10 - 00105288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-07-23 05:06 - 2015-02-14 15:10 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-07-23 02:31 - 2015-02-14 15:10 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-07-23 02:31 - 2015-02-14 15:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-07-23 02:31 - 2015-02-14 15:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-07-23 02:31 - 2015-02-14 15:10 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-07-23 02:31 - 2015-02-14 15:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-07-23 02:31 - 2015-02-14 15:10 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-07-21 15:11 - 2013-08-22 15:44 - 00428584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-21 15:11 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-21 09:08 - 2015-04-06 17:59 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-20 15:16 - 2015-02-14 15:10 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-07-20 13:33 - 2014-10-04 22:15 - 00003248 _____ C:\WINDOWS\Sandboxie.ini
2015-07-18 09:41 - 2014-11-08 12:25 - 00000000 ____D C:\Users\Joe\Downloads\FreeFileSync Setups
2015-07-18 09:41 - 2014-10-03 00:06 - 00000960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2015-07-18 09:41 - 2014-10-03 00:06 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2015-07-18 09:19 - 2014-10-02 22:37 - 00000000 ____D C:\Users\Joe\AppData\Roaming\GameSave Manager 3
2015-07-16 20:13 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-15 23:13 - 2015-04-15 14:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-15 23:13 - 2014-11-19 20:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-15 23:13 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-15 23:13 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-15 23:13 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-07-15 23:13 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-07-15 22:04 - 2014-10-02 19:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 18:23 - 2014-10-02 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-14 18:46 - 2014-11-21 20:26 - 00003826 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1416597979
2015-07-14 18:46 - 2014-11-21 20:26 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-14 18:46 - 2014-11-21 20:26 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-13 22:10 - 2013-08-22 16:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 22:10 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 18:34 - 2013-08-22 14:25 - 00000127 _____ C:\WINDOWS\win.ini
2015-07-11 08:41 - 2015-07-04 22:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-10 20:28 - 2014-11-19 19:22 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-07-10 20:28 - 2014-11-19 19:22 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-07-10 20:28 - 2014-11-19 19:22 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-07-10 20:28 - 2014-11-19 19:22 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-07-10 20:28 - 2013-08-22 12:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-07-10 20:28 - 2013-08-22 12:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-07-10 20:28 - 2013-08-22 12:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-07-10 20:28 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-07-10 20:28 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-07-10 20:28 - 2013-08-22 04:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-07-10 20:28 - 2013-08-22 04:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-07-10 20:28 - 2013-08-22 04:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-07-10 20:28 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-07-10 20:28 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-07-09 22:47 - 2015-03-11 21:00 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Mp3tag
2015-07-09 22:43 - 2015-03-11 20:55 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2015-07-09 19:58 - 2014-12-02 20:42 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-09 19:58 - 2014-10-22 21:17 - 00000000 ____D C:\Users\Joe\AppData\Local\CrashDumps
2015-07-09 19:55 - 2014-10-02 23:18 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-09 19:55 - 2014-10-02 23:18 - 00000000 ____D C:\Program Files\CCleaner
2015-07-08 23:30 - 2015-03-15 16:08 - 00000000 ____D C:\Program Files\Handbrake
2015-07-08 23:29 - 2015-03-15 16:08 - 00000000 ____D C:\Users\Joe\AppData\Roaming\HandBrake
2015-07-08 23:19 - 2015-01-17 12:34 - 00001378 _____ C:\Users\Joe\Desktop\CopyTrans Control Center.lnk
2015-07-08 23:19 - 2015-01-17 12:34 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center

==================== Files in the root of some directories =======

2015-07-31 20:19 - 2015-07-31 20:19 - 0002035 _____ () C:\Users\Joe\AppData\Roaming\SpeedRunnersLog.txt
2014-11-20 23:20 - 2015-08-05 20:42 - 0000600 _____ () C:\Users\Joe\AppData\Roaming\winscp.rnd
2015-04-04 12:15 - 2015-04-04 12:15 - 31234305 _____ () C:\Users\Joe\AppData\Local\1032937E_stp.EXE
2015-04-04 12:15 - 2015-04-04 12:15 - 0000582 _____ () C:\Users\Joe\AppData\Local\1032937E_stp.EXE.part
2015-04-04 12:15 - 2015-04-04 12:15 - 0385602 _____ () C:\Users\Joe\AppData\Local\145842EF_stp.CIS
2015-04-04 12:15 - 2015-04-04 12:15 - 0000232 _____ () C:\Users\Joe\AppData\Local\145842EF_stp.CIS.part
2015-01-17 12:42 - 2015-01-17 12:42 - 0118724 _____ () C:\Users\Joe\AppData\Local\30FDB2F6_stp.CIS
2015-01-17 12:42 - 2015-01-17 12:42 - 0000318 _____ () C:\Users\Joe\AppData\Local\30FDB2F6_stp.CIS.part
2014-12-23 23:55 - 2014-12-23 23:55 - 0092702 _____ () C:\Users\Joe\AppData\Local\501DF41A_stp.CIS
2014-12-23 23:55 - 2014-12-23 23:55 - 0000317 _____ () C:\Users\Joe\AppData\Local\501DF41A_stp.CIS.part
2015-05-31 11:24 - 2015-05-31 11:24 - 0002009 _____ () C:\Users\Joe\AppData\Local\recently-used.xbel
2014-11-05 21:08 - 2015-07-29 18:05 - 0007597 _____ () C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
2015-06-09 19:48 - 2015-06-09 19:50 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-10-02 23:55 - 2014-10-02 23:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-12 18:32 - 2015-07-12 18:34 - 0000822 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Joe\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Joe\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-30 21:15

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Joe (2015-08-05 22:45:12)
Running from C:\Users\Joe\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3329363248-3951650003-3017901274-500 - Administrator - Disabled)
Guest (S-1-5-21-3329363248-3951650003-3017901274-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3329363248-3951650003-3017901274-1003 - Limited - Enabled)
Joe (S-1-5-21-3329363248-3951650003-3017901274-1001 - Administrator - Enabled) => C:\Users\Joe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AI Suite III (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.44 - ASUSTeK Computer Inc.)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AirStream-Suite (HKLM-x32\...\{8AA06139-F943-41E9-869A-B85BBD7655C0}) (Version: 5.1.2 - )
App Game Kit 2 (HKLM-x32\...\Steam App 325180) (Version: - The Game Creators Ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{06A333EA-4E9D-4848-865F-FE5A1E12AB30}) (Version: 8.2.1.3 - Apple Inc.)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
Axis Game Factory's AGFPRO 3.0 (HKLM-x32\...\Steam App 253370) (Version: - Axis Game Factory LLC)
Batman™: Arkham Knight (HKLM-x32\...\Steam App 208650) (Version: - Rocksteady Studios)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
C4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev)
Chip's Challenge 1 (HKLM-x32\...\Steam App 346850) (Version: - Niffler Ltd.)
Chip's Challenge 2 (HKLM-x32\...\Steam App 348300) (Version: - Niffler Ltd.)
Chucks Challenge 3D (HKLM-x32\...\Steam App 262590) (Version: - Niffler Ltd.)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\CopyTrans Suite) (Version: 4.002 - WindSolutions)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Double Dragon Neon (HKLM-x32\...\Steam App 252350) (Version: - WayForward)
Double Dragon Trilogy (HKLM-x32\...\Steam App 314150) (Version: - DotEmu)
Eraser 6.2.0.2969 (HKLM\...\{66AB13EA-E7D2-4CFC-9B66-8E9EE44C89EE}) (Version: 6.2.2969 - The Eraser Project)
Escape Goat 2 (HKLM-x32\...\Steam App 255340) (Version: - MagicalTimeBean)
f.lux (HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\Flux) (Version: - )
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FreeFileSync 7.2 (HKLM-x32\...\FreeFileSync) (Version: 7.2 - www.FreeFileSync.org)
Game Character Hub (HKLM-x32\...\Steam App 292230) (Version: - Sebastien Bini)
GameGuru (HKLM-x32\...\Steam App 266310) (Version: - The Game Creators)
GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.442.0 - InsaneMatt)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Half Minute Hero: The Second Coming (HKLM-x32\...\Steam App 240970) (Version: - OPUS)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Hotline Miami 2: Wrong Number (HKLM-x32\...\Steam App 274170) (Version: - Dennaton Games)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{276C40A7-8110-4976-80D2-39C669B84D32}) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
iTunes (HKLM\...\{0FB81B1A-1329-4905-8080-058E530CD6D9}) (Version: 12.2.0.145 - Apple Inc.)
Jazzpunk (HKLM-x32\...\Steam App 250260) (Version: - Necrophone Games)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
KC Softwares DUMo (HKLM-x32\...\KC Softwares DUMo_is1) (Version: 2.0.5.18 - KC Softwares)
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 4.0.3.271 - KC Softwares)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
K-Lite Mega Codec Pack 11.3.3 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.3.3 - )
Kung Fury: Street Rage (HKLM-x32\...\Steam App 373180) (Version: - )
LibreOffice 4.4.4.3 (HKLM-x32\...\{5B6D82BB-CC1A-431E-8991-3E57855F99C5}) (Version: 4.4.4.3 - The Document Foundation)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mayflash WiiU Pro Game Controller Adapter (HKLM-x32\...\{4A168BA0-6E0B-4EA2-98C1-75EC594F3F3D}) (Version: 3.85 - My Company Name)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2013 Tools for Unity (HKLM-x32\...\{7AFB9B82-13AA-4BE2-9FAC-B9962DB74762}) (Version: 1.9.8.0 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 39.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-GB)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.2 - Mozilla)
Mozilla Thunderbird 38.1.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 38.1.0 (x86 en-GB)) (Version: 38.1.0 - Mozilla)
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.010 - MSI)
NiGHTS into Dreams... (HKLM-x32\...\Steam App 219950) (Version: - SEGA)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PAC-MAN MUSEUM (HKLM-x32\...\Steam App 236470) (Version: - NAMCO BANDAI Studio Inc.)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version: - Prism Studios)
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PS_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Resident Evil 5 / Biohazard 5 (HKLM-x32\...\Steam App 21690) (Version: - Capcom)
Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version: - Capcom)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version: - KADOKAWA)
Sakura Fantasy Chapter 1 (HKLM-x32\...\Steam App 375200) (Version: - )
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0001 - )
Shantae: Risky's Revenge - Director's Cut (HKLM-x32\...\Steam App 277890) (Version: - WayForward)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version: - Yacht Club Games)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Space Quest Collection (HKLM-x32\...\Steam App 10110) (Version: - Activision)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
Sprite Lamp (HKLM-x32\...\Steam App 316830) (Version: - Snake Hill Games)
Spriter Pro (HKLM-x32\...\Steam App 332360) (Version: - BrashMonkey)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
Super Time Force Ultra (HKLM-x32\...\Steam App 250700) (Version: - Capybara Games)
THE KING OF FIGHTERS 2002 UNLIMITED MATCH (HKLM-x32\...\Steam App 222440) (Version: - Code Mystics)
THE KING OF FIGHTERS '98 ULTIMATE MATCH FINAL EDITION (HKLM-x32\...\Steam App 222420) (Version: - Code Mystics)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.9.83.1010 - Electronic Arts Inc.)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.7.0 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version: - Ubisoft)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinSCP 5.7.4 (HKLM-x32\...\winscp3_is1) (Version: 5.7.4 - Martin Prikryl)
Zumas Revenge (HKLM-x32\...\{0B153CAB-792B-4CA2-B2A5-AB0BBAF2FFA9}) (Version: 1.0.5.600 - PopCap Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

21-07-2015 09:08:17 Windows Update
27-07-2015 22:52:19 Installed LibreOffice 4.4.4.3
31-07-2015 19:34:30 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
05-08-2015 21:31:04 Microsoft Visual Studio Community 2013 with Update 4

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {51A6E5FF-7A9D-41B1-8E90-27E75700A93E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {620EDE2E-40C4-46A0-BF8A-826173E63A31} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {67B55158-AEC5-47AA-A10D-0FE01EDB18EA} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-05-09] ()
Task: {6DBB8E4D-B39A-4850-A032-A330EAA0DBAA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-27] (Adobe Systems Incorporated)
Task: {7A4654A8-6564-4101-9DAD-D4F6F3632F9A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-07-21] ()
Task: {9A1CA015-1A63-4EC1-AAAC-C33B63A56E3C} - System32\Tasks\Opera scheduled Autoupdate 1416597979 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {A1DEC2DF-46BF-43DF-8BB1-A6B198EB62F5} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-05-07] (ASUSTeK Computer Inc.)
Task: {B7A3CEB2-B4B1-49E1-BD5F-C07E5F8CED0B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {C92C7897-5B7F-4A59-AC23-58E401CCC61F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-27] (Adobe Systems Incorporated)
Task: {D62C41B0-D3E0-4F5D-8CA9-5CC6CCB0AFB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DDF3DAF0-A138-46EA-A630-9EDABF25CC0C} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-10-02 18:14 - 2013-07-04 03:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-02-14 15:10 - 2015-07-23 02:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-10-02 18:17 - 2013-05-09 11:08 - 01218360 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-05-07 18:24 - 2013-05-28 15:56 - 00151552 ____N () C:\Windows\System\3DG4me.exe
2015-04-23 18:38 - 2015-04-23 18:38 - 00046080 _____ () C:\Users\Joe\AppData\Local\KeePass\PluginCache\TWKSG8BXPoub4DdXZP4s\Fleck2.dll
2015-05-15 22:27 - 2015-05-15 22:27 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 22:27 - 2015-05-15 22:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-02 18:14 - 2015-08-04 17:52 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-10-02 18:14 - 2012-05-07 17:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll
2014-10-02 23:42 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2015-04-07 18:39 - 2015-07-24 05:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-10-02 18:17 - 2013-05-09 11:08 - 00497664 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\vvc2.dll
2014-10-02 18:17 - 2013-05-09 11:08 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-10-02 18:17 - 2013-05-09 11:08 - 00784384 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-10-02 18:17 - 2013-05-09 11:08 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-10-02 18:17 - 2013-05-09 11:08 - 00769024 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2015-05-07 18:24 - 2012-06-06 08:56 - 00143360 ____N () C:\Windows\System\3DG4me.dll
2015-07-12 17:34 - 2015-07-12 17:34 - 00153712 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-07-12 17:34 - 2015-07-12 17:34 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-08-30 18:12 - 2015-01-03 11:07 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\nponlinebanking.dll
2014-08-30 18:12 - 2015-01-03 11:07 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\npcontentblocker.dll
2014-08-30 18:12 - 2015-01-03 11:07 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\npvkplugin.dll
2015-04-15 23:11 - 2015-04-15 23:11 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-04-15 23:11 - 2015-05-10 15:22 - 02873856 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Joe\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "AirStream-Suite.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "KrakenLauncher"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\StartupApproved\Run: => "AnyDVD"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{F8390B52-0CB9-4D68-AE89-C049B20A17D5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E3A3F827-AF7F-4ABD-8860-B9B7305EB283}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F99C839B-CA83-454C-9629-771645DC9504}] => (Allow) S:\Steam\Steam.exe
FirewallRules: [{254A14F1-4E0A-49B4-990C-907348FBA29A}] => (Allow) S:\Steam\Steam.exe
FirewallRules: [{EC8528B8-AE9B-428D-8C19-71E7CB39AEF4}] => (Allow) S:\Steam\bin\steamwebhelper.exe
FirewallRules: [{3D3DB2FB-3A94-4565-BE43-C3406425DC8C}] => (Allow) S:\Steam\bin\steamwebhelper.exe
FirewallRules: [{65AC6611-08C8-4E1F-8B19-E2E73CEA5B39}] => (Allow) S:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{553A43FC-4BEE-4B4B-B0A8-3E1D887C980E}] => (Allow) S:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{56C714D4-A961-47A5-AFD0-2745E5229D20}] => (Allow) S:\Steam\steamapps\common\awesome\Awesome.exe
FirewallRules: [{D05B4EB0-93C9-4989-BA9E-A8FFC74D909B}] => (Allow) S:\Steam\steamapps\common\awesome\Awesome.exe
FirewallRules: [{9D4F9AC0-6BCD-4A16-8476-EEBBFCBED81F}] => (Allow) S:\Steam\steamapps\common\awesome\Awesome_DirectToRift.exe
FirewallRules: [{148147A1-D564-40DC-AEAD-1C9721D5302B}] => (Allow) S:\Steam\steamapps\common\awesome\Awesome_DirectToRift.exe
FirewallRules: [{4C60AEA3-D79C-4534-B7F0-64553FAFA39C}] => (Allow) S:\Steam\steamapps\common\ContagionBeta\contagion.exe
FirewallRules: [{6D6E4E53-3621-4AEF-BD96-F23C225EBA2B}] => (Allow) S:\Steam\steamapps\common\ContagionBeta\contagion.exe
FirewallRules: [{1D923EB5-81A7-4A29-96BF-C5F88007BEA3}] => (Allow) S:\Steam\steamapps\common\awesome\SteamLauncher.exe
FirewallRules: [{900B2CF1-6FE3-4205-9F18-786E088B6495}] => (Allow) S:\Steam\steamapps\common\awesome\SteamLauncher.exe
FirewallRules: [{6C528A42-2DCF-4C25-97CD-983DEC48CCF5}] => (Allow) S:\Steam\steamapps\common\trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{01E795B7-FD10-4846-A38B-652824E7B14C}] => (Allow) S:\Steam\steamapps\common\trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{82BEE0FD-AA81-4EDB-BC79-91F0370DB05C}] => (Allow) S:\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{391D09FF-1CBD-4A84-99C3-F7E1B228C36E}] => (Allow) S:\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{03935F21-FD84-4D02-A806-C2BAAD60DD96}] => (Allow) S:\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{7D4453A1-8167-4B34-BF73-676FA50B576D}] => (Allow) S:\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{2CA161FD-453D-43D0-B79C-876FF20BF52B}] => (Allow) S:\Steam\steamapps\common\Thinking with Time Machine\TWTM.exe
FirewallRules: [{167C7553-DCF0-4E8E-9E7D-F5C0182E36CD}] => (Allow) S:\Steam\steamapps\common\Thinking with Time Machine\TWTM.exe
FirewallRules: [{7FBA2C40-C41E-4B66-9658-F2422D23654B}] => (Allow) S:\Steam\steamapps\common\Thinking with Time Machine\bin\SDKLauncher.exe
FirewallRules: [{9468CF83-AD14-42DD-91D7-8753B39A3916}] => (Allow) S:\Steam\steamapps\common\Thinking with Time Machine\bin\SDKLauncher.exe
FirewallRules: [{8F69009D-7F77-497B-8E53-3B36253C4E02}] => (Allow) S:\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{2F14943A-3BAE-429D-8171-5C9BACC87114}] => (Allow) S:\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{17D40A2A-4BD8-4EFC-9B58-F2A3D6FEA9C2}] => (Allow) S:\Steam\steamapps\common\braid\braid.exe
FirewallRules: [{AFFAF8A8-19C1-459D-8C09-B91A531C5C90}] => (Allow) S:\Steam\steamapps\common\braid\braid.exe
FirewallRules: [{BCFF326B-4C7A-4881-A23D-F169EC0A5BBB}] => (Allow) S:\Steam\steamapps\common\Angry Video Game Nerd Adventures\avgn.exe
FirewallRules: [{9E3065F5-CF79-4C03-9810-07FCAE5D4A69}] => (Allow) S:\Steam\steamapps\common\Angry Video Game Nerd Adventures\avgn.exe
FirewallRules: [{913A03C0-87FC-4B5D-94E8-231F5512F564}] => (Allow) S:\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{34493174-2D03-407E-8910-6EF236F65DA9}] => (Allow) S:\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{9C1188D6-4FEF-4737-871A-E1CF4FE38871}] => (Allow) S:\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{67ABECDA-C8BA-4921-98E7-930B29692F24}] => (Allow) S:\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{70DA5470-2238-472D-AED8-88967FC50E07}] => (Allow) S:\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{EEE9166C-952A-478C-BCCB-4F56F15ACC50}] => (Allow) S:\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{47B2334E-97BE-488F-8E7E-9EC8B491DF86}] => (Allow) S:\Steam\steamapps\common\bittriprunner2\runner2.exe
FirewallRules: [{7918C638-3DFA-48FB-ADC1-9037347BB19B}] => (Allow) S:\Steam\steamapps\common\bittriprunner2\runner2.exe
FirewallRules: [{D68E4F71-559B-4C17-9BC5-E29B4C3A9CFE}] => (Allow) S:\Steam\steamapps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{41A70077-D4F9-4944-9D81-8A7A1F3164F9}] => (Allow) S:\Steam\steamapps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{A9A4B7BA-36AB-469A-A202-7BC3A3814743}] => (Allow) S:\Steam\steamapps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{9F079557-3A5D-4BC4-AD7A-FD35107923C1}] => (Allow) S:\Steam\steamapps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{C159A42A-5813-4ACA-BDD6-7A1D8AE163DB}] => (Allow) S:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{DC24FF63-5989-49BE-988D-387852CE4F4B}] => (Allow) S:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{F752E716-7B96-47DF-905C-446002C57E6D}] => (Allow) S:\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{EC5DD4BA-29AE-47DF-9C48-6991005C6321}] => (Allow) S:\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{5EC32CDB-3A8E-4736-839B-A77FDD1C0D37}] => (Allow) S:\Steam\steamapps\common\Beat Hazard\BeatHazard.exe
FirewallRules: [{5821FFD3-F60D-44CA-AB78-FD59CF65BDC9}] => (Allow) S:\Steam\steamapps\common\Beat Hazard\BeatHazard.exe
FirewallRules: [{381EFACC-5D64-424B-A0B3-8508B8EA0D56}] => (Allow) S:\Steam\steamapps\common\Beat Hazard\runme.exe
FirewallRules: [{B076EA9A-21F8-488C-BED7-9BF17DBEF357}] => (Allow) S:\Steam\steamapps\common\Beat Hazard\runme.exe
FirewallRules: [{67168265-05D7-44AC-97C1-2869B58432EE}] => (Allow) S:\Steam\steamapps\common\amnesia the dark descent\Amnesia.exe
FirewallRules: [{172C11D3-2B0E-4742-9AAD-8D5A32F6CB57}] => (Allow) S:\Steam\steamapps\common\amnesia the dark descent\Amnesia.exe
FirewallRules: [{A74C42CD-A4EC-4BD8-B0B7-EC12743BC0AF}] => (Allow) S:\Steam\steamapps\common\amnesia the dark descent\Launcher.exe
FirewallRules: [{EF9B1B87-9D13-4777-B4A5-14A20285DCC2}] => (Allow) S:\Steam\steamapps\common\amnesia the dark descent\Launcher.exe
FirewallRules: [{7C94482C-EA4D-4883-A514-7FE1722CA83B}] => (Allow) S:\Steam\steamapps\common\Giana Sisters Twisted Dreams\launcher\GSLauncher.exe
FirewallRules: [{EBF82207-C5B3-4EF3-A46E-EC9A4BA4D342}] => (Allow) S:\Steam\steamapps\common\Giana Sisters Twisted Dreams\launcher\GSLauncher.exe
FirewallRules: [{A422393D-9DE7-43A1-B001-DEB46005B3CD}] => (Allow) S:\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{3230CD6A-AABE-4049-A9F9-FF229874970A}] => (Allow) S:\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{52013236-4CC5-4EBE-9DD7-185E82044F47}] => (Allow) S:\Steam\steamapps\common\Pac-Man Museum\PACMuseum.exe
FirewallRules: [{8A69E4A7-CDCC-4F22-8DDD-442EBFEF9075}] => (Allow) S:\Steam\steamapps\common\Pac-Man Museum\PACMuseum.exe
FirewallRules: [{6133C5E8-1FA2-4620-A827-F9C637B1729F}] => (Allow) S:\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{3127A239-187F-4B69-ADD3-4553004B64AC}] => (Allow) S:\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{AB610FE9-A43C-4759-9938-8C110B3327F7}] => (Allow) S:\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{4B3AFCB8-8A3C-46B6-A6E0-7CCA35800A68}] => (Allow) S:\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{84E97F39-009C-4859-A4C5-9ECC563AC734}] => (Allow) S:\Steam\steamapps\common\SuperTimeForceUltra\STF_win32.exe
FirewallRules: [{1BE53506-6189-4C36-931E-4FF23968F5E0}] => (Allow) S:\Steam\steamapps\common\SuperTimeForceUltra\STF_win32.exe
FirewallRules: [{159F2600-38C4-48BA-BDC8-DA82E1D38353}] => (Allow) S:\Steam\steamapps\common\Resident Evil 6\BH6.exe
FirewallRules: [{E0917F2F-5560-4DAE-9DE1-404931317956}] => (Allow) S:\Steam\steamapps\common\Resident Evil 6\BH6.exe
FirewallRules: [{C303AADA-76C3-407A-9F05-04D69AD30C73}] => (Allow) S:\Steam\steamapps\common\NiGHTS Into Dreams\Launcher.exe
FirewallRules: [{634AA896-FDED-420B-A214-5D34587BFF2B}] => (Allow) S:\Steam\steamapps\common\NiGHTS Into Dreams\Launcher.exe
FirewallRules: [{B4FECC02-3201-432B-B8C9-E7C4B040E803}] => (Allow) S:\Steam\steamapps\common\Jazzpunk\windows\Jazzpunk.exe
FirewallRules: [{BC371D38-9F99-4EFE-9E6D-2DF05542DEFC}] => (Allow) S:\Steam\steamapps\common\Jazzpunk\windows\Jazzpunk.exe
FirewallRules: [{6E66EA27-A8B6-467D-8D67-311B1BC0B5A8}] => (Allow) S:\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{99780685-04DF-4982-BB36-030644B1BFDA}] => (Allow) S:\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{B74C8DF6-1831-4416-B6C6-F2507D412D02}] => (Allow) S:\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{D19A5777-F749-4471-8E30-7C7CB9D5CDBB}] => (Allow) S:\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{2C70DEBD-AC78-4BA8-B860-3263BD333EA6}] => (Allow) S:\Steam\steamapps\common\Double Dragon Neon\bin\DoubleDragon.exe
FirewallRules: [{67AB5426-584F-4319-9410-CD3841B0FD55}] => (Allow) S:\Steam\steamapps\common\Double Dragon Neon\bin\DoubleDragon.exe
FirewallRules: [{5487F2D4-B7F0-4996-A1D1-83510D0FFBF1}] => (Allow) S:\Steam\steamapps\common\RiskysRevenge\executable\RiskysRevenge.exe
FirewallRules: [{6DCAC883-F65C-433D-A549-50B86673E0B3}] => (Allow) S:\Steam\steamapps\common\RiskysRevenge\executable\RiskysRevenge.exe
FirewallRules: [{2D9E45DE-4085-44D2-8E0F-DB1489D12986}] => (Allow) S:\Steam\steamapps\common\Escape Goat 2\EscapeGoat2.exe
FirewallRules: [{8E12B6DF-B71F-4F25-B94A-6ED4F66B80E9}] => (Allow) S:\Steam\steamapps\common\Escape Goat 2\EscapeGoat2.exe
FirewallRules: [{D8BBE537-4A6F-4C9B-81A6-DF3D87CE7292}] => (Allow) S:\Steam\steamapps\common\Double Dragon Trilogy\ddtrilogy.exe
FirewallRules: [{FD2E803F-BEE7-477D-9DC9-AEB57A34314B}] => (Allow) S:\Steam\steamapps\common\Double Dragon Trilogy\ddtrilogy.exe
FirewallRules: [{020BE9AE-F539-47B1-953B-179AEC2501CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E273248-2D7F-472B-B4C6-8558ADCF33D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{32A8D1C0-7639-4800-80FF-A6FEB1BABE08}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{4060DBC9-597F-42E8-B97F-5AB96529F9DF}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{8E825D31-90E4-4A03-BA88-599D6A98CE18}] => (Allow) S:\Steam\steamapps\common\Shadow Warrior Classic\bin\build.exe
FirewallRules: [{4658A860-CAD4-431C-9224-F24CBC7AF7C2}] => (Allow) S:\Steam\steamapps\common\Shadow Warrior Classic\bin\build.exe
FirewallRules: [{AB6E7002-549E-40B8-B16F-76E72A2891D1}] => (Allow) S:\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{7415BBD0-4391-4EA5-BFB5-52AF7130560B}] => (Allow) S:\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{289FF713-AD2F-47D1-85E6-F4D1D1B461A0}] => (Allow) S:\Steam\steamapps\common\Dynasty Warriors 8\Launch.exe
FirewallRules: [{2A651959-020A-4AD6-A3DF-DEF603C90B11}] => (Allow) S:\Steam\steamapps\common\Dynasty Warriors 8\Launch.exe
FirewallRules: [{E1BF45C7-ECF6-406B-9FD8-9BBC77198F95}] => (Allow) S:\Steam\steamapps\common\Dynasty Warriors 8\Config.exe
FirewallRules: [{11CE2F36-6518-4BB0-8C1F-AF780EC2F429}] => (Allow) S:\Steam\steamapps\common\Dynasty Warriors 8\Config.exe
FirewallRules: [{8C905FC2-8DDE-4B14-9E6A-BD405BE35928}] => (Allow) S:\Steam\steamapps\goombatroopa\garrysmod\hl2.exe
FirewallRules: [{455895C8-E374-4246-9A71-719F925A8EAE}] => (Allow) S:\Steam\steamapps\goombatroopa\garrysmod\hl2.exe
FirewallRules: [{C8BDC8E9-235A-4E7E-9675-7721924535D1}] => (Allow) S:\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{FACDEA69-2F65-42A0-9B08-98FD1054E299}] => (Allow) S:\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{2A8E333D-156F-4A71-B4A1-1B3B41DFABD2}] => (Allow) S:\Steam\steamapps\common\gish\gish.exe
FirewallRules: [{31E02C17-F71D-404A-AA9E-D6FC76C337E5}] => (Allow) S:\Steam\steamapps\common\gish\gish.exe
FirewallRules: [{624ED314-C770-4D4D-9799-551F25E384E8}] => (Allow) S:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C9A3635D-3015-4876-87C2-22FD89B93B9C}] => (Allow) S:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{398DEC1C-F991-4794-A992-400C585931BE}] => (Allow) S:\Steam\steamapps\common\sega classics\SEGAGenesisClassics.exe
FirewallRules: [{B94298DE-77E8-4E21-ADE3-66D6C63032AC}] => (Allow) S:\Steam\steamapps\common\sega classics\SEGAGenesisClassics.exe
FirewallRules: [{AB30681A-3D8F-4272-9DD2-5C34C1DCA4DB}] => (Allow) S:\Steam\steamapps\common\sonic adventure dx\AppLauncher.exe
FirewallRules: [{F4DFEF3E-3E02-4A84-AB5C-BAC535250535}] => (Allow) S:\Steam\steamapps\common\sonic adventure dx\AppLauncher.exe
FirewallRules: [{F0BB6471-DD56-4EEF-845D-25F2AAC19861}] => (Allow) S:\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{CB951466-D176-45E8-8C7D-3F9811174834}] => (Allow) S:\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{5F512DB1-C6B4-4436-9EE0-5DABE3DAA212}] => (Allow) S:\Steam\steamapps\common\Resident Evil 5\Launcher.exe
FirewallRules: [{660B7E12-72A6-4387-BD5D-F8ADD14A0697}] => (Allow) S:\Steam\steamapps\common\Resident Evil 5\Launcher.exe
FirewallRules: [{D2805720-2ECF-454C-97D7-594533B0D110}] => (Allow) S:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{9D27955D-60F9-40E6-9F8F-EF651CCFFCCB}] => (Allow) S:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{56CDF20B-2368-44E8-B533-5BCA2DF4FF1F}] => (Allow) S:\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{11C97473-37F9-4189-BDB8-9CEC0EE53297}] => (Allow) S:\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{AFB3D8DD-22B9-4D83-9EC0-11BD06631F28}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2013\UnityVS.OpenFile.exe
FirewallRules: [{A1A178BC-0308-4BF1-B5BE-EEE1543B868C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{D9FC2983-214B-4E92-8E9C-B3E718A65011}] => (Allow) C:\Program Files (x86)\Unity\Editor\Unity.exe
FirewallRules: [{CA0AD7B8-87A1-49B2-A1B4-140BFA7E9B7A}] => (Allow) S:\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{7F96B983-56A4-4CF5-A909-078C4C857152}] => (Allow) S:\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{D4B66F5E-5B25-42BD-B6D1-DD6F954CC847}] => (Allow) S:\Steam\steamapps\common\the binding of isaac\Isaac.exe
FirewallRules: [{EE136E7D-00E8-496E-BBE9-DECD2B0E57DC}] => (Allow) S:\Steam\steamapps\common\the binding of isaac\Isaac.exe
FirewallRules: [{81069A75-B610-4CCC-9D8F-C22FBFB68A5D}] => (Allow) S:\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{EA9981FC-85C0-4F73-A394-577792865B22}] => (Allow) S:\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{31C151FC-6AB4-4717-8651-2A58777748C4}] => (Allow) S:\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe
FirewallRules: [{713FC50E-21A1-43FD-8B0D-DF3A2872D707}] => (Allow) S:\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe
FirewallRules: [{1F20F57E-1F22-4D50-9FFD-C681BFF8EDC9}] => (Allow) S:\Steam\steamapps\common\Shadow Warrior Classic\bin\sw.exe
FirewallRules: [{5851E892-5407-4280-9723-138BB7A7B79A}] => (Allow) S:\Steam\steamapps\common\Shadow Warrior Classic\bin\sw.exe
FirewallRules: [{DB87344E-B5E2-4333-8729-84DE61AED269}] => (Allow) S:\Steam\steamapps\common\Shadow Warrior Classic\bin\dosbox\DOSBox.exe
FirewallRules: [{614BBE11-72DD-4D82-A9CF-98BCBB0DF695}] => (Allow) S:\Steam\steamapps\common\Shadow Warrior Classic\bin\dosbox\DOSBox.exe
FirewallRules: [{8BBC57DF-8419-480B-8AE1-0098D1531AE1}] => (Allow) S:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{05AAD2A8-4F72-460E-BAE4-A58E2BA63A98}] => (Allow) S:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{C600AE14-CB93-4653-B2C7-E53AB26ACAFC}] => (Allow) S:\Steam\steamapps\common\Kung Fury Street Rage\KungFury.exe
FirewallRules: [{AF7D581D-FDCC-4DD9-AAD5-276B58A75EBA}] => (Allow) S:\Steam\steamapps\common\Kung Fury Street Rage\KungFury.exe
FirewallRules: [{552D8275-9681-4DD2-9AEA-D2D997602E81}] => (Allow) S:\Steam\steamapps\common\Sakura Fantasy\Sakura Fantasy.exe
FirewallRules: [{0EEB5CE4-2B51-48C3-BCCF-F452AE0B6359}] => (Allow) S:\Steam\steamapps\common\Sakura Fantasy\Sakura Fantasy.exe
FirewallRules: [{0C580A63-31CF-46A0-BC82-F10D39ADC5C7}] => (Allow) S:\Steam\steamapps\common\jamestown\Jamestown.exe
FirewallRules: [{70612CC2-AF3F-49C7-BC10-7474481A9E28}] => (Allow) S:\Steam\steamapps\common\jamestown\Jamestown.exe
FirewallRules: [{4EAB34EB-01FB-4672-800C-A25FF89AE43A}] => (Allow) S:\Steam\steamapps\common\The King of Fighters'98 Ultimate Match\KingOfFighters98UM.exe
FirewallRules: [{7EEB7FD6-1AA0-4320-AC21-588E92085898}] => (Allow) S:\Steam\steamapps\common\The King of Fighters'98 Ultimate Match\KingOfFighters98UM.exe
FirewallRules: [{3D174449-85E2-40A7-B1B8-C85B092F97E8}] => (Allow) S:\Steam\steamapps\common\The King of Fighters 2002 Unlimited Match\KingOfFighters2002UM.exe
FirewallRules: [{DBCEB789-E59C-48AF-8796-240FE7F2BBCD}] => (Allow) S:\Steam\steamapps\common\The King of Fighters 2002 Unlimited Match\KingOfFighters2002UM.exe
FirewallRules: [{AF6812DE-2156-449F-9CDD-E3FCE59F5EE9}] => (Allow) S:\Steam\steamapps\common\Half Minute Hero Two\HMH2.exe
FirewallRules: [{912BC61C-BAB0-404B-B66A-4CAB1B95E306}] => (Allow) S:\Steam\steamapps\common\Half Minute Hero Two\HMH2.exe
FirewallRules: [{893D7905-8A10-46B5-857E-6E006B240B70}] => (Allow) S:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{7B6FE387-DF5B-4C95-83B8-2C77C2E6D2DB}] => (Allow) S:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{A2A3CB0A-0914-4424-88AB-8FD1F4F2E801}] => (Allow) S:\Steam\steamapps\common\Chip's Challenge 1\chips1.exe
FirewallRules: [{A8364B01-B547-4045-9031-B0E5AD11FF05}] => (Allow) S:\Steam\steamapps\common\Chip's Challenge 1\chips1.exe
FirewallRules: [{BA4DF8B0-6A3B-4A2E-B04B-9D043570FE83}] => (Allow) S:\Steam\steamapps\common\ChucksChallenge3D\ChucksChallenge3D-Full.exe
FirewallRules: [{3E8A20AA-5570-4618-9539-B8190FF606BC}] => (Allow) S:\Steam\steamapps\common\ChucksChallenge3D\ChucksChallenge3D-Full.exe
FirewallRules: [{9727281B-7A1D-42DC-A0F5-7E5454CA5A88}] => (Allow) S:\Steam\steamapps\common\Chip's Challenge 2\Chips2.exe
FirewallRules: [{ACE9CAB4-E01B-46A0-B885-0AFBC080C525}] => (Allow) S:\Steam\steamapps\common\Chip's Challenge 2\Chips2.exe
FirewallRules: [{97D62AC2-5D1B-4E94-BB12-23FDAFA719E7}] => (Allow) S:\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
FirewallRules: [{4114C04B-79E3-4F9A-9A2E-6C669B9CA993}] => (Allow) S:\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
FirewallRules: [{9B651F93-2BCE-47F8-9212-B5B2867034D4}] => (Allow) S:\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{3B0444E9-55BF-4A45-BFA8-4960E79000FD}] => (Allow) S:\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{D1A5EF77-621E-4EF7-9AB1-08AC2326EF3B}] => (Allow) S:\Steam\steamapps\common\steelstorm\steelstorm.exe
FirewallRules: [{89A2A8F9-8C4A-4558-BD5B-27515D5854E4}] => (Allow) S:\Steam\steamapps\common\steelstorm\steelstorm.exe
FirewallRules: [{8B2FF5C8-8BCC-49EE-A45E-EA9C0751B7CE}] => (Allow) S:\Steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe
FirewallRules: [{E0805654-627E-43DC-A25A-6C42E4984609}] => (Allow) S:\Steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe
FirewallRules: [{21B73106-9472-4A98-9B0D-896B61368B99}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D9806331-BAE0-427A-B6EF-7C12E6F3E02F}] => (Allow) S:\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{B774B7A3-CCA8-4404-9611-043C6C31902A}] => (Allow) S:\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{AAF630E8-9675-49A0-B149-1C059FF01F79}] => (Allow) S:\Steam\steamapps\common\Game Character Hub\GameCharacterHub.exe
FirewallRules: [{3F01ADF3-B524-4AEB-8B90-AEEC980CF416}] => (Allow) S:\Steam\steamapps\common\Game Character Hub\GameCharacterHub.exe
FirewallRules: [{1B0FC7FA-86F8-4BD1-A82C-DDC81520EEB5}] => (Allow) S:\Steam\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
FirewallRules: [{40FA1ED9-62B9-4A32-AE1A-0EBA89803C38}] => (Allow) S:\Steam\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
FirewallRules: [{1D2B271C-3197-4422-810C-B12DE2269A84}] => (Allow) S:\Steam\steamapps\common\Spriter\Spriter.exe
FirewallRules: [{A25A4768-73B1-42E4-9BDB-041EB4836896}] => (Allow) S:\Steam\steamapps\common\Spriter\Spriter.exe
FirewallRules: [{E87F1D2E-9A86-4851-A828-20F262EC25EE}] => (Allow) S:\Steam\steamapps\common\Sprite Lamp\SpriteLamp.exe
FirewallRules: [{E2732714-7FAD-4727-8C43-FEF49093B9A7}] => (Allow) S:\Steam\steamapps\common\Sprite Lamp\SpriteLamp.exe
FirewallRules: [{B0272D50-60A7-4583-9079-A48EEB444123}] => (Allow) S:\Steam\steamapps\common\Axis Game Factory\Axis Game Factory.exe
FirewallRules: [{FD8F9040-DED6-4CC1-8435-3473F118D953}] => (Allow) S:\Steam\steamapps\common\Axis Game Factory\Axis Game Factory.exe
FirewallRules: [{51FB82C3-D3C5-466D-BEE4-A115B327A1F4}] => (Allow) S:\Steam\steamapps\common\Game Guru\GameGuru.exe
FirewallRules: [{0BEE7CDC-0E38-4D56-9232-A26F593CC89A}] => (Allow) S:\Steam\steamapps\common\Game Guru\GameGuru.exe
FirewallRules: [{E7D1AD30-991C-4653-A800-2350183B4C68}] => (Allow) S:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [{875DFF45-C944-4B56-AC2D-0F79AF4167BF}] => (Allow) S:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [{AF61489A-15B2-4142-82B9-3AAE96EA8265}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{D34A29FC-5382-4F95-B674-8498BBDFF739}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{10DBFF58-30DC-4BC6-8963-F356319B404D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{BB9DFCBC-7862-4A60-BD28-8CE733831A5B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{9563B8F4-B5E9-47F6-AC7D-049E40BADC52}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{711696EF-6EEC-459F-A6DF-365561E3AAE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{6885F1E0-BE5F-43F5-AA01-5417778149E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{68F2265C-9607-42B6-93DF-D4B420EDA1F5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{D183CCEA-8E62-404A-952D-295D4857D7F1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{BDCD35AA-4932-4D77-B716-4D9912F5D51F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1CA78D60-9556-4621-9D4B-CFBD49D0A01A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{82CE420C-ECE4-4278-A3A0-82B46C9B345F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{727D770E-50AA-4F76-A5A8-6373C164401E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2A068B33-057C-469D-9225-05E30E82670D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6D80FE41-CDBB-4844-8594-3C799CC5CFA1}] => (Allow) S:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{0D4724E5-8B12-48CF-8B0D-A19156B067D5}] => (Allow) S:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{BE02AE7B-8DBF-4B44-AAAF-646B8DB2CCDB}] => (Allow) S:\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{9D1F3B4D-3078-4B57-A625-CF838382C60D}] => (Allow) S:\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2015 09:39:14 PM) (Source: HlpCtntMgr) (EventID: 1003) (User: )
Description: Help Content Manager exited with error: NoBooksToUninstall

Error: (08/05/2015 09:31:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/05/2015 08:48:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/03/2015 09:50:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/03/2015 09:47:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/03/2015 09:45:42 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (08/03/2015 09:37:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (08/03/2015 04:50:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (08/02/2015 04:32:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/31/2015 09:36:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (08/05/2015 09:59:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.

Error: (08/05/2015 08:42:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.

Error: (08/05/2015 08:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/04/2015 07:34:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/04/2015 06:03:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.

Error: (08/04/2015 05:52:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:34:01 on ‎03/‎08/‎2015 was unexpected.

Error: (08/04/2015 05:52:25 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256844716836164780408

Error: (08/03/2015 02:07:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.

Error: (08/03/2015 07:59:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.

Error: (08/03/2015 07:48:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 21:32:37 on ‎02/‎08/‎2015 was unexpected.

Microsoft Office:
=========================
Error: (08/05/2015 09:39:14 PM) (Source: HlpCtntMgr) (EventID: 1003) (User: )
Description: Help Content Manager exited with error: NoBooksToUninstall

Error: (08/05/2015 09:31:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (08/05/2015 08:48:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe

Error: (08/03/2015 09:50:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe

Error: (08/03/2015 09:47:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe

Error: (08/03/2015 09:45:42 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (08/03/2015 09:37:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (08/03/2015 04:50:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (08/02/2015 04:32:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe

Error: (07/31/2015 09:36:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe

CodeIntegrity:
===================================
Date: 2015-08-02 16:59:06.835
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-02 16:59:06.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 23%
Total physical RAM: 16321.74 MB
Available physical RAM: 12453.54 MB
Total Virtual: 18753.74 MB
Available Virtual: 14275.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.13 GB) (Free:130.45 GB) NTFS
Drive d: (JOE) (Fixed) (Total:1397.26 GB) (Free:993.36 GB) NTFS
Drive s: (STEAM) (Fixed) (Total:1863.01 GB) (Free:1083.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 05CE8AB3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: 0009EC4F)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 9EA8FDB2)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of log ============================

Edited by J_P, 05 August 2015 - 03:53 PM.

#2
J_P

Posted 05 August 2015 - 03:47 PM

New Member

Topic Starter
Member
6 posts

EDIT: Please disregard this post. I originally posted updated logs, as I ran FRST from the wrong location when I created the topic. However, I've since found the Edit button. :oops:

The logs in the above post are up-to-date.

Edited by J_P, 05 August 2015 - 03:55 PM.

#3
Nevan

Posted 06 August 2015 - 03:01 AM

Trusted Helper

Malware Removal
1,765 posts

Hello, J_P. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:

Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

I'll check the logs you've provided and be back with appropriate instructions once they are approved by my teacher.

Stay calm

#4
Nevan

Posted 06 August 2015 - 07:48 AM

Trusted Helper

Malware Removal
1,765 posts

Hello again, J_P.

Please make sure that you've read the post above this one.

It doesn't look like your system is infected. We'll do a small fix though to get rid of that entry you're worried about. We'll also do a small cleaning.

FRST Fix

Download attached fixlist.txt file to your desktop.
fixlist.txt 659bytes 205 downloads
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Right click FRST64.exe on your desktop and click Run as administrator.
Press the Fix button just once and wait.
NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Things that should appear in your next post:

Fixlist.txt log content

#5
J_P

Posted 06 August 2015 - 11:06 AM

New Member

Topic Starter
Member
6 posts

Hello Nevan,

Thank you very much for your response; that's a relief to hear. Figures I was just being paranoid, but I wanted a second opinion (and certainly didn't want to try anything myself).

My Fixlog is below:

----

Fix result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Joe (2015-08-06 18:01:26) Run:1
Running from C:\Users\Joe\Desktop
Loaded Profiles: Joe (Available Profiles: Joe)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\...\Run: [GalaxyClient] => [X]
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3329363248-3951650003-3017901274-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

EmptyTemp: => 807 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 18:01:49 ====

#6
Nevan

Posted 06 August 2015 - 09:16 PM

Trusted Helper

Malware Removal
1,765 posts

Hello again, J_P.

Figures I was just being paranoid, but I wanted a second opinion (and certainly didn't want to try anything myself).

That's understandable. Better safe than sorry

Let's check if you have any out-of-date software on your computer.

Security Check

Download Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

#7
J_P

Posted 07 August 2015 - 12:11 AM

New Member

Topic Starter
Member
6 posts

Hello again Nevan,

My checkup log is below:

----

Results of screen317's Security Check version 1.006
   x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Total Security
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player    18.0.0.209
Mozilla Firefox (39.0)
Mozilla Thunderbird (38.1.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Exploit mbae-svc.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Malwarebytes Anti-Exploit mbae64.exe
Malwarebytes Anti-Exploit mbae.exe
Kaspersky Lab Kaspersky Total Security 15.0.1 avp.exe
Kaspersky Lab Kaspersky Total Security 15.0.1 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

#8
Nevan

Posted 07 August 2015 - 07:11 AM

Trusted Helper

Malware Removal
1,765 posts

Hello again, J_P.

Good news. Your system looks clean and we can delete the tools that we've used. I've also prepared some tips for you to stay safe in the future.

DelFix
Now that your system looks clean, we can clear system restore points and malware removal tools that we've used. To do that, download and run Delfix.

Note: Make sure that the following options are checked:
- Remove disinfection tools
- Create registry backup
- Purge system restore
- Reset System Settings

After the cleaning is done, DelFix.txt will be opened in Notepad. If it won't, you can find it in C:\ directory. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Also, delete any other .exe .txt, .bat .reg or .zip files that we used and are remaining and empty the Recycle bin.

Preventing Re-Infection

As prevention is better than cure, I have listed some tips for you to stay safe on the internet in the future. Make a good use of them.

Adobe products have to always be updated, because they also are being used to infect your computer.

If you want to update Adobe Flash Player, visit this site.
If you want to update Adobe Reader, visit this site.
Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.

Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.

Click Start > Control Panel > System and Security > Windows Update
Under Windows Update click Turn automatic updating on or off
Make sure that your settings are set so that you will receive updates automatically and click OK.

Heimdal Free is one of programs that can check for out-of-date programs on your computer. You can get it here.

Recommendations for security programs

Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
NoScript is a Firefox add-on that increases safety during surfing online by blocking malicious scripts.
Unchecky will help you to avoid adware and PUPs by automatically removing checkmarks for these when installing programs.
Web of Trust is an add-on for multiple browsers that warns you before entering websites with bad reputation.

Cryptolocker prevention
Cryptolocker is a new ransomware that heavily encrypts your important files. At the moment there are no programs that can decrypt these files. You can read how to protect against it here.

For some good tips about how to prevent infection in the future, visit this site.

Remember to post the Delfix log

#9
J_P

Posted 07 August 2015 - 11:05 AM

New Member

Topic Starter
Member
6 posts

Thank you very much for your help, Nevan. You've been great.

My delfix log is below.

(FYI - although they are referenced in the log, I did not use RogueKiller or DDS while liaising with you)

----

# DelFix v10.8 - Logfile created 07/08/2015 at 17:58:54
# Updated 29/07/2014 by Xplode
# Username : Joe - JOE-PC
# Operating System : Windows 8.1 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Joe\Desktop\FRST-OlderVersion
Deleted : C:\Users\Joe\Desktop\Addition.txt
Deleted : C:\Users\Joe\Desktop\Fixlog.txt
Deleted : C:\Users\Joe\Desktop\FRST.txt
Deleted : C:\Users\Joe\Desktop\FRST64.exe
Deleted : C:\Users\Joe\Desktop\SecurityCheck.exe
Deleted : C:\Users\Joe\Downloads\dds.com
Deleted : C:\Users\Joe\Downloads\FRST_Desktop_2015-08-06.7z
Deleted : C:\Users\Joe\Downloads\RogueKillerX64.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #69 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 | 07/31/2015 18:34:30]
Deleted : RP #70 [Microsoft Visual Studio Community 2013 with Update 4 | 08/05/2015 20:31:04]
Deleted : RP #72 [Restore Point Created by FRST | 08/06/2015 17:01:27]
Deleted : RP #73 [Removed Microsoft Visual Studio 2013 Tools for Unity | 08/06/2015 17:44:09]
Deleted : RP #74 [Installed LibreOffice 4.4.5.2 | 08/06/2015 17:53:55]
Deleted : RP #75 [Removed Skype™ 7.3 | 08/06/2015 17:54:59]
Deleted : RP #76 [Installed LibreOffice 5.0.0.5 | 08/06/2015 17:59:20]
Deleted : RP #77 [Removed Razer Synapse. | 08/06/2015 18:09:27]
Deleted : RP #78 [Removed Razer Synapse. | 08/06/2015 18:22:05]
Deleted : RP #79 [Installed Macrium Reflect Free Edition | 08/06/2015 19:01:22]
Deleted : RP #80 [Removed iTunes | 08/07/2015 00:15:48]
Deleted : RP #81 [Removed Apple Mobile Device Support | 08/07/2015 00:16:32]
Deleted : RP #82 [Removed Apple Application Support (32-bit) | 08/07/2015 00:16:44]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

#10
Nevan

Posted 07 August 2015 - 11:30 AM

Trusted Helper

Malware Removal
1,765 posts

Thank you very much for your help, Nevan. You've been great.

My pleasure.

Unless you have any more questions or problems, this topic will be closed

#11
J_P

Posted 07 August 2015 - 12:46 PM

New Member

Topic Starter
Member
6 posts

No further questions; feel free to close.

#12
Nevan

Posted 07 August 2015 - 09:12 PM

Trusted Helper

Malware Removal
1,765 posts

Alright.

Stay safe :wave:

#13
Essexboy

Posted 08 August 2015 - 03:36 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.