Hi, my homepage in Firefox keeps getting re-directed to this website:
It currently only affects Firefox. I've changed to a different url but this one keeps comeback. I've uninstalled and reinstalled Firefox, started in safemode, and scanned with Malwarebytes but it can't find anything. Here are the logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Leng (administrator) on BATMAN-PC (24-09-2015 23:59:10)
Running from C:\Users\Leng\Desktop
Loaded Profiles: Leng (Available Profiles: Leng)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-17] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-04-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\RunOnce: [Browsersafeguard-rockettab FF:0] => C:\Users\Leng\AppData\Local\BrowserSafeguard\Resources\certutil.exe -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Leng\AppData\Local\BrowserSafeguard\TrustedRoot.cer" -d "C:\Users\Len (the data entry has 60 more characters).
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\MountPoints2: {5cf794c1-946e-11e4-b00e-fd240f21ce46} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\MountPoints2: {9f0c7702-c3e7-11e2-8b98-3085a90224bc} - G:\setup.exe -a
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\MountPoints2: {b4498c0f-ec38-11e4-882c-9f30e986255b} - G:\EMP_UDSe.exe /autorun
HKLM\...\AppCertDlls: [aeinHMCA] -> C:\Users\Leng\AppData\L
HKLM\...\AppCertDlls: [appigr32] -> C:\Users\Leng\AppData\Lo
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-25] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-02-03]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\Leng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\San Francisco RUSH 2049 v1.002 (M6).lnk [2015-05-12]
ShortcutTarget: San Francisco RUSH 2049 v1.002 (M6).lnk -> C:\ProgramData\{be45e719-55c8-0b1d-be45-5e71955c9c65}\San Francisco RUSH 2049 v1.002 (M6).exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2207828519-3919902441-2265496074-1000] => http=127.0.0.1:49167;https=127.0.0.1:49167
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1C8CFA22-85C2-40AF-BAF5-2A67A92EA4C0}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{1C8CFA22-85C2-40AF-BAF5-2A67A92EA4C0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{37E1C822-FC62-4779-A8BE-77B30AF106FC}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A8962299-8CE7-4FC5-8F6B-FE16B717AF1E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A8962299-8CE7-4FC5-8F6B-FE16B717AF1E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B3D89FFF-0119-4D01-BE0F-808BA93125C9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2207828519-3919902441-2265496074-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2207828519-3919902441-2265496074-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2207828519-3919902441-2265496074-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2207828519-3919902441-2265496074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2207828519-3919902441-2265496074-1000 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2011-02-03] (Google Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-01] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-01] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-01] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFYaJQtbWAAXDFAWcV0VVQFEFhgaJVoMTAAUFwwQdV9ZWQkXRRNBNARaB0tXUUEeGGlxR1dMa0BNJ1VdL1wF
FF DefaultSearchEngine.US: Default
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAeVwKAgBIRxhGdQhcTA1JFAIOeVxbVRRIRAMacwxeAAFBR1EFIk0FA18DB0VXfWFoKB8fHH9WLl5UBHcUVQ==
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-04-20] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-04-20] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2207828519-3919902441-2265496074-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Leng\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-29] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\user.js [2015-07-03]
FF SearchPlugin: C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\searchplugins\default.xml [2015-09-24]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\Extensions\
[email protected] [2014-10-11]
FF Extension: Jungle Net - C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\Extensions\{3e8886f6-f016-4156-9dd3-b952b2c70645}.xpi [2015-07-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-04-04] <==== ATTENTION
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-26]
CHR Extension: (RealDownloader) - C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-14]
CHR Extension: (Skype Click to Call) - C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-14]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-12-12] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 DAUpdaterSvc; D:\Dragon Age Orgins\Game\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-07-26] (BioWare)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S1 abcojeuo; \??\C:\Windows\system32\drivers\abcojeuo.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S1 cpyzutoy; \??\C:\Windows\system32\drivers\cpyzutoy.sys [X]
S1 dcvssiho; \??\C:\Windows\system32\drivers\dcvssiho.sys [X]
S1 druhdshf; \??\C:\Windows\system32\drivers\druhdshf.sys [X]
S1 dvrzsyes; \??\C:\Windows\system32\drivers\dvrzsyes.sys [X]
S1 effkmzua; \??\C:\Windows\system32\drivers\effkmzua.sys [X]
S1 egptrfps; \??\C:\Windows\system32\drivers\egptrfps.sys [X]
S1 ensuopzc; \??\C:\Windows\system32\drivers\ensuopzc.sys [X]
S1 ffvvzrlc; \??\C:\Windows\system32\drivers\ffvvzrlc.sys [X]
S1 fhbbjggz; \??\C:\Windows\system32\drivers\fhbbjggz.sys [X]
S1 fjthueeb; \??\C:\Windows\system32\drivers\fjthueeb.sys [X]
S1 hqeslbfk; \??\C:\Windows\system32\drivers\hqeslbfk.sys [X]
S1 hxgbdanv; \??\C:\Windows\system32\drivers\hxgbdanv.sys [X]
S1 iggmcigt; \??\C:\Windows\system32\drivers\iggmcigt.sys [X]
S1 iyffaqtd; \??\C:\Windows\system32\drivers\iyffaqtd.sys [X]
S1 janddtky; \??\C:\Windows\system32\drivers\janddtky.sys [X]
S1 jrgjsocs; \??\C:\Windows\system32\drivers\jrgjsocs.sys [X]
S1 kmbwhaxn; \??\C:\Windows\system32\drivers\kmbwhaxn.sys [X]
S1 koxwroig; \??\C:\Windows\system32\drivers\koxwroig.sys [X]
S1 kwrnwjii; \??\C:\Windows\system32\drivers\kwrnwjii.sys [X]
S1 mzvqqlwh; \??\C:\Windows\system32\drivers\mzvqqlwh.sys [X]
S1 neogppqk; \??\C:\Windows\system32\drivers\neogppqk.sys [X]
S1 nicxcbbr; \??\C:\Windows\system32\drivers\nicxcbbr.sys [X]
S1 npecygjc; \??\C:\Windows\system32\drivers\npecygjc.sys [X]
S1 npfejnxt; \??\C:\Windows\system32\drivers\npfejnxt.sys [X]
S1 nubnfgsm; \??\C:\Windows\system32\drivers\nubnfgsm.sys [X]
S1 obpoqbaq; \??\C:\Windows\system32\drivers\obpoqbaq.sys [X]
S1 ohrbuect; \??\C:\Windows\system32\drivers\ohrbuect.sys [X]
S1 puvirvtk; \??\C:\Windows\system32\drivers\puvirvtk.sys [X]
S1 pzwlreic; \??\C:\Windows\system32\drivers\pzwlreic.sys [X]
S1 qwlsmkzz; \??\C:\Windows\system32\drivers\qwlsmkzz.sys [X]
S1 qxmddyji; \??\C:\Windows\system32\drivers\qxmddyji.sys [X]
S1 rwrhebxb; \??\C:\Windows\system32\drivers\rwrhebxb.sys [X]
S1 rxpwmado; \??\C:\Windows\system32\drivers\rxpwmado.sys [X]
S1 smgdufff; \??\C:\Windows\system32\drivers\smgdufff.sys [X]
S1 svmbwkcg; \??\C:\Windows\system32\drivers\svmbwkcg.sys [X]
S1 swrqoleu; \??\C:\Windows\system32\drivers\swrqoleu.sys [X]
S1 tacydwtl; \??\C:\Windows\system32\drivers\tacydwtl.sys [X]
S1 udjmjekc; \??\C:\Windows\system32\drivers\udjmjekc.sys [X]
S1 ulfdtusz; \??\C:\Windows\system32\drivers\ulfdtusz.sys [X]
S1 umtfgwuo; \??\C:\Windows\system32\drivers\umtfgwuo.sys [X]
S1 vjsmxhxi; \??\C:\Windows\system32\drivers\vjsmxhxi.sys [X]
S1 vtidzqdb; \??\C:\Windows\system32\drivers\vtidzqdb.sys [X]
S1 vznoqxgj; \??\C:\Windows\system32\drivers\vznoqxgj.sys [X]
S1 wfasrzts; \??\C:\Windows\system32\drivers\wfasrzts.sys [X]
S1 wmvucwrc; \??\C:\Windows\system32\drivers\wmvucwrc.sys [X]
S1 wurfyvca; \??\C:\Windows\system32\drivers\wurfyvca.sys [X]
S1 xgmpkplj; \??\C:\Windows\system32\drivers\xgmpkplj.sys [X]
S1 ycnvwkgi; \??\C:\Windows\system32\drivers\ycnvwkgi.sys [X]
S1 ymsfoezj; \??\C:\Windows\system32\drivers\ymsfoezj.sys [X]
S1 yoawqmlg; \??\C:\Windows\system32\drivers\yoawqmlg.sys [X]
S1 yrsyarno; \??\C:\Windows\system32\drivers\yrsyarno.sys [X]
S1 yxakxbpx; \??\C:\Windows\system32\drivers\yxakxbpx.sys [X]
S1 zllirvpa; \??\C:\Windows\system32\drivers\zllirvpa.sys [X]
S1 zxgmiquh; \??\C:\Windows\system32\drivers\zxgmiquh.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-24 23:59 - 2015-09-24 23:59 - 00026482 _____ C:\Users\Leng\Desktop\FRST.txt
2015-09-24 23:58 - 2015-09-24 23:59 - 00000000 ____D C:\FRST
2015-09-24 23:57 - 2015-09-24 23:58 - 02192384 _____ (Farbar) C:\Users\Leng\Desktop\FRST64.exe
2015-09-23 23:09 - 2015-09-23 23:09 - 00991232 _____ C:\Users\Leng\Downloads\MicrosoftFixit50267.msi
2015-09-23 23:06 - 2015-09-23 23:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Leng\Downloads\HijackThis.exe
2015-09-23 20:42 - 2015-09-23 20:42 - 00262144 _____ C:\Windows\Minidump\092315-19422-01.dmp
2015-09-23 20:40 - 2015-09-23 20:40 - 00000000 ____H C:\Users\Leng\AppData\Local\BIT8989.tmp
2015-09-23 20:40 - 2015-09-23 20:40 - 00000000 _____ C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB}
2015-09-17 14:15 - 2015-09-17 15:14 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5ABC3E8D.sys
2015-09-13 11:36 - 2015-09-11 17:05 - 912843024 _____ C:\Users\Leng\Desktop\MC skit video.avi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-24 23:46 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-24 23:46 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-24 23:39 - 2014-08-01 21:59 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-24 23:39 - 2013-04-20 15:26 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2207828519-3919902441-2265496074-1000
2015-09-24 23:39 - 2013-04-20 15:26 - 00003204 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2207828519-3919902441-2265496074-1000
2015-09-24 23:39 - 2011-02-03 06:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-24 23:39 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-24 23:39 - 2009-07-13 21:51 - 00152109 _____ C:\Windows\setupact.log
2015-09-24 23:18 - 2013-01-30 17:23 - 01489721 _____ C:\Windows\WindowsUpdate.log
2015-09-24 23:04 - 2013-04-20 15:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-24 22:53 - 2013-09-16 11:55 - 00000000 ____D C:\Users\Leng\Documents\Madden NFL 08
2015-09-24 22:28 - 2013-01-30 18:28 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2015-09-24 20:55 - 2013-04-21 00:55 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-23 22:56 - 2014-11-12 01:04 - 00000736 _____ C:\Windows\system32\Drivers\etc\hosts.old
2015-09-23 20:42 - 2013-12-03 19:32 - 520999397 _____ C:\Windows\MEMORY.DMP
2015-09-23 20:42 - 2013-12-03 19:32 - 00000000 ____D C:\Windows\Minidump
2015-09-23 08:26 - 2013-04-20 15:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-23 08:26 - 2013-01-30 17:19 - 00571766 _____ C:\Windows\PFRO.log
2015-09-22 17:01 - 2015-04-04 00:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-21 21:04 - 2013-04-20 15:51 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 21:04 - 2013-04-20 15:51 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 21:04 - 2013-04-20 15:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-20 11:45 - 2013-04-20 15:26 - 00000000 ____D C:\Users\Leng\AppData\Local\Google
2015-09-20 11:12 - 2009-07-13 22:13 - 00793658 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-15 16:55 - 2011-02-03 06:57 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 16:55 - 2011-02-03 06:57 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 16:55 - 2011-02-03 06:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 22:53 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SchCache
2015-09-14 22:17 - 2014-07-18 19:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-14 22:17 - 2013-09-16 17:56 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-13 01:09 - 2015-01-17 02:53 - 00059067 _____ C:\Users\Leng\Desktop\Praise & Worship.pptx
2015-09-05 13:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2013-04-20 15:20 - 2013-04-20 15:20 - 4126720 _____ () C:\Program Files (x86)\GUT2684.tmp
2014-05-07 20:58 - 2014-05-07 20:58 - 0068958 _____ () C:\Users\Leng\AppData\Roaming\icarus-dxdiag.xml
2015-07-03 16:34 - 2015-08-24 20:25 - 0000137 _____ () C:\Users\Leng\AppData\Roaming\WB.CFG
2014-11-12 01:03 - 2014-11-12 01:03 - 0000448 ____H () C:\Users\Leng\AppData\Roaming\麽鎒駓覜
2015-09-23 20:40 - 2015-09-23 20:40 - 0000000 ____H () C:\Users\Leng\AppData\Local\BIT8989.tmp
2015-09-23 20:40 - 2015-09-23 20:40 - 0000000 _____ () C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB}
2014-11-12 01:03 - 2014-11-12 01:03 - 0000520 _____ () C:\ProgramData\@system.temp
2014-11-12 01:04 - 2014-11-12 01:04 - 0000256 ____H () C:\ProgramData\@system3.att
2011-02-03 06:55 - 2011-02-03 06:56 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-02-03 06:55 - 2011-02-03 06:55 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
C:\Users\Leng\AppData\Local\Temp\2890779121103186096.exe
C:\Users\Leng\AppData\Local\Temp\32598uninstall.exe
C:\Users\Leng\AppData\Local\Temp\AutoRun.exe
C:\Users\Leng\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Leng\AppData\Local\Temp\bitool.dll
C:\Users\Leng\AppData\Local\Temp\CH.dll
C:\Users\Leng\AppData\Local\Temp\cw.exe
C:\Users\Leng\AppData\Local\Temp\drm_dyndata_7270007.dll
C:\Users\Leng\AppData\Local\Temp\drm_dyndata_7330011.dll
C:\Users\Leng\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\Leng\AppData\Local\Temp\DSETUP.dll
C:\Users\Leng\AppData\Local\Temp\dsetup32.dll
C:\Users\Leng\AppData\Local\Temp\DXSETUP.exe
C:\Users\Leng\AppData\Local\Temp\EAInstall.dll
C:\Users\Leng\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Leng\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Leng\AppData\Local\Temp\i4jdel0.exe
C:\Users\Leng\AppData\Local\Temp\libProcessAccess64254177589836171219.dll
C:\Users\Leng\AppData\Local\Temp\lowproc.exe
C:\Users\Leng\AppData\Local\Temp\MotoCast_Installer_1.1.53.exe
C:\Users\Leng\AppData\Local\Temp\MotoHelper_2.0.45_Driver_5.0.0.exe
C:\Users\Leng\AppData\Local\Temp\MSNF6AF.exe
C:\Users\Leng\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Leng\AppData\Local\Temp\SpOrder.dll
C:\Users\Leng\AppData\Local\Temp\Sqlite3.dll
C:\Users\Leng\AppData\Local\Temp\stubhelper.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite13087.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite20230.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite24841.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite39516.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite49198.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite54800.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite62473.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite67184.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite97906.dll
C:\Users\Leng\AppData\Local\Temp\uninstaller.exe
C:\Users\Leng\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Leng\AppData\Local\Temp\winzip170-64ml_wrapped.exe
C:\Users\Leng\AppData\Local\Temp\WSSetup.exe
C:\Users\Leng\AppData\Local\Temp\_is1B00.exe
C:\Users\Leng\AppData\Local\Temp\_isC0FD.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-22 15:21
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Leng (2015-09-25 00:00:03)
Running from C:\Users\Leng\Desktop
Windows 7 Home Premium (X64) (2013-04-20 21:54:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2207828519-3919902441-2265496074-500 - Administrator - Disabled)
Guest (S-1-5-21-2207828519-3919902441-2265496074-501 - Limited - Disabled)
Leng (S-1-5-21-2207828519-3919902441-2265496074-1000 - Administrator - Enabled) => C:\Users\Leng
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Always Sometimes Monsters (HKLM-x32\...\Steam App 274310) (Version: - Vagabond Dog)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
Audacity 2.0.5 (x32 Version: 2.0.5 - Audacity Team) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\Browsersafeguard) (Version: - Browsersafeguard) <==== ATTENTION
Combined Community Codec Pack 2013-08-01 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.08.01.0 - CCCP Project)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DC Universe Online (HKLM-x32\...\Steam App 24200) (Version: - Daybreak Games)
DC Universe Online Live (HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\SOE-DC Universe Online Live) (Version: - Sony Online Entertainment)
Deadlight (HKLM-x32\...\Steam App 211400) (Version: - Tequila Works, S.L.)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
Dragons Prophet (HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\SOE-Dragons Prophet) (Version: - Sony Online Entertainment)
EA SPORTS online 2008 (HKLM-x32\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version: - )
Fallout New Vegas (HKLM-x32\...\Fallout New Vegas_is1) (Version: - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Internet Explorer Toolbar 4.8 by SweetPacks (HKLM-x32\...\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}) (Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Karate Master 2 Knock Down Blow (HKLM-x32\...\Steam App 347670) (Version: - Crian Soft)
Madden NFL 08 (HKLM-x32\...\{4650F3BF-F9ED-45AB-00A3-C927351E177F}) (Version: - Electronic Arts)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic: Clash of Heroes (HKLM-x32\...\Steam App 61700) (Version: - Capybara Games)
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version: - Indie Stone Studios)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version: - Enterbrain)
Scribblenauts Unmasked (HKLM-x32\...\Steam App 249870) (Version: - 5th Cell Media)
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
Star Wars - Jedi Knight II: Jedi Outcast (HKLM-x32\...\Steam App 6030) (Version: - Raven Software)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TEW2005 (HKLM-x32\...\TEW2005) (Version: - )
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
Unity Web Player (HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.3 (HKLM-x32\...\{44C0EC7E-CF09-4569-B34B-0A9347D72596}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
24-08-2015 20:36:48 Windows Update
30-08-2015 16:15:16 Windows Update
03-09-2015 20:18:01 Windows Update
07-09-2015 21:45:53 Windows Update
11-09-2015 16:56:58 Windows Update
15-09-2015 17:01:04 Windows Update
19-09-2015 11:14:49 Windows Update
23-09-2015 08:50:11 Windows Update
23-09-2015 23:10:32 Installed Microsoft Fix it 50267
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2014-11-12 01:04 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {17BB6986-3B42-451A-B747-5E2FBC1345D9} - System32\Tasks\{858FDFF6-2584-4CED-83BA-A2A6AAB740A9} => pcalua.exe -a F:\INSTALL.EXE -d F:\
Task: {26C912DB-D7D5-479E-A70F-CAB897AE8920} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {3190F6EC-C510-4702-B3DF-C02A129194A4} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {3247FB56-0B58-4649-9122-FFCE84174C76} - \Cassiopesa lice -> No File <==== ATTENTION
Task: {324B5B30-3772-4FFB-8CE9-B876C1109DA8} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {3963CFAD-7F3C-4F65-8A14-6962175F5CF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {41187C34-C790-47C7-B357-B987971A9274} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2207828519-3919902441-2265496074-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {41D012B8-1147-4AA8-86BA-850AF5E7E9A1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2207828519-3919902441-2265496074-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {696FDD5D-803C-4264-8D33-25005877E030} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {6DE381EB-861B-4586-B51B-07959622BC67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {899BC25D-E924-4AAB-8604-C02428416B0F} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {94F5CEC3-DB56-48A0-A2CC-4E0F25C05054} - System32\Tasks\{8E098EBF-191A-48B5-BA4F-966484E10698} => pcalua.exe -a C:\Users\Leng\Desktop\scz.exe -d C:\Users\Leng\Desktop
Task: {A61F402C-945A-4F9F-BB90-C596FD4F239A} - System32\Tasks\{B76BB496-4FB8-46AF-856D-A3483D8B6EB8} => pcalua.exe -a "C:\Games\Madden 08\Madden NFL 08 (Download)\Setup.exe" -d "C:\Games\Madden 08\Madden NFL 08 (Download)"
Task: {B3D6248A-97FF-4DF2-AB82-3DEFDD4575DB} - \HDNINSTSCHD -> No File <==== ATTENTION
Task: {B7A7E237-2124-4125-86DB-7C02D60F8596} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {B965A0FF-0714-4881-BC09-779D2BDCCC73} - \Updater26278.exe -> No File <==== ATTENTION
Task: {C36768FD-667E-4CF5-AD76-9EA4D0FAE2F9} - System32\Tasks\{3DD1DE97-65AB-48CC-8B56-FA147E51CFD0} => pcalua.exe -a F:\Setup.now.exe -d F:\
Task: {C716FC81-195D-4251-BDA0-C4DDBF93BD4D} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {C9198085-70E1-4BA5-9D4B-6EA153F55DE6} - System32\Tasks\{83B26B54-87DA-4680-8BE3-71C0702A460A} => pcalua.exe -a C:\Users\Leng\Desktop\setup.exe -d C:\Users\Leng\Desktop
Task: {E27ACC1B-DD3E-40E7-99F9-94F09E693853} - \IE_ERR4WDR -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-15 18:48 - 2010-03-15 18:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2011-02-03 07:18 - 2011-02-03 07:18 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2011-02-03 07:18 - 2011-02-03 07:18 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2010-03-15 18:48 - 2010-03-15 18:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2012-03-28 19:46 - 2011-05-05 05:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-03-28 19:45 - 2011-07-26 00:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-06 17:21 - 2011-12-06 17:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2007-07-12 12:11 - 2007-07-12 12:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2011-08-17 16:37 - 2011-08-17 16:37 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2015-09-24 20:55 - 2015-09-23 19:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-24 20:55 - 2015-09-23 19:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-09-24 20:55 - 2015-09-23 19:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leng\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Amsp => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: TiMiniService => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: Trend Micro Titanium => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
MSCONFIG\startupreg: VizorHtmlDialog.exe => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C1912587-14BB-4423-8B21-69BB21D65490}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5A657558-6A5D-4D1C-B185-156FCCA29D8E}] => (Allow) LPort=2869
FirewallRules: [{FDC0586C-F63A-4633-A65D-E0B86B6908E4}] => (Allow) LPort=1900
FirewallRules: [{FB33CC14-169E-4969-BF02-CC9C5D45D74A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{635B9FEA-35BA-4EB3-BFF4-0F4AD639AE93}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F5F92506-4554-4AB7-9780-48BB97389725}] => (Allow) LPort=5353
FirewallRules: [{1FDC9F3F-D562-4815-9566-9934B652CB40}] => (Allow) LPort=8182
FirewallRules: [{60B9B9E8-5945-4A71-8FE8-7513D0F6851D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3AF113F6-D3F1-4286-8D8D-C58A6D53B4B1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CD934E48-AF6C-4145-AD9B-48207BA58D5F}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{9754E194-A38E-4F9D-AE80-13BBC2AAAD8A}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{68BFD7B2-E0E3-449C-99A9-4A99123DAEA0}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{25C00805-BD5E-4354-BA89-EAC577698B5C}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{DD4239A2-69EF-4873-8A33-D51718E87FF3}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{BAE71BD6-DA7B-4D94-B7F1-932FA38837BB}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{B4517A79-B8AC-4932-A0B9-C599CC3C1FB6}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{59054B09-58C9-4E08-9766-6C12F84B051F}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{108CD31D-5B29-4800-8A92-89666D64E6E6}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{24EF0570-E1CB-4222-B03E-CD8883266CF8}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{69FCF538-84DA-4C54-9196-785E894B5624}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A42AFA12-F307-4A73-A38C-E66CE6AB5EA6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8314A211-45BB-4B31-AF2C-319B264BC6FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D9A5F807-D085-4412-A393-67D4C4577CBE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{770F9E71-E2E0-4F7D-9860-21A220AC0F42}C:\games\madden 08\game\updater.exe] => (Allow) C:\games\madden 08\game\updater.exe
FirewallRules: [UDP Query User{374B8FE3-1E25-4ED4-BD89-08876C70B191}C:\games\madden 08\game\updater.exe] => (Allow) C:\games\madden 08\game\updater.exe
FirewallRules: [{F94525F3-F043-4575-AB27-47CC19AE239A}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{FD10D7E2-48D6-4412-994B-BA8FCA90D760}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{E9E968E3-7101-41EA-9271-5A6866E1484A}] => (Allow) D:\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{ECF5019D-6EFA-41FB-86A7-3BCA09FE97B6}] => (Allow) D:\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{2D9FD5C4-855E-4DDC-969B-F1A56A02F218}] => (Allow) D:\Steam\SteamApps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{18E74018-99D9-45FA-AEAB-8A1427742DE3}] => (Allow) D:\Steam\SteamApps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{C6B8F123-4490-47C6-A406-18A05CD97B41}] => (Allow) D:\Steam\SteamApps\common\Always Sometimes Monsters\Game.exe
FirewallRules: [{0A6A47E4-9A5B-41AE-8AFC-1B1CBC434556}] => (Allow) D:\Steam\SteamApps\common\Always Sometimes Monsters\Game.exe
FirewallRules: [{235034F3-5FA2-4842-A985-68483C65FFA1}] => (Allow) D:\Steam\SteamApps\common\Scribblenauts Unmasked\Scribble.exe
FirewallRules: [{E43E4E00-9679-4C85-AABB-89475C33F836}] => (Allow) D:\Steam\SteamApps\common\Scribblenauts Unmasked\Scribble.exe
FirewallRules: [{D04E3E82-1A51-4C2C-B6A7-61F6857145AA}] => (Allow) D:\Steam\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{4BD0D524-2A45-4A95-8D12-DE74F284B496}] => (Allow) D:\Steam\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{C49DE9FB-EF4C-4A7D-A542-1D09AE243ECF}] => (Allow) D:\Steam\SteamApps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{ED3B3580-A171-43B3-93B6-BC5F007F2378}] => (Allow) D:\Steam\SteamApps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [TCP Query User{460264FD-A30A-4562-8B87-4B3E84C4E129}D:\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) D:\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{5742FAAC-09D0-4AD1-BB8B-018B8198C13D}D:\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) D:\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{CA0597C6-9C76-4EC7-928B-5712C83FCAB6}D:\steam\steamapps\common\dragon's prophet\dp_x64.exe] => (Allow) D:\steam\steamapps\common\dragon's prophet\dp_x64.exe
FirewallRules: [UDP Query User{7007F56F-DA91-4DE8-AD5E-F2CE1B9E1340}D:\steam\steamapps\common\dragon's prophet\dp_x64.exe] => (Allow) D:\steam\steamapps\common\dragon's prophet\dp_x64.exe
FirewallRules: [TCP Query User{B99730EE-AD4C-4263-B552-E7CDF4698B17}D:\steam\steamapps\common\ageofconan_us\ageofconan.exe] => (Allow) D:\steam\steamapps\common\ageofconan_us\ageofconan.exe
FirewallRules: [UDP Query User{0BA98962-A033-4E2A-A4F5-48735C89F042}D:\steam\steamapps\common\ageofconan_us\ageofconan.exe] => (Allow) D:\steam\steamapps\common\ageofconan_us\ageofconan.exe
FirewallRules: [TCP Query User{086806FB-553C-4029-8DBB-106BA254EBE6}D:\steam\steamapps\common\ageofconan_us\ageofconan.exe] => (Allow) D:\steam\steamapps\common\ageofconan_us\ageofconan.exe
FirewallRules: [UDP Query User{745F770E-BDC7-4430-BE9B-09BF958309CA}D:\steam\steamapps\common\ageofconan_us\ageofconan.exe] => (Allow) D:\steam\steamapps\common\ageofconan_us\ageofconan.exe
FirewallRules: [{7770D775-C836-488D-ACC8-DB59A6FCAEA7}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{A4616AE1-2E39-4F27-AD56-B820241E1D61}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{DBC6EF3F-2238-4020-BB7B-41F3FC7D2109}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{1D8A537E-E94F-4FD1-BCBD-2764BA507A79}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{04884F0C-72F2-4D76-94A2-4CC18DCAB621}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{447A3D1F-AF11-4BBC-AC90-0059343E1C5A}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{E97A7433-1BD3-4460-A777-86032EA42208}] => (Allow) D:\Dragon Age II\Game\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{C83AF2D8-59CA-4C7E-B840-EAC58132246F}] => (Allow) D:\Dragon Age II\Game\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{79C5E4C6-6954-460E-904B-6919AAD574FE}] => (Allow) D:\Dragon Age II\Game\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{8220CA1B-C8B5-4C84-9581-6E99A38A2422}] => (Allow) D:\Dragon Age II\Game\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [TCP Query User{0D646DAC-C081-473F-8FA2-468F553510B2}D:\dragon age orgins\game\dragon age\bin_ship\daorigins.exe] => (Block) D:\dragon age orgins\game\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{4196F0C6-BED4-45BB-B02B-29EC57C27705}D:\dragon age orgins\game\dragon age\bin_ship\daorigins.exe] => (Block) D:\dragon age orgins\game\dragon age\bin_ship\daorigins.exe
FirewallRules: [{D8508233-398C-4B19-9798-CC683CD08F69}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{ADD2CA4D-D0FE-4738-81C8-FC37AC66AD40}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{9401689B-650F-424E-BEDB-A42D0083BFCA}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F598E33B-AB7C-4114-B3BD-7BB662976435}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{EC6D1B75-9122-4016-B61F-ABC6178A51C5}D:\nba 2k10\game\nba2k10.exe] => (Allow) D:\nba 2k10\game\nba2k10.exe
FirewallRules: [UDP Query User{F2F3017C-C159-41CD-895C-FFBED89EF4A6}D:\nba 2k10\game\nba2k10.exe] => (Allow) D:\nba 2k10\game\nba2k10.exe
FirewallRules: [TCP Query User{DF387534-7C0B-47F3-B614-6172953683AC}D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe] => (Block) D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe
FirewallRules: [UDP Query User{70A58EA6-BF94-461C-95B9-403373096BB1}D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe] => (Block) D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe
FirewallRules: [TCP Query User{33725B68-B59E-46EE-9659-42E4AB882141}C:\windows\installer\{1330dfb3-aa22-4e50-827d-7ae6c3a35d01}\msiexec.exe] => (Block) C:\windows\installer\{1330dfb3-aa22-4e50-827d-7ae6c3a35d01}\msiexec.exe
FirewallRules: [UDP Query User{57564BBA-4833-4DAF-BEF0-2D4D213678EE}C:\windows\installer\{1330dfb3-aa22-4e50-827d-7ae6c3a35d01}\msiexec.exe] => (Block) C:\windows\installer\{1330dfb3-aa22-4e50-827d-7ae6c3a35d01}\msiexec.exe
FirewallRules: [{40571F53-D62E-4191-A115-7F7F31B72422}] => (Allow) D:\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{F5E3423D-66BA-42AA-A9FA-C97CC093D1DA}] => (Allow) D:\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [TCP Query User{11B539AD-D8C4-4214-898B-7D87B30E8AAD}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{B32A6FF6-4F7B-495B-B34D-FB9DA9090971}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [{FEEAD987-F366-482D-8CB7-CE07E3BED9D6}] => (Allow) D:\Steam\SteamApps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{2BED7C5D-C3BF-4636-BEDA-71008E349A2A}] => (Allow) D:\Steam\SteamApps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{1DFF712C-B69D-4A68-B83A-36BBE30850D4}] => (Allow) D:\Steam\SteamApps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{E92D186A-D39A-43D9-BA67-156F0D7CF151}] => (Allow) D:\Steam\SteamApps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{75A7A4DC-2176-4EBD-BF8C-AE6906983AB0}] => (Allow) D:\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{7E820448-16B0-413E-90FE-0F95735D734F}] => (Allow) D:\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{44C69014-7A5C-49F7-B802-27E0CD35F8FA}] => (Allow) D:\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{DA11D233-DB98-487B-B743-BAE5E72CCDC1}] => (Allow) D:\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{034CBAF4-CDA8-4A67-BACF-ACBF3DE04635}] => (Allow) D:\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{645EF77D-3450-4730-8D8D-2D880CAA2B95}] => (Allow) D:\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{65358D59-8F7F-4C2E-82CD-F604C2219A0B}] => (Allow) D:\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{0E05661A-A372-412B-BFD8-4840C4BAD36C}] => (Allow) D:\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{6188DC38-C23A-42F7-BAF3-6A5F219C458C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1871E9D2-29FB-44D4-A5FB-9882D687E633}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DB98F79-AA93-4653-B020-491BF912A1A1}] => (Allow) D:\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{AEC82242-9E63-461D-84AE-3D2FD404114B}] => (Allow) D:\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{4C80BBBA-BF43-49DD-AD78-5E1AA0CE1C84}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C80C8700-14C5-4898-9B00-2C1299EDA0DA}] => (Allow) D:\Steam\SteamApps\common\Karate Master 2 Knock Down Blow\Karate Master 2 KDB.exe
FirewallRules: [{487496DE-C4B8-4A9F-837A-EAF285C1A005}] => (Allow) D:\Steam\SteamApps\common\Karate Master 2 Knock Down Blow\Karate Master 2 KDB.exe
FirewallRules: [{5796ADA3-64A9-40F6-B1DB-0EB4930EA068}] => (Allow) D:\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{27923F2A-F0A9-4A51-8C49-EDED046D280B}] => (Allow) D:\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [TCP Query User{E9A7CFC1-EE1C-44B6-9E8F-CCC82FC6090F}D:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{82747B78-2102-4BFE-A8F9-1A4D3ABFA9FE}D:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{0F1A7E3B-76C4-4C9E-BEDB-9A28B7F71E2D}] => (Allow) D:\Steam\SteamApps\common\DC Universe Online\LaunchPad.exe
FirewallRules: [{89D6C46F-6DC6-4490-AA08-33C7EB666181}] => (Allow) D:\Steam\SteamApps\common\DC Universe Online\LaunchPad.exe
FirewallRules: [TCP Query User{6ECA95E5-469F-413C-BBAC-E7CE93B83CA4}D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{CC28BEB5-A092-4362-B79C-E0A5B637CC0D}D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{FA317F31-98DA-41F5-8580-38AB3A136460}D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{4F31302D-ADBC-4C57-B52F-ACFFD1A6B30C}D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [{773AFCBE-AC48-4735-8277-C1BA96A7498A}] => (Allow) D:\Steam\SteamApps\common\Might and Magic Clash of Heroes\ClashOfHeroes.exe
FirewallRules: [{5FDD8650-4439-40AB-BBA1-B7A3C7EF29C5}] => (Allow) D:\Steam\SteamApps\common\Might and Magic Clash of Heroes\ClashOfHeroes.exe
FirewallRules: [{33CD8E3C-D351-46B1-BDD9-7A2F7FA586E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/24/2015 07:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11936073
Error: (09/24/2015 07:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11936073
Error: (09/24/2015 07:42:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/23/2015 10:00:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2327238
Error: (09/23/2015 10:00:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2327238
Error: (09/23/2015 10:00:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/21/2015 08:54:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15865
Error: (09/21/2015 08:54:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15865
Error: (09/21/2015 08:54:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/20/2015 10:23:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 319475
System errors:
=============
Error: (09/24/2015 07:43:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
Error: (09/24/2015 07:42:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
Error: (09/24/2015 07:42:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (09/23/2015 10:40:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (09/23/2015 10:40:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (09/23/2015 10:40:30 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (09/23/2015 10:40:28 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (09/23/2015 10:40:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (09/23/2015 10:38:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (09/23/2015 10:37:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
==================== Memory info ===========================
Processor: Intel® Core i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 59%
Total physical RAM: 3873.14 MB
Available physical RAM: 1565.4 MB
Total Virtual: 7744.42 MB
Available Virtual: 5069.35 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:250.05 GB) (Free:72.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:321.12 GB) (Free:84.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: A49D5ABE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=250.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=321.1 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================