Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Gotta have a virus, cant open any anti virus programs, chrome stops, c


  • Please log in to reply

#1
rct8787

rct8787

    Member

  • Member
  • PipPip
  • 14 posts

Hi all,

 

I recently have had an issue where I cant run any anti virus programs and chrome stops responding, also the computer seems to be running much slower than usual. When I try to run FRST from the desktop I get greeted with "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item", I did run it as admin, after I click ok the exe disappears. I did however run runscanner and the txt is below. Please let me know anything additional you need. Thanks for the help!

 

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : TYRANT
Creation time : 11/6/2015 5:33:09 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 9.0.8112.16421
OS : Windows 7 Home Premium
OS Build : 7600
OS SP :
RunScanner Version : 2.0.0.60
User Language : English (United States)
User rights : Administrator
Windows folder : C:\Windows

Running processes
-----------------
  C:\PROGRA~3\7B571D05.EX
* C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
* C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
* C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe (IObit)
* C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
* C:\Program Files\AMI\DuOS\AndServMgr.exe (American Megatrends Inc.)
* C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.)
* C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
* C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.)
* C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
* C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
* C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
* C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
* C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
* C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
* C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
* C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
* C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
  C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
* C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation)
* C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
* C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation)
* C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
* C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation)
* C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation)
* C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
* C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
* C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe (Plex, Inc.)
* C:\Windows\SysWOW64\PnkBstrA.exe
  C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
* C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Python Software Foundation)
* C:\Program Files (x86)\Ralink\Common\RaWiFi.exe (Ralink Technology, Inc.)
  C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.)
  C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
* C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
* C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
* C:\runscanner\runscanner.exe (Runscanner.net)
  C:\Users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe (Scarlet.Crush Productions)
* C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
* C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
* C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
* C:\Windows\System32\taskeng.exe (Microsoft Corporation)
* C:\Windows\System32\taskeng.exe (Microsoft Corporation)
* C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
* C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
* C:\Windows\System32\cmd.exe (Microsoft Corporation)
* C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
* C:\Windows\explorer.exe (Microsoft Corporation)
* C:\Windows\explorer.exe (Microsoft Corporation)
* C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
* C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
* C:\Windows\System32\wininit.exe (Microsoft Corporation)
* C:\Windows\System32\wlanext.exe (Microsoft Corporation)
* C:\Program Files\NVIDIA Corporation\Update Core\WLMerger.exe (NVIDIA Corporation)
  C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe (Wyse Technology.)
* C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)

Unrated items
-------------
002   C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
003 * C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
003   C:\PROGRA~3\igfxEM_32.exe
003   C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
003 * C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
005 * C:\PROGRA~2\Ralink\Common\RaWiFi.exe (Ralink Technology, Inc.)
006 * C:\PROGRA~2\Ralink\Common\RaWiFi.exe (Ralink Technology, Inc.)
010 * C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service)
010 * C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service)
010 * C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service)
010 * C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 19.0 r0)
010 * C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (Advanced SystemCare Service)
010   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AMD Fuel Service)
010 * C:\Program Files\AMI\DuOS\AndServMgr.exe (AndServMgr)
010 * C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Application Host Service)
010 * C:\ProgramData\BitRaider\BRSptSvc.exe (BitRaider Support Service)
010 * C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStacks Log Rotator Service)
010 * C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStacks Service)
010 * C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStacks Updater Service)
010 * C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Bluetooth Support Server)
010 * C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer)
010 * C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer)
010 * C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (HP Software Framework WMI Service)
010 * C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (HP Support Assistant Service)
010   C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module)
010 * C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service)
010   c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (LightScribe Service)
010   C:\Windows\system32\GameMon.des (nProtect Game Monitor Rev 1894)
010 * C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA GeForce ExperienceService)
010 * C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Network Service)
010 * C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Streamer Service)
010   C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe (PocketCloudService)
010 * C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Product Updater)
010 * C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (PSUAService)
010   C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (RalinkRegistryWriter)
010   C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (RalinkRegistryWriter)
010 * C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe (RaMediaServer.exe)
010 * C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Audio Service)
010   C:\Users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe (ScpService)
010   C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module)
010 * C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Software Updater Service)
010 * C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop® Streamer Service)
010 * C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Steam Client Service)
010 * C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Stereo Vision Control Panel API Server)
010 * C:\Program Files (x86)\TightVNC\tvnserver.exe (TightVNC Server for Windows)
010   C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe (Wyse Remote Access Server for Windows)
011 * C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStacks Hypervisor for amd64)
011 * C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS (HWiNFO AMD64 Kernel Driver)
011 * C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (Nvidia Streaming Kernel Service)
011 * C:\Windows\system32\DRIVERS\PcaSp60.sys (Rawether NDIS 6 SPR Protocol Driver (AMD64))
011 * C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys (Registry Filter)
011 * C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys (URL Filter)
011 * C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (WinRing0)
031   GUID / CLSID not found {314111c7-a502-11d2-bbca-00c04f8ec294}
035 * C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe (Google Inc.) {8A69D345-D564-463c-AFF1-A69D9E530F96}
042 * C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) {25510184-5A38-4A99-B273-DCA8EEF6CD08}
042   GUID / CLSID not found {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
042   GUID / CLSID not found {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
042   GUID / CLSID not found {2670000A-7350-4f3c-8081-5663EE0C6C49}
042   GUID / CLSID not found {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
047   Zone: cinemanow.com : http://cinemanow.com
047   Zone: cinemanow.com : https://cinemanow.com
047   Zone: clonewarsadventures.com : *.clonewarsadventures.com
047   Zone: freerealms.com : *.freerealms.com
047   Zone: hp.com : http://hp.com
047   Zone: qflix.com : http://qflix.com
047   Zone: redirect.sonic.com : http://redirect.sonic.com
047   Zone: redirect2.sonic.com : http://redirect2.sonic.com
047   Zone: roxio.com : http://roxio.com
047   Zone: soe.com : *.soe.com
047   Zone: sony.com : *.sony.com
052 * C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL (IObit) {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
052 * C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
060   GUID / CLSID not found {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
061   C:\Program Files (x86)\K-Lite Codec Pack\Icaros\32-bit\IcarosThumbnailProvider.dll (Tabibito Technology) {c5aec3ec-e812-4677-a9a7-4fee1f9aa000}
062 * C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
071 * C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll (Broadcom Corporation.)
073   Adobe Flash Player Updater.job : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
073   GoogleUpdateTaskMachineCore.job : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
073   GoogleUpdateTaskMachineUA.job : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
073   GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core.job : C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
073   GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA.job : C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
100   Default_Page_URL HKCU : http://g.msn.com/HPDSK/1
100   Default_Page_URL HKLM : http://g.msn.com/HPDSK/1
100   ProxyOverride HKCU : 127.0.0.1:9421;192.168.*.*;<local>;*.local
100   Start Page HKCU : http://www.yahoo.com/
100   Start Page HKLM : http://g.msn.com/HPDSK/1
104   GUID / CLSID not found {8AD9C840-044E-11D1-B3E9-00805F499D93}
104   GUID / CLSID not found {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA}
104   GUID / CLSID not found {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
105   E&xport to Microsoft Excel : res://C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000
105   Se&nd to OneNote : res://C:\PROGRA~1\MIF5BA~1\Office15\ONBttnIE.dll/105
135 * C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
170   {06b1c984-7711-11e2-a913-64315026845a} : L:\setup.exe
170   {06c1d821-d35e-11e3-b6d5-64315026845a} : K:\MotoCastSetup.exe -a
170   {06c1d861-d35e-11e3-b6d5-64315026845a} : K:\MotoCastSetup.exe -a
170   {13d77c52-4435-11e2-952f-64315026845a} : K:\MotoCastSetup.exe -a
170   {1e2ce8dd-d97b-11e2-a9f3-64315026845a} : K:\MotoCastSetup.exe -a
170   {3a8b3440-30e7-11e2-98fe-64315026845a} : L:\MotoCastSetup.exe -a
170   {4ebcf890-7388-11e3-a721-64315026845a} : K:\MotoCastSetup.exe -a
170   {606be1b5-eaf0-11e0-a777-64315026845a} : K:\Setup.exe
170   {6d888469-40c7-11e5-b7e9-98588a02a5c8} : M:\VerizonSWUpgradeAssistantLauncher.exe
170   {8e6ca0ca-81e3-11e4-8d63-64315026845a} : K:\MotorolaDeviceManagerSetup.exe -a
170   {8f88ea8f-6d6b-11e4-9313-001122987654} : K:\MotoCastSetup.exe -a
170   {ebb353ff-8e6b-11e4-af1e-64315026845a} : K:\VerizonSWUpgradeAssistantLauncher.exe
171   C:\Windows\DREAMA~1.SCR
173   GUID / CLSID not found {09A47860-11B0-4DA5-AFA5-26D86198A780}
173   GUID / CLSID not found {0BB81440-5F42-4480-A5F7-770A6F439FC8}
173   GUID / CLSID not found {189F1E63-33A7-404B-B2F6-8C76A452CC54}
173   GUID / CLSID not found {23170F69-40C1-278A-1000-000100020000}
173   GUID / CLSID not found {2803063F-4B8D-4dc6-8874-D1802487FE2D}
173   GUID / CLSID not found {305BC11B-5175-492B-B569-866547FCDA40}
173   GUID / CLSID not found {A6FF0E3A-8437-482C-8E04-4F9E15C57538}
173   GUID / CLSID not found {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}
173   GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
173   GUID / CLSID not found {BB02B294-8425-42E5-983F-41A1FA970CD6}
173   C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
212 * C:\Program Files (x86)\IObit\Advanced SystemCare 7\DiskDefrag.exe (IObit)
221   GUID / CLSID not found {09A47860-11B0-4DA5-AFA5-26D86198A780}
221   GUID / CLSID not found {0BB81440-5F42-4480-A5F7-770A6F439FC8}
221   GUID / CLSID not found {189F1E63-33A7-404B-B2F6-8C76A452CC54}
221   GUID / CLSID not found {23170F69-40C1-278A-1000-000100020000}
221   GUID / CLSID not found {2803063F-4B8D-4dc6-8874-D1802487FE2D}
221   GUID / CLSID not found {305BC11B-5175-492B-B569-866547FCDA40}
221   GUID / CLSID not found {A6FF0E3A-8437-482C-8E04-4F9E15C57538}
221   GUID / CLSID not found {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}
221   GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
221   GUID / CLSID not found {BB02B294-8425-42E5-983F-41A1FA970CD6}
221   C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
223   GUID / CLSID not found {3A488FE8-9916-4F36-BDFF-3DED559142E5}
225   GUID / CLSID not found {0BB81440-5F42-4480-A5F7-770A6F439FC8}
225   GUID / CLSID not found {0BB81440-5F42-4480-A5F7-770A6F439FC8}
225   GUID / CLSID not found {189F1E63-33A7-404B-B2F6-8C76A452CC54}
225   GUID / CLSID not found {189F1E63-33A7-404B-B2F6-8C76A452CC54}
225   GUID / CLSID not found {A6FF0E3A-8437-482C-8E04-4F9E15C57538}
225   GUID / CLSID not found {A6FF0E3A-8437-482C-8E04-4F9E15C57538}
225   GUID / CLSID not found {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}
225   GUID / CLSID not found {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}
225   GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
225   GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
225   C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225   C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227   GUID / CLSID not found {09A47860-11B0-4DA5-AFA5-26D86198A780}
227   GUID / CLSID not found {0BB81440-5F42-4480-A5F7-770A6F439FC8}
227   GUID / CLSID not found {23170F69-40C1-278A-1000-000100020000}
227   GUID / CLSID not found {2803063F-4B8D-4dc6-8874-D1802487FE2D}
227   GUID / CLSID not found {A6FF0E3A-8437-482C-8E04-4F9E15C57538}
227   GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
227   GUID / CLSID not found {BB02B294-8425-42E5-983F-41A1FA970CD6}
227   C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
229   GUID / CLSID not found {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
229   GUID / CLSID not found {5E2121EE-0300-11D4-8D3B-444553540000}
229   GUID / CLSID not found {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}
229   GUID / CLSID not found {EC654325-1273-C2A9-2B7C-45D29BCE68FB}
231 * C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
251   GUID / CLSID not found {23170F69-40C1-278A-1000-000100020000}
251   GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
251   C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
254   GUID / CLSID not found {7842554E-6BED-11D2-8CDB-B05550C10000}
001 C:\Windows\System32\atieclxx.exe
001 C:\Windows\System32\atiesrxx.exe
001 audiodg.exe
001 C:\Windows\System32\csrss.exe
001 C:\Windows\System32\csrss.exe
001 C:\Windows\System32\conhost.exe
001 C:\Windows\System32\conhost.exe
001 C:\Windows\System32\conhost.exe
001 C:\Windows\System32\conhost.exe
001 C:\Windows\System32\conhost.exe
001 C:\Windows\System32\conhost.exe
001 C:\Windows\System32\conhost.exe
001 C:\Windows\System32\dwm.exe
001 C:\Windows\System32\taskhost.exe
001 C:\Windows\System32\lsass.exe
001 C:\Windows\System32\lsm.exe
001 C:\Windows\System32\nvvsvc.exe
001 C:\Windows\System32\nvvsvc.exe
001 C:\Windows\System32\services.exe
001 C:\Windows\System32\spoolsv.exe
001 C:\Windows\System32\WUDFHost.exe
001 C:\Windows\System32\winlogon.exe
001 C:\Windows\System32\smss.exe
001 C:\Windows\System32\wuauclt.exe

Missing files
-------------
003 regsvr32.exe "C:\Users\Ryan\AppData\Roaming\IeveKmets\UedoKwopc.dll"
005 C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
006 C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
010 C:\Windows\system32\AxInstSV.dll
010 C:\Windows\system32\atiesrxx.exe
010 C:\Windows\system32\aelupsvc.dll
010 C:\Windows\system32\appidsvc.dll
010 C:\Windows\system32\appinfo.dll
010 C:\Windows\system32\Alg.exe
010 C:\Windows\system32\qmgr.dll
010 C:\Windows\system32\bfe.dll
010 C:\Windows\system32\bdesvc.dll
010 C:\Windows\System32\bthserv.dll
010 C:\Windows\system32\browser.dll
010 C:\Windows\system32\vaultsvc.dll
010 C:\Windows\system32\dwm.exe
010 C:\Windows\system32\trkwks.dll
010 C:\Windows\system32\efssvc.dll
010 C:\Windows\system32\wecsvc.dll
010 C:\Windows\system32\wevtsvc.dll
010 C:\Windows\system32\fdPHost.dll
010 C:\Windows\system32\fdrespub.dll
010 C:\Windows\system32\ikeext.dll
010 C:\Windows\system32\ui0detect.exe
010 C:\Windows\system32\kmsvc.dll
010 C:\Windows\system32\lltdres.dll
010 C:\Windows\system32\eapsvc.dll
010 C:\Windows\system32\ipnathlp.dll
010 C:\Windows\System32\certprop.dll
010 C:\Windows\System32\certprop.dll
010 C:\Windows\system32\sppsvc.exe
010 C:\Windows\system32\TabSvc.dll
010 C:\Windows\System32\sensrsvc.dll
010 C:\Windows\system32\defragsvc.dll
010 C:\Windows\system32\wbengine.exe
010 C:\Windows\system32\vssvc.exe
010 C:\Windows\System32\swprv.dll
010 C:\Windows\system32\sdrsvc.dll
010 C:\Program Files (x86)\Windows Defender\MsMpRes.dll
010 C:\Windows\system32\mmcss.dll
010 C:\Windows\system32\mmcss.dll
010 C:\Windows\system32\netman.dll
010 C:\Windows\System32\nlasvc.dll
010 C:\Windows\system32\nsisvc.dll
010 C:\Windows\system32\nvvsvc.exe
010 C:\Windows\system32\p2psvc.dll
010 C:\Windows\system32\IPBusEnum.dll
010 C:\Windows\system32\pnrpauto.dll
010 C:\Windows\system32\pnrpsvc.dll
010 C:\Windows\system32\pnrpsvc.dll
010 C:\Windows\system32\wpdbusenum.dll
010 C:\Windows\System32\wercplsupport.dll
010 C:\Windows\system32\profsvc.dll
010 C:\Windows\system32\pcasvc.dll
010 C:\Windows\system32\sstpsvc.dll
010 C:\Windows\system32\qagentrt.dll
010 regsvc.dll
010 C:\Windows\system32\rasauto.dll
010 C:\Windows\system32\rasmans.dll
010 C:\Windows\System32\termsrv.dll
010 C:\Windows\system32\RpcEpMap.dll
010 C:\Windows\system32\Locator.exe
010 C:\Windows\system32\samsrv.dll
010 C:\Windows\system32\seclogon.dll
010 C:\Windows\system32\srvsvc.dll
010 C:\Windows\system32\iphlpsvc.dll
010 C:\Windows\System32\SCardSvr.dll
010 C:\Windows\system32\snmptrap.exe
010 C:\Windows\system32\spoolsv.exe
010 C:\Windows\system32\sppuinotify.dll
010 C:\Windows\system32\ssdpsrv.dll
010 C:\Windows\system32\wiaservc.dll
010 C:\Windows\system32\sysmain.dll
010 C:\Windows\system32\schedsvc.dll
010 C:\Windows\system32\tbssvc.dll
010 C:\Windows\system32\lmhsvc.dll
010 C:\Windows\system32\umpnpmgr.dll
010 C:\Windows\system32\umpo.dll
010 C:\Windows\system32\vds.exe
010 C:\Windows\system32\dps.dll
010 C:\Windows\system32\Wat\WatUX.exe
010 C:\Windows\System32\audiosrv.dll
010 C:\Windows\System32\audiosrv.dll
010 C:\Windows\system32\wbiosrvc.dll
010 C:\Windows\system32\wudfsvc.dll
010 C:\Windows\System32\wersvc.dll
010 C:\Windows\system32\FntCache.dll
010 C:\Windows\System32\ListSvc.dll
010 C:\Windows\System32\wscsvc.dll
010 C:\Windows\System32\themeservice.dll
010 C:\Windows\system32\w32time.dll
010 C:\Windows\System32\wlansvc.dll
010 C:\Windows\system32\dot3svc.dll
010 C:\Windows\system32\wbem\wmisvc.dll
010 C:\Windows\system32\wbem\wmiapsrv.exe
010 C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
010 C:\Windows\system32\wkssvc.dll
010 C:\Windows\System32\wwansvc.dll
011 C:\Users\Ryan\AppData\Local\Temp\00529AB.tmp
011 c:\windows\system32\DRIVERS\1394ohci.sys
011 c:\windows\system32\DRIVERS\ohci1394.sys
011 c:\windows\system32\DRIVERS\agp440.sys
011 C:\Windows\system32\drivers\a9artj3x.sys
011 c:\windows\system32\DRIVERS\ACPI.sys
011 c:\windows\system32\DRIVERS\acpipmi.sys
011 c:\windows\system32\DRIVERS\adp94xx.sys
011 c:\windows\system32\DRIVERS\adpahci.sys
011 c:\windows\system32\DRIVERS\adpu320.sys
011 c:\windows\system32\DRIVERS\aliide.sys
011 c:\windows\system32\drivers\AtihdW76.sys
011 c:\windows\system32\DRIVERS\amdiox64.sys
011 c:\windows\system32\DRIVERS\AtiPcie64.sys
011 c:\windows\system32\DRIVERS\usbfilter.sys
011 c:\windows\system32\DRIVERS\amd_sata.sys
011 c:\windows\system32\DRIVERS\amd_xata.sys
011 c:\windows\system32\DRIVERS\amdide.sys
011 c:\windows\system32\DRIVERS\atikmdag.sys
011 c:\windows\system32\DRIVERS\atikmpag.sys
011 c:\windows\system32\drivers\amdsata.sys
011 c:\windows\system32\DRIVERS\amdsbs.sys
011 c:\windows\system32\drivers\amdxata.sys
011 C:\Windows\system32\drivers\afd.sys
011 C:\Windows\system32\appidsvc.dll
011 c:\windows\system32\DRIVERS\NNSAlpc.sys
011 c:\windows\system32\DRIVERS\arc.sys
011 c:\windows\system32\DRIVERS\arcsas.sys
011 c:\windows\system32\DRIVERS\atapi.sys
011 c:\windows\system32\DRIVERS\atikmdag.sys
011 C:\Windows\system32\drivers\Beep.sys
011 C:\Windows\system32\drivers\fvevol.sys
011 c:\windows\system32\DRIVERS\blbdrive.sys
011 c:\windows\system32\drivers\btwaudio.sys
011 c:\windows\system32\drivers\tosrfsnd.sys
011 c:\windows\system32\DRIVERS\tosrfnds.sys
011 c:\windows\system32\DRIVERS\BthEnum.sys
011 c:\windows\system32\DRIVERS\bthmodem.sys
011 c:\windows\system32\DRIVERS\Tosrfhid.sys
011 c:\windows\system32\DRIVERS\hidbth.sys
011 c:\windows\system32\DRIVERS\bthpan.sys
011 c:\windows\system32\DRIVERS\tosrfbd.sys
011 c:\windows\system32\DRIVERS\rfcomm.sys
011 c:\windows\system32\DRIVERS\tosrfusb.sys
011 C:\programdata\bitraider\BRDriver64.sys
011 c:\windows\system32\DRIVERS\btwavdt.sys
011 c:\windows\system32\drivers\bcbtums.sys
011 c:\windows\system32\DRIVERS\btwl2cap.sys
011 C:\Windows\system32\drivers\btwampfl.sys
011 c:\windows\system32\DRIVERS\b57nd60a.sys
011 c:\windows\system32\DRIVERS\evbda.sys
011 c:\windows\system32\DRIVERS\bxvbda.sys
011 c:\windows\System32\Drivers\Brserid.sys
011 c:\windows\System32\Drivers\BrSerWdm.sys
011 c:\windows\System32\Drivers\BrUsbMdm.sys
011 c:\windows\System32\Drivers\BrUsbSer.sys
011 System32\Drivers\btcombus.sys
011 c:\windows\system32\DRIVERS\btcomport.sys
011 System32\Drivers\btcusb.sys
011 System32\Drivers\BtHidBus.sys
011 System32\Drivers\BTHport.sys
011 System32\Drivers\BTHUSB.sys
011 System32\Drivers\btnetBus.sys
011 c:\windows\system32\DRIVERS\btnetdrv.sys
011 c:\windows\system32\DRIVERS\btwrchid.sys
011 c:\windows\system32\DRIVERS\cdfs.sys
011 c:\windows\system32\DRIVERS\cmdide.sys
011 System32\Drivers\cng.sys
011 C:\Windows\system32\clfs.sys
011 c:\windows\system32\DRIVERS\compbatt.sys
011 C:\Windows\system32\browser.dll
011 c:\windows\system32\DRIVERS\circlass.sys
011 c:\windows\system32\DRIVERS\CmBatt.sys
011 c:\windows\system32\drivers\cqcpu.sys
011 c:\windows\system32\DRIVERS\dtsoftbus01.sys
011 c:\windows\system32\DRIVERS\usbhub.sys
011 C:\Windows\system32\drivers\dfsc.sys
011 c:\windows\System32\drivers\dxgkrnl.sys
011 c:\windows\system32\DRIVERS\crcdisk.sys
011 c:\windows\system32\DRIVERS\DuoVMDrv.sys
011 C:\Windows\system32\drivers\EagleX64.sys
011 c:\windows\system32\DRIVERS\usbehci.sys
011 c:\windows\system32\DRIVERS\elxstor.sys
011 c:\windows\system32\DRIVERS\errdev.sys
011 C:\Windows\system32\drivers\fastfat.sys
011 C:\Windows\system32\drivers\fsdepends.sys
011 C:\Windows\system32\drivers\filetrace.sys
011 C:\Windows\system32\drivers\fileinfo.sys
011 c:\windows\system32\DRIVERS\dc3d.sys
011 c:\windows\system32\DRIVERS\fdc.sys
011 c:\windows\system32\DRIVERS\flpydisk.sys
011 c:\windows\system32\DRIVERS\umpass.sys
011 C:\Windows\system32\drivers\hwpolicy.sys
011 c:\windows\system32\drivers\hcw85cir.sys
011 c:\windows\system32\DRIVERS\HidBatt.sys
011 c:\windows\system32\DRIVERS\kbdhid.sys
011 c:\windows\system32\DRIVERS\uvhid.sys
011 c:\windows\system32\DRIVERS\mouhid.sys
011 c:\windows\system32\DRIVERS\HDAudBus.sys
011 c:\windows\system32\drivers\HdAudio.sys
011 c:\windows\system32\DRIVERS\HpSAMD.sys
011 c:\windows\system32\drivers\CpqDfw.sys
011 c:\windows\system32\DRIVERS\NNSHttp.sys
011 C:\Windows\system32\drivers\http.sys
011 c:\windows\system32\DRIVERS\NNSHttps.sys
011 c:\windows\system32\DRIVERS\i8042prt.sys
011 c:\windows\system32\DRIVERS\iirsp.sys
011 C:\Windows\system32\drivers\irenum.sys
011 c:\windows\system32\DRIVERS\hidir.sys
011 c:\windows\system32\drivers\iaStorV.sys
011 c:\windows\system32\DRIVERS\intelide.sys
011 c:\windows\system32\DRIVERS\NNSIds.sys
011 c:\windows\system32\DRIVERS\IPMIDrv.sys
011 System32\drivers\ipnat.sys
011 c:\windows\system32\DRIVERS\isapnp.sys
011 System32\Drivers\IvtBtBus.sys
011 c:\windows\system32\drivers\Wdf01000.sys
011 c:\windows\system32\drivers\ksthunk.sys
011 c:\windows\system32\DRIVERS\kbdclass.sys
011 System32\Drivers\ksecdd.sys
011 System32\Drivers\ksecpkg.sys
011 c:\windows\system32\DRIVERS\lltdio.sys
011 c:\windows\system32\DRIVERS\rspndr.sys
011 C:\Windows\system32\drivers\spldr.sys
011 c:\windows\system32\DRIVERS\lsi_fc.sys
011 c:\windows\system32\DRIVERS\lsi_sas.sys
011 c:\windows\system32\DRIVERS\lsi_sas2.sys
011 c:\windows\system32\DRIVERS\lsi_scsi.sys
011 C:\Windows\system32\drivers\luafv.sys
011 C:\Windows\system32\drivers\secdrv.sys
011 C:\Windows\system32\drivers\netbt.sys
011 c:\windows\system32\DRIVERS\megasas.sys
011 c:\windows\system32\DRIVERS\MegaSR.sys
011 c:\windows\system32\DRIVERS\MpFilter.sys
011 C:\Windows\system32\drivers\exfat.sys
011 C:\Windows\system32\drivers\fltmgr.sys
011 c:\windows\system32\DRIVERS\msiscsi.sys
011 c:\windows\system32\DRIVERS\MTConfig.sys
011 c:\windows\system32\DRIVERS\NisDrvWFP.sys
011 C:\Windows\system32\drivers\qwavedrv.sys
011 c:\windows\system32\DRIVERS\rdpbus.sys
011 C:\Windows\System32\drivers\scfilter.sys
011 c:\windows\system32\drivers\drmkaud.sys
011 c:\windows\system32\DRIVERS\tunnel.sys
011 c:\windows\system32\drivers\modem.sys
011 c:\windows\system32\DRIVERS\monitor.sys
011 c:\windows\system32\DRIVERS\motccgp.sys
011 System32\Drivers\motoandroid.sys
011 c:\windows\system32\DRIVERS\motswch.sys
011 c:\windows\system32\DRIVERS\motusbdevice.sys
011 C:\Windows\system32\drivers\mountmgr.sys
011 c:\windows\system32\DRIVERS\mouclass.sys
011 c:\windows\system32\DRIVERS\mpio.sys
011 c:\windows\system32\DRIVERS\uagp35.sys
011 c:\windows\system32\DRIVERS\gagp30kx.sys
011 c:\windows\system32\drivers\MSKSSRV.sys
011 c:\windows\system32\drivers\MSPCLOCK.sys
011 c:\windows\system32\drivers\MSPQM.sys
011 c:\windows\system32\DRIVERS\msahci.sys
011 c:\windows\system32\DRIVERS\msdsm.sys
011 C:\Windows\system32\drivers\Msfs.sys
011 c:\windows\system32\DRIVERS\msisadrv.sys
011 C:\Windows\system32\drivers\MsRPC.sys
011 C:\Windows\system32\drivers\mup.sys
011 c:\windows\system32\DRIVERS\CompositeBus.sys
011 c:\windows\system32\drivers\tdpipe.sys
011 c:\windows\system32\DRIVERS\nwifi.sys
011 C:\Windows\system32\drivers\ndis.sys
011 c:\windows\system32\DRIVERS\ndiscap.sys
011 C:\Windows\system32\drivers\NDProxy.sys
011 c:\windows\system32\DRIVERS\ndisuio.sys
011 c:\windows\system32\DRIVERS\netbios.sys
011 c:\windows\system32\DRIVERS\NNSProt.sys
011 c:\windows\system32\DRIVERS\NNSPrv.sys
011 c:\windows\system32\DRIVERS\nv_agp.sys
011 c:\windows\system32\DRIVERS\nfrd960.sys
011 c:\windows\system32\DRIVERS\NNSPihsw.sys
011 C:\Windows\system32\drivers\Npfs.sys
011 C:\Windows\system32\drivers\nsiproxy.sys
011 C:\Windows\system32\drivers\Ntfs.sys
011 c:\windows\system32\DRIVERS\pci.sys
011 C:\Users\Ryan\AppData\Local\Temp\NTFS.sys
011 C:\Windows\system32\drivers\Null.sys
011 c:\windows\system32\drivers\nvhda64v.sys
011 c:\windows\system32\drivers\nvvad64v.sys
011 c:\windows\system32\DRIVERS\nvlddmkm.sys
011 c:\windows\system32\drivers\nvraid.sys
011 c:\windows\system32\drivers\nvstor.sys
011 c:\windows\system32\DRIVERS\usbohci.sys
011 c:\windows\system32\DRIVERS\parport.sys
011 C:\Windows\system32\drivers\partmgr.sys
011 C:\Windows\system32\drivers\mshidkmdf.sys
011 c:\windows\system32\DRIVERS\pccsmcfdx64.sys
011 c:\windows\system32\DRIVERS\pciide.sys
011 c:\windows\system32\DRIVERS\pcmcia.sys
011 System32\drivers\pcw.sys
011 c:\windows\system32\DRIVERS\swenum.sys
011 c:\windows\system32\DRIVERS\disk.sys
011 c:\windows\system32\DRIVERS\point64.sys
011 c:\windows\system32\DRIVERS\NNSPop3.sys
011 c:\windows\system32\DRIVERS\NNSPicc.sys
011 c:\windows\system32\DRIVERS\processr.sys
011 c:\windows\system32\DRIVERS\amdk8.sys
011 c:\windows\system32\DRIVERS\intelppm.sys
011 c:\windows\system32\DRIVERS\amdppm.sys
011 c:\windows\system32\drivers\peauth.sys
011 C:\Windows\system32\sstpsvc.dll
011 c:\windows\system32\Drivers\PsBoot.sys
011 c:\windows\system32\DRIVERS\PSINAflt.sys
011 c:\windows\system32\DRIVERS\PSINFile.sys
011 c:\windows\system32\DRIVERS\psinknc.sys
011 c:\windows\system32\DRIVERS\PSINProc.sys
011 c:\windows\system32\DRIVERS\PSINProt.sys
011 c:\windows\system32\DRIVERS\PSINReg.sys
011 System32\DRIVERS\PSKMAD.sys
011 c:\windows\system32\DRIVERS\ql2300.sys
011 c:\windows\system32\DRIVERS\ql40xx.sys
011 C:\Windows\System32\drivers\pacer.sys
011 c:\windows\system32\DRIVERS\netr28x.sys
011 c:\windows\system32\DRIVERS\netr28ux.sys
011 c:\windows\system32\DRIVERS\AgileVpn.sys
011 System32\DRIVERS\rasacd.sys
011 C:\Windows\system32\drivers\RDPENCDD.sys
011 C:\Windows\system32\DRIVERS\RDPCDD.sys
011 C:\Windows\system32\drivers\RdpRefMp.sys
011 C:\Windows\system32\drivers\RDPWD.sys
011 System32\drivers\rdyboost.sys
011 c:\windows\system32\DRIVERS\Rt64win7.sys
011 c:\windows\system32\DRIVERS\RtkBtfilter.sys
011 c:\windows\system32\drivers\RTKVHD64.sys
011 c:\windows\system32\DRIVERS\termdd.sys
011 c:\windows\system32\DRIVERS\sbp2port.sys
011 c:\windows\system32\DRIVERS\ScpVBus.sys
011 c:\windows\system32\DRIVERS\cdrom.sys
011 c:\windows\system32\DRIVERS\sfloppy.sys
011 c:\windows\system32\DRIVERS\ggsemc.sys
011 c:\windows\system32\DRIVERS\ggflt.sys
011 c:\windows\system32\DRIVERS\serial.sys
011 c:\windows\system32\DRIVERS\sermouse.sys
011 c:\windows\system32\DRIVERS\serenum.sys
011 C:\Windows\system32\srvsvc.dll
011 C:\Windows\system32\srvsvc.dll
011 c:\windows\system32\DRIVERS\SiSRaid2.sys
011 c:\windows\system32\DRIVERS\sisraid4.sys
011 c:\windows\system32\DRIVERS\sffdisk.sys
011 c:\windows\system32\DRIVERS\sffp_mmc.sys
011 c:\windows\system32\DRIVERS\sffp_sd.sys
011 System32\Drivers\SmartDefragDriver.sys
011 c:\windows\system32\DRIVERS\NNSSmtp.sys
011 c:\windows\System32\Drivers\sptd.sys
011 System32\DRIVERS\srvnet.sys
011 c:\windows\system32\DRIVERS\stexstor.sys
011 c:\windows\system32\DRIVERS\NNSStrm.sys
011 C:\Windows\system32\drivers\discache.sys
011 C:\Windows\system32\Drivers\SIVX64.sys
011 c:\windows\system32\DRIVERS\mssmbios.sys
011 c:\windows\system32\drivers\tdtcp.sys
011 c:\windows\system32\DRIVERS\tcpip.sys
011 System32\drivers\tcpipreg.sys
011 c:\windows\system32\drivers\Toshidpt.sys
011 c:\windows\system32\DRIVERS\tosporte.sys
011 System32\Drivers\tosrfbnp.sys
011 System32\Drivers\tosrfcom.sys
011 c:\windows\system32\DRIVERS\NNSTlsc.sys
011 C:\Windows\System32\DRIVERS\tssecsrv.sys
011 c:\windows\system32\DRIVERS\udfs.sys
011 c:\windows\system32\drivers\usbuhci.sys
011 c:\windows\system32\DRIVERS\uliagpkx.sys
011 c:\windows\system32\drivers\usbaudio.sys
011 c:\windows\system32\DRIVERS\usbccgp.sys
011 c:\windows\system32\DRIVERS\usbcir.sys
011 c:\windows\system32\DRIVERS\USBSTOR.SYS
011 c:\windows\system32\DRIVERS\hidusb.sys
011 c:\windows\system32\DRIVERS\usbprint.sys
011 c:\windows\system32\DRIVERS\umbus.sys
011 c:\windows\system32\DRIVERS\vgapnp.sys
011 c:\windows\System32\drivers\vga.sys
011 c:\windows\system32\DRIVERS\vhdmp.sys
011 c:\windows\system32\DRIVERS\viaide.sys
011 c:\windows\system32\DRIVERS\vdrvroot.sys
011 c:\windows\system32\DRIVERS\vwifibus.sys
011 c:\windows\system32\DRIVERS\vwififlt.sys
011 c:\windows\system32\DRIVERS\vwifimp.sys
011 c:\windows\system32\DRIVERS\VBoxNetFlt.sys
011 c:\windows\system32\DRIVERS\VBoxNetAdp.sys
011 c:\windows\system32\DRIVERS\VBoxDrv.sys
011 c:\windows\system32\DRIVERS\VBoxUSBMon.sys
011 c:\windows\system32\DRIVERS\volmgr.sys
011 C:\Windows\system32\drivers\volmgrx.sys
011 c:\windows\system32\drivers\volsnap.sys
011 c:\windows\system32\DRIVERS\vsmraid.sys
011 c:\windows\system32\DRIVERS\wacompen.sys
011 c:\windows\system32\DRIVERS\wd.sys
011 c:\windows\system32\DRIVERS\wdcsam64.sys
011 c:\windows\system32\drivers\MSTEE.sys
011 c:\windows\system32\DRIVERS\WSDScan.sys
011 c:\windows\system32\DRIVERS\WSDPrint.sys
011 c:\windows\system32\DRIVERS\wfplwf.sys
011 c:\windows\system32\DRIVERS\xusb21.sys
011 c:\windows\system32\drivers\WudfPf.sys
011 c:\windows\system32\DRIVERS\wmiacpi.sys
011 c:\windows\system32\DRIVERS\BrFiltLo.sys
011 c:\windows\system32\DRIVERS\BrFiltUp.sys
011 c:\windows\system32\DRIVERS\WinUsb.sys
011 C:\Windows\System32\drivers\ws2ifsl.sys
011 C:\Windows\system32\wkssvc.dll
011 C:\Windows\system32\wkssvc.dll
011 C:\Windows\system32\wkssvc.dll
011 C:\Windows\system32\wkssvc.dll
011 c:\windows\system32\DRIVERS\WUDFRd.sys
011 C:\Windows\SysWOW64\Drivers\X6va011
011 C:\Windows\xhunter1.sys
013 C:\Windows\System32\mctadmin.exe
013 C:\Windows\System32\mctadmin.exe
013 C:\Windows\System32\SPReview\SPReview.exe
032 rdpclip
069 hpinkstsC511LM.dll
069 localspl.dll
069 FXSMON.DLL
069 tcpmon.dll
069 usbmon.dll
069 WSDMon.dll
145 kbdclass.sys
210 C:\Windows\system32\sdclt.exe


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
003 regsvr32.exe "C:\Users\Ryan\AppData\Roaming\IeveKmets\UedoKwopc.dll"  looks suspicious.
 
 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.  (Try the 64 bit version first as it appears that is what you have.)
 
  •  
  • Right click and  run as administrator. When the tool opens click Yes to disclaimer. 
  • click on the Addition.txt box. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    rct8787

    rct8787

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Thanks for the reply, there is a message box that does popup regarding UedoKwopc.dll whenever the computer loads up to the desktop though I cant recall exactly what it says. See the txt files below. Thanks again for the help!

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
    Ran by Ryan (administrator) on TYRANT (06-11-2015 18:59:23)
    Running from C:\Users\Ryan\Desktop
    Loaded Profiles: Ryan (Available Profiles: Ryan & Mcx1-TYRANT)
    Platform: Windows 7 Home Premium (X64) Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Safe Mode (minimal)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-16] (Realtek Semiconductor)
    HKLM\...\Run: [x9fy5RHC3D25] => regsvr32.exe /s "C:\PROGRA~3\x9fy5RHC3D25.dll"
    HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [MusicManager] => C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [Cicuk] => regsvr32.exe "C:\Users\Ryan\AppData\Roaming\IeveKmets\UedoKwopc.dll"
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {06b1c984-7711-11e2-a913-64315026845a} - L:\setup.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {06c1d821-d35e-11e3-b6d5-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {06c1d861-d35e-11e3-b6d5-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {13d77c52-4435-11e2-952f-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {1e2ce8dd-d97b-11e2-a9f3-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {3a8b3440-30e7-11e2-98fe-64315026845a} - L:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {4ebcf890-7388-11e3-a721-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {606be1b5-eaf0-11e0-a777-64315026845a} - K:\Setup.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {6d888469-40c7-11e5-b7e9-98588a02a5c8} - M:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {8e6ca0ca-81e3-11e4-8d63-64315026845a} - K:\MotorolaDeviceManagerSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {8f88ea8f-6d6b-11e4-9313-001122987654} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {ebb353ff-8e6b-11e4-af1e-64315026845a} - K:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\DREAMA~1.SCR [94208 2006-10-09] ()
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-11-06] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
    ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
    ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
    ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-01-19]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2013-01-09]
    ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaWiFi.exe (Ralink Technology, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 127.0.0.1  nlsk.neulion.com
    Tcpip\..\Interfaces\{BBF9F091-EADE-4E1C-AB76-D5897FD5207B}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{C4349D22-40F8-480F-AD78-E820B327C557}: [DhcpNameServer] 209.18.47.61 209.18.47.62

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
    SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {5ED88E19-FCB1-4428-9612-3E22A725041E} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
    SearchScopes: HKU\.DEFAULT -> bProtectorDefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> DefaultScope {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yd.delta-search.com/?q={searchTerms}&affID=119816&tt=030213_yd&babsrc=SP_ss&mntrId=8cf4d1020000000000001c659da898fe
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-07-29] (IObit)
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
    BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-02-20] (IObit)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
    FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2012-05-14] (Nexon)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-05-10] (Pando Networks)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-05-10] (Pando Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.yahoo.com/
    CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
    CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-10-03]
    CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
    CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
    CHR Extension: (Dark Vibe) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2013-10-15]
    CHR Extension: (Google Play Music) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-04]
    CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
    CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\Ryan\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-10-31]
    CHR HKLM-x32\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\Ryan\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-10-31]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
    S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
    S2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [82384 2015-08-06] (American Megatrends Inc.)
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-11] (BitRaider, LLC)
    S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
    S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
    S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
    S2 Ds3Service; C:\Users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe [381952 2014-06-29] (Scarlet.Crush Productions) [File not signed]
    S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)
    S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-07-29] (Panda Security, S.L.)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4302576 2012-08-15] (INCA Internet Co., Ltd.) [File not signed]
    S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
    S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-17] ()
    S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-07-28] (Panda Security, S.L.)
    S2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
    S2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
    S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
    S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [295128 2015-05-16] (Realtek Semiconductor)
    S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
    S2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
    S2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [191488 2012-11-05] () [File not signed]
    S2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-11-05] (Wyse Technology.) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-01-19] (Broadcom Corporation.)
    S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
    R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
    S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
    S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-14] (DT Soft Ltd)
    S1 DuoVMDrv; C:\Windows\System32\DRIVERS\DuoVMDrv.sys [239536 2015-07-31] (American Megatrends Inc.)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
    S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-30] (REALiX™)
    S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
    S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
    S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
    S1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
    S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
    S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
    S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72952 2015-07-09] ()
    S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
    S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
    S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
    S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
    S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
    S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
    S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
    S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
    R0 PsBoot; C:\Windows\System32\Drivers\PsBoot.sys [40480 2014-03-11] (Panda Security, S.L.)
    S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
    S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
    S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
    S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
    S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
    S2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
    U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
    S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
    S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [555736 2014-04-27] (Realtek Semiconductor Corporation)
    R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2014-04-27] (Scarlet.Crush Productions)
    S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX64.sys [57312 2008-06-14] (Ray Hinchliffe)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-14] (Duplex Secure Ltd.)
    S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
    S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
    S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [20992 2013-04-11] (Windows ® Win 7 DDK provider)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
    S3 BS2364854530; \??\C:\Users\Ryan\AppData\Local\Temp\NTFS.sys [X]
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
    S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
    S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
    S3 motccgp; system32\DRIVERS\motccgp.sys [X]
    S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
    S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
    S3 X6va005; \??\C:\Users\Ryan\AppData\Local\Temp\00529AB.tmp [X]
    S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-06 18:59 - 2015-11-06 19:00 - 00028633 _____ C:\Users\Ryan\Desktop\FRST.txt
    2015-11-06 18:59 - 2015-11-06 18:59 - 00000000 ____D C:\FRST
    2015-11-06 18:56 - 2015-05-22 03:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
    2015-11-06 18:54 - 2015-11-06 18:54 - 02198528 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
    2015-11-06 18:53 - 2015-11-06 18:54 - 00000234 _____ C:\Users\Ryan\Desktop\New Text Document.txt
    2015-11-06 18:52 - 2015-11-06 18:52 - 00015452 _____ C:\Users\Ryan\Desktop\Fixlist.txt
    2015-11-06 18:06 - 2014-03-11 10:48 - 00040480 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys
    2015-11-06 17:43 - 2015-11-06 17:43 - 333953730 _____ C:\Windows\MEMORY.DMP
    2015-11-06 17:43 - 2015-11-06 17:43 - 00268992 _____ C:\Windows\Minidump\110615-21325-01.dmp
    2015-11-06 17:33 - 2015-11-06 17:33 - 00076814 _____ C:\Users\Ryan\Desktop\runscanner.log
    2015-11-06 17:27 - 2015-11-06 17:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Runscanner.net
    2015-11-06 17:26 - 2015-11-06 17:27 - 00000000 ____D C:\runscanner
    2015-11-06 17:18 - 2015-11-06 17:18 - 05200384 _____ (AVAST Software) C:\Users\Ryan\Downloads\aswmbr
    2015-11-06 07:42 - 2015-11-06 07:42 - 00004096 _____ C:\ProgramData\igfxEM_32.exe
    2015-11-06 07:36 - 2015-11-06 07:36 - 00090112 _____ C:\ProgramData\7B571D05.EX
    2015-11-06 03:01 - 2015-11-06 03:01 - 00000000 ____D C:\Windows\system32\SPReview
    2015-11-05 21:08 - 2015-11-05 21:08 - 00000348 _____ C:\Windows\PFRO.log
    2015-11-05 21:02 - 2015-11-05 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
    2015-11-05 21:02 - 2015-11-05 21:02 - 00000000 ____D C:\Program Files (x86)\Panda Security
    2015-11-05 21:01 - 2015-11-05 21:02 - 00000000 ____D C:\ProgramData\Panda Security
    2015-11-05 21:01 - 2015-11-05 21:01 - 02113152 _____ C:\Users\Ryan\Downloads\PANDAFREEAV.exe
    2015-11-05 19:42 - 2015-11-06 17:52 - 00000280 _____ C:\Windows\setupact.log
    2015-11-05 19:42 - 2015-11-05 19:42 - 00000000 _____ C:\Windows\setuperr.log
    2015-11-05 18:33 - 2015-11-05 18:33 - 00000000 _____ C:\asc_rdflag
    2015-11-05 18:01 - 2015-11-01 10:18 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-11-04 21:49 - 2015-11-04 21:49 - 02924672 _____ (AVG Technologies) C:\Users\Ryan\Downloads\AVG_Protection_Free_698.exe
    2015-11-04 21:36 - 2015-11-04 21:36 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Ryan\Downloads\avast_free_antivirus_setup_online_cnet.exe
    2015-11-02 13:34 - 2015-11-02 13:34 - 00004096 _____ C:\ProgramData\igfxCUIService.exe
    2015-11-02 13:33 - 2015-11-02 13:33 - 00005120 _____ C:\ProgramData\1F3670CC.EX
    2015-11-02 13:33 - 2015-11-02 13:33 - 00004096 _____ C:\ProgramData\openssl.dll
    2015-11-02 06:50 - 2015-11-02 06:50 - 00004096 _____ C:\ProgramData\x9fy5RHC3D25.dll
    2015-11-02 06:48 - 2015-11-02 06:48 - 00004096 _____ C:\ProgramData\QXJhZ3fR3D25.dll
    2015-11-01 10:18 - 2015-11-01 10:18 - 00929872 _____ (Google Inc.) C:\Users\Ryan\Downloads\ChromeSetup.exe
    2015-11-01 02:55 - 2015-11-03 17:28 - 03550700 _____ C:\Windows\system32\CFG2364854530
    2015-11-01 02:40 - 2015-11-01 02:40 - 00450560 _____ (Microsoft Corporation) C:\Users\Ryan\AppData\Roaming\gpmnsd.exe
    2015-11-01 02:39 - 2015-11-06 17:52 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\IeveKmets
    2015-11-01 02:39 - 2015-11-01 02:39 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2015-10-31 14:05 - 2015-10-31 14:05 - 00012169 _____ C:\Users\Ryan\Downloads\[kat.cr]family.feud.decades.wbfs.sfae41.ntsc.wiigm.torrent
    2015-10-31 14:05 - 2015-10-31 14:05 - 00000000 ____D C:\Users\Ryan\Downloads\SFAE41 Family Feud Decades
    2015-10-25 19:14 - 2015-10-02 21:18 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-10-25 19:12 - 2015-10-03 00:06 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 22306936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 18359928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 16541040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 15002304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 14832968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 13518496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 12032200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 11114616 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-10-25 19:12 - 2015-10-03 00:06 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 02489976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00689456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00414000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2015-10-25 10:16 - 2015-10-25 10:16 - 00001054 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
    2015-10-25 10:16 - 2015-10-25 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    2015-10-25 09:56 - 2015-10-25 09:56 - 00000000 ____D C:\Users\Ryan\Documents\The Witcher 3
    2015-10-25 09:14 - 2015-10-25 09:15 - 318801672 _____ ( ) C:\Users\Ryan\Downloads\witcher3_patch_1.01.exe
    2015-10-23 16:21 - 2015-10-23 17:04 - 00000000 ____D C:\Users\Ryan\Downloads\The.Witcher.3.Wild.Hunt.Patch.v1.10-GOG
    2015-10-23 16:21 - 2015-10-23 16:36 - 00000000 ____D C:\Users\Ryan\Downloads\The.Witcher.3.Wild.Hunt.Hearts.of.Stone-GOG
    2015-10-23 13:25 - 2015-10-23 14:20 - 00000000 ____D C:\Users\Ryan\Downloads\The Witcher 3 Wild Hunt
    2015-10-22 18:06 - 2015-10-22 20:11 - 00000000 ____D C:\Program Files (x86)\BlueStacks
    2015-10-22 18:06 - 2015-10-22 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
    2015-10-22 18:06 - 2015-10-22 18:06 - 00000000 ____D C:\ProgramData\BlueStacks
    2015-10-22 18:05 - 2015-10-22 18:05 - 00000000 ____D C:\Users\Ryan\AppData\Local\Bluestacks
    2015-10-22 18:02 - 2015-10-22 18:04 - 265913504 _____ C:\Users\Ryan\Downloads\BlueStacksAppPlayer_0.9.30.4239_by_AJacobs_Rooted_BSEasy.exe
    2015-10-22 17:48 - 2015-10-22 17:48 - 00001127 _____ C:\Users\Public\Desktop\Star Wars Battlefront II.lnk
    2015-10-22 17:48 - 2015-10-22 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
    2015-10-22 16:18 - 2015-10-22 16:18 - 00000000 ____D C:\Users\Ryan\Downloads\Star Wars Battlefront II
    2015-10-13 19:05 - 2015-10-13 19:06 - 00000000 ____D C:\Users\Ryan\Downloads\Acoustica Mixcraft v6.1 Build 204 with Key [TorDigger]
    2015-10-12 19:45 - 2015-10-12 19:45 - 02317104 _____ (Microsoft Corporation) C:\Windows\system32\coin97itp.dll
    2015-10-12 19:45 - 2015-10-12 19:45 - 01804696 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
    2015-10-12 19:45 - 2015-10-12 19:45 - 00068912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\point64.sys
    2015-10-12 19:44 - 2015-10-12 19:44 - 02317104 _____ (Microsoft Corporation) C:\Windows\system32\coin97ip.dll
    2015-10-12 19:44 - 2015-10-12 19:44 - 00095024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dc3d.sys
    2015-10-07 20:04 - 2015-10-15 18:37 - 00000000 ____D C:\ProgramData\Oracle
    2015-10-07 20:04 - 2015-10-07 20:04 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Sun
    2015-10-07 20:04 - 2015-10-07 20:04 - 00000000 ____D C:\Users\Ryan\.oracle_jre_usage
    2015-10-07 20:03 - 2015-10-07 20:03 - 00000000 ____D C:\Users\Ryan\AppData\LocalLow\Oracle

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-06 18:55 - 2011-01-26 11:19 - 01265632 _____ C:\Windows\WindowsUpdate.log
    2015-11-06 18:47 - 2013-02-02 11:59 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA.job
    2015-11-06 18:47 - 2012-04-29 15:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-11-06 18:03 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-11-06 18:03 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-11-06 18:00 - 2013-10-15 17:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-11-06 17:53 - 2013-10-15 17:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-11-06 17:53 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-11-06 17:52 - 2013-08-05 18:43 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-11-06 17:43 - 2013-01-21 13:51 - 00000000 ____D C:\Windows\Minidump
    2015-11-06 17:35 - 2011-12-23 13:21 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
    2015-11-06 03:30 - 2013-02-02 11:59 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core.job
    2015-11-05 22:39 - 2015-05-16 15:06 - 00000000 ____D C:\Users\Mcx1-TYRANT.TyRaNt
    2015-11-05 22:38 - 2014-06-10 12:16 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\ProductData
    2015-11-05 22:38 - 2013-10-18 18:19 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-11-05 22:38 - 2013-10-15 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-11-05 22:38 - 2013-10-15 17:42 - 00000000 ____D C:\Program Files (x86)\Google
    2015-11-05 22:38 - 2012-01-16 10:50 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2015-11-05 22:38 - 2011-01-26 11:43 - 00000000 ____D C:\ProgramData\RoxioNow
    2015-11-05 22:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
    2015-11-05 21:20 - 2011-09-26 13:32 - 00123608 _____ C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-11-05 21:14 - 2011-01-27 00:27 - 00000000 ____D C:\ProgramData\Recovery
    2015-11-05 21:09 - 2009-07-13 23:45 - 00520200 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-11-05 19:42 - 2011-09-26 13:28 - 00000000 ____D C:\Users\Ryan
    2015-11-05 18:33 - 2014-04-07 02:28 - 99581952 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
    2015-11-05 18:33 - 2014-04-07 02:28 - 00401408 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
    2015-11-05 18:33 - 2014-04-07 02:28 - 00061440 _____ C:\Windows\system32\config\SAM.iodefrag.bak
    2015-11-05 18:33 - 2014-04-07 02:28 - 00028672 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
    2015-11-04 21:56 - 2012-12-14 17:07 - 00000000 ____D C:\Windows\pss
    2015-11-04 21:50 - 2009-07-14 00:13 - 00784956 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-11-01 17:01 - 2015-08-20 17:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Kodi
    2015-11-01 02:40 - 2011-09-29 19:39 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\uTorrent
    2015-10-31 02:33 - 2014-03-19 20:45 - 00000000 ____D C:\ProgramData\ProductData
    2015-10-29 02:31 - 2014-07-02 13:25 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
    2015-10-28 13:27 - 2011-09-28 07:55 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
    2015-10-25 19:14 - 2013-08-05 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2015-10-25 19:14 - 2013-08-05 18:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2015-10-25 19:14 - 2012-02-23 21:37 - 00000000 ____D C:\Temp
    2015-10-25 14:27 - 2015-09-10 17:38 - 00003116 ____H C:\Users\Ryan\.swfinfo
    2015-10-25 10:18 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-10-25 09:46 - 2014-07-19 14:03 - 00000000 ____D C:\Users\Ryan\AppData\Local\Glyph
    2015-10-24 08:05 - 2014-07-19 14:03 - 00000000 ____D C:\Program Files (x86)\Glyph
    2015-10-23 02:41 - 2013-04-08 21:40 - 00000000 ____D C:\ProgramData\BlueStacksSetup
    2015-10-22 18:06 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
    2015-10-22 17:08 - 2015-09-04 22:31 - 00000000 ____D C:\Users\Ryan\.VirtualBox
    2015-10-22 17:02 - 2009-07-14 00:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-10-19 07:01 - 2014-05-31 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-10-17 04:47 - 2012-04-29 15:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-17 04:47 - 2012-04-29 15:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-10-17 04:47 - 2011-09-27 07:58 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-14 20:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-10-14 03:21 - 2013-02-07 19:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-14 02:45 - 2013-07-13 02:00 - 00000000 ____D C:\Windows\system32\MRT
    2015-10-14 02:37 - 2011-09-29 17:51 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-10-14 02:36 - 2013-04-14 11:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-10-14 02:36 - 2012-01-16 10:48 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-10-14 02:33 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
    2015-10-11 22:05 - 2014-06-11 20:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2015-10-11 22:05 - 2013-10-28 17:45 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2015-10-11 22:04 - 2014-06-11 20:44 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2015-10-11 22:04 - 2013-10-28 17:45 - 01710752 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2015-10-08 17:39 - 2014-05-15 17:51 - 00065024 ___SH C:\Users\Ryan\Desktop\Thumbs.db
    2015-10-07 20:04 - 2012-10-30 17:26 - 00274016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

    ==================== Files in the root of some directories =======

    2009-07-13 18:19 - 2009-07-13 20:14 - 0577536 _____ () C:\Users\Ryan\AppData\Roaming\BackUp2364854530.exe
    2015-11-01 02:40 - 2015-11-01 02:40 - 0450560 _____ (Microsoft Corporation) C:\Users\Ryan\AppData\Roaming\gpmnsd.exe
    2013-03-06 23:16 - 2013-03-06 23:16 - 0003584 _____ () C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-11-02 13:33 - 2015-11-02 13:33 - 0005120 _____ () C:\ProgramData\1F3670CC.EX
    2015-11-06 07:36 - 2015-11-06 07:36 - 0090112 _____ () C:\ProgramData\7B571D05.EX
    2015-11-02 13:34 - 2015-11-02 13:34 - 0004096 _____ () C:\ProgramData\igfxCUIService.exe
    2015-11-06 07:42 - 2015-11-06 07:42 - 0004096 _____ () C:\ProgramData\igfxEM_32.exe
    2015-11-02 13:33 - 2015-11-02 13:33 - 0004096 _____ () C:\ProgramData\openssl.dll
    2015-11-02 06:48 - 2015-11-02 06:48 - 0004096 _____ () C:\ProgramData\QXJhZ3fR3D25.dll
    2015-11-02 06:50 - 2015-11-02 06:50 - 0004096 _____ () C:\ProgramData\x9fy5RHC3D25.dll

    Files to move or delete:
    ====================
    C:\ProgramData\igfxCUIService.exe
    C:\ProgramData\igfxEM_32.exe
    C:\ProgramData\openssl.dll
    C:\ProgramData\QXJhZ3fR3D25.dll
    C:\ProgramData\x9fy5RHC3D25.dll

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-10-31 03:30

    ==================== End of FRST.txt ============================

     

     

     

     

     

     

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
    Ran by Ryan (2015-11-06 19:01:35)
    Running from C:\Users\Ryan\Desktop
    Windows 7 Home Premium (X64) (2011-09-26 18:28:17)
    Boot Mode: Safe Mode (minimal)
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1725188070-1093038038-2835830549-500 - Administrator - Disabled)
    Guest (S-1-5-21-1725188070-1093038038-2835830549-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1725188070-1093038038-2835830549-1013 - Limited - Enabled)
    Mcx1-TYRANT (S-1-5-21-1725188070-1093038038-2835830549-1014 - Limited - Enabled) => C:\Users\Mcx1-TYRANT.TyRaNt
    Ryan (S-1-5-21-1725188070-1093038038-2835830549-1000 - Administrator - Enabled) => C:\Users\Ryan

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
    AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
    AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    ACID Pro 7.0 (HKLM-x32\...\{BFA5441E-B7E6-46F5-A15D-1B74707AE93A}) (Version: 7.0.641 - Sony)
    Acoustica Mixcraft 7 Home Studio  (HKLM-x32\...\Mixcraft 7 Home Studio-32) (Version: 7.0.1.279 - Acoustica)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
    Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
    Akamai NetSession Interface (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
    Album Art Downloader XUI 1.02 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.02 - hxxp://sourceforge.net/projects/album-art)
    Andy OS (HKLM\...\Andy OS) (Version: 0.45.0.0 - Andy OS, Inc)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
    Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
    Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
    AutoHotkey 1.1.14.03 (HKLM\...\AutoHotkey) (Version: 1.1.14.03 - Lexikos)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
    Batman: Arkham City™ GOTY (HKLM-x32\...\GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}) (Version: 1.0.0000.133 - WB Games)
    Batman: Arkham City™ GOTY (x32 Version: 1.0.0000.133 - WB Games) Hidden
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.3 - BitRaider, LLC)
    Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Borderlands: The Pre-Sequel (HKLM-x32\...\Qm9yZGVybGFuZHNUaGVQcmVTZXF1ZWw=_is1) (Version: 1 - )
    Burnout™ Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CrimeCraft Gravity Edition (HKLM-x32\...\CrimeCraft Gravity Edition) (Version: 0.25.07.93042 - Vogster Entertainment)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
    DEAD OR ALIVE 5 Last Round (HKLM-x32\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
    Defiance (HKLM-x32\...\Glyph Defiance) (Version:  - Trion Worlds, Inc.)
    DeskScapes (HKLM-x32\...\DeskScapes) (Version:  - Stardock Corporation, Inc.)
    DeskScapes (x32 Version: 3.50.039 - Stardock Corporation, Inc.) Hidden
    DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
    DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
    Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
    Dream Aquarium (HKLM-x32\...\Dream Aquarium_is1) (Version: 1.0700 - )
    Drift City (HKLM-x32\...\DriftCity_US) (Version:  - )
    Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    DuOS (HKLM\...\{8CE9E5DD-D523-44F2-8DE7-0439310EA984}) (Version: 2.0.3.7527 - American Megatrends Inc.)
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    ESPN Offline Draft (HKLM-x32\...\ESPNOfflineDraft.7DC32A23D84BA514BB63AC794BF941363003AC19.1) (Version: 072514 - ESPN, Inc.)
    ESPN Offline Draft (x32 Version: 255 - ESPN, Inc.) Hidden
    F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - )
    Firefall (HKLM-x32\...\{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}) (Version:  - Red 5 Studios)
    Fireplace 3D Screensaver 1.0 (HKLM-x32\...\Fireplace 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
    FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
    Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.10.1 - Androxyde)
    Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
    GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version:  - GamersFirst)
    Gateway (HKLM-x32\...\{14E83D30-45D6-4153-9D9E-1EFB9E86F661}) (Version: 1.5.6 - Gravity Interactive, Inc.)
    Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
    GmoteServer (HKLM-x32\...\DDA23392-9C73-4909-A221-BC12C6D2664D) (Version: 2.0.2 - Gmote.org)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
    Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
    Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
    Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
    Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
    GRID 2 © Codemasters version 1 (HKLM-x32\...\R1JJRDI=_is1) (Version: 1 - )
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
    HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
    Hulu Desktop (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
    IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.1 - IObit)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
    IsoBuster 3.1 (HKLM-x32\...\IsoBuster_is1) (Version: 3.1 - Smart Projects)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 10.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.0 - )
    Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
    Kodi (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Kodi) (Version:  - XBMC-Foundation)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
    LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
    LCPD First Response (HKLM-x32\...\LCPD First Response) (Version: 1.0.0.0d - G17 Media)
    LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
    Major League Baseball 2K12 (HKLM-x32\...\{E6C29DA3-ADD6-4941-903A-43965CBB0F7C}) (Version: 1.0.0 - 2K Sports)
    Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    MirrorOp Receiver (HKLM-x32\...\MirrorOp Receiver_is1) (Version: 1.2.0.6 - Awind Inc.)
    MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    Music Manager (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MusicManager) (Version:  - Google, Inc.)
    Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version:  - )
    Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
    Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
    Nokia Connectivity Cable Driver (HKLM-x32\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
    NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
    Oracle VM VirtualBox 4.3.30 (HKLM\...\{5E7BEDD4-397D-4537-A290-AB012A45D771}) (Version: 4.3.30 - Oracle Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Panda Devices Agent (x32 Version: 1.03.05 - Panda Security) Hidden
    Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
    Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.00.01.0000 - Panda Security)
    Panda Free Antivirus (Version: 8.03.00.0000 - Panda Security) Hidden
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
    Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.0.22571 - Grinding Gear Games)
    PC Connectivity Solution (HKLM-x32\...\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}) (Version: 8.22.7.0 - Nokia)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Plex Media Server (HKLM-x32\...\{ca5910de-4c30-4f28-b6bd-5dd8edff922d}) (Version: 0.9.1211 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1211 - Plex, Inc.) Hidden
    PocketCloud Windows Companion (HKLM-x32\...\{8C8C169B-D493-42C7-A975-7C1E0E4C5847}) (Version: 2.5.13 - Wyse Technology)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Q2E Blood Culture 2.0 (HKLM-x32\...\Q2E Blood Culture) (Version:  - )
    Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
    Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
    RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
    RIFT (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\RIFT) (Version:  - Trion Worlds, Inc.)
    Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
    RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
    RollerCoaster Tycoon 2: Time Twister (HKLM-x32\...\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}) (Version: 1.00.000 - )
    RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version:  - )
    RollerCoaster Tycoon® 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    Ryse Son of Rome (HKLM-x32\...\Ryse Son of Rome_is1) (Version:  - )
    Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
    Saints Row The Third (HKLM-x32\...\Saints Row The Third_is1) (Version:  - )
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
    SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
    Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
    Sleeping Dogs Definitive Edition, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Sleeping Dogs Definitive Edition_is1) (Version: 1.0.0.0 - RePack by SEYTER)
    Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
    Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: 1.0 - SEGA)
    SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
    Star Wars Battlefront II Ultimate Pack version 4.1 (HKLM-x32\...\{80C123AF-9375-4166-B05B-820FF5EF8B52}_is1) (Version: 4.1 - XAP4O)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    State of Decay - Breakdown (HKLM-x32\...\State of Decay - Breakdown_is1) (Version:  - )
    Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
    Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Texas Instruments PCIxx21/x515 drivers. (HKLM-x32\...\InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}) (Version: 1.13.0000 - Texas Instruments Inc.)
    The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.113 - KMP Media co., Ltd)
    The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
    The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.0.0 - GOG.com)
    Tiger Woods PGA TOUR 08 (HKLM-x32\...\{2FEA102C-F535-4513-009B-57B165013C18}) (Version:  - Electronic Arts)
    TightVNC 2.0.4 (HKLM-x32\...\TightVNC) (Version: 2.0.4 - GlavSoft LLC.)
    TIxx21 (x32 Version: 1.13.0000 - Texas Instruments Inc.) Hidden
    Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00 - Ubisoft)
    UE3Redist (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
    UE3Redist (x32 Version: 1.00.0000 - Epic Games) Hidden
    Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version:  - )
    Unreal Tournament 2004 (HKLM-x32\...\UT2004) (Version:  - )
    Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
    Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
    Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
    Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
    Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    WATCH_DOGS / RePack by Baracuda (HKLM\...\{EF231D76-43D8-4181-81D4-DD235312534D}_is1) (Version: 1.06.329 - )
    WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
    Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    05-11-2015 04:37:25 Scheduled Checkpoint
    05-11-2015 17:13:10 Windows Defender Checkpoint
    05-11-2015 20:04:21 Windows Update
    06-11-2015 03:00:11 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-07 20:00 - 2015-10-07 21:49 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1  nlsk.neulion.com

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {05382F15-4E85-49DD-847C-34902DEBFA60} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {0E3140F4-F964-4F95-B08D-7F87B2EE4757} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {1C617149-1111-4345-AF09-0DE8DF0A9F07} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
    Task: {1CAB60F2-B80C-4BDB-AB37-28341A801382} - \SmartDefrag3_Update -> No File <==== ATTENTION
    Task: {2337B51A-F954-410D-B557-C5F3B9D1F570} - \Game_Booster_AutoUpdate -> No File <==== ATTENTION
    Task: {259DBB21-B7D2-4F35-BB8D-11049CC31720} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {269066A4-67EB-4300-AE11-7C50D7D61775} - System32\Tasks\ASC7_SkipUac_Ryan => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
    Task: {27BE74F6-E453-4C4E-AD10-4F8135C25A69} - \Driver Booster Scan -> No File <==== ATTENTION
    Task: {383EDFB7-CA7C-49B1-9E76-67F641EB6223} - \Driver Booster SkipUAC (Ryan) -> No File <==== ATTENTION
    Task: {3FDF7EE4-CB74-4798-8A80-E30A88F7B782} - \{B10B0FB6-09C1-4631-A8C9-BA605BDF3850} -> No File <==== ATTENTION
    Task: {47D36440-3493-4A56-A0EB-014A7868A42D} - \GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA -> No File <==== ATTENTION
    Task: {565F63E3-8E10-4E20-A7AF-1D3175F43E46} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {5F0F7ED1-0F45-4D46-AE59-992BD057F901} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN39I2N70S05X4 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
    Task: {72B87A83-1DA2-473D-A22B-3CC3DCA6D16D} - \GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core -> No File <==== ATTENTION
    Task: {8F348719-9746-40D3-9C70-922F05AD5E7D} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {94F00FE8-56EE-4808-A62C-66EDCB55E968} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {974743B0-56C4-42A1-AD92-604C2DC8DE83} - \{09C34D03-03FE-4526-8D80-162403A70B7E} -> No File <==== ATTENTION
    Task: {9A5F2205-AF98-440B-B79D-C10DB5D96AF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
    Task: {9D6A1B87-0FE5-41B9-B976-AD9E9F7883F9} - \Microsoft_Hardware_Launch_IType_exe -> No File <==== ATTENTION
    Task: {A7D2250E-C71B-4B3D-BD77-4366F1683589} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-TYRANT => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
    Task: {D4873B53-FC90-4D76-8BE9-ED80DFB9FEBF} - \Driver Booster Update -> No File <==== ATTENTION
    Task: {DE503929-CFC8-4443-A39B-D7F6E1C84676} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {E49D8942-E25D-4733-9C65-D09B7DDB8FED} - \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION
    Task: {EAE97834-BEDE-4351-B21F-A35DD606BCFA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {ED4EC50B-E00D-40FF-9CFB-B08C01EB967C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {F1EF7823-FAF9-40F5-B325-CB94DF7FCD3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
    Task: {F4A6DFB0-14F9-4C13-BFB0-48C6CC4BB2B8} - \Microsoft_Hardware_Launch_IPoint_exe -> No File <==== ATTENTION
    Task: {FA364860-029E-451C-85FE-D69A6D35D865} - \AutoKMS -> No File <==== ATTENTION
    Task: {FB3BFC4F-3EE1-4B5A-8D05-56D75AE6A23F} - \HPCeeScheduleForRyan -> No File <==== ATTENTION
    Task: {FB459A8E-7206-4A51-B1CC-4B53EF344971} - \Registration -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForRyan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Windows\system32\Drivers\cicakiig.sys:changelist
    AlternateDataStreams: C:\ProgramData\Temp:05E9FFE5

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
    IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\cinemanow.com -> hxxp://cinemanow.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\cinemanow.com -> hxxps://cinemanow.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\hp.com -> hxxp://hp.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\qflix.com -> hxxp://qflix.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\roxio.com -> hxxp://roxio.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\sonic.com -> hxxp://redirect.sonic.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\sony.com -> sony.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\100sexlinks.com -> 100sexlinks.com

    There are 4791 more sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Local\stardock\deskwall.bmp
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GmoteServer.lnk => C:\Windows\pss\GmoteServer.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    MSCONFIG\startupreg: BackUp2364854530 => C:\Users\Ryan\AppData\Roaming\BackUp2364854530.exe
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    MSCONFIG\startupreg: Chrome => C:\PROGRA~3\taskhost.exe
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: GateWay => c:\program files (x86)\gravity\gateway\gatewaymain.exe
    MSCONFIG\startupreg: Google Update => "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    MSCONFIG\startupreg: igfxCUIService => "C:\PROGRA~3\igfxCUIService.exe"
    MSCONFIG\startupreg: igfxEM_32 => "C:\PROGRA~3\igfxEM_32.exe"
    MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: PDF Complete => c:\program files (x86)\pdf complete\pdfsty.exe
    MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
    MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TBHostSupport => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Ryan\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
    MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{6C655FDE-4AAF-4620-BC9C-9763BA364917}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
    FirewallRules: [{E80BAD5C-E443-4845-9924-8446018553DB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
    FirewallRules: [{A462087F-1274-4E3F-8089-377FB55B1359}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
    FirewallRules: [{571D9BDF-08B6-4A00-8A30-36F63BECE9DC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
    FirewallRules: [{9F55D473-C767-47A6-88FC-787E0739E9CE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
    FirewallRules: [{359B52E0-2113-48CD-B029-C704836AFBDD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{1EC5E065-477C-4F37-8C74-A49551434E48}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{0DB15326-E497-4ED3-B577-861338BA7B47}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
    FirewallRules: [{6CBA8053-2ED0-4FDB-896E-8F543126107A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
    FirewallRules: [{63DE5EF7-6995-48BC-A8FA-0C848A53FA5C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
    FirewallRules: [{E5A03859-C0A4-4DCE-9123-9481147A9EB8}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{6C3F111E-6E1B-445C-BA88-B17F5F2BBD47}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{4C69B373-48B7-468B-B6CC-60C4B7E1380F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{E26E17FA-C6FA-4EAF-AC3B-167AE1B3DF66}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{56F3FCEC-F573-47EF-8F02-76E05621C375}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{4D7BE302-BA2C-43C7-B425-7655CAF68B0E}] => (Allow) LPort=2869
    FirewallRules: [{94D1E3AD-A4C2-4D89-9A32-9CFC7584BE70}] => (Allow) LPort=1900
    FirewallRules: [{94F0C04F-FFA5-4191-830A-A9158CB7CF5A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{94E41FC2-FA96-4401-AAD9-2C7F4A62FBFA}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [{1318D141-ADF7-45BF-B001-D65A411ECCA5}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [{4EE4E8E1-2EDB-4747-8ED8-63414FB787E8}] => (Allow) J:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
    FirewallRules: [{4702E1BC-4360-4A2F-ABB9-1B908DC68998}] => (Allow) J:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
    FirewallRules: [TCP Query User{E3BA53F7-EEBE-48E2-A9BE-A898C33370B3}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [UDP Query User{AABC0DAF-2D83-491E-B192-131FBD0E8FC5}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [TCP Query User{CBC76D3D-A64E-4E5A-9226-85414EC9B548}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{8ADC3F2A-B610-49C2-B079-A42240356B53}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [{301888A8-40B0-405E-9B52-96EB6C240B6E}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
    FirewallRules: [{CF405D86-28C6-467C-B1B2-B7D572AA15E6}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
    FirewallRules: [{17E373C9-8D77-4C4E-9BAC-6A494090D1D4}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
    FirewallRules: [{AF82E9F4-6DFA-4007-9FD1-C1285C87D518}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
    FirewallRules: [{6D164605-B139-4ECF-98A5-FE7727B474DB}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
    FirewallRules: [{3696B3EC-5975-428B-A1D0-3AC2B33A352E}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
    FirewallRules: [{3C1A52AD-C0DE-436F-AEB9-5C74234A89FA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{3E46D55B-C8BD-40AA-96FF-A9965AC9242C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{A30B49EE-175C-4CDE-BC2F-C0A32C6CBD3D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{98868078-BAD7-4DEA-ADE3-F661C272DECE}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{265A312A-8DBB-4850-A71E-D9DC5B56B503}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{F6EE3E02-FA35-4EE0-8190-60D7F3EFB735}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{DE9490D0-8A75-4800-BAD3-BB2CD6A1ED3B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    FirewallRules: [{FDD465D3-DA11-4232-8C9A-7457DC3A37B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    FirewallRules: [{C777F74C-57A5-4D7E-8FB1-C7292B8B0EF8}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{CB83D1E5-8CF8-46D6-B8C5-576F8D8C09E2}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcher.exe
    FirewallRules: [{6CC37C66-7C9D-42F6-A8DF-017A4839A981}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{DC0758F5-50B0-4321-B488-A0FB64B02194}] => (Allow) J:\gamigo\Golfstar\GolfStar.exe
    FirewallRules: [{D7D5B0D1-63A1-491C-AF20-19F3926F45F7}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcher.exe
    FirewallRules: [{258BCB8B-E349-42A2-88C5-C32AA3293F3B}] => (Allow) J:\gamigo\Golfstar\GolfStar.exe
    FirewallRules: [{EC39F798-2B25-4D67-AA75-061B3A1B669A}] => (Allow) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
    FirewallRules: [{55D8C14F-BEF3-4DA0-9A3C-2B580FADF380}] => (Allow) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
    FirewallRules: [TCP Query User{F6D79434-49DB-4584-8CF0-428D105F0034}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{0960D056-1E5E-4993-A151-1E991A32F60D}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{AFDA71C3-94A5-4E61-9EE8-6D733AA5ECB4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [TCP Query User{35545BF5-7E67-4E02-A024-A95F1AF685C4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{FE083E72-D9F0-417A-A3FD-6886710583B4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [TCP Query User{3E4B820A-6A80-4DAE-9124-D268D2D54516}J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
    FirewallRules: [UDP Query User{7D9BF72D-183F-44CC-8E8C-C7A2205C4FAC}J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
    FirewallRules: [{E82E4B81-EE61-4A4D-A799-690B542D6D5C}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [{FE180EDC-2B16-48C6-ADF6-A156116F9E53}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [TCP Query User{7C73E434-96FE-43C8-870C-4CC8A9121765}J:\quake2\q2e.exe] => (Allow) J:\quake2\q2e.exe
    FirewallRules: [UDP Query User{57CD4FE5-141E-465D-A39D-2F8C8ECC440A}J:\quake2\q2e.exe] => (Allow) J:\quake2\q2e.exe
    FirewallRules: [TCP Query User{43246748-4A47-4264-BB87-405D8A369298}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [UDP Query User{FC41F30B-35D3-42D3-B1B2-8C0D420A75BC}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [{0CFF6D42-94D8-4914-ADE7-39DD68CAA534}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
    FirewallRules: [{2389636C-D805-4096-9AF2-57B6A9F27E6D}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
    FirewallRules: [{C3A08230-3422-4A87-969A-82E1B8FF36BA}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
    FirewallRules: [{C0B8B5B9-00AF-4D63-A00D-A827B635108E}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
    FirewallRules: [{ADAB0B56-D586-4F62-B186-507295932FF4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{6CFF0A31-B6F2-4F66-8D79-BCD490C4CBBF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{7A02BF6D-A36B-4747-8DAA-C830345F894D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{9BAFD885-7628-4FC2-80C2-54D8D55A3595}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{713E6F34-C079-4ED1-96A7-A8B94C33BF24}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{4FDFFFEE-1A8F-479D-A036-F690F6245579}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\GravityLauncher.exe
    FirewallRules: [{49B8EA69-4456-498D-B56C-8D4B7194B361}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\GravityLauncher.exe
    FirewallRules: [{A5E869B8-D3E1-466C-BF69-EB972AE4C26E}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\Binaries\CrimeCraft.exe
    FirewallRules: [{9F671175-F392-4AB9-9B5A-4C93F1D82022}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\Binaries\CrimeCraft.exe
    FirewallRules: [{6CFF33B1-EEA5-4E79-A50B-9CEF0F3447C6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{E633D572-A4AB-4C7C-B990-6DA4F3A403BE}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{22D85453-5FE9-45AC-8C7F-507BFBCBC813}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{1AC78342-2DD9-4348-BBB2-60C8AE43AA68}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [TCP Query User{AC316794-B0D3-45A3-A22B-4ED5C9D2F213}J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Allow) J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
    FirewallRules: [UDP Query User{12343684-EA7C-46F0-8487-1D4A648A96B2}J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Allow) J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
    FirewallRules: [{B7C11F6A-F974-40BA-9B6C-72FEC1C45D79}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
    FirewallRules: [{77FED348-3A89-45E8-9149-5A42C09C3DE7}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
    FirewallRules: [{30945527-E1BB-4C0B-A2AE-B59C05D869F2}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
    FirewallRules: [{BBAB469F-0EB9-493D-B5BD-B489272475C2}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
    FirewallRules: [{5B777662-88CF-4EA1-BF2B-05FB369CD4D5}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
    FirewallRules: [{CC49054E-6960-4A2F-AD49-B4D74DAF4DA9}] => (Allow) LPort=49167
    FirewallRules: [{43A110A5-61F1-47FD-B99C-33880073ECBF}] => (Allow) LPort=5000
    FirewallRules: [{5F93C342-1B56-474F-B733-140A6BEA3BC7}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
    FirewallRules: [{3A1DF9E7-548E-45F1-8DC2-5AEF3CE42033}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
    FirewallRules: [{518DD59E-E374-4B45-B040-0D02B51D6A63}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{3AFDEBCB-1BC1-4AA9-AAC0-93D297F5FC8C}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{5EA9BC05-6789-4F0F-AAC3-09E7C6F86D32}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{58D4C430-27AB-485D-A8ED-5B8CC019179A}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{C64E0725-B849-436A-83DF-18E29C9E6DC1}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{B9FA986A-1F4D-447E-9E1B-00FDDE3D7589}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{5BC2ED46-E1A5-4C65-AE60-1DE081CF193E}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{9EC03A64-997A-44E2-A4B9-DF4F368B5A79}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{331E05EB-5400-4323-B900-49B896062A0D}] => (Allow) C:\Program Files (x86)\MirrorOp Receiver\MirrorOp Receiver.exe
    FirewallRules: [{38D3B9C2-991A-4B76-BE80-E1FA0176D523}] => (Allow) C:\Program Files (x86)\MirrorOp Receiver\MirrorOp Receiver.exe
    FirewallRules: [{E9ACACF1-7C27-4B0A-916C-D7F57E217686}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
    FirewallRules: [TCP Query User{9D4BB9CC-5ABF-474B-AB55-BBC258781A51}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [UDP Query User{91490416-C561-4F7C-A3F8-A7CC6622ABBA}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [{93AF2DA9-4F78-472B-B501-21B1DD6D9499}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{2DA6243C-00BB-4C1B-AF37-242112964F85}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{0B058748-86DC-41E4-B1C1-B65468D1F3FF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{5CBEACC6-02D1-456D-8CCC-16567CF60481}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{A9D1EC1B-FE4B-4090-B87C-EEF9B5C33D71}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [UDP Query User{98F9A935-6230-4317-B3E2-81E1FABAEC0F}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [TCP Query User{B4AE7989-5CE4-4395-B3BF-68C08B87C5AC}C:\program files (x86)\kainy\kainy.exe] => (Allow) C:\program files (x86)\kainy\kainy.exe
    FirewallRules: [UDP Query User{15B654CB-0F55-4D2B-8F50-7A3DE73FF416}C:\program files (x86)\kainy\kainy.exe] => (Allow) C:\program files (x86)\kainy\kainy.exe
    FirewallRules: [{08A0C013-7F2D-4082-8CFA-8283B9CBCFAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{195484E7-6EBD-4EA7-82A5-FC2B367B98F2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{468E147A-1DBF-4BDB-AA40-8E19D1CD8320}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{7BFCA639-3770-4446-BD83-2B9288AAD04C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [TCP Query User{37F33E1D-E444-45A7-8605-E49D0753F87A}J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [UDP Query User{0C064CE2-6730-4EBF-B255-3E2A798E9B05}J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [{06BBA1F0-8169-4F79-897C-4A6DFFE00DA9}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
    FirewallRules: [{41A929C2-698C-406B-B171-8D3571A8D4C4}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{2A10A389-EF54-455D-937E-210B7B1C97AC}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
    FirewallRules: [{66731D20-BED1-40E1-AA78-1C2112E2E86C}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{1110D147-2FBC-4EBA-8670-A818BC12D130}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
    FirewallRules: [{001F18B0-4188-412F-9C2D-BCE40B961A49}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{60EFACA2-FB14-47EB-8EBE-C6C204E9BB58}] => (Allow) C:\Users\Ryan\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
    FirewallRules: [TCP Query User{42F01058-7011-41D9-992E-70E99CA5F190}J:\program files\capcom\resident evil 5\re5dx10.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx10.exe
    FirewallRules: [UDP Query User{CF7E835E-FA32-4593-9370-1730030D8824}J:\program files\capcom\resident evil 5\re5dx10.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx10.exe
    FirewallRules: [TCP Query User{7BDA13A0-3F8E-4207-802D-36D648513EFD}J:\program files\capcom\resident evil 5\re5dx9.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx9.exe
    FirewallRules: [UDP Query User{115ED86D-AEEE-43F7-9A35-905FEDAD5681}J:\program files\capcom\resident evil 5\re5dx9.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx9.exe
    FirewallRules: [{9D8A01C6-BB2E-435F-B400-7C14C0A12CA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{1DE848DD-3B82-455A-9DDF-679E53C8C0C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B522AED4-0231-4A38-8948-E344F2B7D378}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{C68E9191-990A-4614-A90E-B071059E9591}J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
    FirewallRules: [UDP Query User{04EE3FF4-3DE9-4E75-9AF2-C3D41859E9A0}J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
    FirewallRules: [{920000B2-B9F7-46FF-845F-01AAA43DAA31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{1A89AC95-31E8-4FD9-A96A-98AE67112A17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{F89EFBCF-E751-4322-A327-158E2D0674A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{3946F287-25B5-447F-B6F5-E4E4AEBC0999}J:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) J:\program files (x86)\saints row iv\saintsrowiv.exe
    FirewallRules: [UDP Query User{C066ED73-E1B0-4EB6-9B94-C62EE727A168}J:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) J:\program files (x86)\saints row iv\saintsrowiv.exe
    FirewallRules: [TCP Query User{C63329A5-69BC-4DBA-AED5-0163C93F67F4}J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [UDP Query User{8FBF2B43-0B86-4091-9A56-D048C2BFC63F}J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [{3BEF2E6A-71A5-43C7-95A4-509E3B4801D0}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{4B0B7308-1F0E-40CF-AE16-CEA0D01577A3}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{91BEA7F2-3BC6-473D-92A3-D04B05BDA41F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{1FB06396-3518-4525-A9F2-1815E7C0A9A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{9E6D7BEF-F7A5-4155-9D8E-F8C02BF3A782}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{0D6D2E7D-ABD5-48E2-8D42-D5A551966D4A}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E7332D2A-2B40-4380-9965-2E78F4E610F9}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{FA4772FD-9521-4CDD-89AE-F1BDD0521460}J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Allow) J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
    FirewallRules: [UDP Query User{D347BBE4-9C5B-409E-8551-DB51EC723F0D}J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Allow) J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
    FirewallRules: [{257237B3-5D6E-4175-BB00-95ECCDA6A93B}] => (Allow) J:\Program Files (x86)\WB Games\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
    FirewallRules: [{2742D936-D507-46FE-841D-05A6C42EC15D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{995AD505-4CAF-46C1-A97A-C3EB2590C8B7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{66ADF8BF-1655-41C3-850C-DEDDCFA84A90}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{08B05F5D-DDC1-4636-B3EB-00B03A2319A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [TCP Query User{AD17CE4E-6828-49DF-B889-487665350240}J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe] => (Allow) J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe
    FirewallRules: [UDP Query User{AAFFD1EB-E736-43EF-B532-F13C836748F4}J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe] => (Allow) J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe
    FirewallRules: [{83ECE391-2FFA-451F-A722-90C0FFE490EB}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{66247FDE-08E5-4D7C-97C1-990A0360BEDC}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{3EF2B6B3-C384-449F-9A49-D0CC863EFAD9}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
    FirewallRules: [UDP Query User{EAB143C0-E990-4B3C-A493-77B720D319BC}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
    FirewallRules: [TCP Query User{00E603F7-D109-4E58-90E8-53FC73BFD91E}J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe] => (Allow) J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe
    FirewallRules: [UDP Query User{204E5573-1589-4337-AD08-8FBF89BBFAF9}J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe] => (Allow) J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe
    FirewallRules: [{FBB2BCF8-1DDE-4AED-95F2-C7AB50AB2FD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{BEFA8A1D-A636-48E2-96E2-E86555DBEA28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{0385C58F-4FE6-4C67-9090-B6B7475AB713}] => (Allow) J:\SimCity\SimCity 2013 Offline\SimCity\SimCity.exe
    FirewallRules: [{B14A57B9-8252-4BD9-8B98-5658E2E1D5B5}] => (Allow) J:\SimCity\SimCity 2013 Offline\SimCity\SimCity.exe
    FirewallRules: [TCP Query User{3208A1D5-53F4-4044-977A-3CA514EE6C3B}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
    FirewallRules: [UDP Query User{71309A87-8B21-4B95-B4DF-6175E7017752}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
    FirewallRules: [TCP Query User{44E9C83C-0BC8-4692-9BBA-F8D6D9509AE5}J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe] => (Allow) J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe
    FirewallRules: [UDP Query User{E6D25795-0F3D-461C-A5E0-ADC5351C4AE0}J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe] => (Allow) J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe
    FirewallRules: [TCP Query User{6E745788-6B64-4BB0-9586-6AF86CCC74A5}J:\program files\mass effect 2\binaries\masseffect2.exe] => (Allow) J:\program files\mass effect 2\binaries\masseffect2.exe
    FirewallRules: [UDP Query User{89759BC4-F0A5-4CB3-ACDE-62C40B072F34}J:\program files\mass effect 2\binaries\masseffect2.exe] => (Allow) J:\program files\mass effect 2\binaries\masseffect2.exe
    FirewallRules: [TCP Query User{7F1884C6-C72E-4402-8B23-53A277A08C13}J:\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) J:\mass effect 3\binaries\win32\masseffect3.exe
    FirewallRules: [UDP Query User{F9E06AA2-0C5A-48FA-A36C-DE69A83E8EED}J:\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) J:\mass effect 3\binaries\win32\masseffect3.exe
    FirewallRules: [{987DD292-29F2-43AC-BB9E-29630EE57806}] => (Allow) J:\Program Files (x86)\2K Sports\Major League Baseball 2K12\mlb2k12.exe
    FirewallRules: [{1BA00473-423F-498A-A38A-F39EFC6CA9A8}] => (Allow) J:\Program Files (x86)\2K Sports\Major League Baseball 2K12\mlb2k12.exe
    FirewallRules: [{E979B422-403B-4963-9A7A-27B2D43936C4}] => (Block) %ProgramFiles% (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
    FirewallRules: [{A60FF9AF-4B99-4956-AF0C-2C9849228F6A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{521D8D40-F3B3-4B61-94D1-3099D86A7542}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{B8C1213C-A8FC-46F9-986E-9460DAE8F990}J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
    FirewallRules: [UDP Query User{391628D8-E68F-4015-A45B-C9A574EBEB85}J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
    FirewallRules: [{4BF5E5AF-BC1D-4849-87D5-4DD8CC601709}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    FirewallRules: [{954DF99A-0A4E-4EA9-A134-5E1238140AEA}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    FirewallRules: [{5A052CCD-391F-4487-9FDB-C810E1D512A8}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
    FirewallRules: [TCP Query User{78905519-11DC-4A42-9C92-4F9ADBF605E9}J:\q2e blood culture\quake2.exe] => (Allow) J:\q2e blood culture\quake2.exe
    FirewallRules: [UDP Query User{281DD3B8-7057-480E-B4D8-DCA2EF30F788}J:\q2e blood culture\quake2.exe] => (Allow) J:\q2e blood culture\quake2.exe
    FirewallRules: [TCP Query User{ED4AB80A-418A-4A44-A771-60127EDB5AC6}J:\quake2\quake2.exe] => (Allow) J:\quake2\quake2.exe
    FirewallRules: [UDP Query User{C125A16B-5691-43B8-BC40-278E48B29F82}J:\quake2\quake2.exe] => (Allow) J:\quake2\quake2.exe
    FirewallRules: [{614F6565-334C-44A6-86CC-9F9A3D804478}] => (Allow) J:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
    FirewallRules: [{0E46613A-9A11-4DC4-BBC5-E1FC47B709A8}] => (Allow) J:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
    FirewallRules: [{033F4792-22A5-4C6B-95AE-9A956FCB1530}] => (Allow) E:\RouterSetup\QISWizard.exe
    FirewallRules: [{E7B2D2AE-F5DE-41C5-8F36-E250A8EB1708}] => (Allow) E:\RouterSetup\QISWizard.exe
    FirewallRules: [{43E7B349-A2FC-451D-A3A0-D446F9B45C35}] => (Allow) J:\UT2004\System\UT2004.exe
    FirewallRules: [{4B29E4B2-C3AE-4AF8-9EDA-87B9CD473FDC}] => (Allow) J:\UT2004\System\UT2004.exe
    FirewallRules: [TCP Query User{9641D6DF-131D-4DDA-9873-464BD1097549}J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe] => (Allow) J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe
    FirewallRules: [UDP Query User{06A57541-DE77-48E9-B75C-5A2661A5FF42}J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe] => (Allow) J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe
    FirewallRules: [{95EA1BD0-FD61-4045-AB0F-81BD6F22924C}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
    FirewallRules: [{915B9DD0-3DD7-4991-8735-CE44A80E9FD4}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
    FirewallRules: [{A4F8C3DF-B4CD-4993-9977-DD96ACD71348}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
    FirewallRules: [{D30AA506-38D0-4E50-A974-D1D1B31D65FD}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
    FirewallRules: [{742F3392-4729-413A-B53E-1324A2637208}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
    FirewallRules: [{D6747CB8-E763-4922-BA81-70ACA02854F4}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
    FirewallRules: [{70FD5F12-229D-4815-B5AB-03BC2EADDF13}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
    FirewallRules: [{F8C7E231-E6C9-4CD4-B990-DC6832D09AA2}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
    FirewallRules: [{411C2157-853C-447B-A686-B24760050805}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
    FirewallRules: [{43936CFC-375D-429E-A116-9622DB8E490A}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
    FirewallRules: [{15A956CE-A39E-4F31-9834-6B694CE98CC2}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
    FirewallRules: [{F4074A7A-0916-4768-A5E9-3E455D7702C9}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
    FirewallRules: [TCP Query User{5E14F496-29C1-4964-A919-BA9A83794875}J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
    FirewallRules: [UDP Query User{0B43153B-001C-4F55-98BA-8D37345C6322}J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
    FirewallRules: [{76BFABE6-9FEF-4442-85BA-A6DBA9B45B0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{5B0DBFAA-FE00-43EC-B67E-76C7634918D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{CE9CCD55-AC83-4A9F-8FA6-7BC6A89650C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{1B80D4E4-9102-44C8-A6D1-803E13761CF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{CF64C254-2D28-4622-8109-2E529DDE77DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{49CC2C6B-448C-4AB8-BDD5-D1183917AEB9}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [UDP Query User{A44287D1-98D1-4C28-8F54-768C67B5B26E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [{C4B3D042-1404-4A79-B05C-FF0EBFAEE775}] => (Allow) C:\Users\Ryan\AppData\Roaming\Andy_45_Online\Setup.exe
    FirewallRules: [{01F1A184-5C08-4362-A9F9-F3A0CA779551}] => (Allow) C:\Users\Ryan\AppData\Roaming\Andy_45_Online\Setup.exe
    FirewallRules: [{E9CF1B92-F4D8-4F1E-9DDD-CDAA90B60274}] => (Allow) C:\Program Files\Andy\Andy.exe
    FirewallRules: [{D4425354-3701-4DF5-97E6-0CC0933DDE65}] => (Allow) C:\Program Files\Andy\Andy.exe
    FirewallRules: [{B99DB44F-3DEF-4573-AB22-A2B257E12176}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{0272A83C-7D8F-4F2C-B504-AE45BE228DA6}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{4B7467C4-130B-4ED5-9A86-E6D27A0D0186}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{3238F108-0193-40FA-93E9-21316F839FF6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2B0434BC-FA17-4FA2-8AC3-0B80083E0B6D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{83C99040-A334-4541-B901-2F88F755E75B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{93AB6FD0-03CE-4EFD-88E4-983D31C760B2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    FirewallRules: [{F201174C-E026-4E16-9B2A-910CC62AC24A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    FirewallRules: [{8FF911B7-EDE5-4FC2-8816-B3D67A1918BD}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    FirewallRules: [{C67C681F-E992-48F0-B359-DBEE346A1805}] => (Block) %ProgramFiles% (x86)\Acoustica Mixcraft 6\mixcraft6.exe
    FirewallRules: [{8D79286D-E2E4-4F3B-A30F-AA3BBB5198FA}] => (Block) %ProgramFiles% (x86)\Acoustica Mixcraft 6\mixcraft6.exe
    FirewallRules: [{A972F418-6729-4F02-B198-C469128B0815}] => (Block) %ProgramFiles% (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
    FirewallRules: [{A9A9E1FE-4306-4EF4-BFD4-3A58BFBA587E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{C00FC7C3-43BD-4B36-B093-72A902F823F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/06/2015 05:35:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x10006c13
    Faulting process id: 0xb18
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3

    Error: (11/06/2015 04:00:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...7BBCD7A8CB4.crt> with error: 12029 (0x2efd).

    Error: (11/06/2015 03:39:18 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvBackend.exe, version: 20.0.15.0, time stamp: 0x560e7004
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0030de71
    Faulting process id: 0x168c
    Faulting application start time: 0xNvBackend.exe0
    Faulting application path: NvBackend.exe1
    Faulting module path: NvBackend.exe2
    Report Id: NvBackend.exe3

    Error: (11/06/2015 03:27:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073418154

    Error: (11/05/2015 09:39:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...7BBCD7A8CB4.crt> with error: 12029 (0x2efd).

    Error: (11/05/2015 09:26:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvBackend.exe, version: 20.0.15.0, time stamp: 0x560e7004
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0046de71
    Faulting process id: 0xc28
    Faulting application start time: 0xNvBackend.exe0
    Faulting application path: NvBackend.exe1
    Faulting module path: NvBackend.exe2
    Report Id: NvBackend.exe3

    Error: (11/05/2015 08:59:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x10006c13
    Faulting process id: 0x1a8
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3

    Error: (11/05/2015 07:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvBackend.exe, version: 20.0.15.0, time stamp: 0x560e7004
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x002ede71
    Faulting process id: 0xb58
    Faulting application start time: 0xNvBackend.exe0
    Faulting application path: NvBackend.exe1
    Faulting module path: NvBackend.exe2
    Report Id: NvBackend.exe3

    Error: (11/05/2015 07:28:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

    Details:
    Could not query the status of the EventSystem service.

    System Error:
    A system shutdown is in progress.
    .

    Error: (11/05/2015 06:59:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvBackend.exe, version: 20.0.15.0, time stamp: 0x560e7004
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0047de71
    Faulting process id: 0x9b0
    Faulting application start time: 0xNvBackend.exe0
    Faulting application path: NvBackend.exe1
    Faulting module path: NvBackend.exe2
    Report Id: NvBackend.exe3

    System errors:
    =============
    Error: (11/06/2015 06:58:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1068

    Error: (11/06/2015 06:58:37 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}

    Error: (11/06/2015 06:57:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (11/06/2015 06:57:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (11/06/2015 06:57:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (11/06/2015 06:57:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (11/06/2015 06:57:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (11/06/2015 06:57:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (11/06/2015 06:57:10 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (11/06/2015 06:57:09 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    CodeIntegrity:
    ===================================
      Date: 2015-11-06 17:52:13.790
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-06 17:52:13.790
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-06 03:35:03.680
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-06 03:35:03.680
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-06 03:29:58.694
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-06 03:29:58.694
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-05 21:23:34.368
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-05 21:23:34.368
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-05 19:42:04.638
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-05 19:42:04.607
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: AMD Athlon™ II X4 640 Processor
    Percentage of memory in use: 14%
    Total physical RAM: 8191.29 MB
    Available physical RAM: 6996.71 MB
    Total Virtual: 16382.57 MB
    Available Virtual: 15132.52 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:917.79 GB) (Free:449.43 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:13.61 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive j: (Cpt Sea Biscuit) (Fixed) (Total:931.51 GB) (Free:230.78 GB) NTFS
    Drive k: (My Book) (Fixed) (Total:1862.98 GB) (Free:1547.05 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 5A2442D8)
    Partition 1: (Active) - (Size=106 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13.6 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 2B38A14C)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 17B6C2D9)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================


    Edited by rct8787, 07 November 2015 - 08:18 AM.

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  
     
     
    Uninstall:
     
     

    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
    IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.1 - IObit)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) <== You don't need 2 anti-viruses.  They fight each other.
    Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
     
     

     
    Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
     
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
     
    Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
     
    scan-results.jpg
     
    Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
     
    The report will be saved in the C:\AdwCleaner folder.
     
     
     
    Junkware-Removal-Tool
     
    Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
    • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
     
     
    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

    • 0

    #5
    rct8787

    rct8787

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Uninstalled the programs, ADW didnt find anything, JRT would not run ran as admin and nothing would happen. See the logs below. Thanks!

     

     

     

    Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
    Ran by Ryan (2015-11-07 17:01:31) Run:1
    Running from C:\Users\Ryan\Desktop
    Loaded Profiles: Ryan (Available Profiles: Ryan & Mcx1-TYRANT)
    Boot Mode: Safe Mode (minimal)
    ==============================================

    fixlist content:
    *****************
    HKLM\...\Run: [x9fy5RHC3D25] => regsvr32.exe /s "C:\PROGRA~3\x9fy5RHC3D25.dll"
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [Cicuk] => regsvr32.exe "C:\Users\Ryan\AppData\Roaming\IeveKmets\UedoKwopc.dll"
    ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
    ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
    ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
    ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 -> DefaultScope {5ED88E19-FCB1-4428-9612-3E22A725041E} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
    SearchScopes: HKU\.DEFAULT -> bProtectorDefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> DefaultScope {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yd.delta-search.com/?q={searchTerms}&affID=119816&tt=030213_yd&babsrc=SP_ss&mntrId=8cf4d1020000000000001c659da898fe
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    Toolbar: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-10-03]
    S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
    S3 BS2364854530; \??\C:\Users\Ryan\AppData\Local\Temp\NTFS.sys [X]
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
    S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
    S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
    S3 motccgp; system32\DRIVERS\motccgp.sys [X]
    S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
    S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
    S3 X6va005; \??\C:\Users\Ryan\AppData\Local\Temp\00529AB.tmp [X]
    S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2015-11-02 13:34 - 2015-11-02 13:34 - 00004096 _____ C:\ProgramData\igfxCUIService.exe
    2015-11-02 13:33 - 2015-11-02 13:33 - 00005120 _____ C:\ProgramData\1F3670CC.EX
    2015-11-02 13:33 - 2015-11-02 13:33 - 00004096 _____ C:\ProgramData\openssl.dll
    2015-11-02 06:50 - 2015-11-02 06:50 - 00004096 _____ C:\ProgramData\x9fy5RHC3D25.dll
    2015-11-02 06:48 - 2015-11-02 06:48 - 00004096 _____ C:\ProgramData\QXJhZ3fR3D25.dll
    2015-11-01 10:18 - 2015-11-01 10:18 - 00929872 _____ (Google Inc.) C:\Users\Ryan\Downloads\ChromeSetup.exe
    2015-11-01 02:55 - 2015-11-03 17:28 - 03550700 _____ C:\Windows\system32\CFG2364854530
    2015-11-01 02:40 - 2015-11-01 02:40 - 00450560 _____ (Microsoft Corporation) C:\Users\Ryan\AppData\Roaming\gpmnsd.exe
    2015-11-01 02:39 - 2015-11-06 17:52 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\IeveKmets
    2015-11-01 02:39 - 2015-11-01 02:39 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2009-07-13 18:19 - 2009-07-13 20:14 - 0577536 _____ () C:\Users\Ryan\AppData\Roaming\BackUp2364854530.exe
    2015-11-01 02:40 - 2015-11-01 02:40 - 0450560 _____ (Microsoft Corporation) C:\Users\Ryan\AppData\Roaming\gpmnsd.exe
    2013-03-06 23:16 - 2013-03-06 23:16 - 0003584 _____ () C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-11-02 13:33 - 2015-11-02 13:33 - 0005120 _____ () C:\ProgramData\1F3670CC.EX
    2015-11-06 07:36 - 2015-11-06 07:36 - 0090112 _____ () C:\ProgramData\7B571D05.EX
    2015-11-02 13:34 - 2015-11-02 13:34 - 0004096 _____ () C:\ProgramData\igfxCUIService.exe
    2015-11-06 07:42 - 2015-11-06 07:42 - 0004096 _____ () C:\ProgramData\igfxEM_32.exe
    2015-11-02 13:33 - 2015-11-02 13:33 - 0004096 _____ () C:\ProgramData\openssl.dll
    2015-11-02 06:48 - 2015-11-02 06:48 - 0004096 _____ () C:\ProgramData\QXJhZ3fR3D25.dll
    2015-11-02 06:50 - 2015-11-02 06:50 - 0004096 _____ () C:\ProgramData\x9fy5RHC3D25.dll
    C:\ProgramData\igfxCUIService.exe
    C:\ProgramData\igfxEM_32.exe
    C:\ProgramData\openssl.dll
    C:\ProgramData\QXJhZ3fR3D25.dll
    C:\ProgramData\x9fy5RHC3D25.dll
    Task: {05382F15-4E85-49DD-847C-34902DEBFA60} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {1CAB60F2-B80C-4BDB-AB37-28341A801382} - \SmartDefrag3_Update -> No File <==== ATTENTION
    Task: {2337B51A-F954-410D-B557-C5F3B9D1F570} - \Game_Booster_AutoUpdate -> No File <==== ATTENTION
    Task: {27BE74F6-E453-4C4E-AD10-4F8135C25A69} - \Driver Booster Scan -> No File <==== ATTENTION
    Task: {383EDFB7-CA7C-49B1-9E76-67F641EB6223} - \Driver Booster SkipUAC (Ryan) -> No File <==== ATTENTION
    Task: {3FDF7EE4-CB74-4798-8A80-E30A88F7B782} - \{B10B0FB6-09C1-4631-A8C9-BA605BDF3850} -> No File <==== ATTENTION
    Task: {72B87A83-1DA2-473D-A22B-3CC3DCA6D16D} - \GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core -> No File <==== ATTENTION
    Task: {8F348719-9746-40D3-9C70-922F05AD5E7D} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {47D36440-3493-4A56-A0EB-014A7868A42D} - \GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA -> No File <==== ATTENTION
    Task: {974743B0-56C4-42A1-AD92-604C2DC8DE83} - \{09C34D03-03FE-4526-8D80-162403A70B7E} -> No File <==== ATTENTION
    Task: {9D6A1B87-0FE5-41B9-B976-AD9E9F7883F9} - \Microsoft_Hardware_Launch_IType_exe -> No File <==== ATTENTION
    Task: {D4873B53-FC90-4D76-8BE9-ED80DFB9FEBF} - \Driver Booster Update -> No File <==== ATTENTION
    Task: {E49D8942-E25D-4733-9C65-D09B7DDB8FED} - \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION
    Task: {F4A6DFB0-14F9-4C13-BFB0-48C6CC4BB2B8} - \Microsoft_Hardware_Launch_IPoint_exe -> No File <==== ATTENTION
    Task: {FA364860-029E-451C-85FE-D69A6D35D865} - \AutoKMS -> No File <==== ATTENTION
    Task: {FB3BFC4F-3EE1-4B5A-8D05-56D75AE6A23F} - \HPCeeScheduleForRyan -> No File <==== ATTENTION
    Task: {FB459A8E-7206-4A51-B1CC-4B53EF344971} - \Registration -> No File <==== ATTENTION
    AlternateDataStreams: C:\Windows\system32\Drivers\cicakiig.sys:changelist
    AlternateDataStreams: C:\ProgramData\Temp:05E9FFE5
    C:\Windows\system32\Drivers\cicakiig.sys
    C:\Users\Ryan\AppData\Roaming\IeveKmets
    C:\PROGRA~3\x9fy5RHC3D25.dll
    EmptyTemp:
    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\x9fy5RHC3D25 => value not found.
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Cicuk => value not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
    HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
    HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
    HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
    HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
    HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
    HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
    HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfully
    HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
    HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value removed successfully
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
    HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
    "HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5ED88E19-FCB1-4428-9612-3E22A725041E}" => key removed successfully
    HKCR\CLSID\{5ED88E19-FCB1-4428-9612-3E22A725041E} => key not found.
    "HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
    HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
    "HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfully
    HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found.
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
    C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd => not found
    BRDriver64 => service removed successfully
    BS2364854530 => service removed successfully
    BT => service removed successfully
    BTCOM => service removed successfully
    Btcsrusb => service removed successfully
    EagleX64 => service removed successfully
    IvtComBusSrv => service removed successfully
    motandroidusb => service removed successfully
    motccgp => service not found.
    MotoSwitchService => service not found.
    motusbdevice => service not found.
    X6va005 => service removed successfully
    X6va011 => service removed successfully
    xhunter1 => service removed successfully
    C:\ProgramData\igfxCUIService.exe => moved successfully
    "C:\ProgramData\1F3670CC.EX" => not found.
    "C:\ProgramData\openssl.dll" => not found.
    "C:\ProgramData\x9fy5RHC3D25.dll" => not found.
    "C:\ProgramData\QXJhZ3fR3D25.dll" => not found.
    C:\Users\Ryan\Downloads\ChromeSetup.exe => moved successfully
    C:\Windows\system32\CFG2364854530 => moved successfully
    C:\Users\Ryan\AppData\Roaming\gpmnsd.exe => moved successfully
    C:\Users\Ryan\AppData\Roaming\IeveKmets => moved successfully
    "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" => not found.
    C:\Users\Ryan\AppData\Roaming\BackUp2364854530.exe => moved successfully
    "C:\Users\Ryan\AppData\Roaming\gpmnsd.exe" => not found.
    C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
    "C:\ProgramData\1F3670CC.EX" => not found.
    C:\ProgramData\7B571D05.EX => moved successfully
    "C:\ProgramData\igfxCUIService.exe" => not found.
    C:\ProgramData\igfxEM_32.exe => moved successfully
    "C:\ProgramData\openssl.dll" => not found.
    "C:\ProgramData\QXJhZ3fR3D25.dll" => not found.
    "C:\ProgramData\x9fy5RHC3D25.dll" => not found.
    "C:\ProgramData\igfxCUIService.exe" => not found.
    "C:\ProgramData\igfxEM_32.exe" => not found.
    "C:\ProgramData\openssl.dll" => not found.
    "C:\ProgramData\QXJhZ3fR3D25.dll" => not found.
    "C:\ProgramData\x9fy5RHC3D25.dll" => not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05382F15-4E85-49DD-847C-34902DEBFA60}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05382F15-4E85-49DD-847C-34902DEBFA60}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CAB60F2-B80C-4BDB-AB37-28341A801382}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CAB60F2-B80C-4BDB-AB37-28341A801382}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag3_Update" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2337B51A-F954-410D-B557-C5F3B9D1F570}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2337B51A-F954-410D-B557-C5F3B9D1F570}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27BE74F6-E453-4C4E-AD10-4F8135C25A69}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27BE74F6-E453-4C4E-AD10-4F8135C25A69}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{383EDFB7-CA7C-49B1-9E76-67F641EB6223}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{383EDFB7-CA7C-49B1-9E76-67F641EB6223}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Ryan)" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FDF7EE4-CB74-4798-8A80-E30A88F7B782}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FDF7EE4-CB74-4798-8A80-E30A88F7B782}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B10B0FB6-09C1-4631-A8C9-BA605BDF3850}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72B87A83-1DA2-473D-A22B-3CC3DCA6D16D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72B87A83-1DA2-473D-A22B-3CC3DCA6D16D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F348719-9746-40D3-9C70-922F05AD5E7D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F348719-9746-40D3-9C70-922F05AD5E7D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47D36440-3493-4A56-A0EB-014A7868A42D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47D36440-3493-4A56-A0EB-014A7868A42D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{974743B0-56C4-42A1-AD92-604C2DC8DE83}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{974743B0-56C4-42A1-AD92-604C2DC8DE83}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09C34D03-03FE-4526-8D80-162403A70B7E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D6A1B87-0FE5-41B9-B976-AD9E9F7883F9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D6A1B87-0FE5-41B9-B976-AD9E9F7883F9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_IType_exe" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D4873B53-FC90-4D76-8BE9-ED80DFB9FEBF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4873B53-FC90-4D76-8BE9-ED80DFB9FEBF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E49D8942-E25D-4733-9C65-D09B7DDB8FED} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4A6DFB0-14F9-4C13-BFB0-48C6CC4BB2B8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4A6DFB0-14F9-4C13-BFB0-48C6CC4BB2B8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_IPoint_exe" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FA364860-029E-451C-85FE-D69A6D35D865}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA364860-029E-451C-85FE-D69A6D35D865}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB3BFC4F-3EE1-4B5A-8D05-56D75AE6A23F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB3BFC4F-3EE1-4B5A-8D05-56D75AE6A23F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForRyan" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB459A8E-7206-4A51-B1CC-4B53EF344971}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB459A8E-7206-4A51-B1CC-4B53EF344971}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registration" => key removed successfully
    C:\Windows\system32\Drivers\cicakiig.sys => ":changelist" ADS removed successfully.
    C:\ProgramData\Temp => ":05E9FFE5" ADS removed successfully.
    C:\Windows\system32\Drivers\cicakiig.sys => moved successfully
    "C:\Users\Ryan\AppData\Roaming\IeveKmets" => not found.
    "C:\PROGRA~3\x9fy5RHC3D25.dll" => not found.
    EmptyTemp: => 47.1 MB temporary data Removed.

    The system needed a reboot.

    ==== End of Fixlog 17:01:53 ====

     

     

     

     

    # AdwCleaner v5.018 - Logfile created 07/11/2015 at 17:04:10
    # Updated 05/11/2015 by Xplode
    # Database : 2015-11-01.2 [Local]
    # Operating system : Windows 7 Home Premium  (x64)
    # Username : Ryan - TYRANT
    # Running from : C:\Users\Ryan\Desktop\AdwCleaner.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****

    ***** [ Folders ] *****

    ***** [ Files ] *****

    ***** [ DLL ] *****

    ***** [ Shortcuts ] *****

    ***** [ Scheduled tasks ] *****

    ***** [ Registry ] *****

    ***** [ Web browsers ] *****

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [563 bytes] ##########

     

     

     

     

     

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
    Ran by Ryan (administrator) on TYRANT (07-11-2015 17:27:33)
    Running from C:\Users\Ryan\Desktop
    Loaded Profiles: Ryan (Available Profiles: Ryan & Mcx1-TYRANT)
    Platform: Windows 7 Home Premium (X64) Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Scarlet.Crush Productions) C:\Users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Google Inc.) C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    (Google Inc.) C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Ralink Technology, Inc.) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-16] (Realtek Semiconductor)
    HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [MusicManager] => C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {06b1c984-7711-11e2-a913-64315026845a} - L:\setup.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {06c1d821-d35e-11e3-b6d5-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {06c1d861-d35e-11e3-b6d5-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {13d77c52-4435-11e2-952f-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {1e2ce8dd-d97b-11e2-a9f3-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {3a8b3440-30e7-11e2-98fe-64315026845a} - L:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {4ebcf890-7388-11e3-a721-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {606be1b5-eaf0-11e0-a777-64315026845a} - K:\Setup.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {6d888469-40c7-11e5-b7e9-98588a02a5c8} - M:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {8e6ca0ca-81e3-11e4-8d63-64315026845a} - K:\MotorolaDeviceManagerSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {8f88ea8f-6d6b-11e4-9313-001122987654} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {ebb353ff-8e6b-11e4-af1e-64315026845a} - K:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\DREAMA~1.SCR [94208 2006-10-09] ()
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-11-07] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-01-19]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2013-01-09]
    ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaWiFi.exe (Ralink Technology, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 127.0.0.1  nlsk.neulion.com
    Tcpip\..\Interfaces\{BBF9F091-EADE-4E1C-AB76-D5897FD5207B}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{C4349D22-40F8-480F-AD78-E820B327C557}: [DhcpNameServer] 209.18.47.61 209.18.47.62

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> DefaultScope {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
    FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2012-05-14] (Nexon)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.yahoo.com/
    CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
    CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
    CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
    CHR Extension: (Dark Vibe) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2013-10-15]
    CHR Extension: (Google Play Music) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-04]
    CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
    CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
    R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [82384 2015-08-06] (American Megatrends Inc.)
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-11] (BitRaider, LLC)
    S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
    R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
    R2 Ds3Service; C:\Users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe [381952 2014-06-29] (Scarlet.Crush Productions) [File not signed]
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4302576 2012-08-15] (INCA Internet Co., Ltd.) [File not signed]
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-17] ()
    R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
    R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
    S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [295128 2015-05-16] (Realtek Semiconductor)
    S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
    R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
    U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
    S2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [191488 2012-11-05] () [File not signed]
    S2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-11-05] (Wyse Technology.) [File not signed]
    S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-01-19] (Broadcom Corporation.)
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
    R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
    S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
    S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-14] (DT Soft Ltd)
    R1 DuoVMDrv; C:\Windows\System32\DRIVERS\DuoVMDrv.sys [239536 2015-07-31] (American Megatrends Inc.)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-30] (REALiX™)
    S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
    S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
    S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [555736 2014-04-27] (Realtek Semiconductor Corporation)
    R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2014-04-27] (Scarlet.Crush Productions)
    S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX64.sys [57312 2008-06-14] (Ray Hinchliffe)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-14] (Duplex Secure Ltd.)
    S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
    S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [20992 2013-04-11] (Windows ® Win 7 DDK provider)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    U3 abbzc7am; C:\Windows\System32\Drivers\abbzc7am.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-07 17:24 - 2015-11-07 17:24 - 362658434 _____ C:\Windows\MEMORY.DMP
    2015-11-07 17:24 - 2015-11-07 17:24 - 00268928 _____ C:\Windows\Minidump\110715-47517-01.dmp
    2015-11-07 17:13 - 2015-11-07 17:13 - 03550700 _____ C:\Windows\system32\CFG2364854530
    2015-11-07 03:01 - 2015-11-07 03:01 - 00000000 ____D C:\Windows\system32\SPReview
    2015-11-06 20:45 - 2015-11-07 17:24 - 00000280 _____ C:\Windows\setupact.log
    2015-11-06 20:45 - 2015-11-06 20:45 - 00000000 _____ C:\Windows\setuperr.log
    2015-11-06 20:38 - 2015-11-07 17:24 - 00022812 _____ C:\Windows\PFRO.log
    2015-11-06 20:37 - 2015-11-06 20:37 - 00000000 _____ C:\asc_rdflag
    2015-11-06 20:34 - 2015-11-06 20:34 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Ryan\Downloads\mbam-clean-2.1.1.1001.exe
    2015-11-06 20:32 - 2015-11-06 20:32 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Ryan\Downloads\tdsskiller.exe
    2015-11-06 20:30 - 2015-11-06 20:35 - 00001238 _____ C:\Users\Ryan\Desktop\FixExec.txt
    2015-11-06 20:30 - 2015-11-06 20:30 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\FixExec.exe
    2015-11-06 20:26 - 2015-11-06 20:26 - 01801288 _____ (Malwarebytes) C:\Users\Ryan\Desktop\JRT.exe
    2015-11-06 20:20 - 2015-11-06 20:20 - 00000070 _____ C:\Windows\RAVTC.TMP
    2015-11-06 20:13 - 2015-11-06 20:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.09.3.1001.exe
    2015-11-06 19:59 - 2015-11-06 19:59 - 29619504 _____ (IObit ) C:\Users\Ryan\Downloads\IObit-Malware-Fighter-Setup.exe
    2015-11-06 19:20 - 2015-11-06 19:21 - 22908888 _____ (Malwarebytes ) C:\Users\Ryan\Downloads\mbam-setup-2.2.0.1024.exe
    2015-11-06 19:11 - 2015-11-07 17:05 - 00000000 ____D C:\AdwCleaner
    2015-11-06 19:10 - 2015-11-06 19:10 - 01713664 _____ C:\Users\Ryan\Desktop\AdwCleaner.exe
    2015-11-06 19:01 - 2015-11-07 17:18 - 00092788 _____ C:\Users\Ryan\Desktop\Addition.txt
    2015-11-06 18:59 - 2015-11-07 17:28 - 00025076 _____ C:\Users\Ryan\Desktop\FRST.txt
    2015-11-06 18:59 - 2015-11-07 17:27 - 00000000 ____D C:\FRST
    2015-11-06 18:54 - 2015-11-06 18:54 - 02198528 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
    2015-11-06 18:53 - 2015-11-06 18:54 - 00000234 _____ C:\Users\Ryan\Desktop\New Text Document.txt
    2015-11-06 17:33 - 2015-11-06 17:33 - 00076814 _____ C:\Users\Ryan\Desktop\runscanner.log
    2015-11-06 17:27 - 2015-11-06 17:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Runscanner.net
    2015-11-06 17:26 - 2015-11-06 17:27 - 00000000 ____D C:\runscanner
    2015-11-06 17:18 - 2015-11-06 17:18 - 05200384 _____ (AVAST Software) C:\Users\Ryan\Downloads\aswmbr
    2015-11-05 21:02 - 2015-11-06 20:20 - 00000000 ____D C:\Program Files (x86)\Panda Security
    2015-11-05 21:01 - 2015-11-06 20:20 - 00000000 ____D C:\ProgramData\Panda Security
    2015-11-05 21:01 - 2015-11-05 21:01 - 02113152 _____ C:\Users\Ryan\Downloads\PANDAFREEAV.exe
    2015-11-05 18:01 - 2015-11-01 10:18 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-11-04 21:49 - 2015-11-04 21:49 - 02924672 _____ (AVG Technologies) C:\Users\Ryan\Downloads\AVG_Protection_Free_698.exe
    2015-11-04 21:36 - 2015-11-04 21:36 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Ryan\Downloads\avast_free_antivirus_setup_online_cnet.exe
    2015-10-31 14:05 - 2015-10-31 14:05 - 00012169 _____ C:\Users\Ryan\Downloads\[kat.cr]family.feud.decades.wbfs.sfae41.ntsc.wiigm.torrent
    2015-10-31 14:05 - 2015-10-31 14:05 - 00000000 ____D C:\Users\Ryan\Downloads\SFAE41 Family Feud Decades
    2015-10-25 19:14 - 2015-10-02 21:18 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-10-25 19:12 - 2015-10-03 00:06 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 22306936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 18359928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 16541040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 15002304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 14832968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 13518496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 12032200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 11114616 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-10-25 19:12 - 2015-10-03 00:06 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 02489976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00689456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00414000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2015-10-25 10:16 - 2015-10-25 10:16 - 00001054 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
    2015-10-25 10:16 - 2015-10-25 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    2015-10-25 09:56 - 2015-10-25 09:56 - 00000000 ____D C:\Users\Ryan\Documents\The Witcher 3
    2015-10-25 09:14 - 2015-10-25 09:15 - 318801672 _____ ( ) C:\Users\Ryan\Downloads\witcher3_patch_1.01.exe
    2015-10-23 16:21 - 2015-10-23 17:04 - 00000000 ____D C:\Users\Ryan\Downloads\The.Witcher.3.Wild.Hunt.Patch.v1.10-GOG
    2015-10-23 16:21 - 2015-10-23 16:36 - 00000000 ____D C:\Users\Ryan\Downloads\The.Witcher.3.Wild.Hunt.Hearts.of.Stone-GOG
    2015-10-23 13:25 - 2015-10-23 14:20 - 00000000 ____D C:\Users\Ryan\Downloads\The Witcher 3 Wild Hunt
    2015-10-22 18:06 - 2015-10-22 20:11 - 00000000 ____D C:\Program Files (x86)\BlueStacks
    2015-10-22 18:06 - 2015-10-22 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
    2015-10-22 18:06 - 2015-10-22 18:06 - 00000000 ____D C:\ProgramData\BlueStacks
    2015-10-22 18:05 - 2015-10-22 18:05 - 00000000 ____D C:\Users\Ryan\AppData\Local\Bluestacks
    2015-10-22 18:02 - 2015-10-22 18:04 - 265913504 _____ C:\Users\Ryan\Downloads\BlueStacksAppPlayer_0.9.30.4239_by_AJacobs_Rooted_BSEasy.exe
    2015-10-22 17:48 - 2015-10-22 17:48 - 00001127 _____ C:\Users\Public\Desktop\Star Wars Battlefront II.lnk
    2015-10-22 17:48 - 2015-10-22 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
    2015-10-22 16:18 - 2015-10-22 16:18 - 00000000 ____D C:\Users\Ryan\Downloads\Star Wars Battlefront II
    2015-10-13 19:05 - 2015-10-13 19:06 - 00000000 ____D C:\Users\Ryan\Downloads\Acoustica Mixcraft v6.1 Build 204 with Key [TorDigger]
    2015-10-12 19:45 - 2015-10-12 19:45 - 02317104 _____ (Microsoft Corporation) C:\Windows\system32\coin97itp.dll
    2015-10-12 19:45 - 2015-10-12 19:45 - 01804696 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
    2015-10-12 19:45 - 2015-10-12 19:45 - 00068912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\point64.sys
    2015-10-12 19:44 - 2015-10-12 19:44 - 02317104 _____ (Microsoft Corporation) C:\Windows\system32\coin97ip.dll
    2015-10-12 19:44 - 2015-10-12 19:44 - 00095024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dc3d.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-07 17:25 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-11-07 17:24 - 2013-08-05 18:43 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-11-07 17:24 - 2013-01-21 13:51 - 00000000 ____D C:\Windows\Minidump
    2015-11-07 17:22 - 2011-01-26 11:19 - 01420107 _____ C:\Windows\WindowsUpdate.log
    2015-11-07 17:22 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-11-07 17:22 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-11-07 17:21 - 2015-05-17 08:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2015-11-07 17:10 - 2013-10-15 17:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-11-07 17:10 - 2013-10-15 17:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-11-07 17:10 - 2013-02-02 11:59 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA.job
    2015-11-07 16:56 - 2012-01-06 19:41 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2015-11-07 16:56 - 2012-01-06 19:39 - 00000000 ____D C:\Program Files (x86)\Image-Line
    2015-11-07 16:47 - 2012-04-29 15:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-11-07 03:35 - 2014-03-19 20:45 - 00000000 ____D C:\ProgramData\ProductData
    2015-11-07 03:29 - 2013-02-02 11:59 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core.job
    2015-11-06 20:51 - 2011-09-26 13:32 - 00123136 _____ C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-11-06 20:39 - 2009-07-13 23:45 - 00475984 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-11-06 20:37 - 2014-04-07 02:28 - 99581952 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
    2015-11-06 20:37 - 2014-04-07 02:28 - 00401408 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
    2015-11-06 20:37 - 2014-04-07 02:28 - 00061440 _____ C:\Windows\system32\config\SAM.iodefrag.bak
    2015-11-06 20:37 - 2014-04-07 02:28 - 00028672 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
    2015-11-06 20:37 - 2011-09-26 13:28 - 00000000 ____D C:\Users\Ryan
    2015-11-06 20:20 - 2011-12-23 13:21 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
    2015-11-06 19:12 - 2009-07-14 00:13 - 00784956 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-11-05 22:39 - 2015-05-16 15:06 - 00000000 ____D C:\Users\Mcx1-TYRANT.TyRaNt
    2015-11-05 22:38 - 2014-06-10 12:16 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\ProductData
    2015-11-05 22:38 - 2013-10-18 18:19 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-11-05 22:38 - 2013-10-15 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-11-05 22:38 - 2013-10-15 17:42 - 00000000 ____D C:\Program Files (x86)\Google
    2015-11-05 22:38 - 2012-01-16 10:50 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2015-11-05 22:38 - 2011-01-26 11:43 - 00000000 ____D C:\ProgramData\RoxioNow
    2015-11-05 22:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
    2015-11-05 21:14 - 2011-01-27 00:27 - 00000000 ____D C:\ProgramData\Recovery
    2015-11-01 17:01 - 2015-08-20 17:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Kodi
    2015-11-01 02:40 - 2011-09-29 19:39 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\uTorrent
    2015-10-29 02:31 - 2014-07-02 13:25 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
    2015-10-28 13:27 - 2011-09-28 07:55 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
    2015-10-25 19:14 - 2013-08-05 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2015-10-25 19:14 - 2013-08-05 18:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2015-10-25 19:14 - 2012-02-23 21:37 - 00000000 ____D C:\Temp
    2015-10-25 14:27 - 2015-09-10 17:38 - 00003116 ____H C:\Users\Ryan\.swfinfo
    2015-10-25 10:18 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-10-25 09:46 - 2014-07-19 14:03 - 00000000 ____D C:\Users\Ryan\AppData\Local\Glyph
    2015-10-24 08:05 - 2014-07-19 14:03 - 00000000 ____D C:\Program Files (x86)\Glyph
    2015-10-23 02:41 - 2013-04-08 21:40 - 00000000 ____D C:\ProgramData\BlueStacksSetup
    2015-10-22 18:06 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
    2015-10-22 17:08 - 2015-09-04 22:31 - 00000000 ____D C:\Users\Ryan\.VirtualBox
    2015-10-22 17:02 - 2009-07-14 00:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-10-19 07:01 - 2014-05-31 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-10-17 04:47 - 2012-04-29 15:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-17 04:47 - 2012-04-29 15:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-10-17 04:47 - 2011-09-27 07:58 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-15 18:37 - 2015-10-07 20:04 - 00000000 ____D C:\ProgramData\Oracle
    2015-10-14 20:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-10-14 03:21 - 2013-02-07 19:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-14 02:45 - 2013-07-13 02:00 - 00000000 ____D C:\Windows\system32\MRT
    2015-10-14 02:37 - 2011-09-29 17:51 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-10-14 02:36 - 2013-04-14 11:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-10-14 02:36 - 2012-01-16 10:48 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-10-14 02:33 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
    2015-10-11 22:05 - 2014-06-11 20:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2015-10-11 22:05 - 2013-10-28 17:45 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2015-10-11 22:04 - 2014-06-11 20:44 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2015-10-11 22:04 - 2013-10-28 17:45 - 01710752 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2015-10-08 17:39 - 2014-05-15 17:51 - 00065024 ___SH C:\Users\Ryan\Desktop\Thumbs.db

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-10-31 03:30

    ==================== End of FRST.txt ============================

     

     

     

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
    Ran by Ryan (2015-11-07 17:29:28)
    Running from C:\Users\Ryan\Desktop
    Windows 7 Home Premium (X64) (2011-09-26 18:28:17)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1725188070-1093038038-2835830549-500 - Administrator - Disabled)
    Guest (S-1-5-21-1725188070-1093038038-2835830549-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1725188070-1093038038-2835830549-1013 - Limited - Enabled)
    Mcx1-TYRANT (S-1-5-21-1725188070-1093038038-2835830549-1014 - Limited - Enabled) => C:\Users\Mcx1-TYRANT.TyRaNt
    Ryan (S-1-5-21-1725188070-1093038038-2835830549-1000 - Administrator - Enabled) => C:\Users\Ryan

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    ACID Pro 7.0 (HKLM-x32\...\{BFA5441E-B7E6-46F5-A15D-1B74707AE93A}) (Version: 7.0.641 - Sony)
    Acoustica Mixcraft 7 Home Studio  (HKLM-x32\...\Mixcraft 7 Home Studio-32) (Version: 7.0.1.279 - Acoustica)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
    Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
    Akamai NetSession Interface (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
    Album Art Downloader XUI 1.02 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.02 - hxxp://sourceforge.net/projects/album-art)
    Andy OS (HKLM\...\Andy OS) (Version: 0.45.0.0 - Andy OS, Inc)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
    Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
    Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
    AutoHotkey 1.1.14.03 (HKLM\...\AutoHotkey) (Version: 1.1.14.03 - Lexikos)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
    Batman: Arkham City™ GOTY (HKLM-x32\...\GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}) (Version: 1.0.0000.133 - WB Games)
    Batman: Arkham City™ GOTY (x32 Version: 1.0.0000.133 - WB Games) Hidden
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.3 - BitRaider, LLC)
    Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Borderlands: The Pre-Sequel (HKLM-x32\...\Qm9yZGVybGFuZHNUaGVQcmVTZXF1ZWw=_is1) (Version: 1 - )
    Burnout™ Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CrimeCraft Gravity Edition (HKLM-x32\...\CrimeCraft Gravity Edition) (Version: 0.25.07.93042 - Vogster Entertainment)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
    DEAD OR ALIVE 5 Last Round (HKLM-x32\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
    Defiance (HKLM-x32\...\Glyph Defiance) (Version:  - Trion Worlds, Inc.)
    DeskScapes (HKLM-x32\...\DeskScapes) (Version:  - Stardock Corporation, Inc.)
    DeskScapes (x32 Version: 3.50.039 - Stardock Corporation, Inc.) Hidden
    DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
    DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
    Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
    Dream Aquarium (HKLM-x32\...\Dream Aquarium_is1) (Version: 1.0700 - )
    Drift City (HKLM-x32\...\DriftCity_US) (Version:  - )
    Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    DuOS (HKLM\...\{8CE9E5DD-D523-44F2-8DE7-0439310EA984}) (Version: 2.0.3.7527 - American Megatrends Inc.)
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    ESPN Offline Draft (HKLM-x32\...\ESPNOfflineDraft.7DC32A23D84BA514BB63AC794BF941363003AC19.1) (Version: 072514 - ESPN, Inc.)
    ESPN Offline Draft (x32 Version: 255 - ESPN, Inc.) Hidden
    F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - )
    Firefall (HKLM-x32\...\{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}) (Version:  - Red 5 Studios)
    Fireplace 3D Screensaver 1.0 (HKLM-x32\...\Fireplace 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
    FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
    Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.10.1 - Androxyde)
    Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
    GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version:  - GamersFirst)
    Gateway (HKLM-x32\...\{14E83D30-45D6-4153-9D9E-1EFB9E86F661}) (Version: 1.5.6 - Gravity Interactive, Inc.)
    Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
    GmoteServer (HKLM-x32\...\DDA23392-9C73-4909-A221-BC12C6D2664D) (Version: 2.0.2 - Gmote.org)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
    Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
    Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
    Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
    Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
    GRID 2 © Codemasters version 1 (HKLM-x32\...\R1JJRDI=_is1) (Version: 1 - )
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
    HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
    Hulu Desktop (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
    IsoBuster 3.1 (HKLM-x32\...\IsoBuster_is1) (Version: 3.1 - Smart Projects)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 10.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.0 - )
    Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
    Kodi (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Kodi) (Version:  - XBMC-Foundation)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
    LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
    LCPD First Response (HKLM-x32\...\LCPD First Response) (Version: 1.0.0.0d - G17 Media)
    LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
    Major League Baseball 2K12 (HKLM-x32\...\{E6C29DA3-ADD6-4941-903A-43965CBB0F7C}) (Version: 1.0.0 - 2K Sports)
    Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    MirrorOp Receiver (HKLM-x32\...\MirrorOp Receiver_is1) (Version: 1.2.0.6 - Awind Inc.)
    MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    Music Manager (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MusicManager) (Version:  - Google, Inc.)
    Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version:  - )
    Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
    Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
    Nokia Connectivity Cable Driver (HKLM-x32\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
    NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
    Oracle VM VirtualBox 4.3.30 (HKLM\...\{5E7BEDD4-397D-4537-A290-AB012A45D771}) (Version: 4.3.30 - Oracle Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
    Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.0.22571 - Grinding Gear Games)
    PC Connectivity Solution (HKLM-x32\...\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}) (Version: 8.22.7.0 - Nokia)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Plex Media Server (HKLM-x32\...\{ca5910de-4c30-4f28-b6bd-5dd8edff922d}) (Version: 0.9.1211 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1211 - Plex, Inc.) Hidden
    PocketCloud Windows Companion (HKLM-x32\...\{8C8C169B-D493-42C7-A975-7C1E0E4C5847}) (Version: 2.5.13 - Wyse Technology)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Q2E Blood Culture 2.0 (HKLM-x32\...\Q2E Blood Culture) (Version:  - )
    Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
    Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
    RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
    RIFT (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\RIFT) (Version:  - Trion Worlds, Inc.)
    Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
    RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
    RollerCoaster Tycoon 2: Time Twister (HKLM-x32\...\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}) (Version: 1.00.000 - )
    RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version:  - )
    RollerCoaster Tycoon® 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    Ryse Son of Rome (HKLM-x32\...\Ryse Son of Rome_is1) (Version:  - )
    Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
    Saints Row The Third (HKLM-x32\...\Saints Row The Third_is1) (Version:  - )
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
    SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
    Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
    Sleeping Dogs Definitive Edition, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Sleeping Dogs Definitive Edition_is1) (Version: 1.0.0.0 - RePack by SEYTER)
    Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
    Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: 1.0 - SEGA)
    SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
    Star Wars Battlefront II Ultimate Pack version 4.1 (HKLM-x32\...\{80C123AF-9375-4166-B05B-820FF5EF8B52}_is1) (Version: 4.1 - XAP4O)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    State of Decay - Breakdown (HKLM-x32\...\State of Decay - Breakdown_is1) (Version:  - )
    Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Texas Instruments PCIxx21/x515 drivers. (HKLM-x32\...\InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}) (Version: 1.13.0000 - Texas Instruments Inc.)
    The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.113 - KMP Media co., Ltd)
    The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
    The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.0.0 - GOG.com)
    Tiger Woods PGA TOUR 08 (HKLM-x32\...\{2FEA102C-F535-4513-009B-57B165013C18}) (Version:  - Electronic Arts)
    TightVNC 2.0.4 (HKLM-x32\...\TightVNC) (Version: 2.0.4 - GlavSoft LLC.)
    TIxx21 (x32 Version: 1.13.0000 - Texas Instruments Inc.) Hidden
    Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00 - Ubisoft)
    UE3Redist (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
    UE3Redist (x32 Version: 1.00.0000 - Epic Games) Hidden
    Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version:  - )
    Unreal Tournament 2004 (HKLM-x32\...\UT2004) (Version:  - )
    Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
    Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
    Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
    Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
    Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    WATCH_DOGS / RePack by Baracuda (HKLM\...\{EF231D76-43D8-4181-81D4-DD235312534D}_is1) (Version: 1.06.329 - )
    WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
    Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    05-11-2015 04:37:25 Scheduled Checkpoint
    05-11-2015 17:13:10 Windows Defender Checkpoint
    05-11-2015 20:04:21 Windows Update
    06-11-2015 03:00:11 Windows Update
    07-11-2015 03:00:15 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-07 20:00 - 2015-10-07 21:49 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1  nlsk.neulion.com

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0E3140F4-F964-4F95-B08D-7F87B2EE4757} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {1C617149-1111-4345-AF09-0DE8DF0A9F07} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
    Task: {259DBB21-B7D2-4F35-BB8D-11049CC31720} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {269066A4-67EB-4300-AE11-7C50D7D61775} - System32\Tasks\ASC7_SkipUac_Ryan => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
    Task: {565F63E3-8E10-4E20-A7AF-1D3175F43E46} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {5F0F7ED1-0F45-4D46-AE59-992BD057F901} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN39I2N70S05X4 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
    Task: {94F00FE8-56EE-4808-A62C-66EDCB55E968} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {9A5F2205-AF98-440B-B79D-C10DB5D96AF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
    Task: {A7D2250E-C71B-4B3D-BD77-4366F1683589} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-TYRANT => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
    Task: {DE503929-CFC8-4443-A39B-D7F6E1C84676} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {EAE97834-BEDE-4351-B21F-A35DD606BCFA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {ED4EC50B-E00D-40FF-9CFB-B08C01EB967C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {F1EF7823-FAF9-40F5-B325-CB94DF7FCD3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForRyan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-08-05 18:42 - 2015-10-02 21:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2010-01-19 17:02 - 2010-01-19 17:02 - 00055600 _____ () C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapesvideo.dll
    2013-11-02 11:08 - 2013-10-25 13:00 - 04374528 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax
    2013-11-02 11:08 - 2013-10-25 13:00 - 00333824 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avutil-lav-52.dll
    2013-11-02 11:08 - 2013-10-25 13:00 - 08175616 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avcodec-lav-55.dll
    2013-11-02 11:08 - 2013-10-25 13:00 - 00397312 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\swscale-lav-2.dll
    2013-11-02 11:08 - 2013-10-25 13:00 - 00215040 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avfilter-lav-3.dll
    2011-10-09 16:11 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
    2012-12-19 15:32 - 2012-12-19 15:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-05-14 18:56 - 2013-05-17 18:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2014-08-13 19:00 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
    2014-08-13 19:00 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl
    2014-08-13 19:00 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl
    2014-08-13 19:00 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl
    2014-08-13 19:00 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
    2015-04-21 19:29 - 2015-10-11 22:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-08-13 15:33 - 2015-08-13 15:33 - 00117248 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
    2015-08-13 15:34 - 2015-08-13 15:34 - 00234496 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
    2015-08-13 15:34 - 2015-08-13 15:34 - 00253440 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
    2015-08-13 15:33 - 2015-08-13 15:33 - 00344064 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
    2013-01-09 15:09 - 2012-01-12 22:45 - 01087336 _____ () C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
    IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\cinemanow.com -> hxxp://cinemanow.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\cinemanow.com -> hxxps://cinemanow.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\hp.com -> hxxp://hp.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\qflix.com -> hxxp://qflix.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\roxio.com -> hxxp://roxio.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\sonic.com -> hxxp://redirect.sonic.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\sony.com -> sony.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\100sexlinks.com -> 100sexlinks.com

    There are 4791 more sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Local\stardock\deskwall.bmp
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GmoteServer.lnk => C:\Windows\pss\GmoteServer.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    MSCONFIG\startupreg: BackUp2364854530 => C:\Users\Ryan\AppData\Roaming\BackUp2364854530.exe
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    MSCONFIG\startupreg: Chrome => C:\PROGRA~3\taskhost.exe
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: GateWay => c:\program files (x86)\gravity\gateway\gatewaymain.exe
    MSCONFIG\startupreg: Google Update => "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    MSCONFIG\startupreg: igfxCUIService => "C:\PROGRA~3\igfxCUIService.exe"
    MSCONFIG\startupreg: igfxEM_32 => "C:\PROGRA~3\igfxEM_32.exe"
    MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: PDF Complete => c:\program files (x86)\pdf complete\pdfsty.exe
    MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
    MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TBHostSupport => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Ryan\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
    MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{6C655FDE-4AAF-4620-BC9C-9763BA364917}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
    FirewallRules: [{E80BAD5C-E443-4845-9924-8446018553DB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
    FirewallRules: [{A462087F-1274-4E3F-8089-377FB55B1359}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
    FirewallRules: [{571D9BDF-08B6-4A00-8A30-36F63BECE9DC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
    FirewallRules: [{9F55D473-C767-47A6-88FC-787E0739E9CE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
    FirewallRules: [{359B52E0-2113-48CD-B029-C704836AFBDD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{1EC5E065-477C-4F37-8C74-A49551434E48}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{0DB15326-E497-4ED3-B577-861338BA7B47}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
    FirewallRules: [{6CBA8053-2ED0-4FDB-896E-8F543126107A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
    FirewallRules: [{63DE5EF7-6995-48BC-A8FA-0C848A53FA5C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
    FirewallRules: [{E5A03859-C0A4-4DCE-9123-9481147A9EB8}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{6C3F111E-6E1B-445C-BA88-B17F5F2BBD47}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{4C69B373-48B7-468B-B6CC-60C4B7E1380F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{E26E17FA-C6FA-4EAF-AC3B-167AE1B3DF66}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{56F3FCEC-F573-47EF-8F02-76E05621C375}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{4D7BE302-BA2C-43C7-B425-7655CAF68B0E}] => (Allow) LPort=2869
    FirewallRules: [{94D1E3AD-A4C2-4D89-9A32-9CFC7584BE70}] => (Allow) LPort=1900
    FirewallRules: [{94F0C04F-FFA5-4191-830A-A9158CB7CF5A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{94E41FC2-FA96-4401-AAD9-2C7F4A62FBFA}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [{1318D141-ADF7-45BF-B001-D65A411ECCA5}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [{4EE4E8E1-2EDB-4747-8ED8-63414FB787E8}] => (Allow) J:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
    FirewallRules: [{4702E1BC-4360-4A2F-ABB9-1B908DC68998}] => (Allow) J:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
    FirewallRules: [TCP Query User{E3BA53F7-EEBE-48E2-A9BE-A898C33370B3}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [UDP Query User{AABC0DAF-2D83-491E-B192-131FBD0E8FC5}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [TCP Query User{CBC76D3D-A64E-4E5A-9226-85414EC9B548}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{8ADC3F2A-B610-49C2-B079-A42240356B53}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [{301888A8-40B0-405E-9B52-96EB6C240B6E}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
    FirewallRules: [{CF405D86-28C6-467C-B1B2-B7D572AA15E6}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
    FirewallRules: [{17E373C9-8D77-4C4E-9BAC-6A494090D1D4}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
    FirewallRules: [{AF82E9F4-6DFA-4007-9FD1-C1285C87D518}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
    FirewallRules: [{6D164605-B139-4ECF-98A5-FE7727B474DB}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
    FirewallRules: [{3696B3EC-5975-428B-A1D0-3AC2B33A352E}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
    FirewallRules: [{3C1A52AD-C0DE-436F-AEB9-5C74234A89FA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{3E46D55B-C8BD-40AA-96FF-A9965AC9242C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{A30B49EE-175C-4CDE-BC2F-C0A32C6CBD3D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{98868078-BAD7-4DEA-ADE3-F661C272DECE}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{265A312A-8DBB-4850-A71E-D9DC5B56B503}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{F6EE3E02-FA35-4EE0-8190-60D7F3EFB735}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{DE9490D0-8A75-4800-BAD3-BB2CD6A1ED3B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    FirewallRules: [{FDD465D3-DA11-4232-8C9A-7457DC3A37B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    FirewallRules: [{C777F74C-57A5-4D7E-8FB1-C7292B8B0EF8}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{CB83D1E5-8CF8-46D6-B8C5-576F8D8C09E2}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcher.exe
    FirewallRules: [{6CC37C66-7C9D-42F6-A8DF-017A4839A981}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{DC0758F5-50B0-4321-B488-A0FB64B02194}] => (Allow) J:\gamigo\Golfstar\GolfStar.exe
    FirewallRules: [{D7D5B0D1-63A1-491C-AF20-19F3926F45F7}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcher.exe
    FirewallRules: [{258BCB8B-E349-42A2-88C5-C32AA3293F3B}] => (Allow) J:\gamigo\Golfstar\GolfStar.exe
    FirewallRules: [{EC39F798-2B25-4D67-AA75-061B3A1B669A}] => (Allow) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
    FirewallRules: [{55D8C14F-BEF3-4DA0-9A3C-2B580FADF380}] => (Allow) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
    FirewallRules: [TCP Query User{F6D79434-49DB-4584-8CF0-428D105F0034}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{0960D056-1E5E-4993-A151-1E991A32F60D}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{AFDA71C3-94A5-4E61-9EE8-6D733AA5ECB4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [TCP Query User{35545BF5-7E67-4E02-A024-A95F1AF685C4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{FE083E72-D9F0-417A-A3FD-6886710583B4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [TCP Query User{3E4B820A-6A80-4DAE-9124-D268D2D54516}J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
    FirewallRules: [UDP Query User{7D9BF72D-183F-44CC-8E8C-C7A2205C4FAC}J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
    FirewallRules: [{E82E4B81-EE61-4A4D-A799-690B542D6D5C}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [{FE180EDC-2B16-48C6-ADF6-A156116F9E53}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [TCP Query User{7C73E434-96FE-43C8-870C-4CC8A9121765}J:\quake2\q2e.exe] => (Allow) J:\quake2\q2e.exe
    FirewallRules: [UDP Query User{57CD4FE5-141E-465D-A39D-2F8C8ECC440A}J:\quake2\q2e.exe] => (Allow) J:\quake2\q2e.exe
    FirewallRules: [TCP Query User{43246748-4A47-4264-BB87-405D8A369298}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [UDP Query User{FC41F30B-35D3-42D3-B1B2-8C0D420A75BC}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [{0CFF6D42-94D8-4914-ADE7-39DD68CAA534}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
    FirewallRules: [{2389636C-D805-4096-9AF2-57B6A9F27E6D}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
    FirewallRules: [{C3A08230-3422-4A87-969A-82E1B8FF36BA}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
    FirewallRules: [{C0B8B5B9-00AF-4D63-A00D-A827B635108E}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
    FirewallRules: [{ADAB0B56-D586-4F62-B186-507295932FF4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{6CFF0A31-B6F2-4F66-8D79-BCD490C4CBBF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{7A02BF6D-A36B-4747-8DAA-C830345F894D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{9BAFD885-7628-4FC2-80C2-54D8D55A3595}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{713E6F34-C079-4ED1-96A7-A8B94C33BF24}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{4FDFFFEE-1A8F-479D-A036-F690F6245579}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\GravityLauncher.exe
    FirewallRules: [{49B8EA69-4456-498D-B56C-8D4B7194B361}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\GravityLauncher.exe
    FirewallRules: [{A5E869B8-D3E1-466C-BF69-EB972AE4C26E}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\Binaries\CrimeCraft.exe
    FirewallRules: [{9F671175-F392-4AB9-9B5A-4C93F1D82022}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\Binaries\CrimeCraft.exe
    FirewallRules: [{6CFF33B1-EEA5-4E79-A50B-9CEF0F3447C6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{E633D572-A4AB-4C7C-B990-6DA4F3A403BE}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{22D85453-5FE9-45AC-8C7F-507BFBCBC813}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{1AC78342-2DD9-4348-BBB2-60C8AE43AA68}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [TCP Query User{AC316794-B0D3-45A3-A22B-4ED5C9D2F213}J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Allow) J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
    FirewallRules: [UDP Query User{12343684-EA7C-46F0-8487-1D4A648A96B2}J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Allow) J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
    FirewallRules: [{B7C11F6A-F974-40BA-9B6C-72FEC1C45D79}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
    FirewallRules: [{77FED348-3A89-45E8-9149-5A42C09C3DE7}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
    FirewallRules: [{30945527-E1BB-4C0B-A2AE-B59C05D869F2}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
    FirewallRules: [{BBAB469F-0EB9-493D-B5BD-B489272475C2}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
    FirewallRules: [{5B777662-88CF-4EA1-BF2B-05FB369CD4D5}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
    FirewallRules: [{CC49054E-6960-4A2F-AD49-B4D74DAF4DA9}] => (Allow) LPort=49167
    FirewallRules: [{43A110A5-61F1-47FD-B99C-33880073ECBF}] => (Allow) LPort=5000
    FirewallRules: [{5F93C342-1B56-474F-B733-140A6BEA3BC7}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
    FirewallRules: [{3A1DF9E7-548E-45F1-8DC2-5AEF3CE42033}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
    FirewallRules: [{518DD59E-E374-4B45-B040-0D02B51D6A63}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{3AFDEBCB-1BC1-4AA9-AAC0-93D297F5FC8C}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{5EA9BC05-6789-4F0F-AAC3-09E7C6F86D32}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{58D4C430-27AB-485D-A8ED-5B8CC019179A}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{C64E0725-B849-436A-83DF-18E29C9E6DC1}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{B9FA986A-1F4D-447E-9E1B-00FDDE3D7589}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{5BC2ED46-E1A5-4C65-AE60-1DE081CF193E}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{9EC03A64-997A-44E2-A4B9-DF4F368B5A79}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{331E05EB-5400-4323-B900-49B896062A0D}] => (Allow) C:\Program Files (x86)\MirrorOp Receiver\MirrorOp Receiver.exe
    FirewallRules: [{38D3B9C2-991A-4B76-BE80-E1FA0176D523}] => (Allow) C:\Program Files (x86)\MirrorOp Receiver\MirrorOp Receiver.exe
    FirewallRules: [{E9ACACF1-7C27-4B0A-916C-D7F57E217686}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
    FirewallRules: [TCP Query User{9D4BB9CC-5ABF-474B-AB55-BBC258781A51}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [UDP Query User{91490416-C561-4F7C-A3F8-A7CC6622ABBA}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [{93AF2DA9-4F78-472B-B501-21B1DD6D9499}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{2DA6243C-00BB-4C1B-AF37-242112964F85}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{0B058748-86DC-41E4-B1C1-B65468D1F3FF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{5CBEACC6-02D1-456D-8CCC-16567CF60481}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{A9D1EC1B-FE4B-4090-B87C-EEF9B5C33D71}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [UDP Query User{98F9A935-6230-4317-B3E2-81E1FABAEC0F}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [TCP Query User{B4AE7989-5CE4-4395-B3BF-68C08B87C5AC}C:\program files (x86)\kainy\kainy.exe] => (Allow) C:\program files (x86)\kainy\kainy.exe
    FirewallRules: [UDP Query User{15B654CB-0F55-4D2B-8F50-7A3DE73FF416}C:\program files (x86)\kainy\kainy.exe] => (Allow) C:\program files (x86)\kainy\kainy.exe
    FirewallRules: [{08A0C013-7F2D-4082-8CFA-8283B9CBCFAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{195484E7-6EBD-4EA7-82A5-FC2B367B98F2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{468E147A-1DBF-4BDB-AA40-8E19D1CD8320}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{7BFCA639-3770-4446-BD83-2B9288AAD04C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [TCP Query User{37F33E1D-E444-45A7-8605-E49D0753F87A}J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [UDP Query User{0C064CE2-6730-4EBF-B255-3E2A798E9B05}J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [{06BBA1F0-8169-4F79-897C-4A6DFFE00DA9}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
    FirewallRules: [{41A929C2-698C-406B-B171-8D3571A8D4C4}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{2A10A389-EF54-455D-937E-210B7B1C97AC}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
    FirewallRules: [{66731D20-BED1-40E1-AA78-1C2112E2E86C}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{1110D147-2FBC-4EBA-8670-A818BC12D130}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
    FirewallRules: [{001F18B0-4188-412F-9C2D-BCE40B961A49}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{60EFACA2-FB14-47EB-8EBE-C6C204E9BB58}] => (Allow) C:\Users\Ryan\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
    FirewallRules: [TCP Query User{42F01058-7011-41D9-992E-70E99CA5F190}J:\program files\capcom\resident evil 5\re5dx10.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx10.exe
    FirewallRules: [UDP Query User{CF7E835E-FA32-4593-9370-1730030D8824}J:\program files\capcom\resident evil 5\re5dx10.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx10.exe
    FirewallRules: [TCP Query User{7BDA13A0-3F8E-4207-802D-36D648513EFD}J:\program files\capcom\resident evil 5\re5dx9.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx9.exe
    FirewallRules: [UDP Query User{115ED86D-AEEE-43F7-9A35-905FEDAD5681}J:\program files\capcom\resident evil 5\re5dx9.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx9.exe
    FirewallRules: [{9D8A01C6-BB2E-435F-B400-7C14C0A12CA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{1DE848DD-3B82-455A-9DDF-679E53C8C0C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B522AED4-0231-4A38-8948-E344F2B7D378}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{C68E9191-990A-4614-A90E-B071059E9591}J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
    FirewallRules: [UDP Query User{04EE3FF4-3DE9-4E75-9AF2-C3D41859E9A0}J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
    FirewallRules: [{920000B2-B9F7-46FF-845F-01AAA43DAA31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{1A89AC95-31E8-4FD9-A96A-98AE67112A17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{F89EFBCF-E751-4322-A327-158E2D0674A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{3946F287-25B5-447F-B6F5-E4E4AEBC0999}J:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) J:\program files (x86)\saints row iv\saintsrowiv.exe
    FirewallRules: [UDP Query User{C066ED73-E1B0-4EB6-9B94-C62EE727A168}J:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) J:\program files (x86)\saints row iv\saintsrowiv.exe
    FirewallRules: [TCP Query User{C63329A5-69BC-4DBA-AED5-0163C93F67F4}J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [UDP Query User{8FBF2B43-0B86-4091-9A56-D048C2BFC63F}J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [{3BEF2E6A-71A5-43C7-95A4-509E3B4801D0}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{4B0B7308-1F0E-40CF-AE16-CEA0D01577A3}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{91BEA7F2-3BC6-473D-92A3-D04B05BDA41F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{1FB06396-3518-4525-A9F2-1815E7C0A9A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{9E6D7BEF-F7A5-4155-9D8E-F8C02BF3A782}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{0D6D2E7D-ABD5-48E2-8D42-D5A551966D4A}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E7332D2A-2B40-4380-9965-2E78F4E610F9}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{FA4772FD-9521-4CDD-89AE-F1BDD0521460}J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Allow) J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
    FirewallRules: [UDP Query User{D347BBE4-9C5B-409E-8551-DB51EC723F0D}J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Allow) J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
    FirewallRules: [{257237B3-5D6E-4175-BB00-95ECCDA6A93B}] => (Allow) J:\Program Files (x86)\WB Games\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
    FirewallRules: [{2742D936-D507-46FE-841D-05A6C42EC15D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{995AD505-4CAF-46C1-A97A-C3EB2590C8B7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{66ADF8BF-1655-41C3-850C-DEDDCFA84A90}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{08B05F5D-DDC1-4636-B3EB-00B03A2319A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [TCP Query User{AD17CE4E-6828-49DF-B889-487665350240}J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe] => (Allow) J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe
    FirewallRules: [UDP Query User{AAFFD1EB-E736-43EF-B532-F13C836748F4}J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe] => (Allow) J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe
    FirewallRules: [{83ECE391-2FFA-451F-A722-90C0FFE490EB}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{66247FDE-08E5-4D7C-97C1-990A0360BEDC}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{3EF2B6B3-C384-449F-9A49-D0CC863EFAD9}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
    FirewallRules: [UDP Query User{EAB143C0-E990-4B3C-A493-77B720D319BC}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
    FirewallRules: [TCP Query User{00E603F7-D109-4E58-90E8-53FC73BFD91E}J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe] => (Allow) J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe
    FirewallRules: [UDP Query User{204E5573-1589-4337-AD08-8FBF89BBFAF9}J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe] => (Allow) J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe
    FirewallRules: [{FBB2BCF8-1DDE-4AED-95F2-C7AB50AB2FD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{BEFA8A1D-A636-48E2-96E2-E86555DBEA28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{0385C58F-4FE6-4C67-9090-B6B7475AB713}] => (Allow) J:\SimCity\SimCity 2013 Offline\SimCity\SimCity.exe
    FirewallRules: [{B14A57B9-8252-4BD9-8B98-5658E2E1D5B5}] => (Allow) J:\SimCity\SimCity 2013 Offline\SimCity\SimCity.exe
    FirewallRules: [TCP Query User{3208A1D5-53F4-4044-977A-3CA514EE6C3B}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
    FirewallRules: [UDP Query User{71309A87-8B21-4B95-B4DF-6175E7017752}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
    FirewallRules: [TCP Query User{44E9C83C-0BC8-4692-9BBA-F8D6D9509AE5}J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe] => (Allow) J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe
    FirewallRules: [UDP Query User{E6D25795-0F3D-461C-A5E0-ADC5351C4AE0}J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe] => (Allow) J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe
    FirewallRules: [TCP Query User{6E745788-6B64-4BB0-9586-6AF86CCC74A5}J:\program files\mass effect 2\binaries\masseffect2.exe] => (Allow) J:\program files\mass effect 2\binaries\masseffect2.exe
    FirewallRules: [UDP Query User{89759BC4-F0A5-4CB3-ACDE-62C40B072F34}J:\program files\mass effect 2\binaries\masseffect2.exe] => (Allow) J:\program files\mass effect 2\binaries\masseffect2.exe
    FirewallRules: [TCP Query User{7F1884C6-C72E-4402-8B23-53A277A08C13}J:\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) J:\mass effect 3\binaries\win32\masseffect3.exe
    FirewallRules: [UDP Query User{F9E06AA2-0C5A-48FA-A36C-DE69A83E8EED}J:\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) J:\mass effect 3\binaries\win32\masseffect3.exe
    FirewallRules: [{987DD292-29F2-43AC-BB9E-29630EE57806}] => (Allow) J:\Program Files (x86)\2K Sports\Major League Baseball 2K12\mlb2k12.exe
    FirewallRules: [{1BA00473-423F-498A-A38A-F39EFC6CA9A8}] => (Allow) J:\Program Files (x86)\2K Sports\Major League Baseball 2K12\mlb2k12.exe
    FirewallRules: [{E979B422-403B-4963-9A7A-27B2D43936C4}] => (Block) %ProgramFiles% (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
    FirewallRules: [{A60FF9AF-4B99-4956-AF0C-2C9849228F6A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{521D8D40-F3B3-4B61-94D1-3099D86A7542}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{B8C1213C-A8FC-46F9-986E-9460DAE8F990}J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
    FirewallRules: [UDP Query User{391628D8-E68F-4015-A45B-C9A574EBEB85}J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
    FirewallRules: [{4BF5E5AF-BC1D-4849-87D5-4DD8CC601709}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    FirewallRules: [{954DF99A-0A4E-4EA9-A134-5E1238140AEA}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    FirewallRules: [{5A052CCD-391F-4487-9FDB-C810E1D512A8}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
    FirewallRules: [TCP Query User{78905519-11DC-4A42-9C92-4F9ADBF605E9}J:\q2e blood culture\quake2.exe] => (Allow) J:\q2e blood culture\quake2.exe
    FirewallRules: [UDP Query User{281DD3B8-7057-480E-B4D8-DCA2EF30F788}J:\q2e blood culture\quake2.exe] => (Allow) J:\q2e blood culture\quake2.exe
    FirewallRules: [TCP Query User{ED4AB80A-418A-4A44-A771-60127EDB5AC6}J:\quake2\quake2.exe] => (Allow) J:\quake2\quake2.exe
    FirewallRules: [UDP Query User{C125A16B-5691-43B8-BC40-278E48B29F82}J:\quake2\quake2.exe] => (Allow) J:\quake2\quake2.exe
    FirewallRules: [{614F6565-334C-44A6-86CC-9F9A3D804478}] => (Allow) J:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
    FirewallRules: [{0E46613A-9A11-4DC4-BBC5-E1FC47B709A8}] => (Allow) J:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
    FirewallRules: [{033F4792-22A5-4C6B-95AE-9A956FCB1530}] => (Allow) E:\RouterSetup\QISWizard.exe
    FirewallRules: [{E7B2D2AE-F5DE-41C5-8F36-E250A8EB1708}] => (Allow) E:\RouterSetup\QISWizard.exe
    FirewallRules: [{43E7B349-A2FC-451D-A3A0-D446F9B45C35}] => (Allow) J:\UT2004\System\UT2004.exe
    FirewallRules: [{4B29E4B2-C3AE-4AF8-9EDA-87B9CD473FDC}] => (Allow) J:\UT2004\System\UT2004.exe
    FirewallRules: [TCP Query User{9641D6DF-131D-4DDA-9873-464BD1097549}J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe] => (Allow) J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe
    FirewallRules: [UDP Query User{06A57541-DE77-48E9-B75C-5A2661A5FF42}J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe] => (Allow) J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe
    FirewallRules: [{95EA1BD0-FD61-4045-AB0F-81BD6F22924C}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
    FirewallRules: [{915B9DD0-3DD7-4991-8735-CE44A80E9FD4}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
    FirewallRules: [{A4F8C3DF-B4CD-4993-9977-DD96ACD71348}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
    FirewallRules: [{D30AA506-38D0-4E50-A974-D1D1B31D65FD}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
    FirewallRules: [{742F3392-4729-413A-B53E-1324A2637208}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
    FirewallRules: [{D6747CB8-E763-4922-BA81-70ACA02854F4}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
    FirewallRules: [{70FD5F12-229D-4815-B5AB-03BC2EADDF13}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
    FirewallRules: [{F8C7E231-E6C9-4CD4-B990-DC6832D09AA2}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
    FirewallRules: [{411C2157-853C-447B-A686-B24760050805}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
    FirewallRules: [{43936CFC-375D-429E-A116-9622DB8E490A}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
    FirewallRules: [{15A956CE-A39E-4F31-9834-6B694CE98CC2}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
    FirewallRules: [{F4074A7A-0916-4768-A5E9-3E455D7702C9}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
    FirewallRules: [TCP Query User{5E14F496-29C1-4964-A919-BA9A83794875}J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
    FirewallRules: [UDP Query User{0B43153B-001C-4F55-98BA-8D37345C6322}J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
    FirewallRules: [{76BFABE6-9FEF-4442-85BA-A6DBA9B45B0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{5B0DBFAA-FE00-43EC-B67E-76C7634918D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{CE9CCD55-AC83-4A9F-8FA6-7BC6A89650C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{1B80D4E4-9102-44C8-A6D1-803E13761CF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{CF64C254-2D28-4622-8109-2E529DDE77DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{49CC2C6B-448C-4AB8-BDD5-D1183917AEB9}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [UDP Query User{A44287D1-98D1-4C28-8F54-768C67B5B26E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [{C4B3D042-1404-4A79-B05C-FF0EBFAEE775}] => (Allow) C:\Users\Ryan\AppData\Roaming\Andy_45_Online\Setup.exe
    FirewallRules: [{01F1A184-5C08-4362-A9F9-F3A0CA779551}] => (Allow) C:\Users\Ryan\AppData\Roaming\Andy_45_Online\Setup.exe
    FirewallRules: [{E9CF1B92-F4D8-4F1E-9DDD-CDAA90B60274}] => (Allow) C:\Program Files\Andy\Andy.exe
    FirewallRules: [{D4425354-3701-4DF5-97E6-0CC0933DDE65}] => (Allow) C:\Program Files\Andy\Andy.exe
    FirewallRules: [{B99DB44F-3DEF-4573-AB22-A2B257E12176}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{0272A83C-7D8F-4F2C-B504-AE45BE228DA6}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{4B7467C4-130B-4ED5-9A86-E6D27A0D0186}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{3238F108-0193-40FA-93E9-21316F839FF6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2B0434BC-FA17-4FA2-8AC3-0B80083E0B6D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{83C99040-A334-4541-B901-2F88F755E75B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{93AB6FD0-03CE-4EFD-88E4-983D31C760B2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    FirewallRules: [{F201174C-E026-4E16-9B2A-910CC62AC24A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    FirewallRules: [{8FF911B7-EDE5-4FC2-8816-B3D67A1918BD}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    FirewallRules: [{C67C681F-E992-48F0-B359-DBEE346A1805}] => (Block) %ProgramFiles% (x86)\Acoustica Mixcraft 6\mixcraft6.exe
    FirewallRules: [{8D79286D-E2E4-4F3B-A30F-AA3BBB5198FA}] => (Block) %ProgramFiles% (x86)\Acoustica Mixcraft 6\mixcraft6.exe
    FirewallRules: [{A972F418-6729-4F02-B198-C469128B0815}] => (Block) %ProgramFiles% (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
    FirewallRules: [{A9A9E1FE-4306-4EF4-BFD4-3A58BFBA587E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{C00FC7C3-43BD-4B36-B093-72A902F823F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: AODDriver4.2
    Description: AODDriver4.2
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: AODDriver4.2
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/07/2015 03:46:48 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073418154

    Error: (11/06/2015 08:20:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x10006c13
    Faulting process id: 0x1294
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3

    Error: (11/06/2015 07:58:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x10006c13
    Faulting process id: 0x804
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3

    Error: (11/06/2015 07:08:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x10006c13
    Faulting process id: 0x1910
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3

    Error: (11/06/2015 05:35:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x10006c13
    Faulting process id: 0xb18
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3

    Error: (11/06/2015 04:00:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...7BBCD7A8CB4.crt> with error: 12029 (0x2efd).

    Error: (11/06/2015 03:39:18 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvBackend.exe, version: 20.0.15.0, time stamp: 0x560e7004
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0030de71
    Faulting process id: 0x168c
    Faulting application start time: 0xNvBackend.exe0
    Faulting application path: NvBackend.exe1
    Faulting module path: NvBackend.exe2
    Report Id: NvBackend.exe3

    Error: (11/06/2015 03:27:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073418154

    Error: (11/05/2015 09:39:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...7BBCD7A8CB4.crt> with error: 12029 (0x2efd).

    Error: (11/05/2015 09:26:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvBackend.exe, version: 20.0.15.0, time stamp: 0x560e7004
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0046de71
    Faulting process id: 0xc28
    Faulting application start time: 0xNvBackend.exe0
    Faulting application path: NvBackend.exe1
    Faulting module path: NvBackend.exe2
    Report Id: NvBackend.exe3

    System errors:
    =============
    Error: (11/07/2015 05:26:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

    Error: (11/07/2015 05:25:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AODDriver4.2 service failed to start due to the following error:
    %%2

    Error: (11/07/2015 05:25:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The IMF Service service failed to start due to the following error:
    %%2

    Error: (11/07/2015 05:24:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Microsoft Antimalware Service service failed to start due to the following error:
    %%1053

    Error: (11/07/2015 05:24:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.

    Error: (11/07/2015 05:24:55 PM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: 0x00000050 (0xfffff8a007e72000, 0x0000000000000000, 0xfffff800039207be, 0x0000000000000000)C:\Windows\MEMORY.DMP110715-47517-01

    Error: (11/07/2015 05:22:11 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (11/07/2015 05:19:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (11/07/2015 05:13:25 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

    Error: (11/07/2015 05:12:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

    CodeIntegrity:
    ===================================
      Date: 2015-11-07 17:24:16.053
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-07 17:24:16.053
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-07 17:10:00.978
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-07 17:10:00.978
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-07 03:33:10.586
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-07 03:33:10.586
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-07 03:29:00.008
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-07 03:29:00.008
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-06 20:44:23.416
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-06 20:44:23.416
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: AMD Athlon™ II X4 640 Processor
    Percentage of memory in use: 25%
    Total physical RAM: 8191.29 MB
    Available physical RAM: 6128.45 MB
    Total Virtual: 16382.57 MB
    Available Virtual: 13935.72 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:917.79 GB) (Free:448.22 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:13.61 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive j: (Cpt Sea Biscuit) (Fixed) (Total:931.51 GB) (Free:230.78 GB) NTFS
    Drive k: (My Book) (Fixed) (Total:1862.98 GB) (Free:1547.05 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 5A2442D8)
    Partition 1: (Active) - (Size=106 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13.6 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 2B38A14C)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 17B6C2D9)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP
    Forgot to ask.  Do you really have a User called: C:\Users\Mcx1-TYRANT.TyRaNt ?
     
    If it's not supposed to be there then go into Control panel, User Accounts and kill it off.
     
     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that. 
     
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
     
     
     
     Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     

    • 0

    #7
    rct8787

    rct8787

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    I believe TYRANT was either an old user name we had on this comp or its the user name for the laptop we have which is shared with this one.

     

    Here is the fixlog.

     

    Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
    Ran by Ryan (2015-11-08 16:32:20) Run:4
    Running from C:\Users\Ryan\Desktop
    Loaded Profiles: Ryan (Available Profiles: Ryan & Mcx1-TYRANT)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
    FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll [No File]
    R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
    S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [X]
    U3 abbzc7am; C:\Windows\System32\Drivers\abbzc7am.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> DefaultScope {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    Task: {1C617149-1111-4345-AF09-0DE8DF0A9F07} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
    Task: {269066A4-67EB-4300-AE11-7C50D7D61775} - System32\Tasks\ASC7_SkipUac_Ryan => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)

    *****************

    C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe => No running process found
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe => No running process found
    HKLM\Software\Wow6432Node\MozillaPlugins\@gamersfirst.com/LiveLauncher => key not found.
    AdvancedSystemCareService7 => service not found.
    IMFservice => service not found.
    abbzc7am => service not found.
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin => key not found.
    C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C617149-1111-4345-AF09-0DE8DF0A9F07} => key not found.
    C:\Windows\System32\Tasks\ASC7_PerformanceMonitor => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_PerformanceMonitor => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{269066A4-67EB-4300-AE11-7C50D7D61775} => key not found.
    C:\Windows\System32\Tasks\ASC7_SkipUac_Ryan => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_Ryan => key not found.

    ==== End of Fixlog 16:32:23 ====

     

     

     

     

     

     

     

    2015-11-08 11:39:34, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:39:34, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2015-11-08 11:39:36, Info                  CSI    0000000c [SR] Verify complete
    2015-11-08 11:39:36, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:39:36, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2015-11-08 11:39:38, Info                  CSI    00000010 [SR] Verify complete
    2015-11-08 11:39:38, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:39:38, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:39:40, Info                  CSI    00000014 [SR] Verify complete
    2015-11-08 11:39:40, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:39:40, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:39:43, Info                  CSI    00000018 [SR] Verify complete
    2015-11-08 11:39:43, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:39:43, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
    2015-11-08 11:39:45, Info                  CSI    0000001c [SR] Verify complete
    2015-11-08 11:39:45, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:39:45, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
    2015-11-08 11:39:47, Info                  CSI    00000020 [SR] Verify complete
    2015-11-08 11:39:47, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:39:47, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:39:51, Info                  CSI    00000024 [SR] Verify complete
    2015-11-08 11:39:51, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:39:51, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:39:58, Info                  CSI    00000028 [SR] Verify complete
    2015-11-08 11:39:58, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:39:58, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
    2015-11-08 11:40:02, Info                  CSI    0000002c [SR] Verify complete
    2015-11-08 11:40:02, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:40:02, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
    2015-11-08 11:40:06, Info                  CSI    00000030 [SR] Verify complete
    2015-11-08 11:40:06, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:40:06, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:40:10, Info                  CSI    00000034 [SR] Verify complete
    2015-11-08 11:40:10, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:40:10, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:40:14, Info                  CSI    00000038 [SR] Verify complete
    2015-11-08 11:40:15, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:40:15, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
    2015-11-08 11:40:23, Info                  CSI    0000003c [SR] Verify complete
    2015-11-08 11:40:23, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:40:23, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
    2015-11-08 11:40:29, Info                  CSI    00000040 [SR] Verify complete
    2015-11-08 11:40:30, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:40:30, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:40:35, Info                  CSI    00000044 [SR] Verify complete
    2015-11-08 11:40:35, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:40:35, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:40:44, Info                  CSI    00000049 [SR] Verify complete
    2015-11-08 11:40:44, Info                  CSI    0000004a [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:40:44, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
    2015-11-08 11:40:58, Info                  CSI    0000004f [SR] Verify complete
    2015-11-08 11:40:58, Info                  CSI    00000050 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:40:58, Info                  CSI    00000051 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:41:05, Info                  CSI    00000054 [SR] Verify complete
    2015-11-08 11:41:05, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:41:05, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:41:11, Info                  CSI    00000059 [SR] Verify complete
    2015-11-08 11:41:12, Info                  CSI    0000005a [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:41:12, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
    2015-11-08 11:41:19, Info                  CSI    0000005d [SR] Verify complete
    2015-11-08 11:41:19, Info                  CSI    0000005e [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:41:19, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
    2015-11-08 11:41:29, Info                  CSI    00000081 [SR] Verify complete
    2015-11-08 11:41:29, Info                  CSI    00000082 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:41:29, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:41:35, Info                  CSI    00000088 [SR] Verify complete
    2015-11-08 11:41:35, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:41:35, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
    2015-11-08 11:41:41, Info                  CSI    0000008c [SR] Verify complete
    2015-11-08 11:41:41, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:41:41, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
    2015-11-08 11:41:45, Info                  CSI    00000090 [SR] Verify complete
    2015-11-08 11:41:45, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:41:45, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:41:49, Info                  CSI    00000094 [SR] Verify complete
    2015-11-08 11:41:49, Info                  CSI    00000095 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:41:49, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:41:54, Info                  CSI    00000098 [SR] Verify complete
    2015-11-08 11:41:54, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:41:54, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
    2015-11-08 11:42:02, Info                  CSI    000000bd [SR] Verify complete
    2015-11-08 11:42:02, Info                  CSI    000000be [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:42:02, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
    2015-11-08 11:42:10, Info                  CSI    000000c1 [SR] Verify complete
    2015-11-08 11:42:11, Info                  CSI    000000c2 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:42:11, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:42:31, Info                  CSI    000000c5 [SR] Verify complete
    2015-11-08 11:42:31, Info                  CSI    000000c6 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:42:31, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:42:35, Info                  CSI    000000cb [SR] Verify complete
    2015-11-08 11:42:35, Info                  CSI    000000cc [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:42:35, Info                  CSI    000000cd [SR] Beginning Verify and Repair transaction
    2015-11-08 11:42:37, Info                  CSI    000000cf [SR] Verify complete
    2015-11-08 11:42:37, Info                  CSI    000000d0 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:42:37, Info                  CSI    000000d1 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:42:39, Info                  CSI    000000d3 [SR] Verify complete
    2015-11-08 11:42:39, Info                  CSI    000000d4 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:42:39, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:42:46, Info                  CSI    000000e6 [SR] Verify complete
    2015-11-08 11:42:46, Info                  CSI    000000e7 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:42:46, Info                  CSI    000000e8 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:42:50, Info                  CSI    000000ec [SR] Verify complete
    2015-11-08 11:42:50, Info                  CSI    000000ed [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:42:50, Info                  CSI    000000ee [SR] Beginning Verify and Repair transaction
    2015-11-08 11:42:51, Info                  CSI    000000f0 [SR] Verify complete
    2015-11-08 11:42:51, Info                  CSI    000000f1 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:42:51, Info                  CSI    000000f2 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:42:54, Info                  CSI    000000f4 [SR] Verify complete
    2015-11-08 11:42:54, Info                  CSI    000000f5 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:42:54, Info                  CSI    000000f6 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:42:58, Info                  CSI    000000f8 [SR] Verify complete
    2015-11-08 11:42:58, Info                  CSI    000000f9 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:42:58, Info                  CSI    000000fa [SR] Beginning Verify and Repair transaction
    2015-11-08 11:43:04, Info                  CSI    000000fe [SR] Verify complete
    2015-11-08 11:43:04, Info                  CSI    000000ff [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:43:04, Info                  CSI    00000100 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:43:07, Info                  CSI    00000102 [SR] Verify complete
    2015-11-08 11:43:08, Info                  CSI    00000103 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:43:08, Info                  CSI    00000104 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:43:09, Info                  CSI    00000106 [SR] Verify complete
    2015-11-08 11:43:10, Info                  CSI    00000107 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:43:10, Info                  CSI    00000108 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:43:15, Info                  CSI    0000010a [SR] Verify complete
    2015-11-08 11:43:15, Info                  CSI    0000010b [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:43:15, Info                  CSI    0000010c [SR] Beginning Verify and Repair transaction
    2015-11-08 11:43:19, Info                  CSI    0000010e [SR] Verify complete
    2015-11-08 11:43:20, Info                  CSI    0000010f [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:43:20, Info                  CSI    00000110 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:43:24, Info                  CSI    00000112 [SR] Verify complete
    2015-11-08 11:43:24, Info                  CSI    00000113 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:43:24, Info                  CSI    00000114 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:43:32, Info                  CSI    00000120 [SR] Verify complete
    2015-11-08 11:43:32, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:43:32, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:43:37, Info                  CSI    00000130 [SR] Verify complete
    2015-11-08 11:43:37, Info                  CSI    00000131 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:43:37, Info                  CSI    00000132 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:43:48, Info                  CSI    00000134 [SR] Verify complete
    2015-11-08 11:43:48, Info                  CSI    00000135 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:43:48, Info                  CSI    00000136 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:43:52, Info                  CSI    00000138 [SR] Verify complete
    2015-11-08 11:43:52, Info                  CSI    00000139 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:43:52, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:02, Info                  CSI    0000013d [SR] Verify complete
    2015-11-08 11:44:02, Info                  CSI    0000013e [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:02, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:07, Info                  CSI    00000141 [SR] Verify complete
    2015-11-08 11:44:08, Info                  CSI    00000142 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:08, Info                  CSI    00000143 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:11, Info                  CSI    00000145 [SR] Verify complete
    2015-11-08 11:44:12, Info                  CSI    00000146 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:12, Info                  CSI    00000147 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:15, Info                  CSI    00000149 [SR] Verify complete
    2015-11-08 11:44:15, Info                  CSI    0000014a [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:15, Info                  CSI    0000014b [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:18, Info                  CSI    0000014f [SR] Verify complete
    2015-11-08 11:44:18, Info                  CSI    00000150 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:18, Info                  CSI    00000151 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:28, Info                  CSI    00000153 [SR] Verify complete
    2015-11-08 11:44:29, Info                  CSI    00000154 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:29, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:33, Info                  CSI    00000158 [SR] Verify complete
    2015-11-08 11:44:34, Info                  CSI    00000159 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:34, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:38, Info                  CSI    0000015c [SR] Verify complete
    2015-11-08 11:44:38, Info                  CSI    0000015d [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:38, Info                  CSI    0000015e [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:42, Info                  CSI    00000161 [SR] Verify complete
    2015-11-08 11:44:43, Info                  CSI    00000162 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:43, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:49, Info                  CSI    00000166 [SR] Verify complete
    2015-11-08 11:44:50, Info                  CSI    00000167 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:50, Info                  CSI    00000168 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:54, Info                  CSI    0000016a [SR] Verify complete
    2015-11-08 11:44:54, Info                  CSI    0000016b [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:54, Info                  CSI    0000016c [SR] Beginning Verify and Repair transaction
    2015-11-08 11:44:57, Info                  CSI    0000016e [SR] Verify complete
    2015-11-08 11:44:58, Info                  CSI    0000016f [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:44:58, Info                  CSI    00000170 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:01, Info                  CSI    00000172 [SR] Verify complete
    2015-11-08 11:45:01, Info                  CSI    00000173 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:01, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:07, Info                  CSI    00000177 [SR] Verify complete
    2015-11-08 11:45:07, Info                  CSI    00000178 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:07, Info                  CSI    00000179 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:10, Info                  CSI    0000017b [SR] Verify complete
    2015-11-08 11:45:11, Info                  CSI    0000017c [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:11, Info                  CSI    0000017d [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:15, Info                  CSI    00000180 [SR] Verify complete
    2015-11-08 11:45:15, Info                  CSI    00000181 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:15, Info                  CSI    00000182 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:20, Info                  CSI    00000185 [SR] Verify complete
    2015-11-08 11:45:20, Info                  CSI    00000186 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:20, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:24, Info                  CSI    0000018a [SR] Verify complete
    2015-11-08 11:45:24, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:24, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:29, Info                  CSI    0000018e [SR] Verify complete
    2015-11-08 11:45:29, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:29, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:34, Info                  CSI    00000193 [SR] Verify complete
    2015-11-08 11:45:34, Info                  CSI    00000194 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:34, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:37, Info                  CSI    00000197 [SR] Verify complete
    2015-11-08 11:45:37, Info                  CSI    00000198 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:37, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:40, Info                  CSI    0000019b [SR] Verify complete
    2015-11-08 11:45:40, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:40, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:44, Info                  CSI    0000019f [SR] Verify complete
    2015-11-08 11:45:44, Info                  CSI    000001a0 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:44, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:48, Info                  CSI    000001a3 [SR] Verify complete
    2015-11-08 11:45:48, Info                  CSI    000001a4 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:48, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:52, Info                  CSI    000001a7 [SR] Verify complete
    2015-11-08 11:45:52, Info                  CSI    000001a8 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:52, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:54, Info                  CSI    000001ab [SR] Verify complete
    2015-11-08 11:45:54, Info                  CSI    000001ac [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:54, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
    2015-11-08 11:45:59, Info                  CSI    000001af [SR] Verify complete
    2015-11-08 11:45:59, Info                  CSI    000001b0 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:45:59, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:46:15, Info                  CSI    000001b3 [SR] Verify complete
    2015-11-08 11:46:15, Info                  CSI    000001b4 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:46:15, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:46:30, Info                  CSI    000001b7 [SR] Verify complete
    2015-11-08 11:46:30, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:46:30, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:46:36, Info                  CSI    000001bb [SR] Verify complete
    2015-11-08 11:46:36, Info                  CSI    000001bc [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:46:36, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
    2015-11-08 11:46:39, Info                  CSI    000001bf [SR] Verify complete
    2015-11-08 11:46:39, Info                  CSI    000001c0 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:46:39, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:46:41, Info                  CSI    000001c3 [SR] Verify complete
    2015-11-08 11:46:42, Info                  CSI    000001c4 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:46:42, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:46:45, Info                  CSI    000001c7 [SR] Verify complete
    2015-11-08 11:46:45, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:46:45, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:46:51, Info                  CSI    000001d1 [SR] Verify complete
    2015-11-08 11:46:51, Info                  CSI    000001d2 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:46:51, Info                  CSI    000001d3 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:46:54, Info                  CSI    000001d5 [SR] Verify complete
    2015-11-08 11:46:54, Info                  CSI    000001d6 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:46:54, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:46:56, Info                  CSI    000001d9 [SR] Verify complete
    2015-11-08 11:46:56, Info                  CSI    000001da [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:46:56, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
    2015-11-08 11:46:59, Info                  CSI    000001dd [SR] Verify complete
    2015-11-08 11:46:59, Info                  CSI    000001de [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:46:59, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:02, Info                  CSI    000001e1 [SR] Verify complete
    2015-11-08 11:47:02, Info                  CSI    000001e2 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:02, Info                  CSI    000001e3 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:07, Info                  CSI    000001e6 [SR] Verify complete
    2015-11-08 11:47:07, Info                  CSI    000001e7 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:07, Info                  CSI    000001e8 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:12, Info                  CSI    000001ea [SR] Verify complete
    2015-11-08 11:47:12, Info                  CSI    000001eb [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:12, Info                  CSI    000001ec [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:14, Info                  CSI    000001ee [SR] Verify complete
    2015-11-08 11:47:14, Info                  CSI    000001ef [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:14, Info                  CSI    000001f0 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:19, Info                  CSI    000001f3 [SR] Verify complete
    2015-11-08 11:47:19, Info                  CSI    000001f4 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:19, Info                  CSI    000001f5 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:28, Info                  CSI    000001f9 [SR] Verify complete
    2015-11-08 11:47:28, Info                  CSI    000001fa [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:28, Info                  CSI    000001fb [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:32, Info                  CSI    00000200 [SR] Verify complete
    2015-11-08 11:47:32, Info                  CSI    00000201 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:32, Info                  CSI    00000202 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:37, Info                  CSI    0000020a [SR] Verify complete
    2015-11-08 11:47:37, Info                  CSI    0000020b [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:37, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:43, Info                  CSI    00000216 [SR] Verify complete
    2015-11-08 11:47:43, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:43, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:47, Info                  CSI    0000021a [SR] Verify complete
    2015-11-08 11:47:47, Info                  CSI    0000021b [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:47, Info                  CSI    0000021c [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:50, Info                  CSI    00000220 [SR] Verify complete
    2015-11-08 11:47:50, Info                  CSI    00000221 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:50, Info                  CSI    00000222 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:52, Info                  CSI    00000224 [SR] Verify complete
    2015-11-08 11:47:52, Info                  CSI    00000225 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:52, Info                  CSI    00000226 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:47:58, Info                  CSI    0000024b [SR] Verify complete
    2015-11-08 11:47:58, Info                  CSI    0000024c [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:47:58, Info                  CSI    0000024d [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:01, Info                  CSI    0000024f [SR] Verify complete
    2015-11-08 11:48:01, Info                  CSI    00000250 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:01, Info                  CSI    00000251 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:04, Info                  CSI    00000253 [SR] Verify complete
    2015-11-08 11:48:04, Info                  CSI    00000254 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:04, Info                  CSI    00000255 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:07, Info                  CSI    00000257 [SR] Verify complete
    2015-11-08 11:48:07, Info                  CSI    00000258 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:07, Info                  CSI    00000259 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:09, Info                  CSI    00000267 [SR] Verify complete
    2015-11-08 11:48:09, Info                  CSI    00000268 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:09, Info                  CSI    00000269 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:16, Info                  CSI    0000026b [SR] Verify complete
    2015-11-08 11:48:16, Info                  CSI    0000026c [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:16, Info                  CSI    0000026d [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:21, Info                  CSI    0000027b [SR] Verify complete
    2015-11-08 11:48:21, Info                  CSI    0000027c [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:21, Info                  CSI    0000027d [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:23, Info                  CSI    0000027f [SR] Verify complete
    2015-11-08 11:48:23, Info                  CSI    00000280 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:23, Info                  CSI    00000281 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:27, Info                  CSI    00000284 [SR] Verify complete
    2015-11-08 11:48:27, Info                  CSI    00000285 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:27, Info                  CSI    00000286 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:30, Info                  CSI    00000288 [SR] Verify complete
    2015-11-08 11:48:30, Info                  CSI    00000289 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:30, Info                  CSI    0000028a [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:32, Info                  CSI    0000028c [SR] Verify complete
    2015-11-08 11:48:32, Info                  CSI    0000028d [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:32, Info                  CSI    0000028e [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:38, Info                  CSI    00000290 [SR] Verify complete
    2015-11-08 11:48:38, Info                  CSI    00000291 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:38, Info                  CSI    00000292 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:42, Info                  CSI    00000294 [SR] Verify complete
    2015-11-08 11:48:42, Info                  CSI    00000295 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:42, Info                  CSI    00000296 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:48, Info                  CSI    000002b0 [SR] Verify complete
    2015-11-08 11:48:48, Info                  CSI    000002b1 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:48, Info                  CSI    000002b2 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:48:52, Info                  CSI    000002b4 [SR] Verify complete
    2015-11-08 11:48:52, Info                  CSI    000002b5 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:48:52, Info                  CSI    000002b6 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:02, Info                  CSI    000002b8 [SR] Verify complete
    2015-11-08 11:49:02, Info                  CSI    000002b9 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:02, Info                  CSI    000002ba [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:05, Info                  CSI    000002bc [SR] Verify complete
    2015-11-08 11:49:05, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:05, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:08, Info                  CSI    000002c2 [SR] Verify complete
    2015-11-08 11:49:08, Info                  CSI    000002c3 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:08, Info                  CSI    000002c4 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:11, Info                  CSI    000002c6 [SR] Verify complete
    2015-11-08 11:49:11, Info                  CSI    000002c7 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:11, Info                  CSI    000002c8 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:15, Info                  CSI    000002ca [SR] Verify complete
    2015-11-08 11:49:15, Info                  CSI    000002cb [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:15, Info                  CSI    000002cc [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:18, Info                  CSI    000002ce [SR] Verify complete
    2015-11-08 11:49:18, Info                  CSI    000002cf [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:18, Info                  CSI    000002d0 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:21, Info                  CSI    000002d3 [SR] Verify complete
    2015-11-08 11:49:21, Info                  CSI    000002d4 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:21, Info                  CSI    000002d5 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:24, Info                  CSI    000002d7 [SR] Verify complete
    2015-11-08 11:49:24, Info                  CSI    000002d8 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:24, Info                  CSI    000002d9 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:27, Info                  CSI    000002db [SR] Verify complete
    2015-11-08 11:49:28, Info                  CSI    000002dc [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:28, Info                  CSI    000002dd [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:31, Info                  CSI    000002df [SR] Verify complete
    2015-11-08 11:49:31, Info                  CSI    000002e0 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:31, Info                  CSI    000002e1 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:36, Info                  CSI    000002e4 [SR] Verify complete
    2015-11-08 11:49:36, Info                  CSI    000002e5 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:36, Info                  CSI    000002e6 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:39, Info                  CSI    000002e8 [SR] Verify complete
    2015-11-08 11:49:40, Info                  CSI    000002e9 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:40, Info                  CSI    000002ea [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:43, Info                  CSI    000002ec [SR] Verify complete
    2015-11-08 11:49:43, Info                  CSI    000002ed [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:43, Info                  CSI    000002ee [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:46, Info                  CSI    000002f0 [SR] Verify complete
    2015-11-08 11:49:46, Info                  CSI    000002f1 [SR] Verifying 100 (0x0000000000000064) components
    2015-11-08 11:49:46, Info                  CSI    000002f2 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:49, Info                  CSI    000002f4 [SR] Verify complete
    2015-11-08 11:49:49, Info                  CSI    000002f5 [SR] Verifying 12 (0x000000000000000c) components
    2015-11-08 11:49:49, Info                  CSI    000002f6 [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:49, Info                  CSI    000002f8 [SR] Verify complete
    2015-11-08 11:49:49, Info                  CSI    000002f9 [SR] Repairing 0 components
    2015-11-08 11:49:49, Info                  CSI    000002fa [SR] Beginning Verify and Repair transaction
    2015-11-08 11:49:49, Info                  CSI    000002fc [SR] Repair complete
     


    Edited by rct8787, 08 November 2015 - 03:43 PM.

    • 0

    #8
    rct8787

    rct8787

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Heres the first log for EVT.

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 08/11/2015 4:27:24 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 08/11/2015 6:09:14 PM
    Type: Error Category: 0
    Event: 7022 Source: Service Control Manager
    The Windows Update service hung on starting.

    Log: 'System' Date/Time: 08/11/2015 6:03:50 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

    Log: 'System' Date/Time: 08/11/2015 6:03:05 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The AODDriver4.2 service failed to start due to the following error:  The system cannot find the file specified.

    Log: 'System' Date/Time: 08/11/2015 6:02:46 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Microsoft Antimalware Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 08/11/2015 6:02:46 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.

    Log: 'System' Date/Time: 08/11/2015 6:02:47 PM
    Type: Error Category: 0
    Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
    The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff8a01e2b9000, 0x0000000000000000, 0xfffff800038f07be, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .

    Log: 'System' Date/Time: 08/11/2015 6:02:47 PM
    Type: Error Category: 0
    Event: 1005 Source: Microsoft-Windows-WER-SystemErrorReporting
    Unable to produce a minidump file from the full dump file.

    Log: 'System' Date/Time: 08/11/2015 6:02:46 PM
    Type: Error Category: 0
    Event: 6008 Source: EventLog
    The previous system shutdown at 1:00:36 PM on ?11/?8/?2015 was unexpected.

    Log: 'System' Date/Time: 08/11/2015 4:38:45 PM
    Type: Error Category: 0
    Event: 7022 Source: Service Control Manager
    The Windows Update service hung on starting.

    Log: 'System' Date/Time: 08/11/2015 4:30:47 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

    Log: 'System' Date/Time: 08/11/2015 4:29:23 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The AODDriver4.2 service failed to start due to the following error:  The system cannot find the file specified.

    Log: 'System' Date/Time: 08/11/2015 4:29:03 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Microsoft Antimalware Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 08/11/2015 4:29:03 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.

    Log: 'System' Date/Time: 08/11/2015 4:27:14 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 08/11/2015 6:04:18 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#18E391066476&1#.

    Log: 'System' Date/Time: 08/11/2015 6:03:54 PM
    Type: Warning Category: 0
    Event: 2511 Source: Server
    The server service was unable to recreate the share My Apps2 because the directory J:\ProgramData\BlueStacks\UserData\Library\My Apps no longer exists.  Please run "net share My Apps2 /delete" to delete the share, or recreate the directory J:\ProgramData\BlueStacks\UserData\Library\My Apps.

    Log: 'System' Date/Time: 08/11/2015 6:02:12 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WDC_SAM failed to load for the device USBSTOR\Other&Ven_WD&Prod_SES_Device&Rev_1065\574343344E36584A50395454&1.

    Log: 'System' Date/Time: 08/11/2015 4:31:14 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#18E391066476&1#.

    Log: 'System' Date/Time: 08/11/2015 4:30:53 PM
    Type: Warning Category: 0
    Event: 2511 Source: Server
    The server service was unable to recreate the share My Apps2 because the directory J:\ProgramData\BlueStacks\UserData\Library\My Apps no longer exists.  Please run "net share My Apps2 /delete" to delete the share, or recreate the directory J:\ProgramData\BlueStacks\UserData\Library\My Apps.

    Log: 'System' Date/Time: 08/11/2015 4:28:30 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WDC_SAM failed to load for the device USBSTOR\Other&Ven_WD&Prod_SES_Device&Rev_1065\574343344E36584A50395454&1.

    Log: 'System' Date/Time: 08/11/2015 4:27:17 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 08/11/2015 4:27:17 PM
    Type: Warning Category: 0
    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\RAIHV.dll


    • 0

    #9
    rct8787

    rct8787

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Heres the second log for EVT and the second run of FRST. Thanks!

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 08/11/2015 4:37:08 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

     

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
    Ran by Ryan (administrator) on TYRANT (08-11-2015 16:38:46)
    Running from C:\Users\Ryan\Desktop
    Loaded Profiles: Ryan (Available Profiles: Ryan & Mcx1-TYRANT)
    Platform: Windows 7 Home Premium (X64) Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Scarlet.Crush Productions) C:\Users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Google Inc.) C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    (Google Inc.) C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Ralink Technology, Inc.) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
    (Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-16] (Realtek Semiconductor)
    HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [MusicManager] => C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {06b1c984-7711-11e2-a913-64315026845a} - L:\setup.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {06c1d821-d35e-11e3-b6d5-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {06c1d861-d35e-11e3-b6d5-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {13d77c52-4435-11e2-952f-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {1e2ce8dd-d97b-11e2-a9f3-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {3a8b3440-30e7-11e2-98fe-64315026845a} - L:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {4ebcf890-7388-11e3-a721-64315026845a} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {606be1b5-eaf0-11e0-a777-64315026845a} - K:\Setup.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {6d888469-40c7-11e5-b7e9-98588a02a5c8} - M:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {8e6ca0ca-81e3-11e4-8d63-64315026845a} - K:\MotorolaDeviceManagerSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {8f88ea8f-6d6b-11e4-9313-001122987654} - K:\MotoCastSetup.exe -a
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MountPoints2: {ebb353ff-8e6b-11e4-af1e-64315026845a} - K:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\DREAMA~1.SCR [94208 2006-10-09] ()
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-11-08] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-01-19]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2013-01-09]
    ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaWiFi.exe (Ralink Technology, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 127.0.0.1  nlsk.neulion.com
    Tcpip\..\Interfaces\{BBF9F091-EADE-4E1C-AB76-D5897FD5207B}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{C4349D22-40F8-480F-AD78-E820B327C557}: [DhcpNameServer] 209.18.47.61 209.18.47.62

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> DefaultScope {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
    SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2012-05-14] (Nexon)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.yahoo.com/
    CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
    CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
    CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
    CHR Extension: (Dark Vibe) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2013-10-15]
    CHR Extension: (Google Play Music) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-04]
    CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
    CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
    R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [82384 2015-08-06] (American Megatrends Inc.)
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-11] (BitRaider, LLC)
    S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
    R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
    R2 Ds3Service; C:\Users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe [381952 2014-06-29] (Scarlet.Crush Productions) [File not signed]
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4302576 2012-08-15] (INCA Internet Co., Ltd.) [File not signed]
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-17] ()
    R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
    R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
    S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [295128 2015-05-16] (Realtek Semiconductor)
    S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
    R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
    R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [191488 2012-11-05] () [File not signed]
    R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-11-05] (Wyse Technology.) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-01-19] (Broadcom Corporation.)
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
    R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
    S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
    S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-14] (DT Soft Ltd)
    R1 DuoVMDrv; C:\Windows\System32\DRIVERS\DuoVMDrv.sys [239536 2015-07-31] (American Megatrends Inc.)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-30] (REALiX™)
    S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
    S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
    S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [555736 2014-04-27] (Realtek Semiconductor Corporation)
    R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2014-04-27] (Scarlet.Crush Productions)
    S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX64.sys [57312 2008-06-14] (Ray Hinchliffe)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-14] (Duplex Secure Ltd.)
    S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
    S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [20992 2013-04-11] (Windows ® Win 7 DDK provider)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    U3 aakknbsz; C:\Windows\System32\Drivers\aakknbsz.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-08 16:31 - 2015-11-08 16:31 - 00001363 _____ C:\Users\Ryan\Downloads\fixlist.txt
    2015-11-08 16:27 - 2015-11-08 16:37 - 00000467 _____ C:\VEW.txt
    2015-11-08 16:27 - 2015-11-08 16:27 - 00006063 _____ C:\Users\Ryan\Desktop\VEW.txt
    2015-11-08 16:25 - 2015-11-08 16:25 - 00061440 _____ ( ) C:\Users\Ryan\Desktop\VEW.exe
    2015-11-08 03:01 - 2015-11-08 03:01 - 00000000 ____D C:\Windows\system32\SPReview
    2015-11-07 17:24 - 2015-11-08 13:02 - 1045600882 _____ C:\Windows\MEMORY.DMP
    2015-11-07 17:24 - 2015-11-07 17:24 - 00268928 _____ C:\Windows\Minidump\110715-47517-01.dmp
    2015-11-07 17:13 - 2015-11-07 17:13 - 03550700 _____ C:\Windows\system32\CFG2364854530
    2015-11-06 20:45 - 2015-11-08 13:02 - 00000504 _____ C:\Windows\setupact.log
    2015-11-06 20:45 - 2015-11-06 20:45 - 00000000 _____ C:\Windows\setuperr.log
    2015-11-06 20:38 - 2015-11-07 17:24 - 00022812 _____ C:\Windows\PFRO.log
    2015-11-06 20:37 - 2015-11-06 20:37 - 00000000 _____ C:\asc_rdflag
    2015-11-06 20:34 - 2015-11-06 20:34 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Ryan\Downloads\mbam-clean-2.1.1.1001.exe
    2015-11-06 20:32 - 2015-11-06 20:32 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Ryan\Downloads\tdsskiller.exe
    2015-11-06 20:30 - 2015-11-06 20:35 - 00001238 _____ C:\Users\Ryan\Desktop\FixExec.txt
    2015-11-06 20:30 - 2015-11-06 20:30 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\FixExec.exe
    2015-11-06 20:26 - 2015-11-06 20:26 - 01801288 _____ (Malwarebytes) C:\Users\Ryan\Desktop\JRT.exe
    2015-11-06 20:20 - 2015-11-06 20:20 - 00000070 _____ C:\Windows\RAVTC.TMP
    2015-11-06 20:13 - 2015-11-06 20:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.09.3.1001.exe
    2015-11-06 19:59 - 2015-11-06 19:59 - 29619504 _____ (IObit ) C:\Users\Ryan\Downloads\IObit-Malware-Fighter-Setup.exe
    2015-11-06 19:20 - 2015-11-06 19:21 - 22908888 _____ (Malwarebytes ) C:\Users\Ryan\Downloads\mbam-setup-2.2.0.1024.exe
    2015-11-06 19:11 - 2015-11-07 17:36 - 00000000 ____D C:\AdwCleaner
    2015-11-06 19:10 - 2015-11-06 19:10 - 01713664 _____ C:\Users\Ryan\Desktop\AdwCleaner.exe
    2015-11-06 19:01 - 2015-11-07 17:30 - 00092599 _____ C:\Users\Ryan\Desktop\Addition.txt
    2015-11-06 18:59 - 2015-11-08 16:38 - 00024814 _____ C:\Users\Ryan\Desktop\FRST.txt
    2015-11-06 18:59 - 2015-11-08 16:38 - 00000000 ____D C:\FRST
    2015-11-06 18:54 - 2015-11-06 18:54 - 02198528 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
    2015-11-06 18:53 - 2015-11-06 18:54 - 00000234 _____ C:\Users\Ryan\Desktop\New Text Document.txt
    2015-11-06 17:33 - 2015-11-06 17:33 - 00076814 _____ C:\Users\Ryan\Desktop\runscanner.log
    2015-11-06 17:27 - 2015-11-06 17:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Runscanner.net
    2015-11-06 17:26 - 2015-11-06 17:27 - 00000000 ____D C:\runscanner
    2015-11-06 17:18 - 2015-11-06 17:18 - 05200384 _____ (AVAST Software) C:\Users\Ryan\Downloads\aswmbr
    2015-11-05 21:02 - 2015-11-06 20:20 - 00000000 ____D C:\Program Files (x86)\Panda Security
    2015-11-05 21:01 - 2015-11-06 20:20 - 00000000 ____D C:\ProgramData\Panda Security
    2015-11-05 21:01 - 2015-11-05 21:01 - 02113152 _____ C:\Users\Ryan\Downloads\PANDAFREEAV.exe
    2015-11-05 18:01 - 2015-11-01 10:18 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-11-04 21:49 - 2015-11-04 21:49 - 02924672 _____ (AVG Technologies) C:\Users\Ryan\Downloads\AVG_Protection_Free_698.exe
    2015-11-04 21:36 - 2015-11-04 21:36 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Ryan\Downloads\avast_free_antivirus_setup_online_cnet.exe
    2015-10-31 14:05 - 2015-10-31 14:05 - 00012169 _____ C:\Users\Ryan\Downloads\[kat.cr]family.feud.decades.wbfs.sfae41.ntsc.wiigm.torrent
    2015-10-31 14:05 - 2015-10-31 14:05 - 00000000 ____D C:\Users\Ryan\Downloads\SFAE41 Family Feud Decades
    2015-10-25 19:14 - 2015-10-02 21:18 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-10-25 19:12 - 2015-10-03 00:06 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 22306936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 18359928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 16541040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 15002304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 14832968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 13518496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 12032200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 11114616 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-10-25 19:12 - 2015-10-03 00:06 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 02489976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00689456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00414000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2015-10-25 19:12 - 2015-10-03 00:06 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2015-10-25 10:16 - 2015-10-25 10:16 - 00001054 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
    2015-10-25 10:16 - 2015-10-25 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    2015-10-25 09:56 - 2015-10-25 09:56 - 00000000 ____D C:\Users\Ryan\Documents\The Witcher 3
    2015-10-25 09:14 - 2015-10-25 09:15 - 318801672 _____ ( ) C:\Users\Ryan\Downloads\witcher3_patch_1.01.exe
    2015-10-23 16:21 - 2015-10-23 17:04 - 00000000 ____D C:\Users\Ryan\Downloads\The.Witcher.3.Wild.Hunt.Patch.v1.10-GOG
    2015-10-23 16:21 - 2015-10-23 16:36 - 00000000 ____D C:\Users\Ryan\Downloads\The.Witcher.3.Wild.Hunt.Hearts.of.Stone-GOG
    2015-10-23 13:25 - 2015-10-23 14:20 - 00000000 ____D C:\Users\Ryan\Downloads\The Witcher 3 Wild Hunt
    2015-10-22 18:06 - 2015-10-22 20:11 - 00000000 ____D C:\Program Files (x86)\BlueStacks
    2015-10-22 18:06 - 2015-10-22 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
    2015-10-22 18:06 - 2015-10-22 18:06 - 00000000 ____D C:\ProgramData\BlueStacks
    2015-10-22 18:05 - 2015-10-22 18:05 - 00000000 ____D C:\Users\Ryan\AppData\Local\Bluestacks
    2015-10-22 18:02 - 2015-10-22 18:04 - 265913504 _____ C:\Users\Ryan\Downloads\BlueStacksAppPlayer_0.9.30.4239_by_AJacobs_Rooted_BSEasy.exe
    2015-10-22 17:48 - 2015-10-22 17:48 - 00001127 _____ C:\Users\Public\Desktop\Star Wars Battlefront II.lnk
    2015-10-22 17:48 - 2015-10-22 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
    2015-10-22 16:18 - 2015-10-22 16:18 - 00000000 ____D C:\Users\Ryan\Downloads\Star Wars Battlefront II
    2015-10-13 19:05 - 2015-10-13 19:06 - 00000000 ____D C:\Users\Ryan\Downloads\Acoustica Mixcraft v6.1 Build 204 with Key [TorDigger]
    2015-10-12 19:45 - 2015-10-12 19:45 - 02317104 _____ (Microsoft Corporation) C:\Windows\system32\coin97itp.dll
    2015-10-12 19:45 - 2015-10-12 19:45 - 01804696 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
    2015-10-12 19:45 - 2015-10-12 19:45 - 00068912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\point64.sys
    2015-10-12 19:44 - 2015-10-12 19:44 - 02317104 _____ (Microsoft Corporation) C:\Windows\system32\coin97ip.dll
    2015-10-12 19:44 - 2015-10-12 19:44 - 00095024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dc3d.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-08 15:47 - 2012-04-29 15:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-11-08 13:14 - 2011-01-26 11:19 - 01536587 _____ C:\Windows\WindowsUpdate.log
    2015-11-08 13:14 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-11-08 13:14 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-11-08 13:09 - 2015-08-20 17:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Kodi
    2015-11-08 13:02 - 2013-08-05 18:43 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-11-08 13:02 - 2013-01-21 13:51 - 00000000 ____D C:\Windows\Minidump
    2015-11-08 13:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-11-07 17:21 - 2015-05-17 08:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2015-11-07 17:10 - 2013-10-15 17:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-11-07 17:10 - 2013-10-15 17:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-11-07 17:10 - 2013-02-02 11:59 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA.job
    2015-11-07 16:56 - 2012-01-06 19:41 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2015-11-07 16:56 - 2012-01-06 19:39 - 00000000 ____D C:\Program Files (x86)\Image-Line
    2015-11-07 03:35 - 2014-03-19 20:45 - 00000000 ____D C:\ProgramData\ProductData
    2015-11-07 03:29 - 2013-02-02 11:59 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core.job
    2015-11-06 20:51 - 2011-09-26 13:32 - 00123136 _____ C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-11-06 20:39 - 2009-07-13 23:45 - 00475984 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-11-06 20:37 - 2014-04-07 02:28 - 99581952 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
    2015-11-06 20:37 - 2014-04-07 02:28 - 00401408 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
    2015-11-06 20:37 - 2014-04-07 02:28 - 00061440 _____ C:\Windows\system32\config\SAM.iodefrag.bak
    2015-11-06 20:37 - 2014-04-07 02:28 - 00028672 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
    2015-11-06 20:37 - 2011-09-26 13:28 - 00000000 ____D C:\Users\Ryan
    2015-11-06 20:20 - 2011-12-23 13:21 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
    2015-11-06 19:12 - 2009-07-14 00:13 - 00784956 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-11-05 22:39 - 2015-05-16 15:06 - 00000000 ____D C:\Users\Mcx1-TYRANT.TyRaNt
    2015-11-05 22:38 - 2014-06-10 12:16 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\ProductData
    2015-11-05 22:38 - 2013-10-18 18:19 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-11-05 22:38 - 2013-10-15 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-11-05 22:38 - 2013-10-15 17:42 - 00000000 ____D C:\Program Files (x86)\Google
    2015-11-05 22:38 - 2012-01-16 10:50 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2015-11-05 22:38 - 2011-01-26 11:43 - 00000000 ____D C:\ProgramData\RoxioNow
    2015-11-05 22:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
    2015-11-05 21:14 - 2011-01-27 00:27 - 00000000 ____D C:\ProgramData\Recovery
    2015-11-01 02:40 - 2011-09-29 19:39 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\uTorrent
    2015-10-29 02:31 - 2014-07-02 13:25 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
    2015-10-28 13:27 - 2011-09-28 07:55 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
    2015-10-25 19:14 - 2013-08-05 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2015-10-25 19:14 - 2013-08-05 18:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2015-10-25 19:14 - 2012-02-23 21:37 - 00000000 ____D C:\Temp
    2015-10-25 14:27 - 2015-09-10 17:38 - 00003116 ____H C:\Users\Ryan\.swfinfo
    2015-10-25 10:18 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-10-25 09:46 - 2014-07-19 14:03 - 00000000 ____D C:\Users\Ryan\AppData\Local\Glyph
    2015-10-24 08:05 - 2014-07-19 14:03 - 00000000 ____D C:\Program Files (x86)\Glyph
    2015-10-23 02:41 - 2013-04-08 21:40 - 00000000 ____D C:\ProgramData\BlueStacksSetup
    2015-10-22 18:06 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
    2015-10-22 17:08 - 2015-09-04 22:31 - 00000000 ____D C:\Users\Ryan\.VirtualBox
    2015-10-22 17:02 - 2009-07-14 00:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-10-19 07:01 - 2014-05-31 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-10-17 04:47 - 2012-04-29 15:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-17 04:47 - 2012-04-29 15:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-10-17 04:47 - 2011-09-27 07:58 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-15 18:37 - 2015-10-07 20:04 - 00000000 ____D C:\ProgramData\Oracle
    2015-10-14 20:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-10-14 03:21 - 2013-02-07 19:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-14 02:45 - 2013-07-13 02:00 - 00000000 ____D C:\Windows\system32\MRT
    2015-10-14 02:37 - 2011-09-29 17:51 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-10-14 02:36 - 2013-04-14 11:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-10-14 02:36 - 2012-01-16 10:48 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-10-14 02:33 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
    2015-10-11 22:05 - 2014-06-11 20:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2015-10-11 22:05 - 2013-10-28 17:45 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2015-10-11 22:04 - 2014-06-11 20:44 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2015-10-11 22:04 - 2013-10-28 17:45 - 01710752 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-10-31 03:30

    ==================== End of FRST.txt ============================

     

     

     

     

     

     

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
    Ran by Ryan (2015-11-08 16:39:26)
    Running from C:\Users\Ryan\Desktop
    Windows 7 Home Premium (X64) (2011-09-26 18:28:17)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1725188070-1093038038-2835830549-500 - Administrator - Disabled)
    Guest (S-1-5-21-1725188070-1093038038-2835830549-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1725188070-1093038038-2835830549-1013 - Limited - Enabled)
    Mcx1-TYRANT (S-1-5-21-1725188070-1093038038-2835830549-1014 - Limited - Enabled) => C:\Users\Mcx1-TYRANT.TyRaNt
    Ryan (S-1-5-21-1725188070-1093038038-2835830549-1000 - Administrator - Enabled) => C:\Users\Ryan

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    ACID Pro 7.0 (HKLM-x32\...\{BFA5441E-B7E6-46F5-A15D-1B74707AE93A}) (Version: 7.0.641 - Sony)
    Acoustica Mixcraft 7 Home Studio  (HKLM-x32\...\Mixcraft 7 Home Studio-32) (Version: 7.0.1.279 - Acoustica)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
    Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
    Akamai NetSession Interface (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
    Album Art Downloader XUI 1.02 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.02 - hxxp://sourceforge.net/projects/album-art)
    Andy OS (HKLM\...\Andy OS) (Version: 0.45.0.0 - Andy OS, Inc)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
    Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
    Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
    AutoHotkey 1.1.14.03 (HKLM\...\AutoHotkey) (Version: 1.1.14.03 - Lexikos)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
    Batman: Arkham City™ GOTY (HKLM-x32\...\GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}) (Version: 1.0.0000.133 - WB Games)
    Batman: Arkham City™ GOTY (x32 Version: 1.0.0000.133 - WB Games) Hidden
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.3 - BitRaider, LLC)
    Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Borderlands: The Pre-Sequel (HKLM-x32\...\Qm9yZGVybGFuZHNUaGVQcmVTZXF1ZWw=_is1) (Version: 1 - )
    Burnout™ Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CrimeCraft Gravity Edition (HKLM-x32\...\CrimeCraft Gravity Edition) (Version: 0.25.07.93042 - Vogster Entertainment)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
    DEAD OR ALIVE 5 Last Round (HKLM-x32\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
    Defiance (HKLM-x32\...\Glyph Defiance) (Version:  - Trion Worlds, Inc.)
    DeskScapes (HKLM-x32\...\DeskScapes) (Version:  - Stardock Corporation, Inc.)
    DeskScapes (x32 Version: 3.50.039 - Stardock Corporation, Inc.) Hidden
    DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
    DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
    Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
    Dream Aquarium (HKLM-x32\...\Dream Aquarium_is1) (Version: 1.0700 - )
    Drift City (HKLM-x32\...\DriftCity_US) (Version:  - )
    Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    DuOS (HKLM\...\{8CE9E5DD-D523-44F2-8DE7-0439310EA984}) (Version: 2.0.3.7527 - American Megatrends Inc.)
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    ESPN Offline Draft (HKLM-x32\...\ESPNOfflineDraft.7DC32A23D84BA514BB63AC794BF941363003AC19.1) (Version: 072514 - ESPN, Inc.)
    ESPN Offline Draft (x32 Version: 255 - ESPN, Inc.) Hidden
    F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - )
    Firefall (HKLM-x32\...\{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}) (Version:  - Red 5 Studios)
    Fireplace 3D Screensaver 1.0 (HKLM-x32\...\Fireplace 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
    FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
    Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.10.1 - Androxyde)
    Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
    GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version:  - GamersFirst)
    Gateway (HKLM-x32\...\{14E83D30-45D6-4153-9D9E-1EFB9E86F661}) (Version: 1.5.6 - Gravity Interactive, Inc.)
    Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
    GmoteServer (HKLM-x32\...\DDA23392-9C73-4909-A221-BC12C6D2664D) (Version: 2.0.2 - Gmote.org)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
    Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
    Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
    Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
    Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
    GRID 2 © Codemasters version 1 (HKLM-x32\...\R1JJRDI=_is1) (Version: 1 - )
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
    HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
    Hulu Desktop (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
    IsoBuster 3.1 (HKLM-x32\...\IsoBuster_is1) (Version: 3.1 - Smart Projects)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 10.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.0 - )
    Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
    Kodi (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Kodi) (Version:  - XBMC-Foundation)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
    LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
    LCPD First Response (HKLM-x32\...\LCPD First Response) (Version: 1.0.0.0d - G17 Media)
    LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
    Major League Baseball 2K12 (HKLM-x32\...\{E6C29DA3-ADD6-4941-903A-43965CBB0F7C}) (Version: 1.0.0 - 2K Sports)
    Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    MirrorOp Receiver (HKLM-x32\...\MirrorOp Receiver_is1) (Version: 1.2.0.6 - Awind Inc.)
    MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    Music Manager (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MusicManager) (Version:  - Google, Inc.)
    Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version:  - )
    Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
    Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
    Nokia Connectivity Cable Driver (HKLM-x32\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
    NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
    Oracle VM VirtualBox 4.3.30 (HKLM\...\{5E7BEDD4-397D-4537-A290-AB012A45D771}) (Version: 4.3.30 - Oracle Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
    Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.0.22571 - Grinding Gear Games)
    PC Connectivity Solution (HKLM-x32\...\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}) (Version: 8.22.7.0 - Nokia)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Plex Media Server (HKLM-x32\...\{ca5910de-4c30-4f28-b6bd-5dd8edff922d}) (Version: 0.9.1211 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1211 - Plex, Inc.) Hidden
    PocketCloud Windows Companion (HKLM-x32\...\{8C8C169B-D493-42C7-A975-7C1E0E4C5847}) (Version: 2.5.13 - Wyse Technology)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Q2E Blood Culture 2.0 (HKLM-x32\...\Q2E Blood Culture) (Version:  - )
    Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
    Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
    RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
    RIFT (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\RIFT) (Version:  - Trion Worlds, Inc.)
    Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
    RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
    RollerCoaster Tycoon 2: Time Twister (HKLM-x32\...\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}) (Version: 1.00.000 - )
    RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version:  - )
    RollerCoaster Tycoon® 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    Ryse Son of Rome (HKLM-x32\...\Ryse Son of Rome_is1) (Version:  - )
    Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
    Saints Row The Third (HKLM-x32\...\Saints Row The Third_is1) (Version:  - )
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
    SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
    Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
    Sleeping Dogs Definitive Edition, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Sleeping Dogs Definitive Edition_is1) (Version: 1.0.0.0 - RePack by SEYTER)
    Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
    Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: 1.0 - SEGA)
    SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
    Star Wars Battlefront II Ultimate Pack version 4.1 (HKLM-x32\...\{80C123AF-9375-4166-B05B-820FF5EF8B52}_is1) (Version: 4.1 - XAP4O)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    State of Decay - Breakdown (HKLM-x32\...\State of Decay - Breakdown_is1) (Version:  - )
    Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Texas Instruments PCIxx21/x515 drivers. (HKLM-x32\...\InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}) (Version: 1.13.0000 - Texas Instruments Inc.)
    The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.113 - KMP Media co., Ltd)
    The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
    The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.0.0 - GOG.com)
    Tiger Woods PGA TOUR 08 (HKLM-x32\...\{2FEA102C-F535-4513-009B-57B165013C18}) (Version:  - Electronic Arts)
    TightVNC 2.0.4 (HKLM-x32\...\TightVNC) (Version: 2.0.4 - GlavSoft LLC.)
    TIxx21 (x32 Version: 1.13.0000 - Texas Instruments Inc.) Hidden
    Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00 - Ubisoft)
    UE3Redist (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
    UE3Redist (x32 Version: 1.00.0000 - Epic Games) Hidden
    Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version:  - )
    Unreal Tournament 2004 (HKLM-x32\...\UT2004) (Version:  - )
    Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
    Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
    Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
    Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
    Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    WATCH_DOGS / RePack by Baracuda (HKLM\...\{EF231D76-43D8-4181-81D4-DD235312534D}_is1) (Version: 1.06.329 - )
    WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
    Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    05-11-2015 04:37:25 Scheduled Checkpoint
    05-11-2015 17:13:10 Windows Defender Checkpoint
    05-11-2015 20:04:21 Windows Update
    06-11-2015 03:00:11 Windows Update
    07-11-2015 03:00:15 Windows Update
    08-11-2015 03:00:11 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-07 20:00 - 2015-10-07 21:49 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1  nlsk.neulion.com

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0E3140F4-F964-4F95-B08D-7F87B2EE4757} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {259DBB21-B7D2-4F35-BB8D-11049CC31720} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {565F63E3-8E10-4E20-A7AF-1D3175F43E46} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {5F0F7ED1-0F45-4D46-AE59-992BD057F901} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN39I2N70S05X4 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
    Task: {94F00FE8-56EE-4808-A62C-66EDCB55E968} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {9A5F2205-AF98-440B-B79D-C10DB5D96AF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
    Task: {A7D2250E-C71B-4B3D-BD77-4366F1683589} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-TYRANT => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
    Task: {DE503929-CFC8-4443-A39B-D7F6E1C84676} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {EAE97834-BEDE-4351-B21F-A35DD606BCFA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {ED4EC50B-E00D-40FF-9CFB-B08C01EB967C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {F1EF7823-FAF9-40F5-B325-CB94DF7FCD3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForRyan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-08-05 18:42 - 2015-10-02 21:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2010-01-19 17:02 - 2010-01-19 17:02 - 00055600 _____ () C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapesvideo.dll
    2013-11-02 11:08 - 2013-10-25 13:00 - 04374528 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax
    2013-11-02 11:08 - 2013-10-25 13:00 - 00333824 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avutil-lav-52.dll
    2013-11-02 11:08 - 2013-10-25 13:00 - 08175616 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avcodec-lav-55.dll
    2013-11-02 11:08 - 2013-10-25 13:00 - 00397312 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\swscale-lav-2.dll
    2013-11-02 11:08 - 2013-10-25 13:00 - 00215040 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avfilter-lav-3.dll
    2011-10-09 16:11 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
    2012-12-19 15:32 - 2012-12-19 15:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-05-14 18:56 - 2013-05-17 18:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2012-11-05 15:01 - 2012-11-05 15:01 - 00191488 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
    2012-11-05 15:04 - 2012-11-05 15:04 - 00071680 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
    2012-11-05 15:04 - 2012-11-05 15:04 - 02216448 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\AetherCommLib.dll
    2012-11-05 15:04 - 2012-11-05 15:04 - 00078336 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
    2015-04-21 19:29 - 2015-10-11 22:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-08-13 15:33 - 2015-08-13 15:33 - 00117248 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
    2015-08-13 15:34 - 2015-08-13 15:34 - 00234496 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
    2015-08-13 15:34 - 2015-08-13 15:34 - 00253440 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
    2015-08-13 15:33 - 2015-08-13 15:33 - 00344064 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
    2013-01-09 15:09 - 2012-01-12 22:45 - 01087336 _____ () C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
    2015-08-23 02:27 - 2015-08-23 02:27 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
    2015-08-23 02:27 - 2015-08-23 02:27 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
    IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\cinemanow.com -> hxxp://cinemanow.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\cinemanow.com -> hxxps://cinemanow.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\hp.com -> hxxp://hp.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\qflix.com -> hxxp://qflix.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\roxio.com -> hxxp://roxio.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\sonic.com -> hxxp://redirect.sonic.com
    IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\sony.com -> sony.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\100sexlinks.com -> 100sexlinks.com

    There are 4791 more sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Local\stardock\deskwall.bmp
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GmoteServer.lnk => C:\Windows\pss\GmoteServer.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    MSCONFIG\startupreg: BackUp2364854530 => C:\Users\Ryan\AppData\Roaming\BackUp2364854530.exe
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    MSCONFIG\startupreg: Chrome => C:\PROGRA~3\taskhost.exe
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: GateWay => c:\program files (x86)\gravity\gateway\gatewaymain.exe
    MSCONFIG\startupreg: Google Update => "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    MSCONFIG\startupreg: igfxCUIService => "C:\PROGRA~3\igfxCUIService.exe"
    MSCONFIG\startupreg: igfxEM_32 => "C:\PROGRA~3\igfxEM_32.exe"
    MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: PDF Complete => c:\program files (x86)\pdf complete\pdfsty.exe
    MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
    MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TBHostSupport => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Ryan\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
    MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{6C655FDE-4AAF-4620-BC9C-9763BA364917}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
    FirewallRules: [{E80BAD5C-E443-4845-9924-8446018553DB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
    FirewallRules: [{A462087F-1274-4E3F-8089-377FB55B1359}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
    FirewallRules: [{571D9BDF-08B6-4A00-8A30-36F63BECE9DC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
    FirewallRules: [{9F55D473-C767-47A6-88FC-787E0739E9CE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
    FirewallRules: [{359B52E0-2113-48CD-B029-C704836AFBDD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{1EC5E065-477C-4F37-8C74-A49551434E48}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{0DB15326-E497-4ED3-B577-861338BA7B47}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
    FirewallRules: [{6CBA8053-2ED0-4FDB-896E-8F543126107A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
    FirewallRules: [{63DE5EF7-6995-48BC-A8FA-0C848A53FA5C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
    FirewallRules: [{E5A03859-C0A4-4DCE-9123-9481147A9EB8}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{6C3F111E-6E1B-445C-BA88-B17F5F2BBD47}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{4C69B373-48B7-468B-B6CC-60C4B7E1380F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{E26E17FA-C6FA-4EAF-AC3B-167AE1B3DF66}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{56F3FCEC-F573-47EF-8F02-76E05621C375}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{4D7BE302-BA2C-43C7-B425-7655CAF68B0E}] => (Allow) LPort=2869
    FirewallRules: [{94D1E3AD-A4C2-4D89-9A32-9CFC7584BE70}] => (Allow) LPort=1900
    FirewallRules: [{94F0C04F-FFA5-4191-830A-A9158CB7CF5A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{94E41FC2-FA96-4401-AAD9-2C7F4A62FBFA}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [{1318D141-ADF7-45BF-B001-D65A411ECCA5}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [{4EE4E8E1-2EDB-4747-8ED8-63414FB787E8}] => (Allow) J:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
    FirewallRules: [{4702E1BC-4360-4A2F-ABB9-1B908DC68998}] => (Allow) J:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
    FirewallRules: [TCP Query User{E3BA53F7-EEBE-48E2-A9BE-A898C33370B3}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [UDP Query User{AABC0DAF-2D83-491E-B192-131FBD0E8FC5}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [TCP Query User{CBC76D3D-A64E-4E5A-9226-85414EC9B548}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{8ADC3F2A-B610-49C2-B079-A42240356B53}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [{301888A8-40B0-405E-9B52-96EB6C240B6E}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
    FirewallRules: [{CF405D86-28C6-467C-B1B2-B7D572AA15E6}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
    FirewallRules: [{17E373C9-8D77-4C4E-9BAC-6A494090D1D4}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
    FirewallRules: [{AF82E9F4-6DFA-4007-9FD1-C1285C87D518}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
    FirewallRules: [{6D164605-B139-4ECF-98A5-FE7727B474DB}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
    FirewallRules: [{3696B3EC-5975-428B-A1D0-3AC2B33A352E}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
    FirewallRules: [{3C1A52AD-C0DE-436F-AEB9-5C74234A89FA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{3E46D55B-C8BD-40AA-96FF-A9965AC9242C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{A30B49EE-175C-4CDE-BC2F-C0A32C6CBD3D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{98868078-BAD7-4DEA-ADE3-F661C272DECE}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{265A312A-8DBB-4850-A71E-D9DC5B56B503}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{F6EE3E02-FA35-4EE0-8190-60D7F3EFB735}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{DE9490D0-8A75-4800-BAD3-BB2CD6A1ED3B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    FirewallRules: [{FDD465D3-DA11-4232-8C9A-7457DC3A37B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    FirewallRules: [{C777F74C-57A5-4D7E-8FB1-C7292B8B0EF8}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{CB83D1E5-8CF8-46D6-B8C5-576F8D8C09E2}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcher.exe
    FirewallRules: [{6CC37C66-7C9D-42F6-A8DF-017A4839A981}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{DC0758F5-50B0-4321-B488-A0FB64B02194}] => (Allow) J:\gamigo\Golfstar\GolfStar.exe
    FirewallRules: [{D7D5B0D1-63A1-491C-AF20-19F3926F45F7}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcher.exe
    FirewallRules: [{258BCB8B-E349-42A2-88C5-C32AA3293F3B}] => (Allow) J:\gamigo\Golfstar\GolfStar.exe
    FirewallRules: [{EC39F798-2B25-4D67-AA75-061B3A1B669A}] => (Allow) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
    FirewallRules: [{55D8C14F-BEF3-4DA0-9A3C-2B580FADF380}] => (Allow) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
    FirewallRules: [TCP Query User{F6D79434-49DB-4584-8CF0-428D105F0034}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{0960D056-1E5E-4993-A151-1E991A32F60D}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{AFDA71C3-94A5-4E61-9EE8-6D733AA5ECB4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [TCP Query User{35545BF5-7E67-4E02-A024-A95F1AF685C4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{FE083E72-D9F0-417A-A3FD-6886710583B4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [TCP Query User{3E4B820A-6A80-4DAE-9124-D268D2D54516}J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
    FirewallRules: [UDP Query User{7D9BF72D-183F-44CC-8E8C-C7A2205C4FAC}J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
    FirewallRules: [{E82E4B81-EE61-4A4D-A799-690B542D6D5C}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [{FE180EDC-2B16-48C6-ADF6-A156116F9E53}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    FirewallRules: [TCP Query User{7C73E434-96FE-43C8-870C-4CC8A9121765}J:\quake2\q2e.exe] => (Allow) J:\quake2\q2e.exe
    FirewallRules: [UDP Query User{57CD4FE5-141E-465D-A39D-2F8C8ECC440A}J:\quake2\q2e.exe] => (Allow) J:\quake2\q2e.exe
    FirewallRules: [TCP Query User{43246748-4A47-4264-BB87-405D8A369298}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [UDP Query User{FC41F30B-35D3-42D3-B1B2-8C0D420A75BC}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
    FirewallRules: [{0CFF6D42-94D8-4914-ADE7-39DD68CAA534}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
    FirewallRules: [{2389636C-D805-4096-9AF2-57B6A9F27E6D}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
    FirewallRules: [{C3A08230-3422-4A87-969A-82E1B8FF36BA}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
    FirewallRules: [{C0B8B5B9-00AF-4D63-A00D-A827B635108E}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
    FirewallRules: [{ADAB0B56-D586-4F62-B186-507295932FF4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{6CFF0A31-B6F2-4F66-8D79-BCD490C4CBBF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{7A02BF6D-A36B-4747-8DAA-C830345F894D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{9BAFD885-7628-4FC2-80C2-54D8D55A3595}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{713E6F34-C079-4ED1-96A7-A8B94C33BF24}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{4FDFFFEE-1A8F-479D-A036-F690F6245579}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\GravityLauncher.exe
    FirewallRules: [{49B8EA69-4456-498D-B56C-8D4B7194B361}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\GravityLauncher.exe
    FirewallRules: [{A5E869B8-D3E1-466C-BF69-EB972AE4C26E}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\Binaries\CrimeCraft.exe
    FirewallRules: [{9F671175-F392-4AB9-9B5A-4C93F1D82022}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\Binaries\CrimeCraft.exe
    FirewallRules: [{6CFF33B1-EEA5-4E79-A50B-9CEF0F3447C6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{E633D572-A4AB-4C7C-B990-6DA4F3A403BE}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{22D85453-5FE9-45AC-8C7F-507BFBCBC813}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{1AC78342-2DD9-4348-BBB2-60C8AE43AA68}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [TCP Query User{AC316794-B0D3-45A3-A22B-4ED5C9D2F213}J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Allow) J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
    FirewallRules: [UDP Query User{12343684-EA7C-46F0-8487-1D4A648A96B2}J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Allow) J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
    FirewallRules: [{B7C11F6A-F974-40BA-9B6C-72FEC1C45D79}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
    FirewallRules: [{77FED348-3A89-45E8-9149-5A42C09C3DE7}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
    FirewallRules: [{30945527-E1BB-4C0B-A2AE-B59C05D869F2}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
    FirewallRules: [{BBAB469F-0EB9-493D-B5BD-B489272475C2}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
    FirewallRules: [{5B777662-88CF-4EA1-BF2B-05FB369CD4D5}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
    FirewallRules: [{CC49054E-6960-4A2F-AD49-B4D74DAF4DA9}] => (Allow) LPort=49167
    FirewallRules: [{43A110A5-61F1-47FD-B99C-33880073ECBF}] => (Allow) LPort=5000
    FirewallRules: [{5F93C342-1B56-474F-B733-140A6BEA3BC7}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
    FirewallRules: [{3A1DF9E7-548E-45F1-8DC2-5AEF3CE42033}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
    FirewallRules: [{518DD59E-E374-4B45-B040-0D02B51D6A63}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{3AFDEBCB-1BC1-4AA9-AAC0-93D297F5FC8C}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{5EA9BC05-6789-4F0F-AAC3-09E7C6F86D32}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{58D4C430-27AB-485D-A8ED-5B8CC019179A}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
    FirewallRules: [{C64E0725-B849-436A-83DF-18E29C9E6DC1}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{B9FA986A-1F4D-447E-9E1B-00FDDE3D7589}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{5BC2ED46-E1A5-4C65-AE60-1DE081CF193E}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{9EC03A64-997A-44E2-A4B9-DF4F368B5A79}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{331E05EB-5400-4323-B900-49B896062A0D}] => (Allow) C:\Program Files (x86)\MirrorOp Receiver\MirrorOp Receiver.exe
    FirewallRules: [{38D3B9C2-991A-4B76-BE80-E1FA0176D523}] => (Allow) C:\Program Files (x86)\MirrorOp Receiver\MirrorOp Receiver.exe
    FirewallRules: [{E9ACACF1-7C27-4B0A-916C-D7F57E217686}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
    FirewallRules: [TCP Query User{9D4BB9CC-5ABF-474B-AB55-BBC258781A51}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [UDP Query User{91490416-C561-4F7C-A3F8-A7CC6622ABBA}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [{93AF2DA9-4F78-472B-B501-21B1DD6D9499}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{2DA6243C-00BB-4C1B-AF37-242112964F85}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{0B058748-86DC-41E4-B1C1-B65468D1F3FF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{5CBEACC6-02D1-456D-8CCC-16567CF60481}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{A9D1EC1B-FE4B-4090-B87C-EEF9B5C33D71}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [UDP Query User{98F9A935-6230-4317-B3E2-81E1FABAEC0F}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [TCP Query User{B4AE7989-5CE4-4395-B3BF-68C08B87C5AC}C:\program files (x86)\kainy\kainy.exe] => (Allow) C:\program files (x86)\kainy\kainy.exe
    FirewallRules: [UDP Query User{15B654CB-0F55-4D2B-8F50-7A3DE73FF416}C:\program files (x86)\kainy\kainy.exe] => (Allow) C:\program files (x86)\kainy\kainy.exe
    FirewallRules: [{08A0C013-7F2D-4082-8CFA-8283B9CBCFAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{195484E7-6EBD-4EA7-82A5-FC2B367B98F2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{468E147A-1DBF-4BDB-AA40-8E19D1CD8320}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{7BFCA639-3770-4446-BD83-2B9288AAD04C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [TCP Query User{37F33E1D-E444-45A7-8605-E49D0753F87A}J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [UDP Query User{0C064CE2-6730-4EBF-B255-3E2A798E9B05}J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [{06BBA1F0-8169-4F79-897C-4A6DFFE00DA9}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
    FirewallRules: [{41A929C2-698C-406B-B171-8D3571A8D4C4}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{2A10A389-EF54-455D-937E-210B7B1C97AC}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
    FirewallRules: [{66731D20-BED1-40E1-AA78-1C2112E2E86C}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{1110D147-2FBC-4EBA-8670-A818BC12D130}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
    FirewallRules: [{001F18B0-4188-412F-9C2D-BCE40B961A49}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{60EFACA2-FB14-47EB-8EBE-C6C204E9BB58}] => (Allow) C:\Users\Ryan\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
    FirewallRules: [TCP Query User{42F01058-7011-41D9-992E-70E99CA5F190}J:\program files\capcom\resident evil 5\re5dx10.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx10.exe
    FirewallRules: [UDP Query User{CF7E835E-FA32-4593-9370-1730030D8824}J:\program files\capcom\resident evil 5\re5dx10.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx10.exe
    FirewallRules: [TCP Query User{7BDA13A0-3F8E-4207-802D-36D648513EFD}J:\program files\capcom\resident evil 5\re5dx9.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx9.exe
    FirewallRules: [UDP Query User{115ED86D-AEEE-43F7-9A35-905FEDAD5681}J:\program files\capcom\resident evil 5\re5dx9.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx9.exe
    FirewallRules: [{9D8A01C6-BB2E-435F-B400-7C14C0A12CA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{1DE848DD-3B82-455A-9DDF-679E53C8C0C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B522AED4-0231-4A38-8948-E344F2B7D378}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{C68E9191-990A-4614-A90E-B071059E9591}J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
    FirewallRules: [UDP Query User{04EE3FF4-3DE9-4E75-9AF2-C3D41859E9A0}J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
    FirewallRules: [{920000B2-B9F7-46FF-845F-01AAA43DAA31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{1A89AC95-31E8-4FD9-A96A-98AE67112A17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{F89EFBCF-E751-4322-A327-158E2D0674A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{3946F287-25B5-447F-B6F5-E4E4AEBC0999}J:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) J:\program files (x86)\saints row iv\saintsrowiv.exe
    FirewallRules: [UDP Query User{C066ED73-E1B0-4EB6-9B94-C62EE727A168}J:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) J:\program files (x86)\saints row iv\saintsrowiv.exe
    FirewallRules: [TCP Query User{C63329A5-69BC-4DBA-AED5-0163C93F67F4}J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [UDP Query User{8FBF2B43-0B86-4091-9A56-D048C2BFC63F}J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe
    FirewallRules: [{3BEF2E6A-71A5-43C7-95A4-509E3B4801D0}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{4B0B7308-1F0E-40CF-AE16-CEA0D01577A3}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
    FirewallRules: [{91BEA7F2-3BC6-473D-92A3-D04B05BDA41F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{1FB06396-3518-4525-A9F2-1815E7C0A9A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{9E6D7BEF-F7A5-4155-9D8E-F8C02BF3A782}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{0D6D2E7D-ABD5-48E2-8D42-D5A551966D4A}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E7332D2A-2B40-4380-9965-2E78F4E610F9}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{FA4772FD-9521-4CDD-89AE-F1BDD0521460}J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Allow) J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
    FirewallRules: [UDP Query User{D347BBE4-9C5B-409E-8551-DB51EC723F0D}J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Allow) J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
    FirewallRules: [{257237B3-5D6E-4175-BB00-95ECCDA6A93B}] => (Allow) J:\Program Files (x86)\WB Games\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
    FirewallRules: [{2742D936-D507-46FE-841D-05A6C42EC15D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{995AD505-4CAF-46C1-A97A-C3EB2590C8B7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{66ADF8BF-1655-41C3-850C-DEDDCFA84A90}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{08B05F5D-DDC1-4636-B3EB-00B03A2319A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [TCP Query User{AD17CE4E-6828-49DF-B889-487665350240}J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe] => (Allow) J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe
    FirewallRules: [UDP Query User{AAFFD1EB-E736-43EF-B532-F13C836748F4}J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe] => (Allow) J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe
    FirewallRules: [{83ECE391-2FFA-451F-A722-90C0FFE490EB}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{66247FDE-08E5-4D7C-97C1-990A0360BEDC}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{3EF2B6B3-C384-449F-9A49-D0CC863EFAD9}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
    FirewallRules: [UDP Query User{EAB143C0-E990-4B3C-A493-77B720D319BC}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
    FirewallRules: [TCP Query User{00E603F7-D109-4E58-90E8-53FC73BFD91E}J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe] => (Allow) J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe
    FirewallRules: [UDP Query User{204E5573-1589-4337-AD08-8FBF89BBFAF9}J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe] => (Allow) J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe
    FirewallRules: [{FBB2BCF8-1DDE-4AED-95F2-C7AB50AB2FD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{BEFA8A1D-A636-48E2-96E2-E86555DBEA28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{0385C58F-4FE6-4C67-9090-B6B7475AB713}] => (Allow) J:\SimCity\SimCity 2013 Offline\SimCity\SimCity.exe
    FirewallRules: [{B14A57B9-8252-4BD9-8B98-5658E2E1D5B5}] => (Allow) J:\SimCity\SimCity 2013 Offline\SimCity\SimCity.exe
    FirewallRules: [TCP Query User{3208A1D5-53F4-4044-977A-3CA514EE6C3B}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
    FirewallRules: [UDP Query User{71309A87-8B21-4B95-B4DF-6175E7017752}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
    FirewallRules: [TCP Query User{44E9C83C-0BC8-4692-9BBA-F8D6D9509AE5}J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe] => (Allow) J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe
    FirewallRules: [UDP Query User{E6D25795-0F3D-461C-A5E0-ADC5351C4AE0}J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe] => (Allow) J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe
    FirewallRules: [TCP Query User{6E745788-6B64-4BB0-9586-6AF86CCC74A5}J:\program files\mass effect 2\binaries\masseffect2.exe] => (Allow) J:\program files\mass effect 2\binaries\masseffect2.exe
    FirewallRules: [UDP Query User{89759BC4-F0A5-4CB3-ACDE-62C40B072F34}J:\program files\mass effect 2\binaries\masseffect2.exe] => (Allow) J:\program files\mass effect 2\binaries\masseffect2.exe
    FirewallRules: [TCP Query User{7F1884C6-C72E-4402-8B23-53A277A08C13}J:\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) J:\mass effect 3\binaries\win32\masseffect3.exe
    FirewallRules: [UDP Query User{F9E06AA2-0C5A-48FA-A36C-DE69A83E8EED}J:\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) J:\mass effect 3\binaries\win32\masseffect3.exe
    FirewallRules: [{987DD292-29F2-43AC-BB9E-29630EE57806}] => (Allow) J:\Program Files (x86)\2K Sports\Major League Baseball 2K12\mlb2k12.exe
    FirewallRules: [{1BA00473-423F-498A-A38A-F39EFC6CA9A8}] => (Allow) J:\Program Files (x86)\2K Sports\Major League Baseball 2K12\mlb2k12.exe
    FirewallRules: [{E979B422-403B-4963-9A7A-27B2D43936C4}] => (Block) %ProgramFiles% (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
    FirewallRules: [{A60FF9AF-4B99-4956-AF0C-2C9849228F6A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{521D8D40-F3B3-4B61-94D1-3099D86A7542}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{B8C1213C-A8FC-46F9-986E-9460DAE8F990}J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
    FirewallRules: [UDP Query User{391628D8-E68F-4015-A45B-C9A574EBEB85}J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
    FirewallRules: [{4BF5E5AF-BC1D-4849-87D5-4DD8CC601709}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    FirewallRules: [{954DF99A-0A4E-4EA9-A134-5E1238140AEA}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    FirewallRules: [{5A052CCD-391F-4487-9FDB-C810E1D512A8}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
    FirewallRules: [TCP Query User{78905519-11DC-4A42-9C92-4F9ADBF605E9}J:\q2e blood culture\quake2.exe] => (Allow) J:\q2e blood culture\quake2.exe
    FirewallRules: [UDP Query User{281DD3B8-7057-480E-B4D8-DCA2EF30F788}J:\q2e blood culture\quake2.exe] => (Allow) J:\q2e blood culture\quake2.exe
    FirewallRules: [TCP Query User{ED4AB80A-418A-4A44-A771-60127EDB5AC6}J:\quake2\quake2.exe] => (Allow) J:\quake2\quake2.exe
    FirewallRules: [UDP Query User{C125A16B-5691-43B8-BC40-278E48B29F82}J:\quake2\quake2.exe] => (Allow) J:\quake2\quake2.exe
    FirewallRules: [{614F6565-334C-44A6-86CC-9F9A3D804478}] => (Allow) J:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
    FirewallRules: [{0E46613A-9A11-4DC4-BBC5-E1FC47B709A8}] => (Allow) J:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
    FirewallRules: [{033F4792-22A5-4C6B-95AE-9A956FCB1530}] => (Allow) E:\RouterSetup\QISWizard.exe
    FirewallRules: [{E7B2D2AE-F5DE-41C5-8F36-E250A8EB1708}] => (Allow) E:\RouterSetup\QISWizard.exe
    FirewallRules: [{43E7B349-A2FC-451D-A3A0-D446F9B45C35}] => (Allow) J:\UT2004\System\UT2004.exe
    FirewallRules: [{4B29E4B2-C3AE-4AF8-9EDA-87B9CD473FDC}] => (Allow) J:\UT2004\System\UT2004.exe
    FirewallRules: [TCP Query User{9641D6DF-131D-4DDA-9873-464BD1097549}J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe] => (Allow) J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe
    FirewallRules: [UDP Query User{06A57541-DE77-48E9-B75C-5A2661A5FF42}J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe] => (Allow) J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe
    FirewallRules: [{95EA1BD0-FD61-4045-AB0F-81BD6F22924C}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
    FirewallRules: [{915B9DD0-3DD7-4991-8735-CE44A80E9FD4}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
    FirewallRules: [{A4F8C3DF-B4CD-4993-9977-DD96ACD71348}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
    FirewallRules: [{D30AA506-38D0-4E50-A974-D1D1B31D65FD}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
    FirewallRules: [{742F3392-4729-413A-B53E-1324A2637208}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
    FirewallRules: [{D6747CB8-E763-4922-BA81-70ACA02854F4}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
    FirewallRules: [{70FD5F12-229D-4815-B5AB-03BC2EADDF13}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
    FirewallRules: [{F8C7E231-E6C9-4CD4-B990-DC6832D09AA2}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
    FirewallRules: [{411C2157-853C-447B-A686-B24760050805}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
    FirewallRules: [{43936CFC-375D-429E-A116-9622DB8E490A}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
    FirewallRules: [{15A956CE-A39E-4F31-9834-6B694CE98CC2}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
    FirewallRules: [{F4074A7A-0916-4768-A5E9-3E455D7702C9}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
    FirewallRules: [TCP Query User{5E14F496-29C1-4964-A919-BA9A83794875}J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
    FirewallRules: [UDP Query User{0B43153B-001C-4F55-98BA-8D37345C6322}J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
    FirewallRules: [{76BFABE6-9FEF-4442-85BA-A6DBA9B45B0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{5B0DBFAA-FE00-43EC-B67E-76C7634918D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{CE9CCD55-AC83-4A9F-8FA6-7BC6A89650C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{1B80D4E4-9102-44C8-A6D1-803E13761CF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{CF64C254-2D28-4622-8109-2E529DDE77DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{49CC2C6B-448C-4AB8-BDD5-D1183917AEB9}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [UDP Query User{A44287D1-98D1-4C28-8F54-768C67B5B26E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [{C4B3D042-1404-4A79-B05C-FF0EBFAEE775}] => (Allow) C:\Users\Ryan\AppData\Roaming\Andy_45_Online\Setup.exe
    FirewallRules: [{01F1A184-5C08-4362-A9F9-F3A0CA779551}] => (Allow) C:\Users\Ryan\AppData\Roaming\Andy_45_Online\Setup.exe
    FirewallRules: [{E9CF1B92-F4D8-4F1E-9DDD-CDAA90B60274}] => (Allow) C:\Program Files\Andy\Andy.exe
    FirewallRules: [{D4425354-3701-4DF5-97E6-0CC0933DDE65}] => (Allow) C:\Program Files\Andy\Andy.exe
    FirewallRules: [{B99DB44F-3DEF-4573-AB22-A2B257E12176}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{0272A83C-7D8F-4F2C-B504-AE45BE228DA6}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{4B7467C4-130B-4ED5-9A86-E6D27A0D0186}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{3238F108-0193-40FA-93E9-21316F839FF6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2B0434BC-FA17-4FA2-8AC3-0B80083E0B6D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{83C99040-A334-4541-B901-2F88F755E75B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{93AB6FD0-03CE-4EFD-88E4-983D31C760B2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    FirewallRules: [{F201174C-E026-4E16-9B2A-910CC62AC24A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    FirewallRules: [{8FF911B7-EDE5-4FC2-8816-B3D67A1918BD}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    FirewallRules: [{C67C681F-E992-48F0-B359-DBEE346A1805}] => (Block) %ProgramFiles% (x86)\Acoustica Mixcraft 6\mixcraft6.exe
    FirewallRules: [{8D79286D-E2E4-4F3B-A30F-AA3BBB5198FA}] => (Block) %ProgramFiles% (x86)\Acoustica Mixcraft 6\mixcraft6.exe
    FirewallRules: [{A972F418-6729-4F02-B198-C469128B0815}] => (Block) %ProgramFiles% (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
    FirewallRules: [{A9A9E1FE-4306-4EF4-BFD4-3A58BFBA587E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{C00FC7C3-43BD-4B36-B093-72A902F823F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: AODDriver4.2
    Description: AODDriver4.2
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: AODDriver4.2
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (11/08/2015 01:09:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (11/08/2015 01:03:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

    Error: (11/08/2015 01:03:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AODDriver4.2 service failed to start due to the following error:
    %%2

    Error: (11/08/2015 01:02:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Microsoft Antimalware Service service failed to start due to the following error:
    %%1053

    Error: (11/08/2015 01:02:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.

    Error: (11/08/2015 01:02:47 PM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: 0x00000050 (0xfffff8a01e2b9000, 0x0000000000000000, 0xfffff800038f07be, 0x0000000000000000)C:\Windows\MEMORY.DMP

    Error: (11/08/2015 01:02:47 PM) (Source: BugCheck) (EventID: 1005) (User: )
    Description:

    Error: (11/08/2015 01:02:46 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 1:00:36 PM on ‎11/‎8/‎2015 was unexpected.

    Error: (11/08/2015 11:38:45 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (11/08/2015 11:30:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

    CodeIntegrity:
    ===================================
      Date: 2015-11-08 13:02:12.238
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-08 13:02:12.238
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-08 11:28:30.945
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-08 11:28:30.945
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-08 03:32:56.758
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-08 03:32:56.758
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-08 03:28:51.819
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-08 03:28:51.819
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-07 17:24:16.053
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-11-07 17:24:16.053
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: AMD Athlon™ II X4 640 Processor
    Percentage of memory in use: 34%
    Total physical RAM: 8191.29 MB
    Available physical RAM: 5365.76 MB
    Total Virtual: 16382.57 MB
    Available Virtual: 13560.71 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:917.79 GB) (Free:446.7 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:13.61 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive j: (Cpt Sea Biscuit) (Fixed) (Total:931.51 GB) (Free:230.78 GB) NTFS
    Drive k: (My Book) (Fixed) (Total:1862.98 GB) (Free:1547.05 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 5A2442D8)
    Partition 1: (Active) - (Size=106 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13.6 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 2B38A14C)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 17B6C2D9)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP

    I think we may have a nasty virus.

     

    The fixlist tried to remove:

     

    U3 abbzc7am; C:\Windows\System32\Drivers\abbzc7am.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
     
     
     
     
    abbzc7am => service not found.
     
    but couldn't find it but in the last FRST scan we have:
     
    U3 aakknbsz; C:\Windows\System32\Drivers\aakknbsz.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
     
    Slightly different random name and this time it pretends to come from Microsoft and not Advanced Micro Devices.
     
    I've seen this before but all  I can remember is you had to boot off a CD or USB drive to remove it. I think the AVG boot CD worked for this.
     
    There are instructions here:  http://www.geekstogo...ystem-tutorial/
     
    If you just have a USB drive then you can try with the bootable FRST:
     
     
    You will have to do a scan and let me create a fixlist.
     
    I believe this one messes with the permissions in the registry so that you can't see it if you try to edit it but let's look anyway.    Try copying the next  2 lines:
     
    reg query " HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\aakknbsz" > \junk.txt
    notepad \junk.txt
     
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.
     
    We can also look with process explorer and see if it finds anything odd:
     
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     

     

    Note.  This may be Poweliks or Gootkit  See if ESET's tool will find it:

     

     http://support.eset.com/kb3587/

     

    If it does then you don't need to boot from a CD or DVD.


    • 0

    Advertisements


    #11
    rct8787

    rct8787

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Lovely, figured I had something, had this computer for probably 6 years and never got a virus until now....Tried copying those two lines but was greeted with ERROR: The system was unable to find the specified registry key or value, after I hit enter junk.txt pops up but its empty. Downloaded and tried to run ESET but like the anti virus programs it would not run. Ill have to try the AVG boot cd tomorrow after work to see if thatll work. As always thanks for the help its much appreciated. Also at the end of all this (which hopefully results in the comp not having the virus anymore) is there a way I can shoot a donation or something over to you for the help? Feel like theres gotta be something I can do for you taking the time to help me. I did run Process Explorer and the txt is below.

     

    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    System Idle Process 62.70 0 K 24 K 0   
    explorer.exe 20.80 127,972 K 108,960 K 4040 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    iexplore.exe 6.36 184,840 K 203,748 K 4800 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
    sidebar.exe 1.63 61,504 K 71,508 K 4556 Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
    Interrupts 1.59 0 K 0 K n/a Hardware Interrupts and DPCs  
    dwm.exe 1.53 48,180 K 32,576 K 3976 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1.29 28,512 K 32,324 K 4376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    procexp64.exe 1.08 32,584 K 56,772 K 4904 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    svchost.exe 0.99 4,984 K 9,252 K 4224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    System 0.71 116 K 2,328 K 4   
    SRService.exe 0.40 2,836 K 7,892 K 2180 Splashtop® Streamer Service Splashtop Inc. (Verified) Splashtop Inc.
    svchost.exe 0.40 2,352 K 6,032 K 4280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    NvStreamNetworkService.exe 0.07 4,672 K 11,208 K 2956 NVIDIA Network Stream Service NVIDIA Corporation (Verified) NVIDIA Corporation
    PlexDlnaServer.exe 0.07 13,240 K 17,596 K 2124 Plex Media Server DLNA Service Plex, Inc. (Verified) Plex
    csrss.exe 0.07 6,408 K 10,500 K 568 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.04 205,116 K 210,624 K 376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.04 4,924 K 10,164 K 804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    XBoxStat.exe 0.03 3,320 K 7,724 K 4460 XBoxStat.exe Microsoft Corporation (Verified) Microsoft Corporation
    PlexScriptHost.exe 0.03 31,560 K 36,836 K 5904 Python Python Software Foundation (Verified) Plex
    Plex Media Server.exe 0.03 37,988 K 41,696 K 4672 Plex Media Server Plex, Inc. (Verified) Plex
    NvStreamUserAgent.exe 0.03 6,412 K 14,404 K 3912 NVIDIA Streamer User Agent NVIDIA Corporation (Verified) NVIDIA Corporation
    WyseRemoteAccess.exe 0.02 2,320 K 5,796 K 5624 Wyse Remote Access Server for Windows Wyse Technology. (No signature was present in the subject) Wyse Technology.
    NvStreamService.exe 0.01 3,340 K 9,400 K 2792 NVIDIA Streamer Service NVIDIA Corporation (Verified) NVIDIA Corporation
    tvnserver.exe 0.01 2,064 K 5,688 K 2356 TightVNC Server for Windows GlavSoft LLC. (Verified) GlavSoft LLC.
    MusicManager.exe 0.01 12,376 K 25,100 K 4572 Music Manager Google Inc. (No signature was present in the subject) Google Inc.
    svchost.exe 0.01 17,428 K 19,096 K 1268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    RaWiFi.exe 0.01 7,596 K 15,776 K 4764 Ralink Wi-Fi Application Selection Ralink Technology, Inc. (Verified) Ralink Technology Corporation
    PocketCloudService.exe < 0.01 36,164 K 33,956 K 3320 PocketCloudService  (No signature was present in the subject)
    services.exe < 0.01 7,204 K 11,572 K 636 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
    lsm.exe < 0.01 3,328 K 6,168 K 700 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
    SearchIndexer.exe < 0.01 41,412 K 22,304 K 3464 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    SSUService.exe < 0.01 2,792 K 6,204 K 2228 Splashtop Software Updater Service Splashtop Inc. (Verified) Splashtop Inc.
    nvtray.exe < 0.01 5,328 K 11,904 K 4364 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
    PnkBstrA.exe < 0.01 1,276 K 4,284 K 2820   (Verified) Even Balance
    svchost.exe < 0.01 18,388 K 21,928 K 1632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 11,624 K 18,804 K 1112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 37,356 K 52,012 K 740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 15,492 K 18,636 K 3708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 8,160 K 24,220 K 2176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    HD-UpdaterService.exe < 0.01 18,348 K 19,244 K 1912 BlueStacks Updater Service BlueStack Systems, Inc. (Verified) Bluestack Systems
    wmpnetwk.exe < 0.01 14,328 K 14,652 K 5288 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
    WLIDSVC.EXE < 0.01 7,628 K 14,960 K 2376 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
    HD-LogRotatorService.exe < 0.01 11,704 K 8,368 K 1836 BlueStacks Log Rotator Service BlueStack Systems, Inc. (Verified) Bluestack Systems
    nvvsvc.exe < 0.01 5,788 K 14,136 K 3484 NVIDIA Driver Helper Service, Version 358.50 NVIDIA Corporation (Verified) NVIDIA Corporation
    HPSA_Service.exe < 0.01 30,056 K 24,388 K 5220 HP Support Assistant Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
    csrss.exe < 0.01 2,660 K 5,108 K 484 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    WUDFHost.exe  2,280 K 6,240 K 3696 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
    wuauclt.exe  2,252 K 6,708 K 4012 Windows Update Microsoft Corporation (Verified) Microsoft Windows Component Publisher
    WmiPrvSE.exe  3,040 K 6,444 K 6292 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe  6,824 K 12,504 K 3080 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    WLIDSVCM.EXE  1,548 K 3,588 K 2580 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
    wlanext.exe  2,528 K 6,144 K 1464 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
    winlogon.exe  3,352 K 7,792 K 660 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
    wininit.exe  1,692 K 4,572 K 576 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
    taskhost.exe  3,528 K 7,676 K 3836 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe  2,524 K 6,744 K 5240 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  48,452 K 30,896 K 4116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  5,020 K 8,776 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  24,400 K 20,264 K 500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  2,604 K 6,136 K 3596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  65,516 K 69,816 K 1432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  1,976 K 5,504 K 2284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  1,684 K 4,624 K 2012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    spoolsv.exe  8,204 K 14,180 K 1576 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    smss.exe  540 K 1,248 K 304 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
    ScpService.exe  15,984 K 20,268 K 1260 ScpService Scarlet.Crush Productions (No signature was present in the subject) Scarlet.Crush Productions
    rundll32.exe  1,460 K 4,968 K 5468 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
    RtkAudioService64.exe  2,032 K 5,308 K 1204 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    RNowSvc.exe  2,644 K 5,284 K 2156 Windows Service App Roxio (Verified) Sonic Solutions
    RAVCpl64.exe  8,804 K 11,340 K 4544 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    RAVBg64.exe  15,172 K 12,496 K 1236 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    RaRegistry64.exe  1,612 K 4,196 K 2884 RalinkRegistryWriter Ralink Technology, Corp. (No signature was present in the subject) Ralink Technology, Corp.
    RaRegistry.exe  1,592 K 5,196 K 2848 RalinkRegistryWriter Ralink Technology, Corp. (No signature was present in the subject) Ralink Technology, Corp.
    procexp.exe  2,332 K 7,256 K 5768 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    nvxdsync.exe  9,088 K 21,132 K 3476 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
    nvvsvc.exe  3,184 K 7,852 K 868 NVIDIA Driver Helper Service, Version 358.50 NVIDIA Corporation (Verified) NVIDIA Corporation
    nvSCPAPISvr.exe  2,724 K 6,032 K 892 Stereo Vision Control Panel API Server NVIDIA Corporation (Verified) NVIDIA Corporation
    NvNetworkService.exe  6,492 K 10,772 K 2744 NVIDIA Network Service NVIDIA Corporation (Verified) NVIDIA Corporation
    NvBackend.exe  18,092 K 25,396 K 4524 NVIDIA Backend NVIDIA Corporation (Verified) NVIDIA Corporation
    notepad.exe  2,196 K 6,928 K 5764 Notepad Microsoft Corporation (Verified) Microsoft Windows
    mDNSResponder.exe  2,280 K 5,688 K 1808 Bonjour Service Apple Inc. (Verified) Apple Inc.
    LSSrvc.exe  1,352 K 4,324 K 2620 LightScribe Service Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
    lsass.exe  5,844 K 13,900 K 688 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    itype.exe  9,036 K 18,752 K 4444 IType.exe Microsoft Corporation (Verified) Microsoft Corporation
    ipoint.exe  8,304 K 17,744 K 4452 IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation
    HPClientServices.exe  3,952 K 7,980 K 2116 HP Client Services Hewlett-Packard Company (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
    GoogleUpdate.exe  2,208 K 760 K 4936 Google Installer Google Inc. (Verified) Google Inc
    GoogleUpdate.exe  2,560 K 1,032 K 4608 Google Installer Google Inc. (Verified) Google Inc
    GfExperienceService.exe  4,036 K 9,304 K 1940 NVIDIA GeForce ExperienceService NVIDIA Corporation (Verified) NVIDIA Corporation
    Fuel.Service.exe  2,452 K 6,432 K 1756 AMD Fuel Service Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
    conhost.exe  1,084 K 2,888 K 1472 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
    conhost.exe  1,220 K 3,180 K 2964 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
    conhost.exe  1,672 K 4,844 K 3932 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
    conhost.exe  1,736 K 4,992 K 5928 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
    conhost.exe  1,876 K 5,784 K 620 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
    cmd.exe  2,228 K 3,180 K 3468 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
    btwdins.exe  2,848 K 6,572 K 2032 Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation
    BTTray.exe  6,408 K 12,096 K 4740 Bluetooth Tray Application Broadcom Corporation. (Verified) Broadcom Corporation
    audiodg.exe  19,040 K 18,896 K 3680 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
    atiesrxx.exe  1,768 K 4,528 K 324 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
    atieclxx.exe  2,496 K 6,504 K 3404 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
    armsvc.exe  1,228 K 3,952 K 1732 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
    AndServMgr.exe  1,532 K 3,828 K 1780 AndServMgr American Megatrends Inc. (Verified) American Megatrends Inc.
    AdobeARM.exe  3,404 K 1,376 K 4960 Adobe Reader and Acrobat Manager Adobe Systems Incorporated (Verified) Adobe Systems


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP
    explorer.exe 20.80 127,972 K 108,960 K 4040 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    iexplore.exe 6.36 184,840 K 203,748 K 4800 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
     
    These are both too high.  
     
    download ShellExView.
     
     
    Use this download:
     
    Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
    Select all of the NO items and then click on the red LED looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get  Explorer  as one of the big CPU users.
     
    For IE we can start it with add-ons disabled and see if that helps:
     
     
    Copy the next line:
     
    "C:\Program Files\Internet Explorer\iexplore" -extoff https://www.google.com/
     
    Close IE
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter.  Internet Explorer should open with add-ons disabled.  Run Process Explorer again and let's see what CPU % Iexplore now takes.
     
    I have a donation line in the final cleanup post.  I don't need the money so ask that you donate to a small environmental group I worked with when I lived on Orcas Island.   http://www.kwiaht.org/donate.htm

    • 0

    #13
    rct8787

    rct8787

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Heres the txt from Process Explorer.

     

    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    System Idle Process 92.14 0 K 24 K 0   
    procexp64.exe 2.73 28,204 K 50,208 K 3500 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    svchost.exe 1.03 24,396 K 27,996 K 2776   
    Interrupts 0.98 0 K 0 K n/a Hardware Interrupts and DPCs  
    dwm.exe 0.64 47,004 K 33,496 K 1896 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    System 0.39 116 K 1,960 K 4   
    svchost.exe 0.37 2,372 K 6,012 K 2656   
    SRService.exe 0.32 3,432 K 8,460 K 2496 Splashtop® Streamer Service Splashtop Inc. (Verified) Splashtop Inc.
    sidebar.exe 0.30 52,944 K 59,908 K 2348 Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe 0.23 6,384 K 10,156 K 568   
    RNowSvc.exe 0.15 2,272 K 4,944 K 492 Windows Service App Roxio (Verified) Sonic Solutions
    ipoint.exe 0.09 8,100 K 17,016 K 2216 IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation
    svchost.exe 0.09 10,424 K 17,380 K 1084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    explorer.exe 0.07 28,380 K 49,112 K 1972 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    NvStreamNetworkService.exe 0.07 4,680 K 11,236 K 3924   
    PlexDlnaServer.exe 0.05 12,308 K 17,080 K 2368 Plex Media Server DLNA Service Plex, Inc. (Verified) Plex
    svchost.exe 0.04 167,444 K 175,904 K 380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    PlexScriptHost.exe 0.04 31,268 K 36,632 K 3440 Python Python Software Foundation (Verified) Plex
    iexplore.exe 0.03 58,084 K 70,452 K 5392   
    svchost.exe 0.03 7,744 K 29,508 K 3836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    NvStreamUserAgent.exe 0.03 6,408 K 14,596 K 3700   
    rundll32.exe 0.02 7,200 K 10,548 K 4400 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
    NvStreamService.exe 0.02 3,412 K 9,516 K 3644 NVIDIA Streamer Service NVIDIA Corporation (Verified) NVIDIA Corporation
    RaWiFi.exe 0.02 7,572 K 15,848 K 2756 Ralink Wi-Fi Application Selection Ralink Technology, Inc. (Verified) Ralink Technology Corporation
    itype.exe 0.02 8,780 K 18,056 K 2208 IType.exe Microsoft Corporation (Verified) Microsoft Corporation
    WyseRemoteAccess.exe 0.01 2,352 K 5,936 K 5016 Wyse Remote Access Server for Windows Wyse Technology. (No signature was present in the subject) Wyse Technology.
    MusicManager.exe 0.01 12,408 K 25,256 K 2464 Music Manager Google Inc. (No signature was present in the subject) Google Inc.
    tvnserver.exe 0.01 2,084 K 5,764 K 4236 TightVNC Server for Windows GlavSoft LLC. (Verified) GlavSoft LLC.
    XBoxStat.exe 0.01 2,912 K 6,740 K 2236 XBoxStat.exe Microsoft Corporation (Verified) Microsoft Corporation
    lsass.exe 0.01 5,924 K 13,824 K 688 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    lsm.exe 0.01 3,220 K 5,984 K 700   
    Plex Media Server.exe 0.01 31,284 K 34,748 K 2612 Plex Media Server Plex, Inc. (Verified) Plex
    wlanext.exe < 0.01 2,412 K 6,052 K 1516   
    services.exe < 0.01 8,364 K 12,160 K 636   
    PocketCloudService.exe < 0.01 35,800 K 33,692 K 4232 PocketCloudService  (No signature was present in the subject)
    svchost.exe < 0.01 17,756 K 19,324 K 500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    wmpnetwk.exe < 0.01 15,176 K 9,088 K 5252 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 233,264 K 147,032 K 624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 15,664 K 16,828 K 1212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 17,920 K 21,316 K 1932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    PnkBstrA.exe < 0.01 1,260 K 4,268 K 3780   
    SSUService.exe < 0.01 2,812 K 6,280 K 4112 Splashtop Software Updater Service Splashtop Inc. (Verified) Splashtop Inc.
    svchost.exe < 0.01 4,572 K 8,820 K 2584   
    WLIDSVC.EXE < 0.01 7,860 K 15,064 K 4292   
    HD-UpdaterService.exe < 0.01 17,588 K 19,012 K 2144 BlueStacks Updater Service BlueStack Systems, Inc. (Verified) Bluestack Systems
    svchost.exe < 0.01 15,540 K 18,784 K 2296   
    NvBackend.exe < 0.01 18,416 K 23,588 K 2272 NVIDIA Backend NVIDIA Corporation (Verified) NVIDIA Corporation
    HD-LogRotatorService.exe < 0.01 11,684 K 8,388 K 2032 BlueStacks Log Rotator Service BlueStack Systems, Inc. (Verified) Bluestack Systems
    HPSA_Service.exe < 0.01 30,176 K 23,548 K 3792 HP Support Assistant Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
    nvvsvc.exe < 0.01 5,560 K 13,220 K 1480   
    csrss.exe < 0.01 2,536 K 4,992 K 484   
    WUDFHost.exe  2,268 K 6,224 K 5216   
    wuauclt.exe  2,244 K 6,788 K 4720 Windows Update Microsoft Corporation (Verified) Microsoft Windows Component Publisher
    WmiPrvSE.exe  6,260 K 11,188 K 4800   
    WLIDSVCM.EXE  1,472 K 3,528 K 4492   
    winlogon.exe  3,212 K 7,484 K 660   
    wininit.exe  1,656 K 4,580 K 576   
    TrustedInstaller.exe  4,228 K 9,196 K 1424 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
    taskhost.exe  3,712 K 7,708 K 1800 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe  2,396 K 6,228 K 3852 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe  2,312 K 6,064 K 3840   
    TabTip_64.exe  1,344 K 3,704 K 2328   (No signature was present in the subject)
    svchost.exe  46,752 K 38,752 K 5024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  4,824 K 9,712 K 804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  5,036 K 8,744 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  1,684 K 4,644 K 2716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  64,020 K 68,440 K 1580   
    svchost.exe  2,016 K 5,544 K 4208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  2,536 K 6,080 K 4988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    spoolsv.exe  8,300 K 14,240 K 1684 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    smss.exe  540 K 1,252 K 304   
    SearchIndexer.exe  39,988 K 19,084 K 2580 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    ScpService.exe  16,052 K 20,584 K 2960 ScpService Scarlet.Crush Productions (No signature was present in the subject) Scarlet.Crush Productions
    rundll32.exe  1,456 K 4,856 K 3544 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
    RtkAudioService64.exe  2,020 K 5,300 K 1152 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    RAVCpl64.exe  8,800 K 11,436 K 2320 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    RAVBg64.exe  15,180 K 12,348 K 1176   
    RaRegistry64.exe  1,612 K 4,192 K 3808 RalinkRegistryWriter Ralink Technology, Corp. (No signature was present in the subject) Ralink Technology, Corp.
    RaRegistry.exe  1,588 K 5,184 K 3744 RalinkRegistryWriter Ralink Technology, Corp. (No signature was present in the subject) Ralink Technology, Corp.
    procexp.exe  2,304 K 7,136 K 5228 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    OSPPSVC.EXE  2,912 K 9,916 K 5368   
    nvxdsync.exe  8,412 K 19,700 K 1468   
    nvvsvc.exe  2,900 K 7,596 K 868 NVIDIA Driver Helper Service, Version 358.50 NVIDIA Corporation (Verified) NVIDIA Corporation
    nvtray.exe  5,116 K 11,832 K 3048 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
    nvSCPAPISvr.exe  2,680 K 5,972 K 892 Stereo Vision Control Panel API Server NVIDIA Corporation (Verified) NVIDIA Corporation
    NvNetworkService.exe  5,304 K 9,688 K 3520 NVIDIA Network Service NVIDIA Corporation (Verified) NVIDIA Corporation
    mDNSResponder.exe  2,276 K 5,700 K 1716 Bonjour Service Apple Inc. (Verified) Apple Inc.
    LSSrvc.exe  1,348 K 4,336 K 3380 LightScribe Service Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
    HPClientServices.exe  3,956 K 7,948 K 3264 HP Client Services Hewlett-Packard Company (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
    GoogleUpdate.exe  2,244 K 2,524 K 4976   
    GoogleUpdate.exe  2,344 K 1,224 K 2548 Google Installer Google Inc. (Verified) Google Inc
    GfExperienceService.exe  4,052 K 9,324 K 1956 NVIDIA GeForce ExperienceService NVIDIA Corporation (Verified) NVIDIA Corporation
    Fuel.Service.exe  2,440 K 6,436 K 1792 AMD Fuel Service Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
    dllhost.exe  2,440 K 6,080 K 5712 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
    conhost.exe  1,076 K 2,900 K 1524   
    conhost.exe  1,844 K 5,680 K 3672   
    conhost.exe  1,728 K 4,960 K 3572 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
    conhost.exe  1,672 K 4,816 K 3392   
    conhost.exe  1,212 K 3,184 K 3944   
    cmd.exe  2,144 K 3,012 K 1060   
    btwdins.exe  2,644 K 6,608 K 2736 Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation
    BTTray.exe  6,388 K 12,092 K 2684 Bluetooth Tray Application Broadcom Corporation. (Verified) Broadcom Corporation
    atiesrxx.exe  1,708 K 4,480 K 324 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
    atieclxx.exe  2,412 K 6,556 K 1388   
    armsvc.exe  1,228 K 3,968 K 1528 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
    AndServMgr.exe  1,492 K 3,796 K 1352 AndServMgr American Megatrends Inc. (Verified) American Megatrends Inc.
    AdobeARM.exe  4,412 K 12,368 K 4584 Adobe Reader and Acrobat Manager Adobe Systems Incorporated (Verified) Adobe Systems


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP

    Looks good now.  Were you able to run the AVG scan?

     

    We can try some other scans and see if they work and/or  find something:

     

     
    Download aswMBR.exe  to your desktop.
    Right click aswMBR.exe and Run as Administrator
    uncheck trace disk IO calls
    Click the "Scan" button to start scan (Accept the Avast Engine)
    On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
    If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
     
    ComboFix
     
    :!: It must be saved to your desktop, do not run it from your browser:!:
     
    :!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
     
    :!: Turn off your screen saver so you can see what is going on
     
    Download and Save this file --  to your Desktop -- from either of these two sources:
     
    Rightclick on ComboFix and select Run As Administrator to start the program.  
     
     
     
        * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
        
        
        * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
     
    Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
    You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
    If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
    If you get an error about a registry value when you try to run a program, then just reboot to clear it.
     
    Download TDSSKiller:
    Save it to your desktop then run it by right clicking and Run As Admin.
     
     
    If TDSSKiller alerts you that the system needs to reboot, please consent.
     
    Run TDSSKiller again but this time:
    before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
    In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
    When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

    • 0

    #15
    rct8787

    rct8787

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Unfortunately Active ISO burner force closes after I installed it and try to open it so I was not able to burn the image to a CD not sure if theres another program you can recommend?, tried aswMBR and TDSSKiller and they still will not run. See below for the ComboFix log. Thanks

     

    ComboFix 15-11-09.01 - Ryan 11/11/2015  15:04:01.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.8191.6000 [GMT -5:00]
    Running from: c:\users\Ryan\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\TabTip_64.dll
    c:\programdata\TabTip_64.exe
    c:\users\Ryan\AppData\Local\.#
    c:\users\Ryan\AppData\Local\assembly\tmp
    c:\windows\SysWow64\SET6F05.tmp
    c:\windows\SysWow64\SET7744.tmp
    c:\windows\SysWow64\SET7860.tmp
    c:\windows\SysWow64\SET8BF4.tmp
    c:\windows\SysWow64\SET8C76.tmp
    c:\windows\SysWow64\SET92E2.tmp
    c:\windows\SysWow64\SETAD1A.tmp
    c:\windows\SysWow64\SETB2AB.tmp
    c:\windows\SysWow64\SETDA45.tmp
    c:\windows\SysWow64\SETECB2.tmp
    c:\windows\SysWow64\SETF1F3.tmp
    c:\windows\SysWow64\SETF707.tmp
    c:\windows\SysWow64\tmpBFF2.tmp
    c:\windows\SysWow64\tmpBFF3.tmp
    .
    .
    (((((((((((((((((((((((((   Files Created from 2015-10-11 to 2015-11-11  )))))))))))))))))))))))))))))))
    .
    .
    2015-11-11 20:12 . 2015-11-11 20:12 -------- d-----w- c:\users\Mcx1-TYRANT.TyRaNt\AppData\Local\temp
    2015-11-11 18:34 . 2015-11-11 18:34 -------- d-----w- c:\program files (x86)\LSoft Technologies
    2015-11-11 10:47 . 2015-11-11 11:47 5286088 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2015-11-11 08:22 . 2015-11-11 08:22 -------- d-----w- c:\windows\system32\SPReview
    2015-11-11 08:06 . 2015-11-11 08:06 -------- d-----w- c:\windows\Migration
    2015-11-10 23:51 . 2015-11-10 23:51 -------- d-----w- c:\program files (x86)\NirSoft
    2015-11-07 01:20 . 2015-11-07 01:20 70 ----a-w- c:\windows\RAVTC.TMP
    2015-11-07 00:11 . 2015-11-07 22:36 -------- d-----w- C:\AdwCleaner
    2015-11-06 23:59 . 2015-11-08 21:40 -------- d-----w- C:\FRST
    2015-11-06 22:27 . 2015-11-06 22:27 -------- d-----w- c:\users\Ryan\AppData\Roaming\Runscanner.net
    2015-11-06 22:26 . 2015-11-06 22:27 -------- d-----w- C:\runscanner
    2015-11-06 02:02 . 2015-11-07 01:20 -------- d-----w- c:\program files (x86)\Panda Security
    2015-11-06 02:01 . 2015-11-07 01:20 -------- d-----w- c:\programdata\Panda Security
    2015-11-01 07:44 . 2015-11-01 07:44 -------- d-----w- c:\program files\Common Files\Microsoft
    2015-10-31 07:47 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D959CD9-302F-4550-A1AB-44F173152E74}\mpengine.dll
    2015-10-30 07:46 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-10-26 00:14 . 2015-10-03 02:18 102520 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2015-10-22 23:06 . 2015-10-23 01:11 -------- d-----w- c:\program files (x86)\BlueStacks
    2015-10-22 23:06 . 2015-10-22 23:06 -------- d-----w- c:\programdata\BlueStacks
    2015-10-22 23:05 . 2015-10-22 23:05 -------- d-----w- c:\users\Ryan\AppData\Local\Bluestacks
    2015-10-20 21:14 . 2015-10-20 21:14 26877120 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
    2015-10-20 21:14 . 2015-10-20 21:14 112326848 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
    2015-10-20 21:09 . 2015-10-20 21:09 112326848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
    2015-10-20 21:09 . 2015-10-20 21:09 37472960 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
    2015-10-15 03:53 . 2015-09-18 16:49 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
    2015-10-15 03:53 . 2015-09-18 16:47 700416 ----a-w- c:\windows\system32\invagent.dll
    2015-10-15 03:53 . 2015-09-18 16:47 766464 ----a-w- c:\windows\system32\generaltel.dll
    2015-10-15 03:53 . 2015-09-18 16:47 503808 ----a-w- c:\windows\system32\devinv.dll
    2015-10-15 03:53 . 2015-09-18 16:47 1291264 ----a-w- c:\windows\system32\appraiser.dll
    2015-10-15 03:53 . 2015-09-18 16:47 73216 ----a-w- c:\windows\system32\acmigration.dll
    2015-10-15 03:53 . 2015-09-18 16:41 1163776 ----a-w- c:\windows\system32\aeinv.dll
    2015-10-13 20:13 . 2015-10-13 20:13 5799128 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
    2015-10-13 20:13 . 2015-10-13 20:13 5503168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
    2015-10-13 20:09 . 2015-10-13 20:09 235200 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\OSFINTL.DLL
    2015-10-13 20:09 . 2015-10-13 20:09 7935192 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
    2015-10-13 20:09 . 2015-10-13 20:09 7700160 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
    2015-10-13 00:45 . 2015-10-13 00:45 2317104 ----a-w- c:\windows\system32\coin97itp.dll
    2015-10-13 00:45 . 2015-10-13 00:45 68912 ----a-w- c:\windows\system32\drivers\point64.sys
    2015-10-13 00:45 . 2015-10-13 00:45 1804696 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
    2015-10-13 00:44 . 2015-10-13 00:44 95024 ----a-w- c:\windows\system32\drivers\dc3d.sys
    2015-10-13 00:44 . 2015-10-13 00:44 2317104 ----a-w- c:\windows\system32\coin97ip.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-11-11 11:47 . 2012-04-29 20:11 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-11-11 11:47 . 2011-09-27 12:58 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-11-11 08:38 . 2011-09-29 22:51 145617392 ----a-w- c:\windows\system32\MRT.exe
    2015-10-12 03:05 . 2014-06-12 01:44 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2015-10-12 03:05 . 2013-10-28 22:45 1423304 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2015-10-12 03:04 . 2014-06-12 01:44 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
    2015-10-12 03:04 . 2013-10-28 22:45 1710752 ----a-w- c:\windows\system32\nvspcap64.dll
    2015-10-03 05:06 . 2015-07-06 19:03 3154104 ----a-w- c:\windows\SysWow64\nvapi.dll
    2015-10-03 05:06 . 2015-04-22 00:18 12769408 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2015-10-03 05:06 . 2015-01-31 04:41 17395512 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2015-10-03 05:06 . 2013-08-05 23:41 3573832 ----a-w- c:\windows\system32\nvapi64.dll
    2015-10-03 05:06 . 2013-08-05 23:41 15716648 ----a-w- c:\windows\system32\nvd3dumx.dll
    2015-10-03 02:49 . 2013-08-05 23:42 6358648 ----a-w- c:\windows\system32\nvcpl.dll
    2015-10-03 02:49 . 2013-08-05 23:42 2982520 ----a-w- c:\windows\system32\nvsvc64.dll
    2015-10-03 02:49 . 2015-01-31 04:42 2554488 ----a-w- c:\windows\system32\nvsvcr.dll
    2015-10-03 02:49 . 2013-08-05 23:42 938800 ----a-w- c:\windows\system32\nvvsvc.exe
    2015-10-03 02:49 . 2013-08-05 23:42 62768 ----a-w- c:\windows\system32\nvshext.dll
    2015-10-03 02:49 . 2013-08-05 23:42 385328 ----a-w- c:\windows\system32\nvmctray.dll
    2015-10-01 09:33 . 2013-08-05 23:42 5284082 ----a-w- c:\windows\system32\nvcoproc.bin
    2015-09-14 00:29 . 2015-09-23 23:51 1898288 ----a-w- c:\windows\system32\nvdispco6435598.dll
    2015-09-14 00:29 . 2015-09-23 23:51 1558832 ----a-w- c:\windows\system32\nvdispgenco6435598.dll
    2015-09-07 23:56 . 2015-09-07 23:56 4514008 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2015-09-07 23:56 . 2015-09-07 23:56 3234520 ----a-w- c:\windows\system32\SET8AF5.tmp
    2015-09-07 23:56 . 2015-09-07 23:56 2702552 ----a-w- c:\windows\system32\RTSnMg64.cpl
    2015-09-07 23:56 . 2015-09-07 23:56 184688 ----a-w- c:\windows\system32\SET8BC1.tmp
    2015-09-07 23:56 . 2015-09-07 23:56 1310936 ----a-w- c:\windows\system32\RTCOM64.dll
    2015-09-07 23:56 . 2015-09-07 23:56 2930904 ----a-w- c:\windows\system32\SET893F.tmp
    2015-09-07 23:56 . 2015-09-07 23:56 1749208 ----a-w- c:\windows\system32\RCoInstII64.dll
    2015-08-25 18:46 . 2015-09-07 17:14 1898288 ----a-w- c:\windows\system32\nvdispco6435582.dll
    2015-08-25 18:46 . 2015-09-07 17:14 1558648 ----a-w- c:\windows\system32\nvdispgenco6435582.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-10-13 20:13 1731800 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-10-13 20:13 1731800 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-10-13 20:13 1731800 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "MusicManager"="c:\users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2015-08-13 7646208]
    "Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2015-08-23 6274184]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2014-7-17 1396992]
    Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaWiFi.exe -s [2013-1-9 2037096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ    scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    2;2 WyseRemoteAccess;Wyse Remote Access;c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe;c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [x]
    R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
    R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]
    R2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [x]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
    R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
    R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
    R3 IvtAudioBusSrv;IvtAudioBusSrv;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
    R3 IvtPanBusSrv;IvtPanBusSrv;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
    R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
    R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys;c:\windows\SYSNATIVE\Drivers\SIVX64.sys [x]
    R3 uvhid;Unified Virtual HID;c:\windows\system32\DRIVERS\uvhid.sys;c:\windows\SYSNATIVE\DRIVERS\uvhid.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 DuoVMDrv;DuOS DuoVM Service;c:\windows\system32\DRIVERS\DuoVMDrv.sys;c:\windows\SYSNATIVE\DRIVERS\DuoVMDrv.sys [x]
    S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AndServMgr;AndServMgr;c:\program files\AMI\DuOS\AndServMgr.exe;c:\program files\AMI\DuOS\AndServMgr.exe [x]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
    S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
    S2 Ds3Service;SCP DS3 Service;c:\users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe;c:\users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe [x]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
    S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
    S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
    S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
    S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe;c:\program files (x86)\TightVNC\tvnserver.exe [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-11-01 15:18 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 11:47]
    .
    2015-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15 00:50]
    .
    2015-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15 00:50]
    .
    2015-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core.job
    - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-02 14:36]
    .
    2015-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA.job
    - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-02 14:36]
    .
    2015-10-29 c:\windows\Tasks\HPCeeScheduleForRyan.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-10-12 16:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-10-12 16:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-10-12 16:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-10-13 20:09 2339032 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-10-13 20:09 2339032 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-10-13 20:09 2339032 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-10-12 1710752]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-10-12 2655520]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-05-16 13876952]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office15\ONBttnIE.dll/105
    Trusted Zone: cinemanow.com
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: hp.com
    Trusted Zone: qflix.com
    Trusted Zone: roxio.com
    Trusted Zone: soe.com
    Trusted Zone: sonic.com\redirect
    Trusted Zone: sonic.com\redirect2
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
    HKLM-Run-TabTip_64 - c:\progra~3\TabTip_64.exe
    AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{82E1477C-B154-48D3-9891-33D83C26BCD3}"=hex:51,66,7a,6c,4c,1d,38,12,12,44,f2,
       86,66,ff,bd,0d,e7,87,70,98,39,78,f8,c7
    "{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
       35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
       38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
       72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
       94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,38,12,cb,5c,bc,
       c5,1e,cb,fe,09,fe,38,e4,b7,5b,5f,59,93
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
       df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}"=hex:51,66,7a,6c,4c,1d,38,12,3b,d4,7c,
       e3,88,8f,a5,08,e0,05,da,fd,94,7c,7e,ca
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:c8,73,c3,24,90,03,ce,01
    .
    [HKEY_USERS\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:0b,c5,c6,2b,63,90,c7,55,73,4d,96,c9,87,c7,f4,30,aa,b3,e9,68,3e,7f,6f,
       38,3a,f4,d7,34,24,34,22,16,51,89,68,eb,91,01,3f,56,07,2b,6d,41,ad,a3,a1,d5,\
    "??"=hex:3e,9b,16,a4,e9,7b,0f,27,55,97,e0,86,00,82,9d,18
    .
    [HKEY_USERS\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\SecuROM\License information*]
    "datasecu"=hex:5f,a6,b4,5f,45,dc,05,bd,98,05,bb,85,c2,d5,34,60,64,a3,e9,27,22,
       6e,b7,b6,23,1d,7e,98,ac,50,64,48,c1,49,a4,0a,cf,27,1e,71,e4,87,81,9a,2f,6e,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\software\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.19"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Ralink\Common\RaRegistry.exe
    c:\program files (x86)\Ralink\Common\RaWiFi.exe
    c:\windows\SysWOW64\RunDll32.exe
    c:\program files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    c:\program files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    .
    **************************************************************************
    .
    Completion time: 2015-11-11  15:22:02 - machine was rebooted
    ComboFix-quarantined-files.txt  2015-11-11 20:22
    .
    Pre-Run: 480,743,149,568 bytes free
    Post-Run: 480,269,914,112 bytes free
    .
    - - End Of File - - 70F1E5DAAAF8D19099B376BB6ECB50DA
    D3F3D406F47598575889AA4B8F8DD083
     


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP