Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Gotta have a virus, cant open any anti virus programs, chrome stops, c


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

CF log looks OK.  The only thing I don't like is this user:  \Mcx1-TYRANT.TyRaNt  

 

Are you sure this is legit?

 

I'm wondering if the suspicious driver we saw earlier was related to Daemon Tools.  I've seen it do weird things.  Can you uninstall Daemon Tools then run a FRST scan again?

 

 

Try the free iso burner from:

 

http://www.freeisoburner.com/

 

Let's check your hard drive and temps:

 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.

  • 0

Advertisements


#17
rct8787

rct8787

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Sorry for the delay, I believe \Mcx1-TYRANT.TyRaNt is legit but Im not positive, at this point I would be fine with getting rid of it if you think that may be the problem, I dont see it listed as one of the users though when I go into users in the control panel, I was able to burn the iso to a CD and ran AVG it found some stuff that I cleaned out but still doesnt appear to solve the problem as chrome still stops working and I still cant run any anti virus programs. I uninstalled Daemon and ran FRST and ran speccy, see below. Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by Ryan (administrator) on TYRANT (14-11-2015 15:30:45)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Mcx1-TYRANT)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Scarlet.Crush Productions) C:\Users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Ralink Technology, Inc.) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-16] (Realtek Semiconductor)
HKLM\...\Run: [TabTip_64] => "C:\PROGRA~3\TabTip_64.exe"
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [MusicManager] => C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-11-14] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-01-19]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2013-01-09]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaWiFi.exe (Ralink Technology, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BBF9F091-EADE-4E1C-AB76-D5897FD5207B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C4349D22-40F8-480F-AD78-E820B327C557}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> DefaultScope {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2012-05-14] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-11-14]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Dark Vibe) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2013-10-15]
CHR Extension: (Google Play Music) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [82384 2015-08-06] (American Megatrends Inc.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-11] (BitRaider, LLC)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 Ds3Service; C:\Users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe [381952 2014-06-29] (Scarlet.Crush Productions) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4302576 2012-08-15] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-17] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [295128 2015-05-16] (Realtek Semiconductor)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [191488 2012-11-05] () [File not signed]
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-11-05] (Wyse Technology.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-01-19] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
R1 DuoVMDrv; C:\Windows\System32\DRIVERS\DuoVMDrv.sys [239536 2015-07-31] (American Megatrends Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-30] (REALiX™)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [555736 2014-04-27] (Realtek Semiconductor Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2014-04-27] (Scarlet.Crush Productions)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX64.sys [57312 2008-06-14] (Ray Hinchliffe)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-14] (Duplex Secure Ltd.)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [20992 2013-04-11] (Windows ® Win 7 DDK provider)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 15:28 - 2015-11-14 15:28 - 00920662 _____ C:\Users\Ryan\Desktop\Speccy.txt
2015-11-14 15:27 - 2015-11-14 15:27 - 00000798 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-11-14 15:27 - 2015-11-14 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-11-14 15:27 - 2015-11-14 15:27 - 00000000 ____D C:\Program Files\Speccy
2015-11-14 15:24 - 2015-11-14 15:26 - 05127432 _____ (Piriform Ltd) C:\Users\Ryan\Desktop\spsetup128.exe
2015-11-14 03:01 - 2015-11-14 03:01 - 00000000 ____D C:\Windows\system32\SPReview
2015-11-12 17:23 - 2015-11-12 17:23 - 00001013 _____ C:\Users\Public\Desktop\PowerISO.lnk
2015-11-12 17:23 - 2015-11-12 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-11-12 17:23 - 2015-11-12 17:23 - 00000000 ____D C:\Program Files (x86)\PowerISO
2015-11-12 17:23 - 2015-10-08 02:00 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2015-11-12 17:22 - 2015-11-12 17:22 - 02621480 _____ (Power Software Ltd) C:\Users\Ryan\Downloads\PowerISO6-cnet.exe
2015-11-12 17:14 - 2015-11-12 17:14 - 00612520 _____ C:\Users\Ryan\Downloads\isoburner_setup-65690114.exe
2015-11-12 17:14 - 2015-11-12 17:14 - 00564752 _____ (Media Freeware ) C:\Users\Ryan\Downloads\isoburner_setup.exe
2015-11-12 17:14 - 2015-11-12 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free ISO Burner
2015-11-12 17:14 - 2015-11-12 17:14 - 00000000 ____D C:\Program Files (x86)\FreeISOBurner
2015-11-11 15:26 - 2015-11-11 15:26 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Ryan\Desktop\tdsskiller (1).exe
2015-11-11 15:22 - 2015-11-11 15:22 - 00034663 _____ C:\ComboFix.txt
2015-11-11 13:44 - 2015-11-11 13:44 - 00338160 _____ C:\Windows\Minidump\111115-55785-01.dmp
2015-11-11 13:41 - 2015-11-11 15:22 - 00000000 ____D C:\Qoobox
2015-11-11 13:41 - 2015-11-11 15:20 - 00000000 ____D C:\Windows\erdnt
2015-11-11 13:41 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-11 13:41 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-11 13:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-11 13:41 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-11 13:41 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-11 13:41 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-11 13:41 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-11 13:41 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-11 13:40 - 2015-11-11 13:40 - 05638248 ____R (Swearware) C:\Users\Ryan\Desktop\ComboFix.exe
2015-11-11 13:35 - 2015-11-11 13:35 - 05200384 _____ (AVAST Software) C:\Users\Ryan\Desktop\aswmbr.exe
2015-11-11 13:34 - 2015-11-11 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[email protected] ISO Burner
2015-11-11 13:34 - 2015-11-11 13:34 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies
2015-11-11 05:47 - 2015-11-11 06:47 - 05286088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-11-11 03:07 - 2015-11-11 03:07 - 00341352 _____ C:\Windows\Minidump\111115-58859-01.dmp
2015-11-10 21:44 - 2015-11-10 21:44 - 02941736 _____ (LSoft Technologies Inc ) C:\Users\Ryan\Downloads\IsoBurner-Setup.exe
2015-11-10 19:40 - 2015-11-10 19:41 - 181379072 _____ C:\Users\Ryan\Downloads\avg_arl_cdi_all_120_150814a10442.iso
2015-11-10 18:51 - 2015-11-10 18:51 - 00141568 _____ C:\Users\Ryan\Downloads\shexview_setup.exe
2015-11-10 18:51 - 2015-11-10 18:51 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
2015-11-10 18:51 - 2015-11-10 18:51 - 00000000 ____D C:\Program Files (x86)\NirSoft
2015-11-09 22:59 - 2015-11-09 23:00 - 00224968 _____ (ESET) C:\Users\Ryan\Desktop\ESETPoweliksCleaner.exe
2015-11-09 22:57 - 2015-11-10 19:12 - 00010182 _____ C:\Users\Ryan\Desktop\System Idle Process.txt
2015-11-09 22:55 - 2015-11-09 22:55 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ryan\Desktop\procexp.exe
2015-11-09 22:51 - 2015-11-09 23:13 - 00000000 _____ C:\junk.txt
2015-11-08 16:31 - 2015-11-08 16:31 - 00001363 _____ C:\Users\Ryan\Downloads\fixlist.txt
2015-11-08 16:27 - 2015-11-08 16:37 - 00000467 _____ C:\VEW.txt
2015-11-08 16:27 - 2015-11-08 16:27 - 00006063 _____ C:\Users\Ryan\Desktop\VEW.txt
2015-11-08 16:25 - 2015-11-08 16:25 - 00061440 _____ ( ) C:\Users\Ryan\Desktop\VEW.exe
2015-11-07 17:24 - 2015-11-11 13:44 - 1259367026 _____ C:\Windows\MEMORY.DMP
2015-11-07 17:24 - 2015-11-07 17:24 - 00268928 _____ C:\Windows\Minidump\110715-47517-01.dmp
2015-11-07 17:13 - 2015-11-12 09:56 - 03474516 _____ C:\Windows\system32\CFG2364854530
2015-11-06 20:45 - 2015-11-14 03:33 - 00001624 _____ C:\Windows\setupact.log
2015-11-06 20:45 - 2015-11-06 20:45 - 00000000 _____ C:\Windows\setuperr.log
2015-11-06 20:38 - 2015-11-11 15:13 - 00023922 _____ C:\Windows\PFRO.log
2015-11-06 20:37 - 2015-11-06 20:37 - 00000000 _____ C:\asc_rdflag
2015-11-06 20:34 - 2015-11-06 20:34 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Ryan\Downloads\mbam-clean-2.1.1.1001.exe
2015-11-06 20:32 - 2015-11-06 20:32 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Ryan\Downloads\tdsskiller.exe
2015-11-06 20:30 - 2015-11-06 20:35 - 00001238 _____ C:\Users\Ryan\Desktop\FixExec.txt
2015-11-06 20:30 - 2015-11-06 20:30 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\FixExec.exe
2015-11-06 20:26 - 2015-11-06 20:26 - 01801288 _____ (Malwarebytes) C:\Users\Ryan\Desktop\JRT.exe
2015-11-06 20:20 - 2015-11-06 20:20 - 00000070 _____ C:\Windows\RAVTC.TMP
2015-11-06 20:13 - 2015-11-06 20:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.09.3.1001.exe
2015-11-06 19:59 - 2015-11-06 19:59 - 29619504 _____ (IObit ) C:\Users\Ryan\Downloads\IObit-Malware-Fighter-Setup.exe
2015-11-06 19:20 - 2015-11-06 19:21 - 22908888 _____ (Malwarebytes ) C:\Users\Ryan\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-06 19:11 - 2015-11-07 17:36 - 00000000 ____D C:\AdwCleaner
2015-11-06 19:10 - 2015-11-06 19:10 - 01713664 _____ C:\Users\Ryan\Desktop\AdwCleaner.exe
2015-11-06 19:01 - 2015-11-08 16:40 - 00088276 _____ C:\Users\Ryan\Desktop\Addition.txt
2015-11-06 18:59 - 2015-11-14 15:30 - 00023120 _____ C:\Users\Ryan\Desktop\FRST.txt
2015-11-06 18:59 - 2015-11-14 15:30 - 00000000 ____D C:\FRST
2015-11-06 18:54 - 2015-11-06 18:54 - 02198528 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2015-11-06 18:53 - 2015-11-09 23:01 - 00000347 _____ C:\Users\Ryan\Desktop\New Text Document.txt
2015-11-06 17:33 - 2015-11-06 17:33 - 00076814 _____ C:\Users\Ryan\Desktop\runscanner.log
2015-11-06 17:27 - 2015-11-06 17:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Runscanner.net
2015-11-06 17:26 - 2015-11-06 17:27 - 00000000 ____D C:\runscanner
2015-11-06 17:18 - 2015-11-06 17:18 - 05200384 _____ (AVAST Software) C:\Users\Ryan\Downloads\aswmbr
2015-11-05 21:02 - 2015-11-06 20:20 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-11-05 21:01 - 2015-11-06 20:20 - 00000000 ____D C:\ProgramData\Panda Security
2015-11-05 21:01 - 2015-11-05 21:01 - 02113152 _____ C:\Users\Ryan\Downloads\PANDAFREEAV.exe
2015-11-05 18:01 - 2015-11-12 02:35 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-04 21:49 - 2015-11-04 21:49 - 02924672 _____ (AVG Technologies) C:\Users\Ryan\Downloads\AVG_Protection_Free_698.exe
2015-11-04 21:36 - 2015-11-04 21:36 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Ryan\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-10-31 14:05 - 2015-10-31 14:05 - 00012169 _____ C:\Users\Ryan\Downloads\[kat.cr]family.feud.decades.wbfs.sfae41.ntsc.wiigm.torrent
2015-10-31 14:05 - 2015-10-31 14:05 - 00000000 ____D C:\Users\Ryan\Downloads\SFAE41 Family Feud Decades
2015-10-25 19:14 - 2015-10-02 21:18 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-10-25 19:12 - 2015-10-03 00:06 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 22306936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 18359928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 16541040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 15002304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 14832968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 13518496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 12032200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 11114616 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-10-25 19:12 - 2015-10-03 00:06 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 02489976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00689456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00414000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-10-25 10:16 - 2015-10-25 10:16 - 00001054 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
2015-10-25 10:16 - 2015-10-25 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-10-25 09:56 - 2015-10-25 09:56 - 00000000 ____D C:\Users\Ryan\Documents\The Witcher 3
2015-10-25 09:14 - 2015-10-25 09:15 - 318801672 _____ ( ) C:\Users\Ryan\Downloads\witcher3_patch_1.01.exe
2015-10-23 16:21 - 2015-10-23 17:04 - 00000000 ____D C:\Users\Ryan\Downloads\The.Witcher.3.Wild.Hunt.Patch.v1.10-GOG
2015-10-23 16:21 - 2015-10-23 16:36 - 00000000 ____D C:\Users\Ryan\Downloads\The.Witcher.3.Wild.Hunt.Hearts.of.Stone-GOG
2015-10-23 13:25 - 2015-10-23 14:20 - 00000000 ____D C:\Users\Ryan\Downloads\The Witcher 3 Wild Hunt
2015-10-22 18:06 - 2015-10-22 20:11 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-10-22 18:06 - 2015-10-22 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-10-22 18:06 - 2015-10-22 18:06 - 00000000 ____D C:\ProgramData\BlueStacks
2015-10-22 18:05 - 2015-10-22 18:05 - 00000000 ____D C:\Users\Ryan\AppData\Local\Bluestacks
2015-10-22 18:02 - 2015-10-22 18:04 - 265913504 _____ C:\Users\Ryan\Downloads\BlueStacksAppPlayer_0.9.30.4239_by_AJacobs_Rooted_BSEasy.exe
2015-10-22 17:48 - 2015-10-22 17:48 - 00001127 _____ C:\Users\Public\Desktop\Star Wars Battlefront II.lnk
2015-10-22 17:48 - 2015-10-22 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2015-10-22 16:18 - 2015-10-22 16:18 - 00000000 ____D C:\Users\Ryan\Downloads\Star Wars Battlefront II

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 15:29 - 2011-12-23 13:21 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2015-11-14 14:47 - 2012-04-29 15:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-14 05:46 - 2011-01-26 11:19 - 02075579 _____ C:\Windows\WindowsUpdate.log
2015-11-14 03:42 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-14 03:42 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-14 03:33 - 2013-08-05 18:43 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-14 03:33 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-12 17:00 - 2014-04-22 13:12 - 00000000 ____D C:\Users\Ryan\Desktop\Hyper Spin
2015-11-12 17:00 - 2013-02-14 20:36 - 00000000 ____D C:\Users\Ryan\AppData\Local\Updater21804
2015-11-12 03:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2015-11-12 03:01 - 2013-04-14 11:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-12 03:01 - 2012-01-16 10:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 15:22 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2015-11-11 15:15 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-11-11 14:06 - 2011-09-28 07:55 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-11 13:44 - 2013-01-21 13:51 - 00000000 ____D C:\Windows\Minidump
2015-11-11 06:47 - 2012-04-29 15:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 06:47 - 2012-04-29 15:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 06:47 - 2011-09-27 07:58 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 03:44 - 2013-07-13 02:00 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:38 - 2011-09-29 17:51 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 03:06 - 2014-12-11 04:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-11 03:06 - 2014-07-10 02:06 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-11-11 03:02 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2015-11-10 19:34 - 2015-08-20 17:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Kodi
2015-11-07 17:21 - 2015-05-17 08:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-11-07 17:10 - 2013-10-15 17:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 17:10 - 2013-10-15 17:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 17:10 - 2013-02-02 11:59 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA.job
2015-11-07 16:56 - 2012-01-06 19:41 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-11-07 16:56 - 2012-01-06 19:39 - 00000000 ____D C:\Program Files (x86)\Image-Line
2015-11-07 03:35 - 2014-03-19 20:45 - 00000000 ____D C:\ProgramData\ProductData
2015-11-07 03:29 - 2013-02-02 11:59 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core.job
2015-11-06 20:51 - 2011-09-26 13:32 - 00123136 _____ C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-06 20:39 - 2009-07-13 23:45 - 00475984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-06 20:37 - 2014-04-07 02:28 - 99581952 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-11-06 20:37 - 2014-04-07 02:28 - 00401408 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-11-06 20:37 - 2014-04-07 02:28 - 00061440 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2015-11-06 20:37 - 2014-04-07 02:28 - 00028672 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-11-06 20:37 - 2011-09-26 13:28 - 00000000 ____D C:\Users\Ryan
2015-11-06 19:12 - 2009-07-14 00:13 - 00784956 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-05 22:39 - 2015-05-16 15:06 - 00000000 ____D C:\Users\Mcx1-TYRANT.TyRaNt
2015-11-05 22:38 - 2014-06-10 12:16 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\ProductData
2015-11-05 22:38 - 2013-10-18 18:19 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-05 22:38 - 2013-10-15 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-05 22:38 - 2013-10-15 17:42 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-05 22:38 - 2012-01-16 10:50 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-11-05 22:38 - 2011-01-26 11:43 - 00000000 ____D C:\ProgramData\RoxioNow
2015-11-05 22:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-11-05 21:14 - 2011-01-27 00:27 - 00000000 ____D C:\ProgramData\Recovery
2015-11-01 02:40 - 2011-09-29 19:39 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\uTorrent
2015-10-29 02:31 - 2014-07-02 13:25 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
2015-10-25 19:14 - 2013-08-05 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-10-25 19:14 - 2013-08-05 18:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-25 19:14 - 2012-02-23 21:37 - 00000000 ____D C:\Temp
2015-10-25 14:27 - 2015-09-10 17:38 - 00003116 ____H C:\Users\Ryan\.swfinfo
2015-10-25 10:18 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-25 09:46 - 2014-07-19 14:03 - 00000000 ____D C:\Users\Ryan\AppData\Local\Glyph
2015-10-24 08:05 - 2014-07-19 14:03 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-10-23 02:41 - 2013-04-08 21:40 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-10-22 18:06 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-22 17:08 - 2015-09-04 22:31 - 00000000 ____D C:\Users\Ryan\.VirtualBox
2015-10-22 17:02 - 2009-07-14 00:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-19 07:01 - 2014-05-31 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-15 18:37 - 2015-10-07 20:04 - 00000000 ____D C:\ProgramData\Oracle

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-10 01:02

==================== End of FRST.txt ============================

Attached Files


Edited by rct8787, 14 November 2015 - 02:38 PM.

  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I found something this time:
HKLM\...\Run: [TabTip_64] => "C:\PROGRA~3\TabTip_64.exe"

 

 
TabTip_64.exe is a random name even tho it looks sort of legit.
 
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
Your hard drive C:\ looks pretty bad.  I'd say it is time to clone it before you lose it.
 
 
Attribute name Seek Error Rate
Real value 0
Current 87
Worst 60
Threshold 30
Raw Value 001D9C59B1
Status Good
 
 
Attribute name Command Timeout
Real value 4,295,032,833
Current 100
Worst 99
Threshold 0
Raw Value 0000010001
Status Good
 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc /scannow
 
(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application. (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
 
 

Any change?


  • 0

#19
rct8787

rct8787

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

ok heres all the logs.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Ryan (2015-11-15 14:39:28) Run:5
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Mcx1-TYRANT)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [TabTip_64] => "C:\PROGRA~3\TabTip_64.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> DefaultScope {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> {5ED88E19-FCB1-4428-9612-3E22A725041E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN26255233522486923&UM=2
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2015-11-05 22:39 - 2015-05-16 15:06 - 00000000 ____D C:\Users\Mcx1-TYRANT.TyRaNt
2015-11-05 22:38 - 2014-06-10 12:16 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\ProductData
2015-11-05 22:38 - 2013-10-18 18:19 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-05 22:38 - 2013-10-15 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TabTip_64 => value not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5ED88E19-FCB1-4428-9612-3E22A725041E}" => key removed successfully
HKCR\CLSID\{5ED88E19-FCB1-4428-9612-3E22A725041E} => key not found.
WinRing0_1_2_0 => service removed successfully
catchme => service removed successfully
C:\Users\Mcx1-TYRANT.TyRaNt => moved successfully
C:\Users\Ryan\AppData\Roaming\ProductData => moved successfully
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome => moved successfully

==== End of Fixlog 14:39:28 ====

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by Ryan (administrator) on TYRANT (15-11-2015 14:40:11)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Mcx1-TYRANT)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Scarlet.Crush Productions) C:\Users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Ralink Technology, Inc.) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [MusicManager] => C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-11-15] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-01-19]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2013-01-09]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaWiFi.exe (Ralink Technology, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{BBF9F091-EADE-4E1C-AB76-D5897FD5207B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C4349D22-40F8-480F-AD78-E820B327C557}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2012-05-14] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1725188070-1093038038-2835830549-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-11-14]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Dark Vibe) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2013-10-15]
CHR Extension: (Google Play Music) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [82384 2015-08-06] (American Megatrends Inc.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-11] (BitRaider, LLC)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 Ds3Service; C:\Users\Ryan\Desktop\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe [381952 2014-06-29] (Scarlet.Crush Productions) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4302576 2012-08-15] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-17] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [295128 2015-05-16] (Realtek Semiconductor)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [191488 2012-11-05] () [File not signed]
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-11-05] (Wyse Technology.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-01-19] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
R1 DuoVMDrv; C:\Windows\System32\DRIVERS\DuoVMDrv.sys [239536 2015-07-31] (American Megatrends Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-30] (REALiX™)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [555736 2014-04-27] (Realtek Semiconductor Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2014-04-27] (Scarlet.Crush Productions)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX64.sys [57312 2008-06-14] (Ray Hinchliffe)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-14] (Duplex Secure Ltd.)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [20992 2013-04-11] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-15 03:01 - 2015-11-15 03:01 - 00000000 ____D C:\Windows\system32\SPReview
2015-11-14 15:28 - 2015-11-14 15:31 - 00920615 _____ C:\Users\Ryan\Desktop\Speccy.txt
2015-11-14 15:24 - 2015-11-14 15:26 - 05127432 _____ (Piriform Ltd) C:\Users\Ryan\Desktop\spsetup128.exe
2015-11-12 17:22 - 2015-11-12 17:22 - 02621480 _____ (Power Software Ltd) C:\Users\Ryan\Downloads\PowerISO6-cnet.exe
2015-11-12 17:14 - 2015-11-12 17:14 - 00612520 _____ C:\Users\Ryan\Downloads\isoburner_setup-65690114.exe
2015-11-12 17:14 - 2015-11-12 17:14 - 00564752 _____ (Media Freeware ) C:\Users\Ryan\Downloads\isoburner_setup.exe
2015-11-11 15:26 - 2015-11-11 15:26 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Ryan\Desktop\tdsskiller (1).exe
2015-11-11 13:44 - 2015-11-11 13:44 - 00338160 _____ C:\Windows\Minidump\111115-55785-01.dmp
2015-11-11 13:41 - 2015-11-11 15:22 - 00000000 ____D C:\Qoobox
2015-11-11 13:41 - 2015-11-11 15:20 - 00000000 ____D C:\Windows\erdnt
2015-11-11 13:41 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-11 13:41 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-11 13:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-11 13:41 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-11 13:41 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-11 13:41 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-11 13:41 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-11 13:41 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-11 13:40 - 2015-11-11 13:40 - 05638248 ____R (Swearware) C:\Users\Ryan\Desktop\ComboFix.exe
2015-11-11 13:35 - 2015-11-11 13:35 - 05200384 _____ (AVAST Software) C:\Users\Ryan\Desktop\aswmbr.exe
2015-11-11 05:47 - 2015-11-11 06:47 - 05286088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-11-11 03:07 - 2015-11-11 03:07 - 00341352 _____ C:\Windows\Minidump\111115-58859-01.dmp
2015-11-10 21:44 - 2015-11-10 21:44 - 02941736 _____ (LSoft Technologies Inc ) C:\Users\Ryan\Downloads\IsoBurner-Setup.exe
2015-11-10 19:40 - 2015-11-10 19:41 - 181379072 _____ C:\Users\Ryan\Downloads\avg_arl_cdi_all_120_150814a10442.iso
2015-11-10 18:51 - 2015-11-10 18:51 - 00141568 _____ C:\Users\Ryan\Downloads\shexview_setup.exe
2015-11-10 18:51 - 2015-11-10 18:51 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
2015-11-10 18:51 - 2015-11-10 18:51 - 00000000 ____D C:\Program Files (x86)\NirSoft
2015-11-09 22:59 - 2015-11-09 23:00 - 00224968 _____ (ESET) C:\Users\Ryan\Desktop\ESETPoweliksCleaner.exe
2015-11-09 22:57 - 2015-11-10 19:12 - 00010182 _____ C:\Users\Ryan\Desktop\System Idle Process.txt
2015-11-09 22:55 - 2015-11-09 22:55 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ryan\Desktop\procexp.exe
2015-11-08 16:31 - 2015-11-08 16:31 - 00001363 _____ C:\Users\Ryan\Downloads\fixlist.txt
2015-11-08 16:27 - 2015-11-08 16:27 - 00006063 _____ C:\Users\Ryan\Desktop\VEW.txt
2015-11-08 16:25 - 2015-11-08 16:25 - 00061440 _____ ( ) C:\Users\Ryan\Desktop\VEW.exe
2015-11-07 17:24 - 2015-11-11 13:44 - 1259367026 _____ C:\Windows\MEMORY.DMP
2015-11-07 17:24 - 2015-11-07 17:24 - 00268928 _____ C:\Windows\Minidump\110715-47517-01.dmp
2015-11-07 17:13 - 2015-11-12 09:56 - 03474516 _____ C:\Windows\system32\CFG2364854530
2015-11-06 20:45 - 2015-11-15 03:33 - 00001792 _____ C:\Windows\setupact.log
2015-11-06 20:45 - 2015-11-06 20:45 - 00000000 _____ C:\Windows\setuperr.log
2015-11-06 20:38 - 2015-11-14 15:45 - 00025444 _____ C:\Windows\PFRO.log
2015-11-06 20:37 - 2015-11-06 20:37 - 00000000 _____ C:\asc_rdflag
2015-11-06 20:34 - 2015-11-06 20:34 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Ryan\Downloads\mbam-clean-2.1.1.1001.exe
2015-11-06 20:32 - 2015-11-06 20:32 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Ryan\Downloads\tdsskiller.exe
2015-11-06 20:30 - 2015-11-06 20:35 - 00001238 _____ C:\Users\Ryan\Desktop\FixExec.txt
2015-11-06 20:30 - 2015-11-06 20:30 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\FixExec.exe
2015-11-06 20:26 - 2015-11-06 20:26 - 01801288 _____ (Malwarebytes) C:\Users\Ryan\Desktop\JRT.exe
2015-11-06 20:20 - 2015-11-06 20:20 - 00000070 _____ C:\Windows\RAVTC.TMP
2015-11-06 20:13 - 2015-11-06 20:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.09.3.1001.exe
2015-11-06 19:59 - 2015-11-06 19:59 - 29619504 _____ (IObit ) C:\Users\Ryan\Downloads\IObit-Malware-Fighter-Setup.exe
2015-11-06 19:20 - 2015-11-06 19:21 - 22908888 _____ (Malwarebytes ) C:\Users\Ryan\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-06 19:11 - 2015-11-07 17:36 - 00000000 ____D C:\AdwCleaner
2015-11-06 19:10 - 2015-11-06 19:10 - 01713664 _____ C:\Users\Ryan\Desktop\AdwCleaner.exe
2015-11-06 19:01 - 2015-11-08 16:40 - 00088276 _____ C:\Users\Ryan\Desktop\Addition.txt
2015-11-06 18:59 - 2015-11-15 14:40 - 00022109 _____ C:\Users\Ryan\Desktop\FRST.txt
2015-11-06 18:59 - 2015-11-15 14:40 - 00000000 ____D C:\FRST
2015-11-06 18:54 - 2015-11-06 18:54 - 02198528 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2015-11-06 18:53 - 2015-11-09 23:01 - 00000347 _____ C:\Users\Ryan\Desktop\New Text Document.txt
2015-11-06 17:33 - 2015-11-06 17:33 - 00076814 _____ C:\Users\Ryan\Desktop\runscanner.log
2015-11-06 17:27 - 2015-11-06 17:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Runscanner.net
2015-11-06 17:26 - 2015-11-06 17:27 - 00000000 ____D C:\runscanner
2015-11-06 17:18 - 2015-11-06 17:18 - 05200384 _____ (AVAST Software) C:\Users\Ryan\Downloads\aswmbr
2015-11-05 21:02 - 2015-11-06 20:20 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-11-05 21:01 - 2015-11-06 20:20 - 00000000 ____D C:\ProgramData\Panda Security
2015-11-05 21:01 - 2015-11-05 21:01 - 02113152 _____ C:\Users\Ryan\Downloads\PANDAFREEAV.exe
2015-11-05 18:01 - 2015-11-12 02:35 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-04 21:49 - 2015-11-04 21:49 - 02924672 _____ (AVG Technologies) C:\Users\Ryan\Downloads\AVG_Protection_Free_698.exe
2015-11-04 21:36 - 2015-11-04 21:36 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Ryan\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-10-31 14:05 - 2015-10-31 14:05 - 00012169 _____ C:\Users\Ryan\Downloads\[kat.cr]family.feud.decades.wbfs.sfae41.ntsc.wiigm.torrent
2015-10-31 14:05 - 2015-10-31 14:05 - 00000000 ____D C:\Users\Ryan\Downloads\SFAE41 Family Feud Decades
2015-10-25 19:14 - 2015-10-02 21:18 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-10-25 19:12 - 2015-10-03 00:06 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 22306936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 18359928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 16541040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 15002304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 14832968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 13518496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 12032200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 11114616 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-10-25 19:12 - 2015-10-03 00:06 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 02489976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00689456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00414000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-10-25 19:12 - 2015-10-03 00:06 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-10-25 10:16 - 2015-10-25 10:16 - 00001054 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
2015-10-25 10:16 - 2015-10-25 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-10-25 09:56 - 2015-10-25 09:56 - 00000000 ____D C:\Users\Ryan\Documents\The Witcher 3
2015-10-25 09:14 - 2015-10-25 09:15 - 318801672 _____ ( ) C:\Users\Ryan\Downloads\witcher3_patch_1.01.exe
2015-10-23 16:21 - 2015-10-23 17:04 - 00000000 ____D C:\Users\Ryan\Downloads\The.Witcher.3.Wild.Hunt.Patch.v1.10-GOG
2015-10-23 16:21 - 2015-10-23 16:36 - 00000000 ____D C:\Users\Ryan\Downloads\The.Witcher.3.Wild.Hunt.Hearts.of.Stone-GOG
2015-10-23 13:25 - 2015-10-23 14:20 - 00000000 ____D C:\Users\Ryan\Downloads\The Witcher 3 Wild Hunt
2015-10-22 18:06 - 2015-10-22 20:11 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-10-22 18:06 - 2015-10-22 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-10-22 18:06 - 2015-10-22 18:06 - 00000000 ____D C:\ProgramData\BlueStacks
2015-10-22 18:05 - 2015-10-22 18:05 - 00000000 ____D C:\Users\Ryan\AppData\Local\Bluestacks
2015-10-22 18:02 - 2015-10-22 18:04 - 265913504 _____ C:\Users\Ryan\Downloads\BlueStacksAppPlayer_0.9.30.4239_by_AJacobs_Rooted_BSEasy.exe
2015-10-22 17:48 - 2015-10-22 17:48 - 00001127 _____ C:\Users\Public\Desktop\Star Wars Battlefront II.lnk
2015-10-22 17:48 - 2015-10-22 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2015-10-22 16:18 - 2015-10-22 16:18 - 00000000 ____D C:\Users\Ryan\Downloads\Star Wars Battlefront II

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-15 13:47 - 2012-04-29 15:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-15 13:23 - 2011-01-26 11:19 - 01149640 _____ C:\Windows\WindowsUpdate.log
2015-11-15 03:42 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 03:42 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 03:33 - 2013-08-05 18:43 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-15 03:33 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-14 15:51 - 2011-12-23 13:21 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2015-11-14 15:47 - 2014-03-19 20:45 - 00000000 ____D C:\ProgramData\ProductData
2015-11-12 17:00 - 2014-04-22 13:12 - 00000000 ____D C:\Users\Ryan\Desktop\Hyper Spin
2015-11-12 17:00 - 2013-02-14 20:36 - 00000000 ____D C:\Users\Ryan\AppData\Local\Updater21804
2015-11-12 03:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2015-11-12 03:01 - 2013-04-14 11:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-12 03:01 - 2012-01-16 10:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 15:22 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2015-11-11 15:15 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-11-11 14:06 - 2011-09-28 07:55 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-11 13:44 - 2013-01-21 13:51 - 00000000 ____D C:\Windows\Minidump
2015-11-11 06:47 - 2012-04-29 15:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 06:47 - 2012-04-29 15:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 06:47 - 2011-09-27 07:58 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 03:44 - 2013-07-13 02:00 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:38 - 2011-09-29 17:51 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 03:06 - 2014-12-11 04:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-11 03:06 - 2014-07-10 02:06 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-11-11 03:02 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2015-11-10 19:34 - 2015-08-20 17:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Kodi
2015-11-07 17:21 - 2015-05-17 08:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-11-07 17:10 - 2013-10-15 17:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 17:10 - 2013-10-15 17:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 17:10 - 2013-02-02 11:59 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA.job
2015-11-07 16:56 - 2012-01-06 19:41 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-11-07 16:56 - 2012-01-06 19:39 - 00000000 ____D C:\Program Files (x86)\Image-Line
2015-11-07 03:29 - 2013-02-02 11:59 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core.job
2015-11-06 20:51 - 2011-09-26 13:32 - 00123136 _____ C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-06 20:39 - 2009-07-13 23:45 - 00475984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-06 20:37 - 2014-04-07 02:28 - 99581952 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-11-06 20:37 - 2014-04-07 02:28 - 00401408 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-11-06 20:37 - 2014-04-07 02:28 - 00061440 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2015-11-06 20:37 - 2014-04-07 02:28 - 00028672 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-11-06 20:37 - 2011-09-26 13:28 - 00000000 ____D C:\Users\Ryan
2015-11-06 19:12 - 2009-07-14 00:13 - 00784956 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-05 22:38 - 2013-10-15 17:42 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-05 22:38 - 2012-01-16 10:50 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-11-05 22:38 - 2011-01-26 11:43 - 00000000 ____D C:\ProgramData\RoxioNow
2015-11-05 22:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-11-05 21:14 - 2011-01-27 00:27 - 00000000 ____D C:\ProgramData\Recovery
2015-11-01 02:40 - 2011-09-29 19:39 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\uTorrent
2015-10-29 02:31 - 2014-07-02 13:25 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
2015-10-25 19:14 - 2013-08-05 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-10-25 19:14 - 2013-08-05 18:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-25 19:14 - 2012-02-23 21:37 - 00000000 ____D C:\Temp
2015-10-25 14:27 - 2015-09-10 17:38 - 00003116 ____H C:\Users\Ryan\.swfinfo
2015-10-25 10:18 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-25 09:46 - 2014-07-19 14:03 - 00000000 ____D C:\Users\Ryan\AppData\Local\Glyph
2015-10-24 08:05 - 2014-07-19 14:03 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-10-23 02:41 - 2013-04-08 21:40 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-10-22 18:06 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-22 17:08 - 2015-09-04 22:31 - 00000000 ____D C:\Users\Ryan\.VirtualBox
2015-10-22 17:02 - 2009-07-14 00:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-19 07:01 - 2014-05-31 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-10 01:02

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Ryan (2015-11-15 14:41:16)
Running from C:\Users\Ryan\Desktop
Windows 7 Home Premium (X64) (2011-09-26 18:28:17)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1725188070-1093038038-2835830549-500 - Administrator - Disabled)
Guest (S-1-5-21-1725188070-1093038038-2835830549-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1725188070-1093038038-2835830549-1013 - Limited - Enabled)
Mcx1-TYRANT (S-1-5-21-1725188070-1093038038-2835830549-1014 - Limited - Enabled) => C:\Users\Mcx1-TYRANT.TyRaNt
Ryan (S-1-5-21-1725188070-1093038038-2835830549-1000 - Administrator - Enabled) => C:\Users\Ryan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACID Pro 7.0 (HKLM-x32\...\{BFA5441E-B7E6-46F5-A15D-1B74707AE93A}) (Version: 7.0.641 - Sony)
Acoustica Mixcraft 7 Home Studio  (HKLM-x32\...\Mixcraft 7 Home Studio-32) (Version: 7.0.1.279 - Acoustica)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Akamai NetSession Interface (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Album Art Downloader XUI 1.02 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.02 - hxxp://sourceforge.net/projects/album-art)
Andy OS (HKLM\...\Andy OS) (Version: 0.45.0.0 - Andy OS, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AutoHotkey 1.1.14.03 (HKLM\...\AutoHotkey) (Version: 1.1.14.03 - Lexikos)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Batman: Arkham City™ GOTY (HKLM-x32\...\GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}) (Version: 1.0.0000.133 - WB Games)
Batman: Arkham City™ GOTY (x32 Version: 1.0.0000.133 - WB Games) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.3 - BitRaider, LLC)
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands: The Pre-Sequel (HKLM-x32\...\Qm9yZGVybGFuZHNUaGVQcmVTZXF1ZWw=_is1) (Version: 1 - )
Burnout™ Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CrimeCraft Gravity Edition (HKLM-x32\...\CrimeCraft Gravity Edition) (Version: 0.25.07.93042 - Vogster Entertainment)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DEAD OR ALIVE 5 Last Round (HKLM-x32\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
Defiance (HKLM-x32\...\Glyph Defiance) (Version:  - Trion Worlds, Inc.)
DeskScapes (HKLM-x32\...\DeskScapes) (Version:  - Stardock Corporation, Inc.)
DeskScapes (x32 Version: 3.50.039 - Stardock Corporation, Inc.) Hidden
DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dream Aquarium (HKLM-x32\...\Dream Aquarium_is1) (Version: 1.0700 - )
Drift City (HKLM-x32\...\DriftCity_US) (Version:  - )
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DuOS (HKLM\...\{8CE9E5DD-D523-44F2-8DE7-0439310EA984}) (Version: 2.0.3.7527 - American Megatrends Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
ESPN Offline Draft (HKLM-x32\...\ESPNOfflineDraft.7DC32A23D84BA514BB63AC794BF941363003AC19.1) (Version: 072514 - ESPN, Inc.)
ESPN Offline Draft (x32 Version: 255 - ESPN, Inc.) Hidden
F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - )
Firefall (HKLM-x32\...\{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}) (Version:  - Red 5 Studios)
Fireplace 3D Screensaver 1.0 (HKLM-x32\...\Fireplace 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.10.1 - Androxyde)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Gateway (HKLM-x32\...\{14E83D30-45D6-4153-9D9E-1EFB9E86F661}) (Version: 1.5.6 - Gravity Interactive, Inc.)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GmoteServer (HKLM-x32\...\DDA23392-9C73-4909-A221-BC12C6D2664D) (Version: 2.0.2 - Gmote.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
GRID 2 © Codemasters version 1 (HKLM-x32\...\R1JJRDI=_is1) (Version: 1 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
IsoBuster 3.1 (HKLM-x32\...\IsoBuster_is1) (Version: 3.1 - Smart Projects)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.0 - )
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
Kodi (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\Kodi) (Version:  - XBMC-Foundation)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
LCPD First Response (HKLM-x32\...\LCPD First Response) (Version: 1.0.0.0d - G17 Media)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Major League Baseball 2K12 (HKLM-x32\...\{E6C29DA3-ADD6-4941-903A-43965CBB0F7C}) (Version: 1.0.0 - 2K Sports)
Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MirrorOp Receiver (HKLM-x32\...\MirrorOp Receiver_is1) (Version: 1.2.0.6 - Awind Inc.)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\MusicManager) (Version:  - Google, Inc.)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version:  - )
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.3.30 (HKLM\...\{5E7BEDD4-397D-4537-A290-AB012A45D771}) (Version: 4.3.30 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.0.22571 - Grinding Gear Games)
PC Connectivity Solution (HKLM-x32\...\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}) (Version: 8.22.7.0 - Nokia)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{ca5910de-4c30-4f28-b6bd-5dd8edff922d}) (Version: 0.9.1211 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1211 - Plex, Inc.) Hidden
PocketCloud Windows Companion (HKLM-x32\...\{8C8C169B-D493-42C7-A975-7C1E0E4C5847}) (Version: 2.5.13 - Wyse Technology)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Q2E Blood Culture 2.0 (HKLM-x32\...\Q2E Blood Culture) (Version:  - )
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RIFT (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\RIFT) (Version:  - Trion Worlds, Inc.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
RollerCoaster Tycoon 2: Time Twister (HKLM-x32\...\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}) (Version: 1.00.000 - )
RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version:  - )
RollerCoaster Tycoon® 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Ryse Son of Rome (HKLM-x32\...\Ryse Son of Rome_is1) (Version:  - )
Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
Saints Row The Third (HKLM-x32\...\Saints Row The Third_is1) (Version:  - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Sleeping Dogs Definitive Edition, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Sleeping Dogs Definitive Edition_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: 1.0 - SEGA)
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
Star Wars Battlefront II Ultimate Pack version 4.1 (HKLM-x32\...\{80C123AF-9375-4166-B05B-820FF5EF8B52}_is1) (Version: 4.1 - XAP4O)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
State of Decay - Breakdown (HKLM-x32\...\State of Decay - Breakdown_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Texas Instruments PCIxx21/x515 drivers. (HKLM-x32\...\InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}) (Version: 1.13.0000 - Texas Instruments Inc.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.113 - KMP Media co., Ltd)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.0.0 - GOG.com)
Tiger Woods PGA TOUR 08 (HKLM-x32\...\{2FEA102C-F535-4513-009B-57B165013C18}) (Version:  - Electronic Arts)
TightVNC 2.0.4 (HKLM-x32\...\TightVNC) (Version: 2.0.4 - GlavSoft LLC.)
TIxx21 (x32 Version: 1.13.0000 - Texas Instruments Inc.) Hidden
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00 - Ubisoft)
UE3Redist (HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
UE3Redist (x32 Version: 1.00.0000 - Epic Games) Hidden
Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version:  - )
Unreal Tournament 2004 (HKLM-x32\...\UT2004) (Version:  - )
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WATCH_DOGS / RePack by Baracuda (HKLM\...\{EF231D76-43D8-4181-81D4-DD235312534D}_is1) (Version: 1.06.329 - )
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

12-11-2015 03:02:52 Windows 7 Service Pack 1
13-11-2015 03:00:10 Windows Update
14-11-2015 03:00:11 Windows Update
15-11-2015 03:00:11 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-07 20:00 - 2015-11-11 15:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E3140F4-F964-4F95-B08D-7F87B2EE4757} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {259DBB21-B7D2-4F35-BB8D-11049CC31720} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {565F63E3-8E10-4E20-A7AF-1D3175F43E46} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5F0F7ED1-0F45-4D46-AE59-992BD057F901} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN39I2N70S05X4 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-04] (HP Inc.)
Task: {94F00FE8-56EE-4808-A62C-66EDCB55E968} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9A5F2205-AF98-440B-B79D-C10DB5D96AF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {A7D2250E-C71B-4B3D-BD77-4366F1683589} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-TYRANT => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {DE503929-CFC8-4443-A39B-D7F6E1C84676} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EAE97834-BEDE-4351-B21F-A35DD606BCFA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {ED4EC50B-E00D-40FF-9CFB-B08C01EB967C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F1EF7823-FAF9-40F5-B325-CB94DF7FCD3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-04] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725188070-1093038038-2835830549-1000UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRyan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2012-12-19 15:32 - 2012-12-19 15:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-05-14 18:56 - 2013-05-17 18:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-05 18:42 - 2015-10-02 21:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-11-05 15:01 - 2012-11-05 15:01 - 00191488 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
2012-11-05 15:04 - 2012-11-05 15:04 - 00071680 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
2012-11-05 15:04 - 2012-11-05 15:04 - 02216448 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\AetherCommLib.dll
2012-11-05 15:04 - 2012-11-05 15:04 - 00078336 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
2015-04-21 19:29 - 2015-10-11 22:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-13 15:33 - 2015-08-13 15:33 - 00117248 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-08-13 15:34 - 2015-08-13 15:34 - 00234496 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-08-13 15:34 - 2015-08-13 15:34 - 00253440 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-08-13 15:33 - 2015-08-13 15:33 - 00344064 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2015-08-23 02:27 - 2015-08-23 02:27 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2015-08-23 02:27 - 2015-08-23 02:27 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-08-23 02:27 - 2015-08-23 02:27 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2015-08-23 02:27 - 2015-08-23 02:27 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2015-08-23 02:27 - 2015-08-23 02:27 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2015-08-23 02:27 - 2015-08-23 02:27 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2015-08-23 02:27 - 2015-08-23 02:27 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2015-08-23 02:27 - 2015-08-23 02:27 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2013-01-09 15:09 - 2012-01-12 22:45 - 01087336 _____ () C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
2015-08-23 02:27 - 2015-08-23 02:27 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2015-08-23 02:27 - 2015-08-23 02:27 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2015-08-23 02:27 - 2015-08-23 02:27 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2015-08-23 02:27 - 2015-08-23 02:27 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2015-08-23 02:27 - 2015-08-23 02:27 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2015-08-23 02:27 - 2015-08-23 02:27 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2015-08-23 02:27 - 2015-08-23 02:27 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2015-08-23 02:27 - 2015-08-23 02:27 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2015-08-23 02:27 - 2015-08-23 02:27 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2015-08-23 02:27 - 2015-08-23 02:27 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2015-08-23 02:27 - 2015-08-23 02:27 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2015-08-23 02:27 - 2015-08-23 02:27 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\cinemanow.com -> hxxp://cinemanow.com
IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\cinemanow.com -> hxxps://cinemanow.com
IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\hp.com -> hxxp://hp.com
IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\qflix.com -> hxxp://qflix.com
IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\roxio.com -> hxxp://roxio.com
IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\sonic.com -> hxxp://redirect.sonic.com
IE trusted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4791 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1725188070-1093038038-2835830549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Local\stardock\deskwall.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GmoteServer.lnk => C:\Windows\pss\GmoteServer.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
MSCONFIG\startupreg: BackUp2364854530 => C:\Users\Ryan\AppData\Roaming\BackUp2364854530.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Chrome => C:\PROGRA~3\taskhost.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GateWay => c:\program files (x86)\gravity\gateway\gatewaymain.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: igfxCUIService => "C:\PROGRA~3\igfxCUIService.exe"
MSCONFIG\startupreg: igfxEM_32 => "C:\PROGRA~3\igfxEM_32.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PDF Complete => c:\program files (x86)\pdf complete\pdfsty.exe
MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TabTip_64 => "C:\PROGRA~3\TabTip_64.exe"
MSCONFIG\startupreg: TBHostSupport => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Ryan\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6C655FDE-4AAF-4620-BC9C-9763BA364917}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{E80BAD5C-E443-4845-9924-8446018553DB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{A462087F-1274-4E3F-8089-377FB55B1359}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{571D9BDF-08B6-4A00-8A30-36F63BECE9DC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9F55D473-C767-47A6-88FC-787E0739E9CE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{359B52E0-2113-48CD-B029-C704836AFBDD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1EC5E065-477C-4F37-8C74-A49551434E48}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{0DB15326-E497-4ED3-B577-861338BA7B47}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{6CBA8053-2ED0-4FDB-896E-8F543126107A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{63DE5EF7-6995-48BC-A8FA-0C848A53FA5C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{E5A03859-C0A4-4DCE-9123-9481147A9EB8}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{6C3F111E-6E1B-445C-BA88-B17F5F2BBD47}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{4C69B373-48B7-468B-B6CC-60C4B7E1380F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{E26E17FA-C6FA-4EAF-AC3B-167AE1B3DF66}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{56F3FCEC-F573-47EF-8F02-76E05621C375}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4D7BE302-BA2C-43C7-B425-7655CAF68B0E}] => (Allow) LPort=2869
FirewallRules: [{94D1E3AD-A4C2-4D89-9A32-9CFC7584BE70}] => (Allow) LPort=1900
FirewallRules: [{94F0C04F-FFA5-4191-830A-A9158CB7CF5A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{94E41FC2-FA96-4401-AAD9-2C7F4A62FBFA}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{1318D141-ADF7-45BF-B001-D65A411ECCA5}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{4EE4E8E1-2EDB-4747-8ED8-63414FB787E8}] => (Allow) J:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{4702E1BC-4360-4A2F-ABB9-1B908DC68998}] => (Allow) J:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{E3BA53F7-EEBE-48E2-A9BE-A898C33370B3}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{AABC0DAF-2D83-491E-B192-131FBD0E8FC5}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
FirewallRules: [TCP Query User{CBC76D3D-A64E-4E5A-9226-85414EC9B548}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{8ADC3F2A-B610-49C2-B079-A42240356B53}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{301888A8-40B0-405E-9B52-96EB6C240B6E}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
FirewallRules: [{CF405D86-28C6-467C-B1B2-B7D572AA15E6}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
FirewallRules: [{17E373C9-8D77-4C4E-9BAC-6A494090D1D4}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{AF82E9F4-6DFA-4007-9FD1-C1285C87D518}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{6D164605-B139-4ECF-98A5-FE7727B474DB}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{3696B3EC-5975-428B-A1D0-3AC2B33A352E}] => (Allow) J:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{3C1A52AD-C0DE-436F-AEB9-5C74234A89FA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{3E46D55B-C8BD-40AA-96FF-A9965AC9242C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{A30B49EE-175C-4CDE-BC2F-C0A32C6CBD3D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{98868078-BAD7-4DEA-ADE3-F661C272DECE}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{265A312A-8DBB-4850-A71E-D9DC5B56B503}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{F6EE3E02-FA35-4EE0-8190-60D7F3EFB735}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{DE9490D0-8A75-4800-BAD3-BB2CD6A1ED3B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{FDD465D3-DA11-4232-8C9A-7457DC3A37B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{C777F74C-57A5-4D7E-8FB1-C7292B8B0EF8}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
FirewallRules: [{CB83D1E5-8CF8-46D6-B8C5-576F8D8C09E2}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcher.exe
FirewallRules: [{6CC37C66-7C9D-42F6-A8DF-017A4839A981}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
FirewallRules: [{DC0758F5-50B0-4321-B488-A0FB64B02194}] => (Allow) J:\gamigo\Golfstar\GolfStar.exe
FirewallRules: [{D7D5B0D1-63A1-491C-AF20-19F3926F45F7}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcher.exe
FirewallRules: [{258BCB8B-E349-42A2-88C5-C32AA3293F3B}] => (Allow) J:\gamigo\Golfstar\GolfStar.exe
FirewallRules: [{EC39F798-2B25-4D67-AA75-061B3A1B669A}] => (Allow) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{55D8C14F-BEF3-4DA0-9A3C-2B580FADF380}] => (Allow) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [TCP Query User{F6D79434-49DB-4584-8CF0-428D105F0034}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{0960D056-1E5E-4993-A151-1E991A32F60D}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe
FirewallRules: [{AFDA71C3-94A5-4E61-9EE8-6D733AA5ECB4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{35545BF5-7E67-4E02-A024-A95F1AF685C4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{FE083E72-D9F0-417A-A3FD-6886710583B4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{3E4B820A-6A80-4DAE-9124-D268D2D54516}J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{7D9BF72D-183F-44CC-8E8C-C7A2205C4FAC}J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) J:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{E82E4B81-EE61-4A4D-A799-690B542D6D5C}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{FE180EDC-2B16-48C6-ADF6-A156116F9E53}] => (Allow) J:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [TCP Query User{7C73E434-96FE-43C8-870C-4CC8A9121765}J:\quake2\q2e.exe] => (Allow) J:\quake2\q2e.exe
FirewallRules: [UDP Query User{57CD4FE5-141E-465D-A39D-2F8C8ECC440A}J:\quake2\q2e.exe] => (Allow) J:\quake2\q2e.exe
FirewallRules: [TCP Query User{43246748-4A47-4264-BB87-405D8A369298}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{FC41F30B-35D3-42D3-B1B2-8C0D420A75BC}J:\program files (x86)\dead island\deadislandgame.exe] => (Allow) J:\program files (x86)\dead island\deadislandgame.exe
FirewallRules: [{0CFF6D42-94D8-4914-ADE7-39DD68CAA534}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
FirewallRules: [{2389636C-D805-4096-9AF2-57B6A9F27E6D}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
FirewallRules: [{C3A08230-3422-4A87-969A-82E1B8FF36BA}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
FirewallRules: [{C0B8B5B9-00AF-4D63-A00D-A827B635108E}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
FirewallRules: [{ADAB0B56-D586-4F62-B186-507295932FF4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{6CFF0A31-B6F2-4F66-8D79-BCD490C4CBBF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{7A02BF6D-A36B-4747-8DAA-C830345F894D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{9BAFD885-7628-4FC2-80C2-54D8D55A3595}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{713E6F34-C079-4ED1-96A7-A8B94C33BF24}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{4FDFFFEE-1A8F-479D-A036-F690F6245579}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\GravityLauncher.exe
FirewallRules: [{49B8EA69-4456-498D-B56C-8D4B7194B361}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\GravityLauncher.exe
FirewallRules: [{A5E869B8-D3E1-466C-BF69-EB972AE4C26E}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\Binaries\CrimeCraft.exe
FirewallRules: [{9F671175-F392-4AB9-9B5A-4C93F1D82022}] => (Allow) J:\Program Files (x86)\Vogster Entertainment\CrimeCraft Gravity Edition\Binaries\CrimeCraft.exe
FirewallRules: [{6CFF33B1-EEA5-4E79-A50B-9CEF0F3447C6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{E633D572-A4AB-4C7C-B990-6DA4F3A403BE}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{22D85453-5FE9-45AC-8C7F-507BFBCBC813}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{1AC78342-2DD9-4348-BBB2-60C8AE43AA68}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [TCP Query User{AC316794-B0D3-45A3-A22B-4ED5C9D2F213}J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Allow) J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{12343684-EA7C-46F0-8487-1D4A648A96B2}J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Allow) J:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
FirewallRules: [{B7C11F6A-F974-40BA-9B6C-72FEC1C45D79}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
FirewallRules: [{77FED348-3A89-45E8-9149-5A42C09C3DE7}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
FirewallRules: [{30945527-E1BB-4C0B-A2AE-B59C05D869F2}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
FirewallRules: [{BBAB469F-0EB9-493D-B5BD-B489272475C2}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
FirewallRules: [{5B777662-88CF-4EA1-BF2B-05FB369CD4D5}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
FirewallRules: [{CC49054E-6960-4A2F-AD49-B4D74DAF4DA9}] => (Allow) LPort=49167
FirewallRules: [{43A110A5-61F1-47FD-B99C-33880073ECBF}] => (Allow) LPort=5000
FirewallRules: [{5F93C342-1B56-474F-B733-140A6BEA3BC7}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{3A1DF9E7-548E-45F1-8DC2-5AEF3CE42033}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{518DD59E-E374-4B45-B040-0D02B51D6A63}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
FirewallRules: [{3AFDEBCB-1BC1-4AA9-AAC0-93D297F5FC8C}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
FirewallRules: [{5EA9BC05-6789-4F0F-AAC3-09E7C6F86D32}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
FirewallRules: [{58D4C430-27AB-485D-A8ED-5B8CC019179A}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
FirewallRules: [{C64E0725-B849-436A-83DF-18E29C9E6DC1}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{B9FA986A-1F4D-447E-9E1B-00FDDE3D7589}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{5BC2ED46-E1A5-4C65-AE60-1DE081CF193E}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{9EC03A64-997A-44E2-A4B9-DF4F368B5A79}] => (Allow) J:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{331E05EB-5400-4323-B900-49B896062A0D}] => (Allow) C:\Program Files (x86)\MirrorOp Receiver\MirrorOp Receiver.exe
FirewallRules: [{38D3B9C2-991A-4B76-BE80-E1FA0176D523}] => (Allow) C:\Program Files (x86)\MirrorOp Receiver\MirrorOp Receiver.exe
FirewallRules: [{E9ACACF1-7C27-4B0A-916C-D7F57E217686}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [TCP Query User{9D4BB9CC-5ABF-474B-AB55-BBC258781A51}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
FirewallRules: [UDP Query User{91490416-C561-4F7C-A3F8-A7CC6622ABBA}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
FirewallRules: [{93AF2DA9-4F78-472B-B501-21B1DD6D9499}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2DA6243C-00BB-4C1B-AF37-242112964F85}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B058748-86DC-41E4-B1C1-B65468D1F3FF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5CBEACC6-02D1-456D-8CCC-16567CF60481}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{A9D1EC1B-FE4B-4090-B87C-EEF9B5C33D71}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
FirewallRules: [UDP Query User{98F9A935-6230-4317-B3E2-81E1FABAEC0F}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
FirewallRules: [TCP Query User{B4AE7989-5CE4-4395-B3BF-68C08B87C5AC}C:\program files (x86)\kainy\kainy.exe] => (Allow) C:\program files (x86)\kainy\kainy.exe
FirewallRules: [UDP Query User{15B654CB-0F55-4D2B-8F50-7A3DE73FF416}C:\program files (x86)\kainy\kainy.exe] => (Allow) C:\program files (x86)\kainy\kainy.exe
FirewallRules: [{08A0C013-7F2D-4082-8CFA-8283B9CBCFAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{195484E7-6EBD-4EA7-82A5-FC2B367B98F2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{468E147A-1DBF-4BDB-AA40-8E19D1CD8320}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7BFCA639-3770-4446-BD83-2B9288AAD04C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{37F33E1D-E444-45A7-8605-E49D0753F87A}J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [UDP Query User{0C064CE2-6730-4EBF-B255-3E2A798E9B05}J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [{06BBA1F0-8169-4F79-897C-4A6DFFE00DA9}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
FirewallRules: [{41A929C2-698C-406B-B171-8D3571A8D4C4}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{2A10A389-EF54-455D-937E-210B7B1C97AC}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
FirewallRules: [{66731D20-BED1-40E1-AA78-1C2112E2E86C}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{1110D147-2FBC-4EBA-8670-A818BC12D130}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.exe
FirewallRules: [{001F18B0-4188-412F-9C2D-BCE40B961A49}] => (Allow) J:\Program Files (x86)\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{60EFACA2-FB14-47EB-8EBE-C6C204E9BB58}] => (Allow) C:\Users\Ryan\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [TCP Query User{42F01058-7011-41D9-992E-70E99CA5F190}J:\program files\capcom\resident evil 5\re5dx10.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx10.exe
FirewallRules: [UDP Query User{CF7E835E-FA32-4593-9370-1730030D8824}J:\program files\capcom\resident evil 5\re5dx10.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx10.exe
FirewallRules: [TCP Query User{7BDA13A0-3F8E-4207-802D-36D648513EFD}J:\program files\capcom\resident evil 5\re5dx9.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx9.exe
FirewallRules: [UDP Query User{115ED86D-AEEE-43F7-9A35-905FEDAD5681}J:\program files\capcom\resident evil 5\re5dx9.exe] => (Allow) J:\program files\capcom\resident evil 5\re5dx9.exe
FirewallRules: [{9D8A01C6-BB2E-435F-B400-7C14C0A12CA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1DE848DD-3B82-455A-9DDF-679E53C8C0C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B522AED4-0231-4A38-8948-E344F2B7D378}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{C68E9191-990A-4614-A90E-B071059E9591}J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
FirewallRules: [UDP Query User{04EE3FF4-3DE9-4E75-9AF2-C3D41859E9A0}J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) J:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
FirewallRules: [{920000B2-B9F7-46FF-845F-01AAA43DAA31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1A89AC95-31E8-4FD9-A96A-98AE67112A17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F89EFBCF-E751-4322-A327-158E2D0674A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3946F287-25B5-447F-B6F5-E4E4AEBC0999}J:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) J:\program files (x86)\saints row iv\saintsrowiv.exe
FirewallRules: [UDP Query User{C066ED73-E1B0-4EB6-9B94-C62EE727A168}J:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) J:\program files (x86)\saints row iv\saintsrowiv.exe
FirewallRules: [TCP Query User{C63329A5-69BC-4DBA-AED5-0163C93F67F4}J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [UDP Query User{8FBF2B43-0B86-4091-9A56-D048C2BFC63F}J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) J:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [{3BEF2E6A-71A5-43C7-95A4-509E3B4801D0}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
FirewallRules: [{4B0B7308-1F0E-40CF-AE16-CEA0D01577A3}] => (Allow) J:\gamigo\Golfstar\GolfStarPatcherLoader.exe
FirewallRules: [{91BEA7F2-3BC6-473D-92A3-D04B05BDA41F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1FB06396-3518-4525-A9F2-1815E7C0A9A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9E6D7BEF-F7A5-4155-9D8E-F8C02BF3A782}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0D6D2E7D-ABD5-48E2-8D42-D5A551966D4A}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E7332D2A-2B40-4380-9965-2E78F4E610F9}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{FA4772FD-9521-4CDD-89AE-F1BDD0521460}J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Allow) J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
FirewallRules: [UDP Query User{D347BBE4-9C5B-409E-8551-DB51EC723F0D}J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe] => (Allow) J:\program files (x86)\ea games\need for speed most wanted\nfs13.exe
FirewallRules: [{257237B3-5D6E-4175-BB00-95ECCDA6A93B}] => (Allow) J:\Program Files (x86)\WB Games\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{2742D936-D507-46FE-841D-05A6C42EC15D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{995AD505-4CAF-46C1-A97A-C3EB2590C8B7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{66ADF8BF-1655-41C3-850C-DEDDCFA84A90}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{08B05F5D-DDC1-4636-B3EB-00B03A2319A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{AD17CE4E-6828-49DF-B889-487665350240}J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe] => (Allow) J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe
FirewallRules: [UDP Query User{AAFFD1EB-E736-43EF-B532-F13C836748F4}J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe] => (Allow) J:\program files (x86)\ea sports\tiger woods 12\tworuntimestandalone.exe
FirewallRules: [{83ECE391-2FFA-451F-A722-90C0FFE490EB}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{66247FDE-08E5-4D7C-97C1-990A0360BEDC}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{3EF2B6B3-C384-449F-9A49-D0CC863EFAD9}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{EAB143C0-E990-4B3C-A493-77B720D319BC}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{00E603F7-D109-4E58-90E8-53FC73BFD91E}J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe] => (Allow) J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe
FirewallRules: [UDP Query User{204E5573-1589-4337-AD08-8FBF89BBFAF9}J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe] => (Allow) J:\program files (x86)\fifa 14\fifa 14\game\fifa14.exe
FirewallRules: [{FBB2BCF8-1DDE-4AED-95F2-C7AB50AB2FD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BEFA8A1D-A636-48E2-96E2-E86555DBEA28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0385C58F-4FE6-4C67-9090-B6B7475AB713}] => (Allow) J:\SimCity\SimCity 2013 Offline\SimCity\SimCity.exe
FirewallRules: [{B14A57B9-8252-4BD9-8B98-5658E2E1D5B5}] => (Allow) J:\SimCity\SimCity 2013 Offline\SimCity\SimCity.exe
FirewallRules: [TCP Query User{3208A1D5-53F4-4044-977A-3CA514EE6C3B}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
FirewallRules: [UDP Query User{71309A87-8B21-4B95-B4DF-6175E7017752}C:\program files (x86)\motorola\rsd lite\sdl.exe] => (Allow) C:\program files (x86)\motorola\rsd lite\sdl.exe
FirewallRules: [TCP Query User{44E9C83C-0BC8-4692-9BBA-F8D6D9509AE5}J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe] => (Allow) J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe
FirewallRules: [UDP Query User{E6D25795-0F3D-461C-A5E0-ADC5351C4AE0}J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe] => (Allow) J:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac_o.exe
FirewallRules: [TCP Query User{6E745788-6B64-4BB0-9586-6AF86CCC74A5}J:\program files\mass effect 2\binaries\masseffect2.exe] => (Allow) J:\program files\mass effect 2\binaries\masseffect2.exe
FirewallRules: [UDP Query User{89759BC4-F0A5-4CB3-ACDE-62C40B072F34}J:\program files\mass effect 2\binaries\masseffect2.exe] => (Allow) J:\program files\mass effect 2\binaries\masseffect2.exe
FirewallRules: [TCP Query User{7F1884C6-C72E-4402-8B23-53A277A08C13}J:\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) J:\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [UDP Query User{F9E06AA2-0C5A-48FA-A36C-DE69A83E8EED}J:\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) J:\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [{987DD292-29F2-43AC-BB9E-29630EE57806}] => (Allow) J:\Program Files (x86)\2K Sports\Major League Baseball 2K12\mlb2k12.exe
FirewallRules: [{1BA00473-423F-498A-A38A-F39EFC6CA9A8}] => (Allow) J:\Program Files (x86)\2K Sports\Major League Baseball 2K12\mlb2k12.exe
FirewallRules: [{E979B422-403B-4963-9A7A-27B2D43936C4}] => (Block) %ProgramFiles% (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
FirewallRules: [{A60FF9AF-4B99-4956-AF0C-2C9849228F6A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{521D8D40-F3B3-4B61-94D1-3099D86A7542}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{B8C1213C-A8FC-46F9-986E-9460DAE8F990}J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{391628D8-E68F-4015-A45B-C9A574EBEB85}J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) J:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{4BF5E5AF-BC1D-4849-87D5-4DD8CC601709}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{954DF99A-0A4E-4EA9-A134-5E1238140AEA}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{5A052CCD-391F-4487-9FDB-C810E1D512A8}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
FirewallRules: [TCP Query User{78905519-11DC-4A42-9C92-4F9ADBF605E9}J:\q2e blood culture\quake2.exe] => (Allow) J:\q2e blood culture\quake2.exe
FirewallRules: [UDP Query User{281DD3B8-7057-480E-B4D8-DCA2EF30F788}J:\q2e blood culture\quake2.exe] => (Allow) J:\q2e blood culture\quake2.exe
FirewallRules: [TCP Query User{ED4AB80A-418A-4A44-A771-60127EDB5AC6}J:\quake2\quake2.exe] => (Allow) J:\quake2\quake2.exe
FirewallRules: [UDP Query User{C125A16B-5691-43B8-BC40-278E48B29F82}J:\quake2\quake2.exe] => (Allow) J:\quake2\quake2.exe
FirewallRules: [{614F6565-334C-44A6-86CC-9F9A3D804478}] => (Allow) J:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{0E46613A-9A11-4DC4-BBC5-E1FC47B709A8}] => (Allow) J:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{033F4792-22A5-4C6B-95AE-9A956FCB1530}] => (Allow) E:\RouterSetup\QISWizard.exe
FirewallRules: [{E7B2D2AE-F5DE-41C5-8F36-E250A8EB1708}] => (Allow) E:\RouterSetup\QISWizard.exe
FirewallRules: [{43E7B349-A2FC-451D-A3A0-D446F9B45C35}] => (Allow) J:\UT2004\System\UT2004.exe
FirewallRules: [{4B29E4B2-C3AE-4AF8-9EDA-87B9CD473FDC}] => (Allow) J:\UT2004\System\UT2004.exe
FirewallRules: [TCP Query User{9641D6DF-131D-4DDA-9873-464BD1097549}J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe] => (Allow) J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe
FirewallRules: [UDP Query User{06A57541-DE77-48E9-B75C-5A2661A5FF42}J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe] => (Allow) J:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe
FirewallRules: [{95EA1BD0-FD61-4045-AB0F-81BD6F22924C}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
FirewallRules: [{915B9DD0-3DD7-4991-8735-CE44A80E9FD4}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
FirewallRules: [{A4F8C3DF-B4CD-4993-9977-DD96ACD71348}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{D30AA506-38D0-4E50-A974-D1D1B31D65FD}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{742F3392-4729-413A-B53E-1324A2637208}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{D6747CB8-E763-4922-BA81-70ACA02854F4}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{70FD5F12-229D-4815-B5AB-03BC2EADDF13}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
FirewallRules: [{F8C7E231-E6C9-4CD4-B990-DC6832D09AA2}] => (Allow) J:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
FirewallRules: [{411C2157-853C-447B-A686-B24760050805}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [{43936CFC-375D-429E-A116-9622DB8E490A}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [{15A956CE-A39E-4F31-9834-6B694CE98CC2}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{F4074A7A-0916-4768-A5E9-3E455D7702C9}] => (Allow) J:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{5E14F496-29C1-4964-A919-BA9A83794875}J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{0B43153B-001C-4F55-98BA-8D37345C6322}J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) J:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{76BFABE6-9FEF-4442-85BA-A6DBA9B45B0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5B0DBFAA-FE00-43EC-B67E-76C7634918D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CE9CCD55-AC83-4A9F-8FA6-7BC6A89650C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1B80D4E4-9102-44C8-A6D1-803E13761CF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF64C254-2D28-4622-8109-2E529DDE77DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{49CC2C6B-448C-4AB8-BDD5-D1183917AEB9}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{A44287D1-98D1-4C28-8F54-768C67B5B26E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{C4B3D042-1404-4A79-B05C-FF0EBFAEE775}] => (Allow) C:\Users\Ryan\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{01F1A184-5C08-4362-A9F9-F3A0CA779551}] => (Allow) C:\Users\Ryan\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{E9CF1B92-F4D8-4F1E-9DDD-CDAA90B60274}] => (Allow) C:\Program Files\Andy\Andy.exe
FirewallRules: [{D4425354-3701-4DF5-97E6-0CC0933DDE65}] => (Allow) C:\Program Files\Andy\Andy.exe
FirewallRules: [{B99DB44F-3DEF-4573-AB22-A2B257E12176}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{0272A83C-7D8F-4F2C-B504-AE45BE228DA6}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{4B7467C4-130B-4ED5-9A86-E6D27A0D0186}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3238F108-0193-40FA-93E9-21316F839FF6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B0434BC-FA17-4FA2-8AC3-0B80083E0B6D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{83C99040-A334-4541-B901-2F88F755E75B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{93AB6FD0-03CE-4EFD-88E4-983D31C760B2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{F201174C-E026-4E16-9B2A-910CC62AC24A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{8FF911B7-EDE5-4FC2-8816-B3D67A1918BD}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{C67C681F-E992-48F0-B359-DBEE346A1805}] => (Block) %ProgramFiles% (x86)\Acoustica Mixcraft 6\mixcraft6.exe
FirewallRules: [{8D79286D-E2E4-4F3B-A30F-AA3BBB5198FA}] => (Block) %ProgramFiles% (x86)\Acoustica Mixcraft 6\mixcraft6.exe
FirewallRules: [{A972F418-6729-4F02-B198-C469128B0815}] => (Block) %ProgramFiles% (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
FirewallRules: [{A9A9E1FE-4306-4EF4-BFD4-3A58BFBA587E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{F5CA93A5-9DB1-4850-B114-5FA8AE866C2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{74518935-B8AB-4DA5-8037-BDD319BE96ED}] => (Allow) C:\Users\Ryan\Downloads\isoburner_setup-65690114.exe
FirewallRules: [{0E5E5070-4083-4559-A9A3-B1BE37C1967B}] => (Allow) C:\Users\Ryan\Downloads\isoburner_setup-65690114.exe

==================== Faulty Device Manager Devices =============

Name: AODDriver4.2
Description: AODDriver4.2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2015 03:46:25 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (11/14/2015 03:51:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.86, time stamp: 0x563d61a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0x7fc
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/14/2015 03:50:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.86, time stamp: 0x563d61a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0x1218
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/14/2015 03:29:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.86, time stamp: 0x563d61a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0x10f4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/14/2015 03:05:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.86, time stamp: 0x563d61a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0x8dc
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/14/2015 01:00:15 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (11/13/2015 02:28:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (11/12/2015 10:05:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.86, time stamp: 0x563d61a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0x17d0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/12/2015 05:23:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.86, time stamp: 0x563d61a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0xe50
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/12/2015 03:48:26 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

System errors:
=============
Error: (11/15/2015 03:38:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error: (11/15/2015 03:38:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows 7 for x64-based Systems (KB3046480).

Error: (11/15/2015 03:34:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (11/15/2015 03:33:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (11/15/2015 03:33:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%1053

Error: (11/15/2015 03:33:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.

Error: (11/15/2015 03:29:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (11/15/2015 03:29:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (11/15/2015 03:29:10 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "1C659DA898FE" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (11/15/2015 03:29:10 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "1C659DA898FE" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

CodeIntegrity:
===================================
  Date: 2015-11-15 03:32:42.588
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-15 03:32:42.588
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-15 03:28:25.791
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-15 03:28:25.791
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-14 15:45:12.947
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-14 15:45:12.931
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-14 15:19:15.509
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-14 15:19:15.509
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-11 15:11:52.520
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-11 15:11:52.286
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ II X4 640 Processor
Percentage of memory in use: 37%
Total physical RAM: 8191.29 MB
Available physical RAM: 5150.83 MB
Total Virtual: 16382.57 MB
Available Virtual: 13546.71 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.79 GB) (Free:447.6 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:13.61 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (Cpt Sea Biscuit) (Fixed) (Total:931.51 GB) (Free:230.78 GB) NTFS
Drive k: (My Book) (Fixed) (Total:1862.98 GB) (Free:1547.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5A2442D8)
Partition 1: (Active) - (Size=106 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 2B38A14C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 17B6C2D9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

 

 

 

 

 

 

2015-11-15 20:51:28, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:28, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:29, Info                  CSI    0000000c [SR] Verify complete
2015-11-15 20:51:29, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:29, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:30, Info                  CSI    00000010 [SR] Verify complete
2015-11-15 20:51:30, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:30, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:31, Info                  CSI    00000014 [SR] Verify complete
2015-11-15 20:51:32, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:32, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:33, Info                  CSI    00000018 [SR] Verify complete
2015-11-15 20:51:33, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:33, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:34, Info                  CSI    0000001c [SR] Verify complete
2015-11-15 20:51:34, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:34, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:35, Info                  CSI    00000020 [SR] Verify complete
2015-11-15 20:51:35, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:35, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:37, Info                  CSI    00000024 [SR] Verify complete
2015-11-15 20:51:37, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:37, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:39, Info                  CSI    00000028 [SR] Verify complete
2015-11-15 20:51:39, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:39, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:41, Info                  CSI    0000002c [SR] Verify complete
2015-11-15 20:51:41, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:41, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:43, Info                  CSI    00000030 [SR] Verify complete
2015-11-15 20:51:43, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:43, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:45, Info                  CSI    00000034 [SR] Verify complete
2015-11-15 20:51:45, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:45, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:47, Info                  CSI    00000038 [SR] Verify complete
2015-11-15 20:51:47, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:47, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:50, Info                  CSI    0000003c [SR] Verify complete
2015-11-15 20:51:50, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:50, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:53, Info                  CSI    00000040 [SR] Verify complete
2015-11-15 20:51:53, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:53, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:55, Info                  CSI    00000044 [SR] Verify complete
2015-11-15 20:51:55, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:55, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2015-11-15 20:51:58, Info                  CSI    00000049 [SR] Verify complete
2015-11-15 20:51:58, Info                  CSI    0000004a [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:51:58, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:04, Info                  CSI    0000004f [SR] Verify complete
2015-11-15 20:52:04, Info                  CSI    00000050 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:04, Info                  CSI    00000051 [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:07, Info                  CSI    00000054 [SR] Verify complete
2015-11-15 20:52:07, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:07, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:10, Info                  CSI    00000059 [SR] Verify complete
2015-11-15 20:52:11, Info                  CSI    0000005a [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:11, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:14, Info                  CSI    0000005d [SR] Verify complete
2015-11-15 20:52:14, Info                  CSI    0000005e [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:14, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:20, Info                  CSI    00000081 [SR] Verify complete
2015-11-15 20:52:20, Info                  CSI    00000082 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:20, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:24, Info                  CSI    00000088 [SR] Verify complete
2015-11-15 20:52:24, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:24, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:27, Info                  CSI    0000008c [SR] Verify complete
2015-11-15 20:52:27, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:27, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:31, Info                  CSI    00000090 [SR] Verify complete
2015-11-15 20:52:31, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:31, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:35, Info                  CSI    00000094 [SR] Verify complete
2015-11-15 20:52:35, Info                  CSI    00000095 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:35, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:40, Info                  CSI    00000098 [SR] Verify complete
2015-11-15 20:52:40, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:40, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:46, Info                  CSI    000000bd [SR] Verify complete
2015-11-15 20:52:46, Info                  CSI    000000be [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:46, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2015-11-15 20:52:52, Info                  CSI    000000c1 [SR] Verify complete
2015-11-15 20:52:52, Info                  CSI    000000c2 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:52:52, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:03, Info                  CSI    000000c5 [SR] Verify complete
2015-11-15 20:53:03, Info                  CSI    000000c6 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:03, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:05, Info                  CSI    000000cb [SR] Verify complete
2015-11-15 20:53:06, Info                  CSI    000000cc [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:06, Info                  CSI    000000cd [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:07, Info                  CSI    000000cf [SR] Verify complete
2015-11-15 20:53:07, Info                  CSI    000000d0 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:07, Info                  CSI    000000d1 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:09, Info                  CSI    000000d3 [SR] Verify complete
2015-11-15 20:53:09, Info                  CSI    000000d4 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:09, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:15, Info                  CSI    000000e6 [SR] Verify complete
2015-11-15 20:53:15, Info                  CSI    000000e7 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:15, Info                  CSI    000000e8 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:18, Info                  CSI    000000ec [SR] Verify complete
2015-11-15 20:53:18, Info                  CSI    000000ed [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:18, Info                  CSI    000000ee [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:20, Info                  CSI    000000f0 [SR] Verify complete
2015-11-15 20:53:20, Info                  CSI    000000f1 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:20, Info                  CSI    000000f2 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:22, Info                  CSI    000000f4 [SR] Verify complete
2015-11-15 20:53:22, Info                  CSI    000000f5 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:22, Info                  CSI    000000f6 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:25, Info                  CSI    000000f8 [SR] Verify complete
2015-11-15 20:53:25, Info                  CSI    000000f9 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:25, Info                  CSI    000000fa [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:30, Info                  CSI    000000fe [SR] Verify complete
2015-11-15 20:53:30, Info                  CSI    000000ff [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:30, Info                  CSI    00000100 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:34, Info                  CSI    00000102 [SR] Verify complete
2015-11-15 20:53:34, Info                  CSI    00000103 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:34, Info                  CSI    00000104 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:36, Info                  CSI    00000106 [SR] Verify complete
2015-11-15 20:53:36, Info                  CSI    00000107 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:36, Info                  CSI    00000108 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:41, Info                  CSI    0000010a [SR] Verify complete
2015-11-15 20:53:41, Info                  CSI    0000010b [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:41, Info                  CSI    0000010c [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:44, Info                  CSI    0000010e [SR] Verify complete
2015-11-15 20:53:45, Info                  CSI    0000010f [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:45, Info                  CSI    00000110 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:48, Info                  CSI    00000112 [SR] Verify complete
2015-11-15 20:53:48, Info                  CSI    00000113 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:48, Info                  CSI    00000114 [SR] Beginning Verify and Repair transaction
2015-11-15 20:53:56, Info                  CSI    00000120 [SR] Verify complete
2015-11-15 20:53:56, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:53:56, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2015-11-15 20:54:00, Info                  CSI    00000130 [SR] Verify complete
2015-11-15 20:54:00, Info                  CSI    00000131 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:54:00, Info                  CSI    00000132 [SR] Beginning Verify and Repair transaction
2015-11-15 20:54:10, Info                  CSI    00000134 [SR] Verify complete
2015-11-15 20:54:10, Info                  CSI    00000135 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:54:10, Info                  CSI    00000136 [SR] Beginning Verify and Repair transaction
2015-11-15 20:54:14, Info                  CSI    00000138 [SR] Verify complete
2015-11-15 20:54:14, Info                  CSI    00000139 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:54:14, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
2015-11-15 20:54:23, Info                  CSI    0000013d [SR] Verify complete
2015-11-15 20:54:23, Info                  CSI    0000013e [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:54:23, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
2015-11-15 20:54:28, Info                  CSI    00000141 [SR] Verify complete
2015-11-15 20:54:28, Info                  CSI    00000142 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:54:28, Info                  CSI    00000143 [SR] Beginning Verify and Repair transaction
2015-11-15 20:54:32, Info                  CSI    00000145 [SR] Verify complete
2015-11-15 20:54:32, Info                  CSI    00000146 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:54:32, Info                  CSI    00000147 [SR] Beginning Verify and Repair transaction
2015-11-15 20:54:35, Info                  CSI    00000149 [SR] Verify complete
2015-11-15 20:54:35, Info                  CSI    0000014a [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:54:35, Info                  CSI    0000014b [SR] Beginning Verify and Repair transaction
2015-11-15 20:54:38, Info                  CSI    0000014f [SR] Verify complete
2015-11-15 20:54:38, Info                  CSI    00000150 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:54:38, Info                  CSI    00000151 [SR] Beginning Verify and Repair transaction
2015-11-15 20:54:48, Info                  CSI    00000153 [SR] Verify complete
2015-11-15 20:54:48, Info                  CSI    00000154 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:54:48, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
2015-11-15 20:54:53, Info                  CSI    00000158 [SR] Verify complete
2015-11-15 20:54:53, Info                  CSI    00000159 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:54:53, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
2015-11-15 20:54:57, Info                  CSI    0000015c [SR] Verify complete
2015-11-15 20:54:57, Info                  CSI    0000015d [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:54:57, Info                  CSI    0000015e [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:01, Info                  CSI    00000161 [SR] Verify complete
2015-11-15 20:55:01, Info                  CSI    00000162 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:01, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:08, Info                  CSI    00000166 [SR] Verify complete
2015-11-15 20:55:08, Info                  CSI    00000167 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:08, Info                  CSI    00000168 [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:12, Info                  CSI    0000016a [SR] Verify complete
2015-11-15 20:55:12, Info                  CSI    0000016b [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:12, Info                  CSI    0000016c [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:16, Info                  CSI    0000016e [SR] Verify complete
2015-11-15 20:55:16, Info                  CSI    0000016f [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:16, Info                  CSI    00000170 [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:19, Info                  CSI    00000172 [SR] Verify complete
2015-11-15 20:55:19, Info                  CSI    00000173 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:19, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:25, Info                  CSI    00000177 [SR] Verify complete
2015-11-15 20:55:25, Info                  CSI    00000178 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:25, Info                  CSI    00000179 [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:28, Info                  CSI    0000017b [SR] Verify complete
2015-11-15 20:55:28, Info                  CSI    0000017c [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:28, Info                  CSI    0000017d [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:32, Info                  CSI    00000180 [SR] Verify complete
2015-11-15 20:55:32, Info                  CSI    00000181 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:32, Info                  CSI    00000182 [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:37, Info                  CSI    00000185 [SR] Verify complete
2015-11-15 20:55:37, Info                  CSI    00000186 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:37, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:41, Info                  CSI    0000018a [SR] Verify complete
2015-11-15 20:55:41, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:41, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:46, Info                  CSI    0000018e [SR] Verify complete
2015-11-15 20:55:46, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:46, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:51, Info                  CSI    00000193 [SR] Verify complete
2015-11-15 20:55:51, Info                  CSI    00000194 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:51, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:54, Info                  CSI    00000197 [SR] Verify complete
2015-11-15 20:55:54, Info                  CSI    00000198 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:54, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2015-11-15 20:55:57, Info                  CSI    0000019b [SR] Verify complete
2015-11-15 20:55:57, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:55:57, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2015-11-15 20:56:00, Info                  CSI    0000019f [SR] Verify complete
2015-11-15 20:56:00, Info                  CSI    000001a0 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:56:00, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2015-11-15 20:56:04, Info                  CSI    000001a3 [SR] Verify complete
2015-11-15 20:56:04, Info                  CSI    000001a4 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:56:04, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2015-11-15 20:56:08, Info                  CSI    000001a7 [SR] Verify complete
2015-11-15 20:56:08, Info                  CSI    000001a8 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:56:08, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2015-11-15 20:56:10, Info                  CSI    000001ab [SR] Verify complete
2015-11-15 20:56:10, Info                  CSI    000001ac [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:56:10, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2015-11-15 20:56:15, Info                  CSI    000001af [SR] Verify complete
2015-11-15 20:56:15, Info                  CSI    000001b0 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:56:15, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
2015-11-15 20:56:30, Info                  CSI    000001b3 [SR] Verify complete
2015-11-15 20:56:30, Info                  CSI    000001b4 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:56:30, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2015-11-15 20:56:45, Info                  CSI    000001b7 [SR] Verify complete
2015-11-15 20:56:45, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:56:45, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2015-11-15 20:56:51, Info                  CSI    000001bb [SR] Verify complete
2015-11-15 20:56:51, Info                  CSI    000001bc [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:56:51, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2015-11-15 20:56:53, Info                  CSI    000001bf [SR] Verify complete
2015-11-15 20:56:53, Info                  CSI    000001c0 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:56:53, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2015-11-15 20:56:56, Info                  CSI    000001c3 [SR] Verify complete
2015-11-15 20:56:56, Info                  CSI    000001c4 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:56:56, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2015-11-15 20:56:59, Info                  CSI    000001c7 [SR] Verify complete
2015-11-15 20:56:59, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:56:59, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:05, Info                  CSI    000001d1 [SR] Verify complete
2015-11-15 20:57:05, Info                  CSI    000001d2 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:05, Info                  CSI    000001d3 [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:08, Info                  CSI    000001d5 [SR] Verify complete
2015-11-15 20:57:08, Info                  CSI    000001d6 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:08, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:11, Info                  CSI    000001d9 [SR] Verify complete
2015-11-15 20:57:11, Info                  CSI    000001da [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:11, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:13, Info                  CSI    000001dd [SR] Verify complete
2015-11-15 20:57:13, Info                  CSI    000001de [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:13, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:17, Info                  CSI    000001e1 [SR] Verify complete
2015-11-15 20:57:17, Info                  CSI    000001e2 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:17, Info                  CSI    000001e3 [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:21, Info                  CSI    000001e6 [SR] Verify complete
2015-11-15 20:57:21, Info                  CSI    000001e7 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:21, Info                  CSI    000001e8 [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:25, Info                  CSI    000001ea [SR] Verify complete
2015-11-15 20:57:25, Info                  CSI    000001eb [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:25, Info                  CSI    000001ec [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:27, Info                  CSI    000001ee [SR] Verify complete
2015-11-15 20:57:27, Info                  CSI    000001ef [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:27, Info                  CSI    000001f0 [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:33, Info                  CSI    000001f3 [SR] Verify complete
2015-11-15 20:57:33, Info                  CSI    000001f4 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:33, Info                  CSI    000001f5 [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:41, Info                  CSI    000001f9 [SR] Verify complete
2015-11-15 20:57:41, Info                  CSI    000001fa [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:41, Info                  CSI    000001fb [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:46, Info                  CSI    00000200 [SR] Verify complete
2015-11-15 20:57:46, Info                  CSI    00000201 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:46, Info                  CSI    00000202 [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:51, Info                  CSI    0000020a [SR] Verify complete
2015-11-15 20:57:51, Info                  CSI    0000020b [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:51, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
2015-11-15 20:57:57, Info                  CSI    00000216 [SR] Verify complete
2015-11-15 20:57:57, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:57:57, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:00, Info                  CSI    0000021a [SR] Verify complete
2015-11-15 20:58:00, Info                  CSI    0000021b [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:00, Info                  CSI    0000021c [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:03, Info                  CSI    00000220 [SR] Verify complete
2015-11-15 20:58:03, Info                  CSI    00000221 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:03, Info                  CSI    00000222 [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:05, Info                  CSI    00000224 [SR] Verify complete
2015-11-15 20:58:05, Info                  CSI    00000225 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:05, Info                  CSI    00000226 [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:10, Info                  CSI    0000024b [SR] Verify complete
2015-11-15 20:58:10, Info                  CSI    0000024c [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:10, Info                  CSI    0000024d [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:13, Info                  CSI    0000024f [SR] Verify complete
2015-11-15 20:58:13, Info                  CSI    00000250 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:13, Info                  CSI    00000251 [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:16, Info                  CSI    00000253 [SR] Verify complete
2015-11-15 20:58:16, Info                  CSI    00000254 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:16, Info                  CSI    00000255 [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:19, Info                  CSI    00000257 [SR] Verify complete
2015-11-15 20:58:19, Info                  CSI    00000258 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:19, Info                  CSI    00000259 [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:21, Info                  CSI    00000267 [SR] Verify complete
2015-11-15 20:58:22, Info                  CSI    00000268 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:22, Info                  CSI    00000269 [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:28, Info                  CSI    0000026b [SR] Verify complete
2015-11-15 20:58:28, Info                  CSI    0000026c [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:28, Info                  CSI    0000026d [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:33, Info                  CSI    0000027b [SR] Verify complete
2015-11-15 20:58:34, Info                  CSI    0000027c [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:34, Info                  CSI    0000027d [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:36, Info                  CSI    0000027f [SR] Verify complete
2015-11-15 20:58:36, Info                  CSI    00000280 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:36, Info                  CSI    00000281 [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:40, Info                  CSI    00000284 [SR] Verify complete
2015-11-15 20:58:40, Info                  CSI    00000285 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:40, Info                  CSI    00000286 [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:42, Info                  CSI    00000288 [SR] Verify complete
2015-11-15 20:58:42, Info                  CSI    00000289 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:42, Info                  CSI    0000028a [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:44, Info                  CSI    0000028c [SR] Verify complete
2015-11-15 20:58:44, Info                  CSI    0000028d [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:44, Info                  CSI    0000028e [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:50, Info                  CSI    00000290 [SR] Verify complete
2015-11-15 20:58:51, Info                  CSI    00000291 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:51, Info                  CSI    00000292 [SR] Beginning Verify and Repair transaction
2015-11-15 20:58:54, Info                  CSI    00000294 [SR] Verify complete
2015-11-15 20:58:54, Info                  CSI    00000295 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:58:54, Info                  CSI    00000296 [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:00, Info                  CSI    000002b0 [SR] Verify complete
2015-11-15 20:59:00, Info                  CSI    000002b1 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:00, Info                  CSI    000002b2 [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:04, Info                  CSI    000002b4 [SR] Verify complete
2015-11-15 20:59:04, Info                  CSI    000002b5 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:04, Info                  CSI    000002b6 [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:14, Info                  CSI    000002b8 [SR] Verify complete
2015-11-15 20:59:14, Info                  CSI    000002b9 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:14, Info                  CSI    000002ba [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:17, Info                  CSI    000002bc [SR] Verify complete
2015-11-15 20:59:17, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:17, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:20, Info                  CSI    000002c2 [SR] Verify complete
2015-11-15 20:59:20, Info                  CSI    000002c3 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:20, Info                  CSI    000002c4 [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:22, Info                  CSI    000002c6 [SR] Verify complete
2015-11-15 20:59:23, Info                  CSI    000002c7 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:23, Info                  CSI    000002c8 [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:26, Info                  CSI    000002ca [SR] Verify complete
2015-11-15 20:59:26, Info                  CSI    000002cb [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:26, Info                  CSI    000002cc [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:29, Info                  CSI    000002ce [SR] Verify complete
2015-11-15 20:59:29, Info                  CSI    000002cf [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:29, Info                  CSI    000002d0 [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:32, Info                  CSI    000002d3 [SR] Verify complete
2015-11-15 20:59:32, Info                  CSI    000002d4 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:32, Info                  CSI    000002d5 [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:35, Info                  CSI    000002d7 [SR] Verify complete
2015-11-15 20:59:36, Info                  CSI    000002d8 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:36, Info                  CSI    000002d9 [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:39, Info                  CSI    000002db [SR] Verify complete
2015-11-15 20:59:39, Info                  CSI    000002dc [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:39, Info                  CSI    000002dd [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:43, Info                  CSI    000002df [SR] Verify complete
2015-11-15 20:59:43, Info                  CSI    000002e0 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:43, Info                  CSI    000002e1 [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:48, Info                  CSI    000002e4 [SR] Verify complete
2015-11-15 20:59:48, Info                  CSI    000002e5 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:48, Info                  CSI    000002e6 [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:51, Info                  CSI    000002e8 [SR] Verify complete
2015-11-15 20:59:51, Info                  CSI    000002e9 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:51, Info                  CSI    000002ea [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:55, Info                  CSI    000002ec [SR] Verify complete
2015-11-15 20:59:55, Info                  CSI    000002ed [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:55, Info                  CSI    000002ee [SR] Beginning Verify and Repair transaction
2015-11-15 20:59:58, Info                  CSI    000002f0 [SR] Verify complete
2015-11-15 20:59:58, Info                  CSI    000002f1 [SR] Verifying 100 (0x0000000000000064) components
2015-11-15 20:59:58, Info                  CSI    000002f2 [SR] Beginning Verify and Repair transaction
2015-11-15 21:00:01, Info                  CSI    000002f4 [SR] Verify complete
2015-11-15 21:00:01, Info                  CSI    000002f5 [SR] Verifying 12 (0x000000000000000c) components
2015-11-15 21:00:01, Info                  CSI    000002f6 [SR] Beginning Verify and Repair transaction
2015-11-15 21:00:01, Info                  CSI    000002f8 [SR] Verify complete
2015-11-15 21:00:01, Info                  CSI    000002f9 [SR] Repairing 0 components
2015-11-15 21:00:01, Info                  CSI    000002fa [SR] Beginning Verify and Repair transaction
2015-11-15 21:00:01, Info                  CSI    000002fc [SR] Repair complete
 

 

 

 

 

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 15/11/2015 9:28:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/11/2015 11:38:46 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.

Log: 'System' Date/Time: 15/11/2015 11:32:46 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Log: 'System' Date/Time: 15/11/2015 11:31:26 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.2 service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 15/11/2015 11:31:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Antimalware Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 15/11/2015 11:31:07 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.

Log: 'System' Date/Time: 15/11/2015 7:46:16 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/11/2015 11:33:16 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#18E391066476&1#.

Log: 'System' Date/Time: 15/11/2015 11:32:52 PM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share My Apps2 because the directory J:\ProgramData\BlueStacks\UserData\Library\My Apps no longer exists.  Please run "net share My Apps2 /delete" to delete the share, or recreate the directory J:\ProgramData\BlueStacks\UserData\Library\My Apps.

Log: 'System' Date/Time: 15/11/2015 11:30:33 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WDC_SAM failed to load for the device USBSTOR\Other&Ven_WD&Prod_SES_Device&Rev_1065\574343344E36584A50395454&1.

Log: 'System' Date/Time: 15/11/2015 7:46:19 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 15/11/2015 7:46:19 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\RAIHV.dll


  • 0

#20
rct8787

rct8787

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Application run

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 15/11/2015 9:32:10 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

IF Chrome is still not working:

 

Let's do a test.  

 

Right click on the Chrome Shortcut on your desktop and select Properties.  Change the target line to add

--no-sandbox at the end

 

Looks like this on my PC:

 

"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox

 

Try to start Chrome.  If it works you will get a message about an unsupported option.  Not wise to run in this mode as it disables some security options but I want to see if it does work.


  • 0

#22
rct8787

rct8787

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I see the message up top when I start chrome but it still stops working after a couple secs and force closes.


  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

I have a similar case that just had a breakthrough.  He downloaded tHiren's boot cd and booted off irt and ran the Clam AV scan.  After that things seemed to work again.

 

If you have a CD (or a USB) 

 

This a BIG! Zip File so save it.  Then right click on it and Extract all.  Put a blank CD in the drive and then double click on BurnToCD.cmd.  When it finishes you boot off it and run the MiniXP program.  This will give you a fake XP desktop.  Start, All Programs and hunt around until you find HDDScan.  Probably under Hard Disk Tools.  I think one of the tests it has is called Verify.  It will also tell you the model of the hard drive.
 
Then reboot and boot off the CD (you may have to change the boot order in BIOS Setup)
 
Alternatively it appears that the infection targets Adobe products so you can try uninstalling anything you have from Adobe (and Utorrent) and see if that helps.

  • 0

#24
rct8787

rct8787

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hey sorry for the long delay been busy and haven't been able to get on the computer lately, anyways I downloaded and burned tHiren's boot cd and just used the Clam AV scan and that didn't help so I booted it up again and pretty much used every anti virus and malware program it had on it and it worked! Comps anti virus free, chrome works and I can run anti virus programs now. Thanks so much for all your help! Can you reply with that link again and Ill shoot over a donation for your help! Thanks again!


  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

That's good to hear.  Sometimes the only way to get rid of a really stubborn rootkit is to scan from the outside.  If you let windows boot it can hide and protect itself.

 

We usually clean up with Delfix.  This removes our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore.  Follow the instructions and ignore the picture since it doesn't show the correct options as checked.

 

 

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

 

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
Unless you have the latest version of Avast which has its own update checker:  To help keep your programs up-to-date you should download and run the FileHippo App Manager
 
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it.  Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
 Seems to work best if Firefox or Chrome is the default browser.  Windows always hides its icon so you need to unhide it.  Click on the up arrow to the left of the clock.  Then click on Customize.  Maximize the window so you can see all of the options.  Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications.  OK.  When you reboot you should see the icon.  It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser.  (Seems to work best if it uses Firefox.  If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results.  Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it.  While there, also check Hide Beta Versions.  OK. )  You will see a list of programs that have updates with green down arrows next to them.  You do not need to download any Beta Versions.  There is an option Settings to Hide Beta Versions.  I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases.  OK. 
 
You can also try Secunia PSI http://secunia.com/v...l/download_psi/  Same kind of info.  You don't need both but I think it's Java based so probably not the best thing to use.
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.com before you open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
Last time I downloaded it you had to give them your IP address and they would send you the link to download it.  When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running.  The free version does not update on its own so you should check for updated versions once in a while.  If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
Make sure Windows Updates is turned and that it works.  Go to Control panel, Windows Updates and see if it works.  
 
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
 

 

Ron

 


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP