Hello,
So yesterday i woke up and turned my PC on to find out that i have a big red "X" on my connection thingy in the bottom right corner. When i tried to use the "Solve Problems" option i got this message: "There might be a problem with the driver for the Local Area Connection Adapter". I searched online on my phone to find some solutions. I found a couple:
-Update network adapter drivers
-Deinstall all those drivers and let windows install them again
-Tried connecting wirelessly, but once again i got the same problem (just this time it said "wireless something something 11 adapter)
-Tried using my ethernet cable on my laptop, it worked, it´s not in the cable
-Disabled and enabled Local Area Connection in the "Change Adapter Settings"
-Made sure TCP/IPv4 and TCP/IPv6 are both on Auto
Nothing worked. In the end i decided to restore my PC to a couple of days ago. In those couple of days there were some Windows updates that got installed.
After restoring, my internet worked again. I decided to immediatly update my Network Adapter Drivers. Upon doing that my internet icon went crazy, one seccond i had internet the other not. Now that i think about it it was probably because those drivers were being installed. After that i restarted my PC a couple of times. On one restart those updates got installed (18 of them), but after every restart my internet worked. I am not sure if the problem is in those updates since the first time i got them installed it was about a week before my problem occured.
After all of that i posted my first cry for help online. I got one answer and the person told me to download and run "Tweaking Windows Repair". I downloaded it but i didn´t run it until today. The reason being, my internet worked, and a part of me thought (hoped) that the problem was gone... Oh silly me.
Today i turned on my PC with fear, unfortunately my fear was justified. Same thing. First thing i tried was restoring my PC again, so that i can at least have internet access and start working on the solution. The problem is, this time it didn´t let me go that far back, it only gave me the option to go back to yesterday. I did that, but this time it did not work.
Then i decided to use the "Tweaking" program. It finished, problem was still there. I did it again, since it said that they recommend doing it twice. Still nothing. After that i decided to manually deinstall all updates that windows installed for this month. I managed to deinstall everything (even microsoft .net framework, which i don´t know if it´s good or bad). The only thing i was not able to deinstall was "Adobe Acrobat Reader DC (15.010.20060)", but only because it didn´t let me do that.
I honestly have no idea what to do next, and i hope some of you have the solution.
My IPCONFIG /ALL:
Windows IP Configuration
host name..............................: user-pc
primary dns suffix....................: (blank)
node type...............................: hybrid
ip routing enabled....................: no
wins proxy enabled..................: no
Tunnel adapter Teredo Tunneling Pseudo-Interface:
media state.............................: media disconnected
connection-specific dns suffix.....: (blank)
description...............................: teredo tunneling pseudo-interface
physical address.......................: 00-00-00-00-00-00-00-E0
dhcp enabled............................: no
autoconfiguration enabled..........: yes
I have no idea what any of this is, but i saw some people do it so i did it as well. The only thing i think i know is that DHCP should be enabled, and i did that, i´ve put TCP/IPv4 and TCP/IPv6 on auto. Unless there is another way to enable DHCP.
So there it is, I hope some of you know what the problem is, and hopefully it can be fixed. If more information is needed i am more than happy to provide it.
System spec:
Windows 7 Ultimate
Processor: Intel® Core™ i3-3240 CPU @ 3.40GHz 3.40 GHz
RAM: 8,00 GB (7,89 GB Usable)
64-bit OS
Thank you.
Problem with the driver for Local Area Connection adapter
Started by
MCMSBre
, Mar 13 2016 07:19 AM
AdapterNetwork Drivers Windows7 Local Area Connection
#1
Posted 13 March 2016 - 07:19 AM
MCMSBre
-
- Member
-
- 19 posts
Member
#2
Posted 14 March 2016 - 07:09 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
I wonder if the hard drive has a bad spot where the driver sits.
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
Right click on (My) Computer and select Manage (Yes) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.
Go in to Device Manager and uninstall the Network Adapters.
Reboot. The disk check will run and will probably take an hour or more to finish.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc /scannow
(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:
Copy the next two lines:
findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt notepad \windows\logs\cbs\junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Yes. Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close notepad. Close the Command Window.
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
#3
Posted 14 March 2016 - 11:54 AM
MCMSBre
- Topic Starter
-
- Member
-
- 19 posts
Member
Thank you for your answer,
I did the check disk, it finished. The "sfc /scannow" finished as well, after which i got: " Windows Resource Protection did not find any integrity violations." I´m guessing that´s good.
I´ve put 2 files in the attachments, one is VEW log for system and the other for application. My unexperienced eye saw quite some errors in those 2 reports, i hope it is not something too serious...
Attached Files
-
VEW -System.txt 2.22KB
285 downloads
-
VEW-Application.txt 6.24KB
396 downloads
Edited by MCMSBre, 14 March 2016 - 12:41 PM.
#4
Posted 14 March 2016 - 12:58 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Looks like this is the culprit:
Log: 'System' Date/Time: 14/03/2016 5:42:08 PMType: Error Category: 0Event: 7026 Source: Service Control ManagerThe following boot-start or system-start driver(s) failed to load: JSWPSLWF
There have been problems with older versions of the driver not being signed and suddenly failing after a windows update.
Where did you get the driver updates that you mentioned at the beginning?
There is a way to get it to ignore signing.
First go into device manager and uninstall the Network adapters then reboot
1. During boot-up, After you see the PC maker's logo continuously press (and release) <F8> to get to Advanced Boot Options. Note: On some systems, you need to first press <F2> to go into Boot Menu, then press <F8> to reach Advanced Boot Options.
2. When the menu appears, use the DOWN arrow key to scroll to “Disable Driver Signature Enforcement.”
3. Press <Enter>.
4. Continue the boot process. Not a good long term fix since it makes your system more vulnerable to infection but it will show if we are on the right track if the network starts working again.
2. When the menu appears, use the DOWN arrow key to scroll to “Disable Driver Signature Enforcement.”
3. Press <Enter>.
4. Continue the boot process. Not a good long term fix since it makes your system more vulnerable to infection but it will show if we are on the right track if the network starts working again.
What make and model number is the PC?
What version of the Network drivers are you using and where did you get them?
#5
Posted 14 March 2016 - 02:57 PM
MCMSBre
- Topic Starter
-
- Member
-
- 19 posts
Member
Using “Disable Driver Signature Enforcement.” did help, i do have internet connection on my PC now.
Which drivers do you have in mind? The ones I installed myself for Network adapters? I found them online on Realteks official page. But i do not think that that driver is the problem since i lost my connection before i installed that driver. Me installing that driver was just me trying to fix this thing myself.
I got my internet connection again after restoring my pc to before some 18 updates were installed. Those updates are from the windows automatic update system. I do not know which updates i got, but like i said i deinstalled all updates i got from windows for this month. Can windows install drivers as well automatically? Maybe i haven´t deinstalled all updates, are some hidden in some way?
A wierd thing about my make and model number. First i had no idea what that is, then i found online the "wmic bios get serialnumber" command for command prompt. The thing i got was "to be filled by o.e.m". I searched online and saw that a bios update was needed, which i have never done. Can that lead to some problems? Should i do that, how do i do that? I know i´m getting sidetracked but i don´t want more problems in the near future.
Anyway i went behind to search for the number on my case and the only number i found that i would say looks like that is: "923B130100591". But i dont know if that is it nor do i know what the "make" is. I apologise.
If those numbers are the same as the motherboard numbers, which i managed to find, then those are:
Manufacturer: ASRock
Product: Z77 Pro4-M
SerialNumber: E80-31021900027
Version: (Blank)
Network adapters: Realtek PCIe GBE Family Controller
Driver Date: 7.1.2016
Driver Version: 7.98.107.2016
I Hope i got the right information, the needed information.
Edited by MCMSBre, 14 March 2016 - 02:57 PM.
#6
Posted 14 March 2016 - 03:09 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Until you get it sorted out I would go into Control Panel, Windows Update and turn off automatic download & install.
The motherboard number will do. The driver that ASRock provides is
http://www.asrock.co...nload&os=Win764
You might try it.
We can also look at your drivers to see which are not signed.
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator. Yes.
Type:
sigverif
and hit Enter then Start (in the new window)
When it finishes it will tell you which drivers it doesn't like if any.
#7
Posted 15 March 2016 - 05:30 AM
MCMSBre
- Topic Starter
-
- Member
-
- 19 posts
Member
I have already disabled windows automatic download and install, unfortunately it was too late.
Which drivers from that site should i download and install, all of them?
I did the "sigverif" and i got a full list of items. I suppose that´s bad. What do i do now? I have noticed that "jswpslwfx.sys" is on the list. It has almost the same name as that driver that failed to load, just with an "x" at the end...
#8
Posted 15 March 2016 - 06:05 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
I don't usually run sigverif with the driver signing turned off so that might be why you get so many. On mine it's on and sigverif doesn't find any.
Appears jswpslwfx.sys is the driver in charge of the jswpslwf service. Appears it's a 32 bit driver since on another site I found it listed as
C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys
This is normally hidden by windows so:
Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button
Then right click on the Start button and select Start Windows Explorer. Then navigate down to
C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys
Right click on it and select Properties then Digital Signature. Does it have one? Select the Details tab and tell me what version it has.
Check if there is one at C:\Windows\System32\DRIVERS\jswpslwfx.sys too.
Then go to the http://www.asrock.co...nload&os=Win764site and get the 7th one down.
It says:
3/14/2012 Windows® 7 64bit 5.53MB Realtek Lan driver ver:7048 Windows 7 ver:7.48.823.2011 Windows 7 64bit ver:7.48.823.2011
After the install look in the same two locations again and see if there is a Digital Signature and what Version we have.
#9
Posted 15 March 2016 - 10:49 AM
MCMSBre
- Topic Starter
-
- Member
-
- 19 posts
Member
I have to mention that i have done the "sigverif" command on both the normal startup (when i don´t have internet connection) and on the one with the driver signing turned off, both times i got same results. I mean i haven´t gone through each thing on the list and compare it but the list was long on both occasions.
I have selected averything you said in the folder options/view tab except "Display the contents of system folders." because it is not there. The rest was there however.
In the C:\Windows\SysWOW64\DRIVERS folder i do not have the "jswpslwfx.sys". I only have a couple of folders there and some files.
I do however have the "jswpslwfx.sys" in the C:\Windows\System32\DRIVERS folder. When go in into properties i do not have a "Digital Signature" tab nor is it listed in the details or on any other tabs. In details it says that the version is: 1.0.0.50. Both file version and product version are the same. Makes sense...
After Installing the driver, and rebooting normally:
The "jswpslwfx.sys" in System32 folder is completely the same. Still no Digital Signature and even the version is still the same.
The SysWOW64/drivers folder still doesn´t have the "jswpslwfx.sys".
After rebooting with the driver signing turned off:
It´s the same. I don´t know why i thought it wouldn´t be. I guess there is no harm in checking...
Maybe i haven´t installed the driver properly. After the Install wizard, of whatever the name is finished i did nothing more, i just restarted my PC afterwards. Am i supposed to manually install something afterwards, after that initial instalation is complete?
Edited by MCMSBre, 15 March 2016 - 10:53 AM.
#10
Posted 15 March 2016 - 11:33 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
The jswpslwfx.sys seems wrong. Pretty old version number.
That the file is in System32 makes more sense than it being in SysWOW64. System32 is where the 64 bit files are supposed to be.
My PC is also running Win 7 Ultimate, 64 bit so I'm not sure why yours is so different. Perhaps the signing stays off once you turn it off and that is why there is no "Digital Signature" tab.
Run sigverif
click on Advanced and then on View Log Copy and paste the log into a reply. If there is no log then check the Save the sig ver. results to a log file then OK and Start. (If the log is too big for the forum then attach it.)
#11
Posted 15 March 2016 - 11:51 AM
MCMSBre
- Topic Starter
-
- Member
-
- 19 posts
Member
I haven´t even tried copy-pasting the text, i assume it was too big.
Attached Files
-
SIGVERIF.TXT 133.69KB
375 downloads
#12
Posted 15 March 2016 - 12:01 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
I downloaded the driver program. It's a zip file so you have to save it then (right click and Show in Folder) then right click and Extract All. That will open to a folder Realtek_Win7-64_Win7(7048)\LAN(7048)
Double click on Lan(7048) and it opens to show a setup.exe file (and a bunch of other files and folders) . Right click on setup.exe and Run As Admin. That should install a new driver. The one you have is ancient.
#13
Posted 15 March 2016 - 12:25 PM
MCMSBre
- Topic Starter
-
- Member
-
- 19 posts
Member
I did that but nothing changed. Does it have something to do with the thing that i downloaded the driver on my laptop, then used a usb stick to get it to my pc? It shouldn´t make a diference right?
Where is that driver in the device manager, which one is it, maybe i have to somehow install it from there as well? Is it the network adapters?
EDIT: I just saw that the "jswpslwfx.sys", in properties it says that it opens with "Unknown application". I am not sure if that is supposed to be like that, just decided to share that, maybe it´s important...
Edited by MCMSBre, 15 March 2016 - 12:34 PM.
#14
Posted 15 March 2016 - 12:43 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
The driver on the motherboard is realtek so this must be a separate card from the onboard network device.
I'm going to have this topic moved to malware so I can run FRST and see what is going on.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
#15
Posted 15 March 2016 - 02:01 PM
MCMSBre
- Topic Starter
-
- Member
-
- 19 posts
Member
FRST Results.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by User (administrator) on USER-PC (15-03-2016 20:48:03)
Running from C:\Users\User\Desktop\FRST64
Loaded Profiles: User (Available Profiles: User & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) D:\Teamviewer\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13516360 2013-04-02] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-14] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-03] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => No File
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2016-01-30]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2016-03-15]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{57C84DA3-60F6-4DE1-9A32-2A9681C5337B}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2278087175-315393774-4205556306-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2278087175-315393774-4205556306-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://at.search.yahoo.com/?type=903578&fr=spigot-yhp-ie
SearchScopes: HKU\S-1-5-21-2278087175-315393774-4205556306-1000 -> DefaultScope {9E03EC2F-2194-4BC8-9698-27993060BD56} URL = hxxps://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2278087175-315393774-4205556306-1000 -> {9E03EC2F-2194-4BC8-9698-27993060BD56} URL = hxxps://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-03-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-06] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-2278087175-315393774-4205556306-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2278087175-315393774-4205556306-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-04-27] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5gsjqgb1.default-1446418166396
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2014-05-19] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-19] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-03-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2278087175-315393774-4205556306-1000: @hola.org/FlashPlayer -> C:\Users\User\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-02-17] ()
FF Plugin HKU\S-1-5-21-2278087175-315393774-4205556306-1000: @hola.org/vlc -> C:\Users\User\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-02-17] (Hola)
FF Plugin HKU\S-1-5-21-2278087175-315393774-4205556306-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5gsjqgb1.default-1446418166396\user.js [2015-11-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5gsjqgb1.default-1446418166396\extensions\[email protected] [2015-11-02]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5gsjqgb1.default-1446418166396\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-02-12]
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5gsjqgb1.default-1446418166396\Extensions\[email protected] [2016-03-10]
FF Extension: Hola Better Internet - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5gsjqgb1.default-1446418166396\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2016-02-17]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5gsjqgb1.default-1446418166396\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2015-12-22]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2015-02-11] (EasyAntiCheat Ltd)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-14] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 TeamViewer; D:\Teamviewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-27] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R1 JSWPSLWF; C:\Windows\System32\DRIVERS\jswpslwfx.sys [26624 2008-05-15] (Atheros Communications, Inc.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237448 2015-12-19] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [178872 2016-03-15] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [998280 2015-12-11] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-03-11] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [112520 2015-12-03] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
S3 athur; system32\DRIVERS\athurx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 20:47 - 2016-03-15 20:48 - 00000000 ____D C:\Users\User\Desktop\FRST64
2016-03-15 20:46 - 2016-03-15 20:48 - 00000000 ____D C:\FRST
2016-03-15 19:17 - 2011-08-23 20:57 - 00565352 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-03-15 19:17 - 2011-08-23 20:57 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll
2016-03-15 19:10 - 2016-03-15 19:10 - 00000000 ____D C:\Users\User\Desktop\Driver
2016-03-15 12:34 - 2016-03-15 18:48 - 00137926 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2016-03-14 18:43 - 2016-03-14 18:48 - 00006391 _____ C:\VEW.txt
2016-03-14 18:33 - 2016-03-14 16:53 - 00061440 _____ ( ) C:\Users\User\Desktop\VEW.exe
2016-03-14 13:43 - 2016-03-14 13:43 - 00000000 ____D C:\Users\User\AppData\Local\Intel_Corporation
2016-03-13 22:40 - 2016-03-13 22:40 - 00072338 _____ C:\Windows\system32\log.xml
2016-03-13 22:40 - 2016-03-13 22:40 - 00000000 ____D C:\ProgramData\ATI
2016-03-13 22:37 - 2016-03-13 22:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_INETMON_01011.Wdf
2016-03-13 22:37 - 2014-05-27 11:21 - 00025800 _____ C:\Windows\system32\Drivers\INETMON.sys
2016-03-13 22:34 - 2016-03-13 22:34 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-03-13 22:34 - 2016-03-13 22:34 - 00000000 ____D C:\Program Files\Realtek
2016-03-13 22:34 - 2013-04-03 19:19 - 03382984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-03-13 22:34 - 2013-04-01 13:54 - 03180912 _____ C:\Windows\system32\Drivers\rtvienna.dat
2016-03-13 22:34 - 2013-03-26 17:06 - 02797128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-03-13 22:34 - 2013-03-26 14:38 - 01659464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-03-13 22:34 - 2013-03-20 13:16 - 02102040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2016-03-13 22:34 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-03-13 22:34 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-03-13 22:34 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-03-13 22:34 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-03-13 22:34 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-03-13 22:34 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-03-13 22:34 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-03-13 22:33 - 2013-04-03 22:02 - 00613448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-03-13 22:33 - 2013-04-03 16:56 - 00449509 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-03-13 22:33 - 2013-03-27 16:57 - 00135240 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-03-13 22:33 - 2013-03-26 17:04 - 02734624 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-03-13 22:33 - 2013-03-26 15:40 - 03693128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2016-03-13 22:33 - 2013-03-23 03:43 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-03-13 22:33 - 2013-03-20 13:16 - 00910104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-03-13 22:33 - 2013-02-28 13:10 - 02032408 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2016-03-13 22:33 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-03-13 22:33 - 2013-02-19 18:52 - 00991816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-03-13 22:33 - 2013-01-11 16:27 - 00628504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2016-03-13 22:33 - 2013-01-11 16:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2016-03-13 22:33 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-03-13 22:33 - 2012-06-08 16:23 - 00083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2016-03-13 22:33 - 2012-06-08 16:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2016-03-13 22:33 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2016-03-13 22:33 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-03-13 22:33 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-03-13 22:33 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-03-13 22:33 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-03-13 22:33 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-03-13 22:33 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-03-13 22:33 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-03-13 22:33 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-03-13 22:33 - 2009-11-18 07:12 - 00032344 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2016-03-13 22:27 - 2016-03-13 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-03-13 22:22 - 2016-03-13 22:22 - 00003176 _____ C:\Windows\System32\Tasks\{90EC5867-59BF-4FE7-BD45-1451449C0A69}
2016-03-13 22:19 - 2016-03-13 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2016-03-13 22:18 - 2016-03-13 22:27 - 00000000 ____D C:\Program Files (x86)\AMD
2016-03-13 22:15 - 2016-03-13 22:15 - 00003172 _____ C:\Windows\System32\Tasks\{08D6EE61-D8EE-4B26-890C-B0E61292495D}
2016-03-13 22:11 - 2016-03-13 22:18 - 00000000 ____D C:\SWSETUP
2016-03-13 22:09 - 2016-03-13 22:09 - 00001536 _____ C:\Windows\SysWOW64\RtkMsgs.dll
2016-03-13 22:09 - 2016-03-13 22:09 - 00000000 ____D C:\Dell
2016-03-13 16:01 - 2016-03-13 16:01 - 00000000 ____D C:\Users\User\AppData\Roaming\driveridentifier
2016-03-13 15:16 - 2016-03-15 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2016-03-12 18:47 - 2016-03-12 18:47 - 00000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Ultimate-(64-bit).dat
2016-03-12 18:47 - 2016-03-12 18:47 - 00000000 ____D C:\RegBackup
2016-03-11 20:34 - 2016-03-11 20:33 - 07179399 _____ C:\Users\User\Desktop\Bock_Duden_Arbeit aus Liebe - Liebe als Arbeit 1977.pdf
2016-03-11 20:34 - 2016-03-11 20:20 - 08977556 _____ C:\Users\User\Desktop\Aulenbacher-Riegraf_Markteffizienz und Ungleichheit – Zwei Seiten einer Medaille_ KlasseSchicht, Geschlecht und Ethnie im Uebergang zur postfordistischen Arbeitsgesellschaft_2009.pdf
2016-03-11 20:34 - 2016-03-11 20:17 - 00070966 _____ C:\Users\User\Desktop\sandner.pdf
2016-03-11 16:21 - 2016-03-11 16:22 - 00114748 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-03-11 16:21 - 2016-03-11 16:21 - 20151816 _____ (Tweaking.com) C:\Users\User\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-03-11 15:58 - 2011-08-23 20:57 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-03-06 00:23 - 2016-03-06 00:23 - 00228660 _____ C:\Users\User\Downloads\Diamond Gear Repair Guide - Reddit.xlsx
2016-03-06 00:23 - 2016-03-06 00:23 - 00030394 _____ C:\Users\User\Desktop\Diamond Gear Repair Guide - Reddit Diamond Pickaxe OR Shovel.pdf
2016-03-05 18:35 - 2016-03-05 18:36 - 00228660 ____R C:\Users\User\Desktop\Diamond Gear Repair Guide - Reddit.xlsx
2016-02-20 19:32 - 2016-02-28 20:07 - 00000232 _____ C:\Users\User\Desktop\MC.txt
2016-02-20 18:36 - 2016-03-11 18:34 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2016-02-20 15:53 - 2016-02-20 15:53 - 00093003 _____ C:\Users\User\Desktop\Mineshafter-launcher.jar
2016-02-17 11:34 - 2016-03-11 15:52 - 00000000 ____D C:\Users\User\AppData\Roaming\Hola
2016-02-17 11:34 - 2016-02-17 11:34 - 00000000 ____D C:\Users\User\AppData\Local\Hola
2016-02-17 11:34 - 2016-02-17 11:34 - 00000000 ____D C:\Program Files\Hola
2016-02-17 11:33 - 2016-02-17 11:33 - 00665984 _____ (Hola Networks Ltd.) C:\Users\User\Downloads\Hola-Setup.exe
2016-02-14 15:33 - 2016-03-13 23:21 - 00000000 ____D C:\Users\User\Desktop\Battlenet ID
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 20:46 - 2009-07-14 05:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-15 20:46 - 2009-07-14 05:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-15 20:28 - 2014-02-06 19:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-15 19:29 - 2015-05-02 23:58 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles
2016-03-15 19:29 - 2015-02-04 17:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-03-15 19:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-15 19:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-15 19:17 - 2013-12-30 09:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-15 19:17 - 2013-12-30 09:29 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-03-15 17:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-15 12:35 - 2015-09-29 01:22 - 00000000 ____D C:\Program Files (x86)\TweakBit
2016-03-15 12:24 - 2009-07-14 03:34 - 00000502 _____ C:\Windows\win.ini
2016-03-14 22:20 - 2014-03-06 14:32 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-14 22:19 - 2014-03-06 14:28 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-14 20:50 - 2014-01-08 17:35 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-03-14 18:42 - 2013-12-30 09:31 - 00112088 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-14 18:41 - 2009-07-14 05:45 - 00428648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-13 22:41 - 2014-10-31 16:08 - 00678180 _____ C:\Windows\system32\perfh007.dat
2016-03-13 22:41 - 2014-10-31 16:08 - 00143204 _____ C:\Windows\system32\perfc007.dat
2016-03-13 22:41 - 2009-07-14 06:13 - 01603002 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-13 22:35 - 2013-12-30 09:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-03-13 22:35 - 2013-12-30 09:29 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-03-13 22:34 - 2013-12-30 09:31 - 00000000 ____D C:\Program Files\Intel
2016-03-13 22:32 - 2015-05-02 23:58 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-03-13 22:26 - 2013-12-30 09:49 - 00000000 ____D C:\Program Files\ATI Technologies
2016-03-13 22:24 - 2014-01-09 20:49 - 00000000 ____D C:\Program Files\AMD
2016-03-13 22:24 - 2014-01-09 20:43 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-13 22:22 - 2014-01-09 20:41 - 00000000 ____D C:\AMD
2016-03-13 22:21 - 2015-05-02 23:56 - 00000700 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-03-13 22:19 - 2013-12-30 09:50 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-03-13 20:05 - 2014-01-08 17:33 - 00671068 _____ C:\Windows\ntbtlog.txt
2016-03-13 20:05 - 2011-04-12 09:28 - 00000000 ____D C:\Windows\CSC
2016-03-13 15:16 - 2015-09-29 01:22 - 00000000 ____D C:\ProgramData\TweakBit
2016-03-13 14:59 - 2009-07-14 06:08 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-12 23:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-03-12 21:44 - 2014-11-05 02:46 - 00000000 ____D C:\Users\Тест
2016-03-12 21:44 - 2014-05-01 14:37 - 00000000 ____D C:\Users\Guest
2016-03-12 21:15 - 2014-01-18 20:12 - 00000000 ____D C:\Program Files\OBS
2016-03-12 21:01 - 2014-12-10 03:10 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-12 21:01 - 2014-05-06 15:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-03-12 20:23 - 2009-07-14 03:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_574
2016-03-12 19:15 - 2009-07-14 03:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_172
2016-03-11 22:35 - 2014-01-08 17:12 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-03-11 18:28 - 2014-02-06 19:42 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 18:28 - 2014-02-06 19:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 18:28 - 2014-02-06 19:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-11 16:44 - 2014-01-08 00:40 - 00000000 ____D C:\Windows\system32\MRT
2016-03-11 16:39 - 2014-01-08 00:40 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-11 16:20 - 2015-12-01 10:59 - 00050776 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-03-11 16:03 - 2015-06-09 20:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 15:40 - 2016-01-16 21:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-11 15:40 - 2014-02-06 19:41 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 15:40 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-11 15:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-11 15:37 - 2014-01-08 17:12 - 00000000 ____D C:\ProgramData\Skype
2016-03-11 15:30 - 2011-04-12 09:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-08 01:07 - 2013-12-30 13:03 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-03-02 20:11 - 2014-01-07 21:31 - 00000000 ____D C:\temp
2016-02-20 01:59 - 2016-01-31 19:17 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2016-02-18 18:14 - 2014-01-09 00:05 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-18 18:14 - 2014-01-08 10:23 - 00000000 ____D C:\Users\User\AppData\Roaming\Battle.net
2016-02-14 01:59 - 2013-12-30 09:36 - 01585718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
==================== Files in the root of some directories =======
2014-11-10 23:10 - 2014-11-10 23:10 - 0001181 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.1.txt
2014-11-10 23:10 - 2014-11-30 00:31 - 0000919 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt
2014-11-10 23:10 - 2014-11-30 00:31 - 0000000 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-01-23 22:51 - 2016-02-11 12:12 - 0007606 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2013-12-30 09:37 - 2013-12-30 09:37 - 0000003 _____ () C:\Users\User\AppData\Local\user_data.ini
2015-10-08 11:35 - 2015-10-08 11:35 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-09 11:56
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by User (2016-03-15 20:48:33)
Running from C:\Users\User\Desktop\FRST64
Windows 7 Ultimate Service Pack 1 (X64) (2013-12-30 08:17:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2278087175-315393774-4205556306-500 - Administrator - Disabled)
Guest (S-1-5-21-2278087175-315393774-4205556306-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2278087175-315393774-4205556306-1004 - Limited - Enabled)
User (S-1-5-21-2278087175-315393774-4205556306-1000 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2278087175-315393774-4205556306-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
A1 Powerline Adapter (HKLM-x32\...\dlanwlancfg) (Version: 3.0.0.0 - PLC)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games)
AMD Catalyst Install Manager (HKLM\...\{0FC66755-FB35-2CBD-C838-70B4984C2C67}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Creativerse (HKLM-x32\...\Steam App 280790) (Version: - Playful Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dota 2 Workshop Tools Alpha (HKLM-x32\...\Steam App 316570) (Version: - )
Dungeon Defenders II (HKLM-x32\...\Steam App 236110) (Version: - Trendy Entertainment)
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Gear Up (HKLM-x32\...\Steam App 214420) (Version: - Doctor Entertainment AB)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{A22FA2CB-294A-495C-B784-79981E0BD6F5}) (Version: 5.0.10.2861 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Kingdom Wars (HKLM-x32\...\Steam App 227180) (Version: - Reverie World Studios, INC)
Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-GB)) (Version: 24.6.0 - Mozilla)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
PRIME Z-DW Gaming Mouse (HKLM-x32\...\PRIME Gaming Mouse) (Version: 1.0 - SPEEDLINK)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6876 - Realtek Semiconductor Corp.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version: - Trion Worlds)
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
Settings Manager (HKU\S-1-5-21-2278087175-315393774-4205556306-1000\...\Settings Manager) (Version: 21.4.0.1 - Spigot, Inc.) <==== ATTENTION
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Snow Sakura (HKLM-x32\...\Snow Sakura) (Version: - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.7.0.9 - GOG.com)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version: - Ubisoft Singapore)
Transformice (HKLM-x32\...\Steam App 335240) (Version: - Atelier 801)
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version: - Hi-Rez Studios)
TwitchAlerts (HKU\S-1-5-21-2278087175-315393774-4205556306-1000\...\fb3f6ca9b67f53a3) (Version: 1.0.0.8 - TwitchAlerts)
Unity Web Player (HKU\S-1-5-21-2278087175-315393774-4205556306-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
War Thunder Launcher 1.0.1.542 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warplanes (HKU\S-1-5-21-2278087175-315393774-4205556306-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813eu}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2278087175-315393774-4205556306-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {10C8072C-5429-454C-8B52-A072AE9DABE9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {1EA493D9-9F24-4B1A-B947-40AF5936EAD5} - System32\Tasks\{90EC5867-59BF-4FE7-BD45-1451449C0A69} => pcalua.exe -a "C:\Users\User\Desktop\Novi Driveri\win64_153342.exe" -d "C:\Users\User\Desktop\Novi Driveri"
Task: {3B62A958-D36E-4D68-BDAA-3F8DE7E0C56E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {4015565D-9D43-4255-9E36-907D5AED6C92} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-13] (AO Kaspersky Lab)
Task: {660FD778-A06B-4EF1-A489-E3859B780342} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {6C70FB2C-EF68-4A60-87A1-782A989B063C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {775CD278-F74B-4D7B-B4E1-66F4F7B1DEEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {8A26BDA7-6965-46ED-BA0A-FD35139FAB62} - System32\Tasks\{0F3F4A73-0B4D-4033-9389-4244F58D88AE} => pcalua.exe -a "C:\Program Files (x86)\NETGEAR\WNA1100\Uninstall.exe" -d "C:\Program Files (x86)\NETGEAR\WNA1100"
Task: {906A3458-62FE-47AC-A277-1059B980D973} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-14] (Microsoft Corporation)
Task: {9C64BCB3-88B0-4B9A-914C-EFD8902E8686} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {A72EBFE3-5303-4405-AAD0-B8C3A0F37A19} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {B4997671-EEFF-4282-B597-DEC847CE95BA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {C58A51B3-2337-44B8-8162-E341F401468A} - System32\Tasks\{1E0B926D-F26C-44D5-89A8-DDAA1EA94006} => pcalua.exe -a C:\Users\User\AppData\Roaming\.minecraft\Uninstall.exe
Task: {C5BD7536-550E-4D52-9B7F-CA26F8A29D75} - System32\Tasks\{08D6EE61-D8EE-4B26-890C-B0E61292495D} => pcalua.exe -a "C:\Users\User\Desktop\Novi Driveri\sp74100(1).exe" -d "C:\Users\User\Desktop\Novi Driveri"
Task: {CEADE8D9-F509-432D-9262-174810E42DBB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {E21AAC68-F734-4785-9E52-EED72FAEC14E} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-28 11:59 - 2015-09-01 17:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-03-06 14:28 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-14 09:28 - 2014-08-14 09:28 - 00209712 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2014-08-14 09:28 - 2014-08-14 09:28 - 00057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-14 09:28 - 2014-08-14 09:28 - 00037168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2014-08-14 09:28 - 2014-08-14 09:28 - 00057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2015-01-07 21:38 - 2011-07-28 17:06 - 08247264 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
2015-01-07 21:38 - 2011-07-28 17:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\kpcengine.2.3.dll
2015-01-07 21:38 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
2015-01-07 21:38 - 2011-07-27 11:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2013-12-30 09:31 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2278087175-315393774-4205556306-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2278087175-315393774-4205556306-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2278087175-315393774-4205556306-1000\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2278087175-315393774-4205556306-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2278087175-315393774-4205556306-1000\...\sony.com -> sony.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-03-13 20:01 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2278087175-315393774-4205556306-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Daemon tools\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: hola => C:\Program Files\Hola\app\hola.exe --silent
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: LWS => D:\Logitech Webcam\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: OscarEditor => "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
MSCONFIG\startupreg: PRIME Gaming Mouse => "C:\Program Files (x86)\SPEEDLINK Gaming Mouse\Gaming Mouse.exe" /hide
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{0ACE2391-7261-4788-BA91-67D5144B8ACE}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{94DDE979-E508-49F7-865F-E14BB2833D43}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{96E5D5C1-BF15-4D21-BE0B-0E1523EB5702}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{DB557478-A8BC-487F-A3A7-84E308C651F1}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{202D3F82-E79D-43F3-A426-A4939FDDC3FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{6BEE9D72-7F1A-4F5B-A6B4-10D8607B2475}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{F6CEE56E-95B8-47AC-A58D-5D3AED6F70C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{C6E091E9-916E-43F6-8AA9-FE2E72183AB1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{557B388F-0C76-4B6A-A6F2-E85E887947A5}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{4D0CF7E9-4495-43B4-9D73-0EB088952B05}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{A1DF34E3-5083-42BE-947D-B491091EBC53}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{4AEB95B0-1CB7-41CA-80B8-8FF1B5F69CD0}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{402D9FA7-0D8A-49BB-B6FD-9EE54797E0F3}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{5D82D92C-8607-43C2-9EE8-41AE1B31F49B}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4DE69CDE-68D7-4790-A6CD-E43FEBCD56C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2347DF1A-084D-4711-8D66-EADF2D0FD95A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{DF0A83BD-698E-41D7-8454-C8DA0A19586E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [TCP Query User{B50339F5-5DFA-4C1E-9CEF-1366D0C6C439}C:\program files (x86)\media crawler\mediacrawler.exe] => (Allow) C:\program files (x86)\media crawler\mediacrawler.exe
FirewallRules: [UDP Query User{9B2E1E35-5651-4EC7-A6A0-B8BEB47369A7}C:\program files (x86)\media crawler\mediacrawler.exe] => (Allow) C:\program files (x86)\media crawler\mediacrawler.exe
FirewallRules: [{638012C7-0A85-4B84-82AE-B8513114B31F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{C984B089-468F-4AA8-B59D-A76F46C19007}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{C83604B7-E573-4467-9796-BF45D92CB664}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5A4380BA-D2BC-4BB3-BE75-744FA303B944}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2F028CBC-60EB-470E-8BEE-C7B708FDAF9F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{923069C0-85A6-43F4-ACB4-3D5CCBC3AA13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{91950AA6-7634-44A6-B0D9-80D31E1ADB30}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{4C7377F9-A082-409B-8092-7F11EEF32C8B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{5225E6D3-0D8A-47B5-AEC4-EEDCB09E034E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{216C57E2-81D2-4768-B918-AE6FDD183C71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{F891E9DD-4ED9-45A4-9501-E76A8FC404E5}] => (Allow) D:\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{F1FD281B-0D25-404C-971E-F2B4B1DA08B4}] => (Allow) D:\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{806643C4-A32C-471E-8A5A-C135BAB7706B}] => (Allow) D:\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [{C8E986D2-651D-4B41-923C-35F7655D5F44}] => (Allow) D:\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [{1450997B-0C4D-4754-BB1F-B5D30E5C4A47}] => (Allow) D:\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{721E9C2F-0AD4-4AC8-BC96-646EB79BC01F}] => (Allow) D:\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{2BAE9DB2-607B-4C7D-8DBB-32FE666E77FC}] => (Allow) D:\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{E7FBB589-98EC-45C3-B036-0C3D42867E86}] => (Allow) D:\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{9D871D06-E969-4088-9DC9-EDC63E0B9C5E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{88087A4B-6D2D-42ED-9C20-D7DF877B9A4D}D:\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) D:\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [UDP Query User{A64E7E76-2286-4B2B-A5A8-411CE253E6AD}D:\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) D:\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [TCP Query User{19DFEA7B-5C35-485D-8274-92871EFDDAA6}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [UDP Query User{3C32EFD3-79AD-4D72-A91D-BDC2FCE7387E}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [{3E757E4E-D90A-4583-B584-21F8971DB671}] => (Allow) D:\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{91D4BDF7-7ECC-4AE9-A614-812AAE884362}] => (Allow) D:\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{22DB5699-9E2C-436B-899C-DD49F3AC65A1}] => (Allow) D:\Steam\SteamApps\common\RIFT\riftpatchlive.exe
FirewallRules: [{66503966-9E77-488F-94F1-797911225589}] => (Allow) D:\Steam\SteamApps\common\RIFT\riftpatchlive.exe
FirewallRules: [{65F6DC20-93B9-4804-9E68-86EDA442023A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{413B2105-C6F5-4955-AD24-DB731F4B2BBD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{0927C497-A953-492C-AE18-5BE24B181ECF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0AA96537-5365-48E9-AAAE-08131D87E3B3}] => (Allow) LPort=2869
FirewallRules: [{15F16C05-B7C0-4B9D-AD4C-69B681DABB0E}] => (Allow) LPort=1900
FirewallRules: [{EBAE0B13-038D-46E7-A2EA-6EC1DF4AE350}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{C90E294F-1867-429A-A7EA-5AF532BA8446}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{DD998AA6-228A-4609-9EF2-0B4771EE4E61}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{CDEE2BA1-5FAF-4900-AC9C-A80D2858FBB9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [TCP Query User{4C8F56B2-DEAB-4CD4-B08F-2D3A09883B77}D:\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{1B057E48-9F93-41D1-9F40-226CA4C98F18}D:\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{ABBD466A-F93B-4DB2-94D2-1E4B1F36B409}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{AC31B4E2-58DC-4728-8906-70BB168C41B3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{0CAA0B4E-FD64-43D9-8781-EDC955FC86A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{9DDACEB5-C214-4A13-9D6D-3970DC76BD2C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{242E647D-F5F2-49B0-AEEE-E9BA8CF32FA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{55655955-4446-4A0B-B534-33D554F6AA6A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{078223E3-D47A-4FAF-B9F8-77C64960323C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{8E45046C-3E65-4488-B1A6-FDA1B4A4D762}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{0BA5E194-D55C-4A15-A958-FA65A5E5B421}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{3342D768-5FA2-4748-BA80-8ED87C68E61D}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{880E93AC-5799-4628-8934-E746374FA1F9}] => (Allow) D:\SPSSv20\stats.com
FirewallRules: [{13643EE4-5986-49A0-8B36-89CFDE33A7A1}] => (Allow) D:\SPSSv20\WinWrapIDE.exe
FirewallRules: [{0DA66D41-2344-441D-88E7-2101D086AE2F}] => (Allow) D:\SPSSv20\stats.exe
FirewallRules: [{7613D2AA-4F33-4006-A101-B2D8D4F7B25E}] => (Allow) D:\SPSSv20\stats.com
FirewallRules: [{97C59F14-505E-4D9C-AA8A-0441418B6E70}] => (Allow) D:\SPSSv20\WinWrapIDE.exe
FirewallRules: [{98B4F909-2580-4D58-874A-82FEBC0B3723}] => (Allow) D:\SPSSv20\stats.exe
FirewallRules: [TCP Query User{13DF6C0B-9F95-4E9B-A4CB-9060756E4907}D:\spssv20\jre\bin\javaw.exe] => (Allow) D:\spssv20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{C4146805-CC22-4CB4-8C6B-21A069988034}D:\spssv20\jre\bin\javaw.exe] => (Allow) D:\spssv20\jre\bin\javaw.exe
FirewallRules: [{1A8FB125-E062-4C1B-9222-132C695C82D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{86B8B13C-2C03-48C3-B91B-408D26EDC5D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{572B0DB6-2309-4D8C-9695-C7A7F5D969CC}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{FF2CD405-D0F9-47DC-9645-C7D76B41FE5C}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{31619507-37D7-4125-8600-A4E68764414A}D:\heroes of the storm\versions\base32524\heroesofthestorm.exe] => (Allow) D:\heroes of the storm\versions\base32524\heroesofthestorm.exe
FirewallRules: [UDP Query User{3E4396D5-39DE-4327-B532-415E2AA18552}D:\heroes of the storm\versions\base32524\heroesofthestorm.exe] => (Allow) D:\heroes of the storm\versions\base32524\heroesofthestorm.exe
FirewallRules: [{AB02221B-7830-4A52-9E8F-E9CBBF8D0FAB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{30710694-1A98-4FC1-B3EE-45462089F4B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{F70FA21A-CB7B-443A-B80E-351D79DCD4F6}] => (Allow) D:\Teamviewer\TeamViewer.exe
FirewallRules: [{2184DF54-9436-468B-AE22-2863B2B795EA}] => (Allow) D:\Teamviewer\TeamViewer.exe
FirewallRules: [{2096F03F-9FE4-441A-8F93-B43EAF0BE38B}] => (Allow) D:\Teamviewer\TeamViewer_Service.exe
FirewallRules: [{1EC0443E-EB61-490F-A0CA-802D175A64E9}] => (Allow) D:\Teamviewer\TeamViewer_Service.exe
FirewallRules: [{3196F5A0-BE5A-4477-8F42-587AD2A6AC61}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{8A57ACBC-EF51-481A-88CA-6A0EE6F4A118}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{31FFD30A-AE8A-49A9-8B03-B439DA19454F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D1C866ED-4C9F-4DE5-8319-00FED628B5BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81766993-B737-4668-AEA5-5AED2C753F48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{5AEF10AC-9F8F-498D-BEBB-A4CC76F1FB65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{027461BD-3692-4D83-B383-ACED883F5C53}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8634CCD7-93E8-4A9F-9270-B5D951B306AD}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{506E1D63-7F23-4AC6-A08B-3C729297A16B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{FB773CFD-35B8-4751-B8A2-906502C98FDB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{A00DBC9A-A3E9-4529-83C6-E962E4AC4649}] => (Allow) D:\Steam\SteamApps\common\Transformice\Transformice.exe
FirewallRules: [{32CF1278-E697-4BB3-9654-730AAF63166A}] => (Allow) D:\Steam\SteamApps\common\Transformice\Transformice.exe
FirewallRules: [{EAC54EDC-42A5-486B-92BD-0D223C768FB2}] => (Allow) D:\Steam\SteamApps\common\GearUp\bin\Traktor.Amalgam.App.exe
FirewallRules: [{E3B1507D-4DD5-4B8D-A169-3840B5A70515}] => (Allow) D:\Steam\SteamApps\common\GearUp\bin\Traktor.Amalgam.App.exe
FirewallRules: [{CB01132B-6F54-4068-9344-EF19B3E1EA88}] => (Allow) D:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{0F713A14-E615-4E68-B69D-19C3CC4A629E}] => (Allow) D:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{AB3FFD04-6928-4AF1-AE1D-134B3358260B}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{26998DD3-7AB1-42C9-9971-17BB623EA2F2}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{AC1A1136-137E-459A-8341-8D9606F0C59B}] => (Allow) D:\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{822352DA-B920-4113-9B25-70951C58B3DA}] => (Allow) D:\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{12A4B308-83B6-45AA-86F4-9A50A101B419}] => (Allow) D:\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{4720E5D9-550B-4E1F-A87A-99FEBC983512}] => (Allow) D:\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{C1BA5FD4-DB99-44E3-904D-6E19D0F3EA72}] => (Allow) D:\Steam\SteamApps\common\Dawn of Fantasy\Dof.exe
FirewallRules: [{DDF947DB-991B-4CA3-82E6-1302D0B16CC7}] => (Allow) D:\Steam\SteamApps\common\Dawn of Fantasy\Dof.exe
FirewallRules: [{5BC4B26C-DE10-41C1-9809-40531E7B1880}] => (Allow) D:\Steam\SteamApps\common\Dawn of Fantasy\dof_options.exe
FirewallRules: [{FB06EE7A-9F1E-4AA3-A071-0986DD08AC5E}] => (Allow) D:\Steam\SteamApps\common\Dawn of Fantasy\dof_options.exe
FirewallRules: [{7C76F2E4-9A7F-4C80-9380-ADE2AA293B09}] => (Allow) D:\Steam\SteamApps\common\Dawn of Fantasy\Editor.exe
FirewallRules: [{A94AC120-3CD4-494F-9BBA-5F7FF967E2AF}] => (Allow) D:\Steam\SteamApps\common\Dawn of Fantasy\Editor.exe
FirewallRules: [{6E0BB6D6-1CFA-49B1-879D-104620EEDBB4}] => (Allow) D:\Steam\SteamApps\common\Tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{57BE7863-963A-4746-97E5-F0796F89AFF4}] => (Allow) D:\Steam\SteamApps\common\Tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{ECF5E19B-2277-41DE-8964-86745575BC1E}] => (Allow) D:\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{EB61660B-30EE-42EF-81D5-9F2C3C424B48}] => (Allow) D:\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{576C2C3F-A1EC-4E2D-A96B-B67EC1F4FD50}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{BFB20AE9-F186-4B1B-8BD3-89D2C4AC09C2}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{81FB2BEE-4D18-4EFA-848B-1C19EBCAF37D}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{FFC9806A-AC02-4575-BC58-FE74169BFF52}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{B4FC640F-C511-404E-BEA4-A70F259DB333}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{3E213AED-CBAB-451D-AC87-A9C020C0652E}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{89176DD8-EEF5-4517-9E24-AD12A906C07B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{DE657D76-8D02-4479-856F-9293609D9E3C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{4A618A3E-18F7-456E-B49B-C3F60921A415}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{F2930CCC-9D8E-444B-B758-E6DFB3CC5FFA}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{1D806487-F095-4214-B667-856B29284002}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{80E02DEA-9994-4334-A3BA-19D7BAA91F46}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{1E4641DD-79C0-47E5-BCDB-5B5CA5CA3A6F}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{01517821-8B7F-49DC-8C09-E0466429DBD7}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{410D3636-2354-457D-9493-AD1680DDABB3}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{F7BBB84B-F8F9-41CE-B727-653CAE033B18}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{D889FDD8-3489-4F22-B948-6BC68506496C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{ACE60DE2-FF3F-44C8-B191-3665D887256C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{2F1DCAB0-026B-48FA-8492-24DD7D8CD202}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{F5B22798-D843-4163-BE8D-A5BC57812168}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{B4768B0B-55BD-43AA-964B-7549F715B1F6}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{371B409B-8951-44C3-801F-1519E57EDC5E}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{602D4EAC-CDC9-4C85-A77F-9F13D567C455}] => (Allow) D:\War Thunder\WarThunder\launcher.exe
FirewallRules: [{34E3AB9E-CA15-433C-B7AC-531B5D0F09AD}] => (Allow) D:\War Thunder\WarThunder\launcher.exe
FirewallRules: [{DE73C143-EA4E-4131-AB65-81347DAC1D82}] => (Allow) D:\War Thunder\WarThunder\bpreport.exe
FirewallRules: [{F559AAAC-609E-44EE-B710-A6FF13F93CEF}] => (Allow) D:\War Thunder\WarThunder\bpreport.exe
FirewallRules: [{8B898A11-3A4F-4B02-B661-D5291ABD9EC3}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{6EBC1F2D-C4E1-4A9C-80B7-DFE8E2E93B6C}] => (Allow) LPort=5357
FirewallRules: [{DBCF1010-1257-4228-B587-523039C4375D}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7FE091C7-6D25-4A94-BE4B-873DE6206C49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6B463128-CE54-43F3-A6B7-793AC6014806}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD7C8F8C-8A0F-4242-91E4-7EAF1A87999F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{725C300A-7608-404D-96A1-F6DCFF311B87}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{29D8F059-06FE-461B-91D8-CDA06D20D288}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{02168E8E-6E1D-4D08-B2A8-06C9C760FC9A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{A62D08CA-063C-4FAA-9FC0-5CCE01D69525}] => (Allow) C:\Program Files (x86)\PLC\dlanwlancfg\dlanwlancfg.exe
FirewallRules: [TCP Query User{8E673F5E-1D8E-456F-BF99-8C3CEA068AE1}C:\program files (x86)\speedlink gaming mouse\gaming mouse.exe] => (Allow) C:\program files (x86)\speedlink gaming mouse\gaming mouse.exe
FirewallRules: [UDP Query User{C274F0FF-FE2B-4C7A-B483-D7B80448C2CD}C:\program files (x86)\speedlink gaming mouse\gaming mouse.exe] => (Allow) C:\program files (x86)\speedlink gaming mouse\gaming mouse.exe
FirewallRules: [{0FD0B41A-2029-4FD5-B566-4CD11EBB0F22}] => (Allow) D:\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{B26CC9C6-260A-40B6-833E-105FBDA6F155}] => (Allow) D:\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{8A9BB1A8-7B33-407A-83FA-B27210A0F2C0}] => (Allow) D:\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{8B0D37E7-02C0-426B-A7BB-778A480692B0}] => (Allow) D:\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{DDAB0F0B-C10D-4597-933B-267E74E03F12}] => (Allow) D:\Steam\SteamApps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{F85A9A6E-DC31-4CE4-8C76-AE9E59C4BE20}] => (Allow) D:\Steam\SteamApps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{CBECA9D1-9462-4E45-85A3-7FDDCADF9605}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{63665025-B45A-416C-B06B-C2368ABC089C}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{9AA2B242-581D-44A7-AEDB-B1C1F64851A3}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{E6A2CC75-CFDE-4310-A5E5-22442AFC42DD}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{62E8BEF6-D743-4652-844A-289A006EE106}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{AD59A93D-DC60-4838-AC1B-49208F55222C}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{19924C70-CFCD-41A1-85A4-621306526B9A}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{457AEFC1-1062-486C-A53C-B786091A8913}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{16F80790-347E-41CE-86F4-D79E2DFF0329}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{93A3108C-F21E-4A6E-8F26-127773DDF856}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A5F1DA9D-6E40-41AF-BA31-B5DB4DDEC775}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{FC166EEE-7031-473C-B570-BD5D4910B131}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{4D8DCCBE-2E3C-43E1-82DF-BCE4F0259B0F}D:\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{CEB11D74-A1AD-4BF6-894B-BFCE2F81BC94}D:\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{57CE2250-F1D7-4B0A-B297-6BFB8DD29620}D:\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CB106CC7-5199-4076-B389-7D97D885D268}D:\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
==================== Restore Points =========================
13-03-2016 22:23:42 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
13-03-2016 22:24:08 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
13-03-2016 22:25:12 Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
15-03-2016 17:36:54 Installed Realtek Ethernet Controller Driver
15-03-2016 19:11:05 Installed Realtek Ethernet Controller Driver
15-03-2016 19:16:26 Removed Realtek Ethernet Controller Driver
15-03-2016 19:17:21 Installed Realtek Ethernet Controller Driver
15-03-2016 19:17:38 Installed Realtek Ethernet Controller Driver
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (03/15/2016 07:29:18 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (03/15/2016 07:27:31 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (03/15/2016 07:27:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
JSWPSLWF
Error: (03/15/2016 07:25:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
JSWPSLWF
Error: (03/15/2016 07:15:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
JSWPSLWF
Error: (03/15/2016 05:46:48 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (03/15/2016 05:39:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
JSWPSLWF
Error: (03/15/2016 12:41:21 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (03/15/2016 12:14:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
JSWPSLWF
Error: (03/15/2016 12:14:51 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
CodeIntegrity:
===================================
Date: 2016-03-15 19:26:49.439
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-15 19:26:49.392
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-15 19:24:18.702
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-15 19:24:18.655
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-15 19:14:27.280
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-15 19:14:27.234
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-15 17:39:03.468
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-15 17:39:03.405
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-15 12:13:57.904
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-15 12:13:57.857
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core™ i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8076.95 MB
Available physical RAM: 5568.86 MB
Total Virtual: 16152.11 MB
Available Virtual: 13152.25 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:464.84 GB) (Free:363.74 GB) NTFS
Drive d: () (Fixed) (Total:466.57 GB) (Free:222.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A29DB488)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=466.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Attached Files
-
FRST.txt 35.64KB
272 downloads
-
Addition.txt 55.02KB
262 downloads
Similar Topics
Also tagged with one or more of these keywords: AdapterNetwork, Drivers, Windows7, Local Area Connection
Answered0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
