TechSpot

Hidden ninja hijack host program

By Enlonwhite
Jan 23, 2016
  1. Malware-bytes, Anti-malware the paid for version keeps finding these win32 Hijack host type virus, even after doing a scan just 20 minutes before with me doing nothing on the computer, I even disconnected from the internet AFTER updating spybot and malware-bytes. Ran spybot, immunized, and ran malware-bytes, then ran malware-bytes again. Still found three repetitively. So I got a little bugger that is making these virus and he is hidden very well. I assume its from a browser adware or spyware as I haven't install any new programs and steam games I don't really worry about. So just thinking on how to remove this sneaky little guy or guys from my computer. I had disabled cookies on 5 hidden internet explorer profiles that spybot search and destory found. The names were really really long with that odd letters and numbers thing that always scares me with my little knowledge of computers that warns me of possible issues.

    FIRST thing asked to do here it is.
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
    Ran by Enlonwhite (administrator) on PERRIN (22-01-2016 23:44:18)
    Running from C:\Users\Enlonwhite\Downloads
    Loaded Profiles: Enlonwhite & (Available Profiles: Enlonwhite & Brandy)
    Platform: Windows 8 (X64) Language: English (United States)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
    (Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\Planner\PLNRnote.exe
    () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
    () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
    () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.7\deploy\LoLLauncher.exe
    () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\LoLPatcher.exe
    () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\LoLPatcherUx.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\LoLPatcherUx.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-05] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-08-20] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [AddressBookReminderApp] => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\ReminderApp.exe
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [689304 2012-09-23] (Adobe Systems Incorporated)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\Run: [Safer-Surf] => C:\Program Files (x86)\di7Safer-Surf\Safer-Surf.exe
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\RunOnce: [Uninstall C:\Users\Enlonwhite\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Enlonwhite\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\MountPoints2: {c188a6ab-3bf0-11e4-be9b-ac220b8af147} - "G:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\MountPoints2: {ea58ad9d-d97d-11e4-beb0-ac220b8af147} - "G:\unlock.exe" autoplay=true
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [689304 2012-09-23] (Adobe Systems Incorporated)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Safer-Surf] => C:\Program Files (x86)\di7Safer-Surf\Safer-Surf.exe
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Enlonwhite\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Enlonwhite\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c188a6ab-3bf0-11e4-be9b-ac220b8af147} - "G:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ea58ad9d-d97d-11e4-beb0-ac220b8af147} - "G:\unlock.exe" autoplay=true
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [689304 2012-09-23] (Adobe Systems Incorporated)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Safer-Surf] => C:\Program Files (x86)\di7Safer-Surf\Safer-Surf.exe
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\Enlonwhite\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Enlonwhite\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {c188a6ab-3bf0-11e4-be9b-ac220b8af147} - "G:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {ea58ad9d-d97d-11e4-beb0-ac220b8af147} - "G:\unlock.exe" autoplay=true
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2015-01-05]
    ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\Planner\PLNRnote.exe (Creative Home)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2015-05-26]
    ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0B83961E-3DCD-4828-A150-1E6D07427E45}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{39875994-5A60-4A5F-A0D6-EE13B0ECF40F}: [DhcpNameServer] 192.168.0.1 205.171.2.25
    Tcpip\..\Interfaces\{AF9CB5DC-F502-4991-B03A-933E0CCD81ED}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{C4149972-AAF8-4811-87D5-E54F8B0FD68E}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-15] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-09] (Oracle Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-09] (Oracle Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-15] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-15] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-15] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-15] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Enlonwhite\AppData\Roaming\Mozilla\Firefox\Profiles\b6taq5xa.default-1430545408265
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
    FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-09] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-09] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-02-11] (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-15] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-02-11] (Adobe Systems)
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Enlonwhite\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-31] (Citrix Online)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001: adobe.com/AdobeExManCCDetect32 -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect32.dll [2013-12-05] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001: adobe.com/AdobeExManCCDetect64 -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect64.dll [2013-12-05] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Enlonwhite\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-31] (Citrix Online)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: adobe.com/AdobeExManCCDetect32 -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect32.dll [2013-12-05] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: adobe.com/AdobeExManCCDetect64 -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect64.dll [2013-12-05] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @citrixonline.com/appdetectorplugin -> C:\Users\Enlonwhite\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-31] (Citrix Online)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: adobe.com/AdobeExManCCDetect32 -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect32.dll [2013-12-05] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: adobe.com/AdobeExManCCDetect64 -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect64.dll [2013-12-05] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Extension: Adblock Plus - C:\Users\Enlonwhite\AppData\Roaming\Mozilla\Firefox\Profiles\b6taq5xa.default-1430545408265\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-12-24] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29]
    CHR Extension: (Google Drive) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-03]
    CHR Extension: (YouTube) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-03]
    CHR Extension: (Google Search) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
    CHR Extension: (Adobe Acrobat) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-12-03]
    CHR Extension: (Google Docs Offline) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-03]
    CHR Extension: (Gmail) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-02]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-06-23] (ASUSTeK Computer Inc.)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
    S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-10-09] (BitRaider, LLC)
    S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
    S3 Origin Client Service; D:\Origin\OriginClientService.exe [2099720 2015-11-26] (Electronic Arts)
    S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-04-25] (Microsoft Corporation)
    R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316120 2014-08-18] ()
    S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [X]
    S3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
    R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
    S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-10-09] (BitRaider)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-25] (Broadcom Corporation)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-01] ()
    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-22] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
    R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
    S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-04-25] (Microsoft Corporation)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35232 2013-04-25] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [230904 2013-04-25] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-22 23:44 - 2016-01-22 23:44 - 00034095 _____ C:\Users\Enlonwhite\Downloads\FRST.txt
    2016-01-22 23:44 - 2016-01-22 23:44 - 00000000 ____D C:\FRST
    2016-01-22 23:43 - 2016-01-22 23:43 - 02370560 _____ (Farbar) C:\Users\Enlonwhite\Downloads\FRST64.exe
    2016-01-22 04:26 - 2016-01-22 04:22 - 00450654 _____ C:\Windows\system32\Drivers\etc\hosts.20160122-042624.backup
    2016-01-01 14:12 - 2016-01-01 14:13 - 00826832 _____ C:\Windows\Minidump\010116-13437-01.dmp
    2015-12-29 23:31 - 2015-12-29 23:31 - 00000000 ____D C:\Users\Enlonwhite\AppData\Local\Ndemic Creations
    2015-12-29 23:19 - 2015-12-29 23:19 - 00000222 _____ C:\Users\Enlonwhite\Desktop\Plague Inc Evolved.url
    2015-12-28 02:54 - 2015-12-28 02:54 - 00970544 _____ C:\Windows\Minidump\122815-16140-01.dmp
    2015-12-27 15:54 - 2015-12-27 15:54 - 00344424 _____ C:\Windows\Minidump\122715-62953-01.dmp
    2015-12-23 11:52 - 2015-12-23 11:52 - 00000222 _____ C:\Users\Enlonwhite\Desktop\Fallen Enchantress Legendary Heroes.url
    2015-12-23 11:51 - 2015-12-23 11:51 - 00000222 _____ C:\Users\Enlonwhite\Desktop\Fallen Enchantress.url
    2015-12-23 11:50 - 2015-12-23 11:50 - 00000222 _____ C:\Users\Enlonwhite\Desktop\Aveyond 3-1 Lord of Twilight.url
    2015-12-23 04:30 - 2015-12-23 04:30 - 00000222 _____ C:\Users\Enlonwhite\Desktop\Agarest Generations of War.url
    2015-12-23 04:29 - 2015-12-23 04:29 - 00000221 _____ C:\Users\Enlonwhite\Desktop\Dwarfs!.url
    2015-12-23 04:15 - 2015-12-23 04:15 - 00000222 _____ C:\Users\Enlonwhite\Desktop\Endless Legend.url
    2015-12-23 04:12 - 2015-12-23 04:12 - 00000221 _____ C:\Users\Enlonwhite\Desktop\SpaceChem.url

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-22 23:44 - 2012-07-25 22:37 - 00000000 ____D C:\Windows
    2016-01-22 23:38 - 2013-12-16 01:59 - 00000000 ____D C:\Users\Enlonwhite\AppData\Roaming\TS3Client
    2016-01-22 23:32 - 2014-07-05 15:35 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-22 23:30 - 2014-07-16 23:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-01-22 23:29 - 2014-08-15 10:49 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-22 23:29 - 2012-07-26 00:59 - 00000000 ____D C:\Windows\CbsTemp
    2016-01-22 22:59 - 2013-12-11 05:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-01-22 22:32 - 2014-07-05 15:35 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-22 04:33 - 2014-02-06 16:00 - 00000000 ____D C:\Users\Enlonwhite\AppData\Local\Google
    2016-01-22 02:00 - 2013-12-11 05:41 - 00000000 ____D C:\Users\Enlonwhite\AppData\Local\Adobe
    2016-01-21 21:40 - 2013-12-10 02:24 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4140476658-2958252324-4128759861-1001
    2016-01-20 22:59 - 2013-12-11 05:42 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-01-19 23:00 - 2015-06-05 19:01 - 00000000 ____D C:\Users\Enlonwhite\AppData\Roaming\Curse Client
    2016-01-19 22:26 - 2013-12-10 02:25 - 00000000 ____D C:\Users\Enlonwhite\AppData\Roaming\Skype
    2016-01-19 22:23 - 2013-12-10 02:25 - 00000000 ____D C:\ProgramData\Skype
    2016-01-13 21:13 - 2015-07-01 21:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-01-13 21:13 - 2015-06-25 19:33 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2016-01-13 00:11 - 2012-07-26 01:12 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-13 00:11 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent
    2016-01-09 22:19 - 2015-06-10 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-01-09 22:19 - 2013-12-23 04:26 - 00000000 ____D C:\Program Files\Java
    2016-01-09 22:19 - 2013-12-10 02:37 - 00000000 ____D C:\ProgramData\Oracle
    2016-01-09 22:18 - 2015-08-18 17:48 - 00000000 ____D C:\Users\Enlonwhite\.oracle_jre_usage
    2016-01-09 22:18 - 2015-06-10 14:06 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2016-01-07 00:01 - 2015-08-13 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-01-07 00:01 - 2015-01-24 13:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-01-01 14:13 - 2013-09-04 05:58 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-01-01 14:13 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-01-01 14:12 - 2015-09-25 21:04 - 839366477 _____ C:\Windows\MEMORY.DMP
    2016-01-01 14:12 - 2014-01-20 18:05 - 00000000 ____D C:\Windows\Minidump
    2015-12-23 13:14 - 2015-06-09 01:47 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

    ==================== Files in the root of some directories =======

    2014-03-26 21:38 - 2014-03-28 21:41 - 0001456 _____ () C:\Users\Enlonwhite\AppData\Local\Adobe Save for Web 13.0 Prefs
    2013-12-13 02:14 - 2014-04-29 23:23 - 0007672 _____ () C:\Users\Enlonwhite\AppData\Local\Resmon.ResmonCfg
    2014-03-29 17:44 - 2014-03-29 17:44 - 0000057 _____ () C:\ProgramData\Ament.ini

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-19 00:07

    ==================== End of FRST.txt ============================
     
  2. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
    Ran by Enlonwhite (2016-01-22 23:44:59)
    Running from C:\Users\Enlonwhite\Downloads
    Windows 8 (X64) (2013-12-10 07:36:54)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4140476658-2958252324-4128759861-500 - Administrator - Disabled)
    Brandy (S-1-5-21-4140476658-2958252324-4128759861-1002 - Administrator - Enabled) => C:\Users\Brandy
    Enlonwhite (S-1-5-21-4140476658-2958252324-4128759861-1001 - Administrator - Enabled) => C:\Users\Enlonwhite
    Guest (S-1-5-21-4140476658-2958252324-4128759861-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
    Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
    Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
    Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
    Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
    Adobe Edge Animate CC (HKLM-x32\...\{1C5E96F4-6F15-4A96-BF62-9D1F60B44FF1}) (Version: 3.0 - Adobe Systems Incorporated)
    Adobe Edge Code CC (HKLM-x32\...\{641F742F-1497-51B4-F481-1037096A90A0}) (Version: 0.97 - Adobe Systems Incorporated)
    Adobe Edge Inspect CC (HKLM-x32\...\{67D22EA0-4601-4450-9C99-042DABB0A315}) (Version: 1.0.408 - Adobe Systems Incorporated)
    Adobe Edge Reflow CC Preview (HKLM\...\{4CBD2327-FA4C-4D42-8903-CE1E96FE0FBF}) (Version: 0.37.15833 - Adobe Systems Incorporated)
    Adobe Exchange Panel (HKLM-x32\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)
    Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
    Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.1.1 - Adobe Systems Incorporated)
    Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
    Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Gaming SDK 1.3 (HKLM-x32\...\{62FFC6DD-18BB-49FC-AF65-71FB1C0B08AA}) (Version: 1.3 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
    Adobe InCopy CC (HKLM-x32\...\{2606D96F-C1A3-1014-9A8F-E3561A1AC78D}) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe Muse (HKLM-x32\...\{9A554C9D-E12D-4205-8101-9F4337CD5673}) (Version: 7.1 - Adobe Systems Incorporated)
    Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 7.1.329 - Adobe Systems Incorporated)
    Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
    Adobe Prelude CC (HKLM-x32\...\{5D73C19B-BE10-44A6-96B2-A516756ED29F}) (Version: 2.2.0 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
    Adobe Scout CC (HKLM\...\{BA573BFE-83B4-11E3-93D2-D231FEB1DC81}) (Version: 1.1.3.354121 - Adobe Systems Incorporated)
    Adobe SpeedGrade CC (HKLM-x32\...\{29AA12E9-934C-485E-A9A1-D823FEB29880}) (Version: 7.2.0 - Adobe Systems Incorporated)
    Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.0 - Adobe Systems Incorporated)
    ADOM (Ancient Domains Of Mystery) (HKLM-x32\...\Steam App 333300) (Version: - Thomas Biskup)
    Agarest: Generations of War (HKLM-x32\...\Steam App 237890) (Version: - Idea Factory)
    AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.05 - ASUSTeK Computer Inc.)
    AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version: - Arcen Games, LLC)
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
    ASUS Easy Update 2 (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 3.00.08 - ASUSTeK Computer Inc.)
    ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.3.3 - MAGIX AG)
    ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
    ASUS MX Suite (HKLM-x32\...\MAGIX_{CFA9C800-9B0B-42E3-92E7-08B5AF2E192E}) (Version: 1.13.0.121 - MAGIX AG)
    ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
    ASUS Video easy (HKLM-x32\...\MAGIX_{E3185090-8796-46FB-A27F-6C844F106DAC}) (Version: 4.0.1.90 - MAGIX AG)
    ASUS Video easy (Version: 4.0.1.90 - MAGIX AG) Hidden
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
    ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
    ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
    Aveyond 3-1: Lord of Twilight (HKLM-x32\...\Steam App 272010) (Version: - Amaranth Games, LLC)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
    Chronicle (HKLM-x32\...\{9F6D8B64-4D34-4CB0-837C-27EAE669F703}) (Version: 1.0.2 - Jagex)
    Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
    Cockatrice (HKLM-x32\...\Cockatrice) (Version: - )
    Craft The World (HKLM-x32\...\Steam App 248390) (Version: - Dekovir Entertainment)
    Creeper World 3: Arc Eternal (HKLM-x32\...\Steam App 280220) (Version: - Knuckle Cracker)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version: - Level Up Labs, LLC)
    Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
    Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
    Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version: - AMPLITUDE Studios)
    Dwarfs!? (HKLM-x32\...\Steam App 35480) (Version: - Power of 2)
    eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
    Endless Legend (HKLM-x32\...\Steam App 289130) (Version: - AMPLITUDE Studios)
    Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)
    Evoland (HKLM-x32\...\Steam App 233470) (Version: - Shiro Games)
    Fallen Enchantress (HKLM-x32\...\Steam App 216390) (Version: - Stardock Entertainment)
    Fallen Enchantress: Legendary Heroes (HKLM-x32\...\Steam App 228260) (Version: - Stardock Entertainment)
    FORCED (HKLM-x32\...\Steam App 249990) (Version: - BetaDwarf)
    Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
    Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
    GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
    GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
    Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
    Hallmark Card Studio 2015 Deluxe (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home)
    Hand Of Fate (HKLM-x32\...\Steam App 266510) (Version: - Defiant Development)
    HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    Infested Planet (HKLM-x32\...\Steam App 204530) (Version: - Rocket Bear Games)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
    Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
    Kingdom Rush (HKLM-x32\...\Steam App 246420) (Version: - Ironhide Game Studio)
    Labyrinthine Dreams (HKLM-x32\...\Steam App 278570) (Version: - Solest Games)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Little Inferno (HKLM-x32\...\Steam App 221260) (Version: - Tomorrow Corporation)
    Magical Diary (HKLM-x32\...\Steam App 211340) (Version: - Hanako Games)
    Magical Diary 1.0.38.1 (HKLM-x32\...\Magical Diary - Horse Hall_is1) (Version: - Hanako Games)
    Majesty 2 Collection (HKLM-x32\...\Steam App 73020) (Version: - 1C:InoCo)
    Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microcosmum: survival of cells (HKLM-x32\...\Steam App 386260) (Version: - Alexander Byzov)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2036 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MyFreeCodec (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\MyFreeCodec) (Version: - )
    MyFreeCodec (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
    MyFreeCodec (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MyFreeCodec) (Version: - )
    NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.5 - NETGEAR)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.82 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
    NVIDIA Graphics Driver 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
    Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
    Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
    PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
    PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version: - Ndemic Creations)
    Planet Stronghold (HKLM-x32\...\Steam App 291050) (Version: - Winter Wolves)
    Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    Psychonauts (HKLM-x32\...\Steam App 3830) (Version: - Double Fine Productions)
    Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
    Risen (HKLM-x32\...\Steam App 40300) (Version: - Piranha – Bytes)
    Sakura Spirit (HKLM-x32\...\Steam App 313740) (Version: - Winged Cloud)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version: - Firaxis Games)
    Sins of a Solar Empire®: Rebellion (HKLM-x32\...\Steam App 204880) (Version: - Ironclad Games)
    SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
    Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
    Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - Keen Software House)
    Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - MinMax Games Ltd.)
    SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
    The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
    The Red Solstice (HKLM-x32\...\Steam App 265590) (Version: - Ironward)
    Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
    Unepic (HKLM-x32\...\Steam App 233980) (Version: - Francisco Téllez de Meneses)
    Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001_Classes\CLSID\{7ee50b5d-d2de-5faa-aa85-392bd9800210}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect64.dll (Adobe Systems)
    CustomCLSID: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00F76B61-B300-4D87-AB09-D2DCA259F209} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {028FF2C3-387D-4F3F-B84A-2C684C0278C3} - System32\Tasks\HP AR Program Upload - b5d0b6dc90ff4614af0646233a2eff59bc155295766b4969b44e334266c951ef => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
    Task: {04C26281-F316-47EB-A71D-F759822F67D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
    Task: {06B14C42-BAD4-4309-A092-3C72215FF0E4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
    Task: {0745290B-F701-4F1D-96D5-C42FC0935E3C} - System32\Tasks\{C445B01E-249E-47AA-9627-69366864E6DE} => Firefox.exe hxxp://ui.skype.com/ui/0/7.5.0.102/en/abandoninstall?page=tsMain
    Task: {0F413D4D-9491-48A8-B66F-2C7919C4C739} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
    Task: {1DC90499-3415-4A80-99B5-A81C952F51B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
    Task: {1FED96F2-6F79-485F-B3B2-8BD6FED97292} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {287520CC-B997-483F-AA26-28827AF1DA33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {3FD2FF3E-338C-44B3-BC93-14B2F721262A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {450D5914-B6BF-4C08-9BD2-C3BD8E9512EF} - \Safer-Surf Update -> No File <==== ATTENTION
    Task: {52829621-8B6A-4034-A7A2-089022C57E82} - System32\Tasks\AdobeAAMUpdater-1.0-Perrin-Enlonwhite => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
    Task: {59479234-D30D-477E-8B3F-DCE12AC16F07} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
    Task: {5FE9D6A8-33EB-499A-80E4-9FE4E84604B1} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
    Task: {68DEDADD-A6A0-4037-8720-5F85C4A6FD85} - System32\Tasks\ASUS\ASUS Easy Update 2 => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2013-07-04] (ASUSTeK Computer Inc.)
    Task: {7E78315D-51B4-45EC-8390-B2FA65D4F992} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {89A90BF3-E0CC-4EDD-BA7E-04A30507E304} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
    Task: {8C749E6F-0976-4F23-8010-314D7740396D} - \Safer-Surf_wd -> No File <==== ATTENTION
    Task: {9F1578F2-3470-4928-BC4F-310518E1E9D8} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {D6B45A1C-7A11-4D40-B6C1-E7D39E3F7507} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {EF7E62E1-1AEF-4A34-8AD7-4DF4A5821379} - System32\Tasks\HP AR Program Upload - afd52654200f4d5c9db2d279770b0c76090ca7b5ae094463a0d59d04dc2c9bee => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2013-08-20 10:07 - 2012-06-01 02:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2012-12-18 23:10 - 2012-12-18 23:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    2014-09-22 13:21 - 2014-08-18 14:50 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    2013-09-04 05:58 - 2015-08-25 07:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-02-11 03:21 - 2014-02-11 03:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
    2015-12-15 12:36 - 2015-12-15 12:36 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2014-09-22 13:21 - 2014-12-11 15:48 - 08397536 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    2014-03-13 15:51 - 2015-10-22 22:32 - 00175080 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
    2013-10-23 05:15 - 2015-10-22 22:32 - 00103400 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
    2013-10-23 05:15 - 2015-10-22 22:32 - 00108008 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
    2013-10-23 05:15 - 2015-10-22 22:32 - 00312296 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
    2013-10-23 05:15 - 2015-10-22 22:32 - 00483816 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
    2014-03-13 15:51 - 2015-09-27 16:28 - 00317440 _____ () C:\Program Files\TeamSpeak 3 Client\ssleay32.dll
    2014-03-13 15:51 - 2015-09-27 16:28 - 01709056 _____ () C:\Program Files\TeamSpeak 3 Client\LIBEAY32.dll
    2014-01-21 13:54 - 2014-01-21 13:54 - 01301688 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
    2016-01-20 22:48 - 2016-01-20 22:48 - 02344440 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.7\deploy\LoLLauncher.exe
    2016-01-20 22:48 - 2016-01-20 22:48 - 04319736 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\LoLPatcher.exe
    2016-01-20 22:48 - 2016-01-20 22:48 - 03107320 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\LoLPatcherUx.exe
    2013-08-20 10:07 - 2016-01-01 14:13 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2013-08-20 10:07 - 2010-06-28 19:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
    2014-07-17 09:17 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-07-17 09:17 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-07-17 09:17 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-09-22 13:21 - 2015-03-05 15:22 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
    2015-06-01 00:53 - 2015-06-24 04:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2014-09-22 13:21 - 2014-07-22 07:18 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 01424376 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\RiotLauncher.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 34851320 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\libcef.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 01383416 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\icui18n.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 01142264 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\icuuc.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 04382200 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\v8.dll
    2015-04-02 20:37 - 2015-11-10 12:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-04-02 20:37 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-04-02 20:37 - 2015-12-14 13:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-04-02 20:37 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-04-02 20:37 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-04-02 20:37 - 2015-09-23 17:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-04-02 20:37 - 2015-09-23 17:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-04-02 20:37 - 2015-09-23 17:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-04-02 20:37 - 2015-09-23 17:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-04-02 20:37 - 2015-09-23 17:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-04-02 20:37 - 2015-12-14 13:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2015-08-03 15:27 - 2015-11-03 15:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 00953336 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\ffmpegsumo.dll
    2015-04-02 20:37 - 2015-11-16 17:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-04-02 20:37 - 2015-09-24 16:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
  3. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7869 more sites.

    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

    There are 7868 more sites.

    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123simsen.com -> www.123simsen.com

    There are 7868 more sites.

    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123simsen.com -> www.123simsen.com

    There are 7868 more sites.

    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

    There are 7868 more sites.

    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123simsen.com -> www.123simsen.com

    There are 7868 more sites.

    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123simsen.com -> www.123simsen.com

    There are 7868 more sites.

    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\123simsen.com -> www.123simsen.com

    There are 7869 more sites.

    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

    There are 7869 more sites.

    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123simsen.com -> www.123simsen.com

    There are 7869 more sites.

    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

    There are 7869 more sites.

    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123simsen.com -> www.123simsen.com

    There are 7869 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 22:26 - 2016-01-22 22:53 - 00450719 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15461 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Enlonwhite\Pictures\Hero of the Sheild and Raphtillia Background.jpg
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Enlonwhite\Pictures\Hero of the Sheild and Raphtillia Background.jpg
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Enlonwhite\Pictures\Hero of the Sheild and Raphtillia Background.jpg
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
  4. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
    HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "AddressBookReminderApp"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\StartupApproved\Run: => "Overwolf"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\StartupApproved\Run: => "Safer-Surf"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Overwolf"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Safer-Surf"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Overwolf"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Safer-Surf"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{8464B5D3-87F9-4BEE-BC13-A233A3A4408A}C:\program files\hp\hp envy 5530 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5530 series\bin\hpnetworkcommunicatorcom.exe
    FirewallRules: [UDP Query User{A49995CC-11DE-480B-BB30-FFDA5E1694F4}C:\program files\hp\hp envy 5530 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5530 series\bin\hpnetworkcommunicatorcom.exe
    FirewallRules: [{4ABA932E-8893-47CE-BAC6-925036856828}] => (Block) C:\program files\hp\hp envy 5530 series\bin\hpnetworkcommunicatorcom.exe
    FirewallRules: [{DDCD5D17-B12B-4BB4-90DB-2398FDB18B77}] => (Block) C:\program files\hp\hp envy 5530 series\bin\hpnetworkcommunicatorcom.exe
    FirewallRules: [{B1F1C368-D809-4799-B94D-90466641AA35}] => (Allow) D:\Program Files\Steam\Steam.exe
    FirewallRules: [{D55D5D00-FE42-4AA1-AADB-A98E71F8BF2A}] => (Allow) D:\Program Files\Steam\Steam.exe
    FirewallRules: [TCP Query User{2D360CB3-35D3-4199-86A2-10ACA41152EA}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{E0440FDC-BE0B-4228-97F0-94CA2D97419C}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [TCP Query User{A3AA96F5-F3E5-4847-94D9-F60BFC727AAF}C:\users\enlonwhite\appdata\local\electronic arts\dawngate\game\dawngate.exe] => (Allow) C:\users\enlonwhite\appdata\local\electronic arts\dawngate\game\dawngate.exe
    FirewallRules: [UDP Query User{747B21D3-AB7F-429C-85FF-3884C1CCFF63}C:\users\enlonwhite\appdata\local\electronic arts\dawngate\game\dawngate.exe] => (Allow) C:\users\enlonwhite\appdata\local\electronic arts\dawngate\game\dawngate.exe
    FirewallRules: [{9D1CD347-0E9F-4A56-A5F4-0AED54EA6900}] => (Block) C:\users\enlonwhite\appdata\local\electronic arts\dawngate\game\dawngate.exe
    FirewallRules: [{C226FC37-10B5-4A09-9A7F-461AB7F8DBD7}] => (Block) C:\users\enlonwhite\appdata\local\electronic arts\dawngate\game\dawngate.exe
    FirewallRules: [{396FBF72-265E-4043-B692-271D6FE02D57}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
    FirewallRules: [{65E13F12-B2DC-4F97-BA02-9582245520A4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
    FirewallRules: [TCP Query User{FF8307DD-DD28-4626-8311-429F1B154D82}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{77CA1198-2627-4DD0-96FA-64EDC5F1F2FB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
    FirewallRules: [{0C5618C4-FE5A-495D-AAA0-DB432F9971A5}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
    FirewallRules: [{9918108D-A262-4711-8229-219CAA1618CB}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
    FirewallRules: [TCP Query User{DF9737C0-7623-43FF-B509-5519AD33AEA9}D:\skype\phone\skype.exe] => (Allow) D:\skype\phone\skype.exe
    FirewallRules: [UDP Query User{51AB98C8-3B04-468F-8B66-1517C5C8422A}D:\skype\phone\skype.exe] => (Allow) D:\skype\phone\skype.exe
    FirewallRules: [{C58C92D3-05C5-4EB9-A469-82068A4674D5}] => (Block) D:\skype\phone\skype.exe
    FirewallRules: [{E33E5516-4016-4680-8EF8-F8C0CF589A69}] => (Allow) D:\Program Files\Steam\SteamApps\common\Portal 2\portal2.exe
    FirewallRules: [{85082015-1D65-4A98-A992-CF9B373EFB2C}] => (Allow) D:\Program Files\Steam\SteamApps\common\Portal 2\portal2.exe
    FirewallRules: [TCP Query User{7167BF16-A71F-4B8F-83FE-7B799CC09F4A}D:\program files\steam\steamapps\common\payday 2\payday2_win32_release.exe] => (Allow) D:\program files\steam\steamapps\common\payday 2\payday2_win32_release.exe
    FirewallRules: [UDP Query User{7386E242-5ACE-438C-93A2-314AE99B4AD7}D:\program files\steam\steamapps\common\payday 2\payday2_win32_release.exe] => (Allow) D:\program files\steam\steamapps\common\payday 2\payday2_win32_release.exe
    FirewallRules: [{48C51BD6-713E-4E41-9D0E-988A60F4BE7E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [{A259AA43-D8A1-4508-AB99-90E421D85FE7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [{277B6644-13C1-4992-B151-F3D2C9882899}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{E074DC21-B7AC-4C1D-9805-DF179FF79100}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{1FA204F9-61B8-4A84-86CB-ACA247D61136}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
    FirewallRules: [{BA1B1BD0-0432-4459-B9C4-29F7A5B85CF5}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{9B50D1F7-CE6E-4A83-B6BE-99E080871348}D:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
    FirewallRules: [UDP Query User{3F641324-851C-41DB-B873-6A8B7F64D6E8}D:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
    FirewallRules: [{227B4A10-7C33-48AB-9135-B4AD90D94395}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{3E315D4A-8BFB-4F77-AC1E-B6ADDFC57AA6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{D9DB24C3-E909-4ADF-8FD2-78B94CA2FF42}] => (Allow) D:\Program Files\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{8B1C3B8F-7E81-4808-8651-D14431944452}] => (Allow) D:\Program Files\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{D9D9EB4D-0BB0-49CB-AADB-82869265B0A5}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dungeon of the Endless\DungeonoftheEndless.exe
    FirewallRules: [{68199423-51B4-4B7E-B33B-CF6DA6505EBB}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dungeon of the Endless\DungeonoftheEndless.exe
    FirewallRules: [{A77756B8-1FE1-4369-941F-FC0B4838B116}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
    FirewallRules: [{6FF51A3E-0A3B-442B-B532-67E3DF9CE4D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
    FirewallRules: [TCP Query User{F6DBE197-5162-4312-BE4A-72D9B028FB23}D:\program files\steam\steamapps\common\endless space\endlessspace.exe] => (Allow) D:\program files\steam\steamapps\common\endless space\endlessspace.exe
    FirewallRules: [UDP Query User{B5972D3F-8D6C-4CF9-83D4-9274435BCCB4}D:\program files\steam\steamapps\common\endless space\endlessspace.exe] => (Allow) D:\program files\steam\steamapps\common\endless space\endlessspace.exe
    FirewallRules: [{7D28FA50-E89B-425F-9906-467DAFF16E5B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
    FirewallRules: [{2D582200-A728-4D8C-A1CA-7632E1457E5E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
    FirewallRules: [TCP Query User{463115E4-6FAE-4FCB-994B-4C2425F35F2C}D:\program files\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\program files\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
    FirewallRules: [UDP Query User{E785DC44-A565-4898-B275-3B2459A8669E}D:\program files\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\program files\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
    FirewallRules: [TCP Query User{3703E0D5-D118-4E69-96DF-2C4D16981D71}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
    FirewallRules: [UDP Query User{568828FF-EED5-470D-B6E2-7DB1F13656F4}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
    FirewallRules: [{9F196EC1-F0F0-4A1C-A13E-9B9E3E3D7CD5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{E055DBB2-1B1A-4A0A-9E92-48F12C25AF7C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{3FA4A4F2-C989-4CFC-BEEA-1E184E2738A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{0CDDC748-DC2A-4C97-A2E3-4D4C0D981247}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{424EB707-A567-45DA-B6C0-6CF415B9306C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{1FBDFA9B-433D-43FD-9836-8B13038AC637}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{4991CF82-B5C0-4226-85AC-C5C51ED54D3E}] => (Allow) D:\Program Files\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{B1AC335A-5C57-43D5-B627-A1C654F14E5D}] => (Allow) D:\Program Files\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{6AB123F4-A277-4334-ADAF-068FC058A19C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{DDBB3CD2-C497-4041-85AC-3A5195DBF4C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{22F9A8E2-6F7D-49CD-B6B9-CE52A2037F15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{6A21CA1A-C658-4A3A-A943-15D45D907D91}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{079874F0-3783-440F-984C-CF2ADAA01D64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [{16F6C5A5-DBE3-4582-B1A2-F42DA7F1EDE8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [{C01015D8-EDA9-4E30-B93D-AF391EB768CE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{02C646E1-971C-4F4E-A54E-5DABC37BB947}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{62E66732-0F92-419C-B31C-5EA5B3E46275}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{9955C43E-982B-46B1-958A-EF5E4F755F17}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{9A612E6D-FE23-4680-B807-3C5AEE4C19E4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{74A7DD6D-DC29-44A9-880A-07DBC5396A9C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{7EAF61DA-181D-407D-A201-C22D1F79886E}] => (Allow) D:\StarCraft II\StarCraft II.exe
    FirewallRules: [{628589E8-8C7B-4BDB-AA4B-FC6F2F34AEC2}] => (Allow) D:\StarCraft II\StarCraft II.exe
    FirewallRules: [TCP Query User{18B2D4C0-3199-4EE7-BB72-59A438453F76}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
    FirewallRules: [UDP Query User{9486B565-5460-470F-ABF2-F129A2A5FE68}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
    FirewallRules: [{BA28EAEC-8E94-4927-B24F-4D96E77F330C}] => (Allow) D:\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [{E058A966-51BE-4FEE-A096-B46D329FDA3E}] => (Allow) D:\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [TCP Query User{0623FC0A-020B-42FF-AA47-5174A58878DC}D:\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [UDP Query User{8532C4F9-FBAA-407F-A771-5C78F7479C89}D:\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [{CA72E021-D95D-4FBB-8A20-157F3DA5AAD7}] => (Allow) D:\Program Files\Steam\SteamApps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{2FEEC905-F868-4A02-964A-A12F25E0A4C9}] => (Allow) D:\Program Files\Steam\SteamApps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{2C4D5DFA-6896-4493-B99F-04E06F4CB0B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{8DEA413E-8EB2-47DC-9023-B5C616E1ED63}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{DFC499B2-FE5E-4646-A321-F98DB8A88D6D}] => (Allow) D:\Program Files\Steam\SteamApps\common\RPGVXAce\RPGVXAce.exe
    FirewallRules: [{1D724543-06F8-46A9-9320-9C2B8B936F89}] => (Allow) D:\Program Files\Steam\SteamApps\common\RPGVXAce\RPGVXAce.exe
    FirewallRules: [TCP Query User{5CA4C956-0CF3-4D78-91C0-32A3A35F8B1E}D:\program files\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) D:\program files\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
    FirewallRules: [UDP Query User{1F602CBB-EBB6-498D-95ED-1AB312ABC836}D:\program files\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) D:\program files\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
    FirewallRules: [TCP Query User{57128711-90FF-4A9A-8851-44F5D865944A}D:\program files\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) D:\program files\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
    FirewallRules: [UDP Query User{591A40BF-9851-42B5-B52E-BB9E7A401476}D:\program files\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) D:\program files\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
    FirewallRules: [{1A2BEA52-A38A-429F-A2FC-CEAE59184FFF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
    FirewallRules: [{6616FAB3-FAAA-459D-ABE7-F2C9CDB189CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
    FirewallRules: [{56825295-4E09-4EF4-8E84-508E58305437}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{8F56CA0B-8108-4441-9A69-DB2876FA5203}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [TCP Query User{4AE9688E-7805-4F90-831D-B4FBE6F1A0DA}D:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
    FirewallRules: [UDP Query User{F966A42B-F6A4-421D-B63A-17E4A62B7695}D:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
    FirewallRules: [{75F552DD-7378-48BA-A7E7-7F45FAC69DF7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{9D638C49-5FE9-4D18-8672-DE7CFDB7A0DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{EAE1A55B-6DA1-4411-BCDA-91615B464DE0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{AECAD349-23E6-4E11-86E7-B4FC9904B3F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{7BDFF299-6588-4FC3-B912-A86870722F56}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{BE98CE27-C15B-4A82-9914-4605DA8D4BAD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{35138A10-9D7C-4159-91D9-0D162BB31F7A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{78B41DB7-0A8D-48DA-BE79-717995B6C39D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{8129E1FE-7D24-4C7C-8A6F-7FF09961AC78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
    FirewallRules: [{F8258540-861A-4C1C-A694-C2D562499746}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
    FirewallRules: [{779554D1-75B2-435B-83D0-77F08BD06F42}] => (Allow) D:\Program Files\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
    FirewallRules: [{2D96F4AE-BD65-43FF-93EB-95C12733E5D6}] => (Allow) D:\Program Files\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
    FirewallRules: [{CB99D04F-D58A-4200-B83C-E72A0669086B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [{D2ADCA18-49E8-4E31-A0F0-68181F4AC3D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [{35FEBB4A-6C67-496D-AA52-73C18DC6F918}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS16DE\HPDiagnosticCoreUI.exe
    FirewallRules: [{6B1A8A00-792E-42C7-A0F4-5658A3EEAC34}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS16DE\HPDiagnosticCoreUI.exe
    FirewallRules: [{E70EEAD4-EE05-4E7A-89DD-8E2010DF6713}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS4A8D\HPDiagnosticCoreUI.exe
    FirewallRules: [{03CACF88-63A1-4765-A793-828A1F62292C}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS4A8D\HPDiagnosticCoreUI.exe
    FirewallRules: [{E0569E1F-B709-4E75-B779-A45879AB50C0}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS19F4\HPDiagnosticCoreUI.exe
    FirewallRules: [{2EFA793D-63F8-43CE-B082-2A0DF2F0B51E}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS19F4\HPDiagnosticCoreUI.exe
    FirewallRules: [TCP Query User{DC210443-3A77-4D7A-81B2-DC2A633CD2C3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{4475D8E9-2A67-4A29-944B-87996ADF564B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{1F946075-2B76-4515-8C07-5309F99B97EC}] => (Allow) D:\Program Files\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
    FirewallRules: [{4EEB9ABD-90FE-4FE5-BC15-977D0799A4AE}] => (Allow) D:\Program Files\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
    FirewallRules: [{1EBC5EDC-E803-4928-A647-D0B1A787F20F}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS7721\HPDiagnosticCoreUI.exe
    FirewallRules: [{F352D8E8-6CDA-4572-B790-98B86542E657}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS7721\HPDiagnosticCoreUI.exe
    FirewallRules: [{EAA82965-1FA4-4B05-A167-99DBAC57741B}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS7760\HPDiagnosticCoreUI.exe
    FirewallRules: [{F50E16A9-C0F0-4D96-8374-CF6AC63D0CD1}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS7760\HPDiagnosticCoreUI.exe
    FirewallRules: [{5AA915CF-795A-4C84-814C-16CBF8FA71B9}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
    FirewallRules: [{AE769EB4-4940-4B6C-9B32-A28BFAD969F2}] => (Allow) LPort=5357
    FirewallRules: [{E406B9BF-A6D4-4198-9D0C-95FDEBADD717}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{5A940467-98DF-4E4C-ACC4-A454394B0559}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS29E9\HPDiagnosticCoreUI.exe
    FirewallRules: [{27FD3365-1B54-48D3-9765-49066A083169}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS29E9\HPDiagnosticCoreUI.exe
    FirewallRules: [{DBD6AF65-1791-44A7-985F-4FD257C1E443}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{0428BD34-3F17-4348-9C39-C4C0C31213CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{BED681CE-FAAD-4DA9-B02C-98310CA4D7B8}] => (Allow) D:\SteamLibrary\steamapps\common\Endless Space\EndlessSpace.exe
    FirewallRules: [{9E5F0C01-3329-4EA2-B918-393ADFB4166C}] => (Allow) D:\SteamLibrary\steamapps\common\Endless Space\EndlessSpace.exe
    FirewallRules: [{120271AA-1F0D-4513-8B37-7D54C9F3DA38}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{9313EFF8-FCCB-479E-ABE1-7BDF6656652B}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{AF7F5AB2-6605-4964-9E0F-66B10F895BC0}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS4002\HPDiagnosticCoreUI.exe
    FirewallRules: [{4560A46C-058A-4A10-BE65-529494EDBCBB}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS4002\HPDiagnosticCoreUI.exe
    FirewallRules: [{62354451-F72B-41E0-B460-1F3B531C2EC3}] => (Allow) D:\SteamLibrary\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
    FirewallRules: [{7F85D92D-4F95-428A-B85B-6B9A203737CB}] => (Allow) D:\SteamLibrary\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
    FirewallRules: [{F4409022-2292-4155-BEC8-30D5F0406E0E}] => (Allow) D:\SteamLibrary\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
    FirewallRules: [{82D5C7E6-A502-4A11-A431-898695097E50}] => (Allow) D:\SteamLibrary\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
    FirewallRules: [{B52B5C40-79C5-4248-8502-B7E232A1A7EC}] => (Allow) D:\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
    FirewallRules: [{6C67B593-034A-43E6-9F62-A65BFFCFCA7C}] => (Allow) D:\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
    FirewallRules: [{3E05A2AE-E392-481C-8B9D-902B06B3E688}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
    FirewallRules: [{072A3253-8836-4955-BE3F-06B6BEFB8F58}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
    FirewallRules: [{26FA8751-D65C-405D-B7A9-6CB962E6364C}] => (Allow) D:\SteamLibrary\steamapps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{5DEBE1A2-9CEC-405D-A3B5-1C12D4084575}] => (Allow) D:\SteamLibrary\steamapps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{186E25BD-CC2E-4D28-9025-F232F171D5A8}] => (Allow) D:\SteamLibrary\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
    FirewallRules: [{9162DB05-FB69-4639-8F50-5C53C136D9F6}] => (Allow) D:\SteamLibrary\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
    FirewallRules: [{FCC10723-66EA-43EE-94B5-C327C045F372}] => (Allow) D:\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{03911259-CAD3-42C0-9196-F9119F71A3CB}] => (Allow) D:\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{A485FCCA-A7A0-407F-A16E-0436CBE24BE6}] => (Allow) D:\SteamLibrary\steamapps\common\Kingdom Rush\Kingdom Rush.exe
    FirewallRules: [{BE7E37C3-7215-49EE-8906-CE30A2F087B1}] => (Allow) D:\SteamLibrary\steamapps\common\Kingdom Rush\Kingdom Rush.exe
    FirewallRules: [{FAD3ACF8-09C8-4F66-ADFF-B82C7818B3F7}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS1BBF\HPDiagnosticCoreUI.exe
    FirewallRules: [{4380D575-B2E2-4F14-BD3F-1EB58378A80F}] => (Allow) C:\Users\Enlonwhite\AppData\Local\Temp\7zS1BBF\HPDiagnosticCoreUI.exe
    FirewallRules: [TCP Query User{68AE0E78-0952-41E5-AF3A-1BA99498013B}D:\steamlibrary\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\steamlibrary\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
    FirewallRules: [UDP Query User{6F027FE2-9691-440D-A200-1277CF14BB33}D:\steamlibrary\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\steamlibrary\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
    FirewallRules: [TCP Query User{9BF043BC-3592-4FC3-AE0B-7019C6724421}D:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
    FirewallRules: [UDP Query User{496298BF-EF91-49B7-9C74-D78EF2803F05}D:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
    FirewallRules: [TCP Query User{85D2CB33-FE12-4CCD-BC69-18274BCC8864}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
    FirewallRules: [UDP Query User{46F2D8A9-6F35-4C20-9015-F01969EA1B70}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
    FirewallRules: [{DEAF93E6-E6B2-4393-93EA-67E57EB2BDE3}] => (Allow) D:\SteamLibrary\steamapps\common\Labyrinthine Dreams\Game.exe
    FirewallRules: [{33492429-440C-4A67-8D86-131D087658CD}] => (Allow) D:\SteamLibrary\steamapps\common\Labyrinthine Dreams\Game.exe
    FirewallRules: [{D265F330-A275-4ABD-822F-ABE114021C0E}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
    FirewallRules: [{DE015424-E5E0-4DD3-9238-573089C537E0}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
    FirewallRules: [TCP Query User{1963CD93-87EC-481F-B1B0-0663DBB2D23E}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
    FirewallRules: [UDP Query User{AA5BFA59-C876-487E-A8D3-913486E7A445}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
    FirewallRules: [{FE5EDA63-6503-47E5-8B9E-938509DA19D4}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [{3B5C6B0A-F12D-41B2-A525-D0439FCDDB21}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [{2ECA027B-9311-4E8A-A84E-25BE108761D0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{078A1DE5-B91C-4D41-B1A3-55E0D80F9192}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{457FD483-1870-4E95-8517-72047520C8BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{6421BBDB-97BD-4DE6-8074-E461C08A6ECF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{1CBC39B3-A9C1-49C3-9337-9D340B31A1C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{552EA33B-713C-40C6-AC03-3ACC6E412347}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{51972ECE-CD47-4133-9955-318C8658F51E}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [UDP Query User{5760915F-89A5-44AA-94C4-7A5E8BB4C0FB}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [TCP Query User{6E005C85-039C-4980-9961-6A9B9500B764}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
    FirewallRules: [UDP Query User{E799670C-C06B-4F50-A4BD-7B982535F75F}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
    FirewallRules: [{03943A0A-B0EF-403A-92D1-AB00C745D2E3}] => (Allow) D:\SteamLibrary\steamapps\common\Sakura Spirit\Sakura Spirit.exe
    FirewallRules: [{D74682D4-C190-4697-A0BC-C5EED94B8CA0}] => (Allow) D:\SteamLibrary\steamapps\common\Sakura Spirit\Sakura Spirit.exe
    FirewallRules: [{C7A556E3-00BC-449F-995A-892047772438}] => (Allow) D:\SteamLibrary\steamapps\common\Space Pirates and Zombies\SpazGame.exe
    FirewallRules: [{E5491405-BA95-47AA-8F52-E17EADE7DFCE}] => (Allow) D:\SteamLibrary\steamapps\common\Space Pirates and Zombies\SpazGame.exe
    FirewallRules: [{24E0660B-8E83-47E0-BF5F-E8C2CAF88CF0}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{DAEE773D-9E90-4505-97DF-FAA3A07F1CCF}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{19F24ABD-F55D-4967-8562-A4DDA85B9B20}] => (Allow) D:\SteamLibrary\steamapps\common\FORCED\FORCED.exe
    FirewallRules: [{580B0686-5F3E-4287-B6E1-F0BE6D76EDA7}] => (Allow) D:\SteamLibrary\steamapps\common\FORCED\FORCED.exe
    FirewallRules: [{12746E8E-002A-4B79-AAD5-3FFD5CCCD143}] => (Allow) D:\SteamLibrary\steamapps\common\Hand of Fate\Hand of Fate.exe
    FirewallRules: [{0A785004-6690-46C8-A438-95782AF1E3C3}] => (Allow) D:\SteamLibrary\steamapps\common\Hand of Fate\Hand of Fate.exe
    FirewallRules: [{9142107A-3027-499E-A65A-81AA8D88167B}] => (Allow) D:\SteamLibrary\steamapps\common\Infested Planet\InfestedPlanet.exe
    FirewallRules: [{66AE63AF-83D5-46F2-845C-0D88EF096557}] => (Allow) D:\SteamLibrary\steamapps\common\Infested Planet\InfestedPlanet.exe
    FirewallRules: [{DE6D3CD8-12E5-4F56-941B-C16D3C097A70}] => (Allow) D:\SteamLibrary\steamapps\common\AI War Fleet Command\AIWar.exe
    FirewallRules: [{DB59E8C5-00EF-42E8-8642-E6657DEFCDC8}] => (Allow) D:\SteamLibrary\steamapps\common\AI War Fleet Command\AIWar.exe
    FirewallRules: [{307CD1AA-C36C-427C-B9B7-F52D84B7EBB3}] => (Allow) D:\SteamLibrary\steamapps\common\tbs\win32\The Banner Saga.exe
    FirewallRules: [{22D7AC7B-F456-4511-9E2C-91F3D234A37B}] => (Allow) D:\SteamLibrary\steamapps\common\tbs\win32\The Banner Saga.exe
    FirewallRules: [{57B24FDA-D5B5-4418-96A3-B376C9C62E6F}] => (Allow) D:\SteamLibrary\steamapps\common\Unepic\unepic.exe
    FirewallRules: [{A4733CE7-2C3D-4CF5-BCA6-323BE22968AF}] => (Allow) D:\SteamLibrary\steamapps\common\Unepic\unepic.exe
    FirewallRules: [{65EBD1FE-C934-4165-BD00-055A338B1F7D}] => (Allow) D:\SteamLibrary\steamapps\common\PlanetStronghold\Planet Stronghold.exe
    FirewallRules: [{4870C62E-E0EE-4230-9AC2-1382949C5E9E}] => (Allow) D:\SteamLibrary\steamapps\common\PlanetStronghold\Planet Stronghold.exe
    FirewallRules: [{6D3DC96C-3F9D-4E39-8AB1-B564264A51AC}] => (Allow) D:\SteamLibrary\steamapps\common\Little Inferno Beta\Little Inferno.exe
    FirewallRules: [{C60E1408-9C44-433E-90E6-591544CA4F5F}] => (Allow) D:\SteamLibrary\steamapps\common\Little Inferno Beta\Little Inferno.exe
    FirewallRules: [{01CB94DD-E56E-4F57-B848-AB077D9546CA}] => (Allow) D:\SteamLibrary\steamapps\common\Magical Diary\MagicalDiary.exe
    FirewallRules: [{BF225EA1-29B4-4AA7-A178-68ABC9AA3B49}] => (Allow) D:\SteamLibrary\steamapps\common\Magical Diary\MagicalDiary.exe
    FirewallRules: [{E48877C3-4BD2-4EEC-93A5-0163BAC86079}] => (Allow) D:\SteamLibrary\steamapps\common\Evoland\Evoland.exe
    FirewallRules: [{8BD31778-C650-4949-A284-5CFE97CC4018}] => (Allow) D:\SteamLibrary\steamapps\common\Evoland\Evoland.exe
    FirewallRules: [{7E855204-26A5-4256-9317-11697CA3513D}] => (Allow) D:\SteamLibrary\steamapps\common\CraftTheWorld\CraftWorld.exe
    FirewallRules: [{957F09D6-34A0-4373-9924-4030D1025267}] => (Allow) D:\SteamLibrary\steamapps\common\CraftTheWorld\CraftWorld.exe
    FirewallRules: [{76D296CC-B5E9-4314-85D9-C3F30BC80B9A}] => (Allow) D:\SteamLibrary\steamapps\common\Majesty 2 Collection\Majesty2.exe
    FirewallRules: [{33FB86D0-907B-4408-9AFB-BA608C0722CB}] => (Allow) D:\SteamLibrary\steamapps\common\Majesty 2 Collection\Majesty2.exe
    FirewallRules: [{7A97BC4D-DB64-4C33-9BB2-13CF935C04B2}] => (Allow) D:\SteamLibrary\steamapps\common\Majesty 2 Collection\M2Editor.exe
    FirewallRules: [{FF33B400-395D-4EF9-B3AB-6016503F6CC2}] => (Allow) D:\SteamLibrary\steamapps\common\Majesty 2 Collection\M2Editor.exe
    FirewallRules: [{F5F863E3-0F4B-454F-A2B6-26A4B642205A}] => (Allow) D:\SteamLibrary\steamapps\common\Psychonauts\Psychonauts.exe
    FirewallRules: [{31E06A10-F93B-455B-95E3-3B3C28CCDB9B}] => (Allow) D:\SteamLibrary\steamapps\common\Psychonauts\Psychonauts.exe
    FirewallRules: [{C1D50D66-E354-4E63-9A35-850CD88A2C2B}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
    FirewallRules: [{011C1C76-BC54-455C-848A-5A51946E4769}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
    FirewallRules: [{9B69823A-49AE-44BB-A5EA-42D4D6BD4203}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
    FirewallRules: [{1419DEE7-DFD8-4FB7-8D43-8FD05F6A73AF}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
    FirewallRules: [TCP Query User{A036AEA2-65FB-4B5D-9FB6-CD480462E0A3}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
    FirewallRules: [UDP Query User{94275C1C-C189-499D-BB0F-E15930D6A899}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
    FirewallRules: [{4E809A3E-7D0E-4364-8D3B-A5E680913D9B}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [{FF0E6A16-21DA-47B0-9700-944358809A4E}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [TCP Query User{02355E6C-037C-4F70-9CC3-8E2F19272724}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{A738323D-6F2D-42A5-B363-16A5FF51A1F5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{66C586BB-68E3-4D20-81D5-8997D2C00233}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{FD9A66FD-49D7-4444-8691-561A2115559E}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{245EA52C-DD72-4CB1-8869-7F63866310F1}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{717632FA-C539-432E-9B10-CE98A11648BC}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [TCP Query User{71B2AD36-20AD-45C6-BD3A-F74FF5E05585}D:\steamlibrary\steamapps\common\greygoo\instanceserverg.exe] => (Allow) D:\steamlibrary\steamapps\common\greygoo\instanceserverg.exe
    FirewallRules: [UDP Query User{B512A2D3-C121-4449-812D-6736ECC7E21D}D:\steamlibrary\steamapps\common\greygoo\instanceserverg.exe] => (Allow) D:\steamlibrary\steamapps\common\greygoo\instanceserverg.exe
    FirewallRules: [TCP Query User{3BC6A4B9-9997-41D1-862D-F883A858BFA1}D:\steamlibrary\steamapps\common\greygoo\goog.exe] => (Allow) D:\steamlibrary\steamapps\common\greygoo\goog.exe
    FirewallRules: [UDP Query User{7C594E45-85DF-4AC4-82C5-AAE98FFFF9D6}D:\steamlibrary\steamapps\common\greygoo\goog.exe] => (Allow) D:\steamlibrary\steamapps\common\greygoo\goog.exe
    FirewallRules: [TCP Query User{2363BE1B-ED8A-44AD-A483-859538480851}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{7947AF95-274D-4115-86A9-787E33D443E6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{5CA0B2E0-337E-43C5-B7A7-56E881E02650}] => (Allow) D:\SteamLibrary\steamapps\common\TheRedSolstice\bin\Game.exe
    FirewallRules: [{83A5EBF6-3C80-45AA-9FF1-6AF01D64EF15}] => (Allow) D:\SteamLibrary\steamapps\common\TheRedSolstice\bin\Game.exe
    FirewallRules: [{BA091112-8B0C-44ED-AE88-CD02D905C067}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{50CB54EF-534C-4E75-9EBC-644B180D3B77}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{299B3121-2820-45E3-86FD-2F1361AB9660}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{06E0BA86-C292-4243-B6AE-929DF6AB3BEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{07D6021D-0692-4962-8930-0CB0F005E134}] => (Allow) D:\SteamLibrary\steamapps\common\Creeper World 3\CW3.exe
    FirewallRules: [{2557C11B-36AB-4AD4-BD33-AED7FBC7E889}] => (Allow) D:\SteamLibrary\steamapps\common\Creeper World 3\CW3.exe
    FirewallRules: [{A0AFC22E-FFB8-474F-A401-87E0B576B6CD}] => (Allow) D:\SteamLibrary\steamapps\common\ADOM\adom.exe
    FirewallRules: [{AC80E265-37C3-447B-AFEB-3CD93AC031C6}] => (Allow) D:\SteamLibrary\steamapps\common\ADOM\adom.exe
    FirewallRules: [{812BE9CC-DDA6-4706-9042-0CB065F4C2B6}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
    FirewallRules: [{2E4E208E-FA55-49AD-AB63-59401C064B88}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
    FirewallRules: [{D3A9328E-B4AE-40BA-B62E-74B6DA5967C4}] => (Allow) D:\SteamLibrary\steamapps\common\Risen\bin\Risen.exe
    FirewallRules: [{A0C5D4C6-4537-478C-A26E-0856D565922C}] => (Allow) D:\SteamLibrary\steamapps\common\Risen\bin\Risen.exe
    FirewallRules: [{D9E66995-5178-4DD2-B28E-E1CA9551B46A}] => (Allow) D:\SteamLibrary\steamapps\common\Microcosmum Survival of cells\Microcosmum.exe
    FirewallRules: [{3DC173CA-232D-4650-AA19-E7246DA0D4D0}] => (Allow) D:\SteamLibrary\steamapps\common\Microcosmum Survival of cells\Microcosmum.exe
    FirewallRules: [{1ACA4609-4FD6-4A59-A487-A00F9C7B43AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{22EA9DB7-45DE-4816-A1B9-9418FB401132}] => (Allow) D:\SteamLibrary\steamapps\common\SpaceChem\SpaceChem.exe
    FirewallRules: [{4B630A1C-F8FE-4281-B70C-18ACB7F6A465}] => (Allow) D:\SteamLibrary\steamapps\common\SpaceChem\SpaceChem.exe
    FirewallRules: [{4AEF9D00-CE9B-44C0-81A6-2CA4137E4E67}] => (Allow) D:\SteamLibrary\steamapps\common\Endless Legend\EndlessLegend.exe
    FirewallRules: [{B54EF387-C8C3-4D27-BFC8-8028AB8F3DD7}] => (Allow) D:\SteamLibrary\steamapps\common\Endless Legend\EndlessLegend.exe
    FirewallRules: [{1818833B-49F2-4745-A3E2-56310FD92036}] => (Allow) D:\SteamLibrary\steamapps\common\Dwarfs\Dwarfs.exe
    FirewallRules: [{226FA515-5346-4842-AA00-B6A3029DC3E7}] => (Allow) D:\SteamLibrary\steamapps\common\Dwarfs\Dwarfs.exe
    FirewallRules: [{9EEC8F44-706D-40CD-AA16-C647502D40A0}] => (Allow) D:\SteamLibrary\steamapps\common\Agarest Generations of War\Agarest.exe
    FirewallRules: [{4C85D288-2398-4354-AB90-51E273A58857}] => (Allow) D:\SteamLibrary\steamapps\common\Agarest Generations of War\Agarest.exe
    FirewallRules: [{8FB01776-338D-4D95-B9F1-593FA73E1B2C}] => (Allow) D:\SteamLibrary\steamapps\common\Elemental Fallen Enchantress\FallenEnchantress.exe
    FirewallRules: [{63CE0ABB-F7C7-4A21-9E27-D4503D2097E9}] => (Allow) D:\SteamLibrary\steamapps\common\Elemental Fallen Enchantress\FallenEnchantress.exe
    FirewallRules: [{E2786C3C-33AD-45DE-B117-04FDED9913EE}] => (Allow) D:\SteamLibrary\steamapps\common\FE Legendary Heroes\LegendaryHeroes.exe
    FirewallRules: [{3B4604A1-5B14-4A11-9C3F-5A9D5D748994}] => (Allow) D:\SteamLibrary\steamapps\common\FE Legendary Heroes\LegendaryHeroes.exe
    FirewallRules: [{6418AA9A-B688-4DD5-A96C-2D3D059CC4F8}] => (Allow) D:\SteamLibrary\steamapps\common\PlagueInc\PlagueIncEvolved.exe
    FirewallRules: [{D19A8AC9-23B3-4CC3-931B-4AB8D0829C2A}] => (Allow) D:\SteamLibrary\steamapps\common\PlagueInc\PlagueIncEvolved.exe
    FirewallRules: [{5CFE27EA-B7F0-4D5C-81DA-551821A2EDCE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
     
  5. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    ==================== Restore Points =========================

    06-01-2016 00:16:38 Scheduled Checkpoint
    13-01-2016 20:55:07 Scheduled Checkpoint
    22-01-2016 04:15:31 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/22/2016 05:13:52 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (01/22/2016 04:45:38 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (01/22/2016 04:21:28 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (01/21/2016 09:47:54 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (01/21/2016 09:42:46 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (01/20/2016 10:48:09 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
    Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
    Exception code: 0xc0000005
    Fault offset: 0x000b8554
    Faulting process id: 0x19e0
    Faulting application start time: 0xrads_user_kernel.exe0
    Faulting application path: rads_user_kernel.exe1
    Faulting module path: rads_user_kernel.exe2
    Report Id: rads_user_kernel.exe3
    Faulting package full name: rads_user_kernel.exe4
    Faulting package-relative application ID: rads_user_kernel.exe5

    Error: (01/19/2016 12:09:55 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (01/15/2016 01:43:35 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (01/15/2016 01:36:53 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (01/15/2016 01:26:25 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


    System errors:
    =============
    Error: (01/22/2016 11:38:40 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer DAVID-HP
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0B83961E-3DCD-4828-A150-1E6D07427E45}.
    The master browser is stopping or an election is being forced.

    Error: (01/22/2016 12:39:48 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/21/2016 09:38:16 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer DAVID-HP
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0B83961E-3DCD-4828-A150-1E6D07427E45}.
    The master browser is stopping or an election is being forced.

    Error: (01/21/2016 12:34:06 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2016 10:48:50 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer DAVID-HP
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0B83961E-3DCD-4828-A150-1E6D07427E45}.
    The master browser is stopping or an election is being forced.

    Error: (01/19/2016 10:12:28 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer DAVID-HP
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0B83961E-3DCD-4828-A150-1E6D07427E45}.
    The master browser is stopping or an election is being forced.

    Error: (01/19/2016 04:18:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/19/2016 12:00:08 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer DAVID-HP
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0B83961E-3DCD-4828-A150-1E6D07427E45}.
    The master browser is stopping or an election is being forced.

    Error: (01/15/2016 07:58:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/15/2016 01:19:22 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer DAVID-HP
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0B83961E-3DCD-4828-A150-1E6D07427E45}.
    The master browser is stopping or an election is being forced.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4440S CPU @ 2.80GHz
    Percentage of memory in use: 39%
    Total physical RAM: 8131.74 MB
    Available physical RAM: 4899.46 MB
    Total Virtual: 16323.74 MB
    Available Virtual: 12461.67 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:150 GB) (Free:26.55 GB) NTFS
    Drive d: (Data) (Fixed) (Total:759.33 GB) (Free:265.63 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 629B6DBE)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    Apparently roguekiller requires a disk in the disk drive to continue a scan? Well I happen to have a photo disk given to me from a friends wedding pictures it can scan that. XD dont know why it requires one in the drive thats seems ridiculous of a requirement.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I'm not aware of anything like that.
    What's the exact message?
     
  9. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    Exact message is like "No disk in disk drive, please insert disk" and I have the options of Cancel, try again, or Continue. I just put a disk in the drive that is probly read only and let it be (as it does not stop popping up if I cancel or continue, try again I am sure is just a look again command so I ignored that). As for the main issue, RogueKiller freezes the scan at 58% or 73% of the overall scan, secondary % shown bar freezes at different percentages each time. I ran it four times, oh yea a friend told me to mention my network setup, its Modem to router, wireless signal to my computer, roommates computer is Cable linked to the router.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Skip RK.
     
  11. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    Will do, as for this week I have alot of overtime to do until sunday so if I dont respond til then I apologize. I will start the other processes asap
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  13. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    Apparently I have auto scan on, and it did it like three times this week all the same result so I just posted one
     

    Attached Files:

  14. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    I own a paid for copy of MBAM, I love it
     
  15. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    Oh ya not upload but copy paste text.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/31/2016
    Scan Time: 5:06 AM
    Logfile: MBAM scan log 31st of jan.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.01.31.01
    Rootkit Database: v2016.01.20.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Enlonwhite

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 421298
    Time Elapsed: 38 min, 9 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  16. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    And the Adware cleaner

    # AdwCleaner v5.032 - Logfile created 02/02/2016 at 04:21:50
    # Updated 31/01/2016 by Xplode
    # Database : 2016-01-31.1 [Server]
    # Operating system : Windows 8 (x64)
    # Username : Enlonwhite - PERRIN
    # Running from : C:\Users\Enlonwhite\Downloads\adwcleaner_5.032.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files (x86)\myfree codec
    [-] Folder Deleted : C:\ProgramData\apn
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
    [-] Folder Deleted : C:\Users\ENLONW~1\AppData\Local\Temp\apn
    [-] Folder Deleted : C:\Users\Enlonwhite\AppData\Local\SevereWeatherAlerts
    [-] Folder Deleted : C:\Users\Enlonwhite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts

    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update sizlsearch
    [-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Util sizlsearch
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AD36574C-B9D6-4579-A839-8EABE783778B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15AE08DB-FBB7-4F64-9795-F14A1640F072}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AD36574C-B9D6-4579-A839-8EABE783778B}
    [-] Key Deleted : HKCU\Software\Myfree Codec
    [-] Key Deleted : HKCU\Software\UpdateFiles
    [-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    [!] Key Not Deleted : HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\Software\Myfree Codec
    [!] Key Not Deleted : HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\Software\UpdateFiles
    [!] Key Not Deleted : HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    [-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Safer-surf]
    [!] Value Not Deleted : HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\Software\Microsoft\Windows\CurrentVersion\Run [Safer-surf]
    [-] Value Deleted : HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Safer-surf]

    ***** [ Web browsers ] *****

    [-] [C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2907 bytes] ##########
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I still need two other logs.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Still with me?
     
  19. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 8 x64
    Ran by Enlonwhite (Administrator) on Mon 02/08/2016 at 1:31:49.00
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 14

    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\crashrpt (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GMNQSVX (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W3S3CE0 (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53Z9S48A (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SKDDVW0 (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9C5LY402 (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPI4NYXP (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKYTUE2O (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0DBV3XX (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQK1C5KT (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQ1X4UY0 (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0NEK98G (Folder)
    Successfully deleted: C:\Users\Enlonwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9JUFKAO (Folder)
    Successfully deleted: C:\Windows\SysWOW64\RENB56C.tmp (File)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 02/08/2016 at 1:35:17.45
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  20. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    I was told to skip RogueKiller so I cant give that log, and Rogue killer keeps freezing on the scan anyways
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Still with me?
     
  23. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    Sorry got a new girlfriend and got carried away. will run it tonight and post
     
  24. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
    Ran by Enlonwhite (administrator) on PERRIN (17-02-2016 00:30:52)
    Running from C:\Users\Enlonwhite\Downloads
    Loaded Profiles: Enlonwhite (Available Profiles: Enlonwhite & Brandy)
    Platform: Windows 8 (X64) Language: English (United States)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
    () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
    (Farbar) C:\Users\Enlonwhite\Downloads\FRST64(1).exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-05] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-08-20] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [AddressBookReminderApp] => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\ReminderApp.exe
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [689304 2012-09-23] (Adobe Systems Incorporated)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\RunOnce: [Uninstall C:\Users\Enlonwhite\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Enlonwhite\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\MountPoints2: {c188a6ab-3bf0-11e4-be9b-ac220b8af147} - "G:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\MountPoints2: {ea58ad9d-d97d-11e4-beb0-ac220b8af147} - "G:\unlock.exe" autoplay=true
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2015-01-05]
    ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\Planner\PLNRnote.exe (Creative Home)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2015-05-26]
    ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0B83961E-3DCD-4828-A150-1E6D07427E45}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{39875994-5A60-4A5F-A0D6-EE13B0ECF40F}: [DhcpNameServer] 192.168.0.1 205.171.2.25
    Tcpip\..\Interfaces\{AF9CB5DC-F502-4991-B03A-933E0CCD81ED}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{C4149972-AAF8-4811-87D5-E54F8B0FD68E}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-02-02] (Oracle Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-02-02] (Oracle Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Enlonwhite\AppData\Roaming\Mozilla\Firefox\Profiles\b6taq5xa.default-1430545408265
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
    FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-02-02] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-02-02] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-02-11] (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-02-11] (Adobe Systems)
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Enlonwhite\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-31] (Citrix Online)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001: adobe.com/AdobeExManCCDetect32 -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect32.dll [2013-12-05] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001: adobe.com/AdobeExManCCDetect64 -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect64.dll [2013-12-05] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4140476658-2958252324-4128759861-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Extension: Adblock Plus - C:\Users\Enlonwhite\AppData\Roaming\Mozilla\Firefox\Profiles\b6taq5xa.default-1430545408265\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-12-24] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29]
    CHR Extension: (Google Drive) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-03]
    CHR Extension: (YouTube) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-03]
    CHR Extension: (Google Search) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
    CHR Extension: (Adobe Acrobat) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-12-03]
    CHR Extension: (Google Docs Offline) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-03]
    CHR Extension: (Gmail) - C:\Users\Enlonwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-02]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-06-23] (ASUSTeK Computer Inc.)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
    S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-10-09] (BitRaider, LLC)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
    S3 Origin Client Service; D:\Origin\OriginClientService.exe [2099720 2015-11-26] (Electronic Arts)
    S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-04-25] (Microsoft Corporation)
    R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316120 2014-08-18] ()
    S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [X]
    S3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
    R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
    S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-10-09] (BitRaider)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-25] (Broadcom Corporation)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-01] ()
    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-16] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
    R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
    U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [24688 2016-01-24] ()
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
    S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-04-25] (Microsoft Corporation)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35232 2013-04-25] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [230904 2013-04-25] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-17 00:30 - 2016-02-17 00:30 - 02370560 _____ (Farbar) C:\Users\Enlonwhite\Downloads\FRST64(1).exe
    2016-02-08 01:58 - 2016-02-08 01:58 - 00000222 _____ C:\Users\Enlonwhite\Desktop\Winged Sakura Mindy's Arc.url
    2016-02-08 01:46 - 2016-02-08 01:46 - 00000000 ____D C:\Users\Enlonwhite\Desktop\Scan Logs and Junkware Removal TOOL
    2016-02-03 00:24 - 2016-02-14 13:25 - 00000000 ____D C:\Users\Enlonwhite\AppData\Local\CrashDumps
    2016-02-02 14:09 - 2016-01-22 22:53 - 00450719 _____ C:\Windows\system32\Drivers\etc\hosts.20160202-140910.backup
    2016-02-02 00:30 - 2016-02-02 00:30 - 01508352 _____ C:\Users\Enlonwhite\Downloads\adwcleaner_5.032.exe
    2016-01-28 22:47 - 2016-01-28 22:47 - 00000000 ____D C:\Users\Enlonwhite\Documents\League of Legends
    2016-01-25 17:59 - 2016-01-25 17:59 - 00000000 _____ C:\Windows\Minidump\012516-13125-01.dmp
    2016-01-25 00:55 - 2016-01-25 17:06 - 00000000 ____D C:\Users\Enlonwhite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
    2016-01-25 00:55 - 2016-01-25 17:06 - 00000000 ____D C:\Users\Enlonwhite\AppData\Local\Discord
    2016-01-25 00:55 - 2016-01-25 02:36 - 00000000 ____D C:\Users\Enlonwhite\AppData\Roaming\discord
    2016-01-25 00:55 - 2016-01-25 00:55 - 49419440 _____ (Hammer & Chisel, Inc.) C:\Users\Enlonwhite\Downloads\DiscordSetup.exe
    2016-01-25 00:55 - 2016-01-25 00:55 - 00000000 ____D C:\Users\Enlonwhite\AppData\Local\SquirrelTemp
    2016-01-24 15:21 - 2016-01-24 15:21 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-01-24 15:21 - 2016-01-24 15:21 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-01-24 15:18 - 2016-01-24 15:20 - 20932168 _____ C:\Users\Enlonwhite\Downloads\RogueKiller.exe
    2016-01-23 01:17 - 2016-01-23 01:17 - 00000000 ____D C:\Users\Enlonwhite\Documents\ProcAlyzer Dumps
    2016-01-22 23:51 - 2016-01-22 23:52 - 217812544 _____ (COMODO) C:\Users\Enlonwhite\Downloads\cispremium_installer.exe
    2016-01-22 23:44 - 2016-02-17 00:30 - 00026807 _____ C:\Users\Enlonwhite\Downloads\FRST.txt
    2016-01-22 23:44 - 2016-02-17 00:30 - 00000000 ____D C:\FRST
    2016-01-22 23:44 - 2016-01-22 23:48 - 00122758 _____ C:\Users\Enlonwhite\Downloads\Addition.txt
    2016-01-22 23:43 - 2016-01-22 23:43 - 02370560 _____ (Farbar) C:\Users\Enlonwhite\Downloads\FRST64.exe
    2016-01-22 04:26 - 2016-01-22 04:22 - 00450654 _____ C:\Windows\system32\Drivers\etc\hosts.20160122-042624.backup

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-17 00:30 - 2014-08-15 10:49 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-02-17 00:30 - 2013-12-10 02:25 - 00000000 ____D C:\Users\Enlonwhite\AppData\Roaming\Skype
    2016-02-17 00:19 - 2013-12-16 01:59 - 00000000 ____D C:\Users\Enlonwhite\AppData\Roaming\TS3Client
    2016-02-16 23:59 - 2013-12-11 05:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-02-16 23:38 - 2014-07-05 15:35 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-16 21:49 - 2012-07-26 00:59 - 00000000 ____D C:\Windows\CbsTemp
    2016-02-16 19:14 - 2014-07-16 23:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-02-16 17:11 - 2015-07-01 21:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-02-16 17:00 - 2013-12-10 02:24 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4140476658-2958252324-4128759861-1001
    2016-02-16 16:51 - 2014-07-05 15:35 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-16 16:51 - 2013-12-11 05:41 - 00000000 ____D C:\Users\Enlonwhite\AppData\Local\Adobe
    2016-02-15 00:39 - 2013-09-04 05:58 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-02-15 00:39 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-02-12 22:39 - 2014-07-05 15:37 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-12 22:17 - 2013-12-10 02:25 - 00000000 ____D C:\ProgramData\Skype
    2016-02-09 21:25 - 2012-07-26 01:12 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-09 21:25 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent
    2016-02-09 15:59 - 2013-12-11 05:42 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-02-08 01:29 - 2015-06-09 01:47 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
    2016-02-05 00:47 - 2015-06-05 19:01 - 00000000 ____D C:\Users\Enlonwhite\AppData\Roaming\Curse Client
    2016-02-02 04:21 - 2014-07-16 23:47 - 00000000 ____D C:\AdwCleaner
    2016-02-02 01:24 - 2015-06-09 01:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
    2016-02-02 01:24 - 2015-06-09 01:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
    2016-02-02 00:33 - 2014-07-05 15:35 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-02 00:33 - 2014-07-05 15:35 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-02-02 00:31 - 2013-12-10 02:37 - 00000000 ____D C:\ProgramData\Oracle
    2016-02-02 00:26 - 2015-08-18 17:48 - 00000000 ____D C:\Users\Enlonwhite\.oracle_jre_usage
    2016-02-02 00:26 - 2015-06-10 14:06 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2016-02-02 00:26 - 2015-06-10 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-02-02 00:26 - 2013-12-23 04:26 - 00000000 ____D C:\Program Files\Java
    2016-01-28 22:44 - 2012-07-26 01:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-01-28 22:43 - 2013-08-20 10:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-01-25 17:59 - 2015-09-25 21:04 - 614474757 _____ C:\Windows\MEMORY.DMP
    2016-01-25 17:59 - 2014-01-20 18:05 - 00000000 ____D C:\Windows\Minidump
    2016-01-24 00:34 - 2015-01-24 13:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-01-22 04:33 - 2014-02-06 16:00 - 00000000 ____D C:\Users\Enlonwhite\AppData\Local\Google

    ==================== Files in the root of some directories =======

    2014-03-26 21:38 - 2014-03-28 21:41 - 0001456 _____ () C:\Users\Enlonwhite\AppData\Local\Adobe Save for Web 13.0 Prefs
    2013-12-13 02:14 - 2014-04-29 23:23 - 0007672 _____ () C:\Users\Enlonwhite\AppData\Local\Resmon.ResmonCfg
    2014-03-29 17:44 - 2014-03-29 17:44 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some files in TEMP:
    ====================
    C:\Users\Enlonwhite\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Enlonwhite\AppData\Local\Temp\jre-8u71-windows-au.exe
    C:\Users\Enlonwhite\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Enlonwhite\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-16 17:00

    ==================== End of FRST.txt ============================
     
  25. Enlonwhite

    Enlonwhite TS Member Topic Starter Posts: 23

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
    Ran by Enlonwhite (2016-01-22 23:44:59)
    Running from C:\Users\Enlonwhite\Downloads
    Windows 8 (X64) (2013-12-10 07:36:54)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4140476658-2958252324-4128759861-500 - Administrator - Disabled)
    Brandy (S-1-5-21-4140476658-2958252324-4128759861-1002 - Administrator - Enabled) => C:\Users\Brandy
    Enlonwhite (S-1-5-21-4140476658-2958252324-4128759861-1001 - Administrator - Enabled) => C:\Users\Enlonwhite
    Guest (S-1-5-21-4140476658-2958252324-4128759861-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
    Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
    Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
    Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
    Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
    Adobe Edge Animate CC (HKLM-x32\...\{1C5E96F4-6F15-4A96-BF62-9D1F60B44FF1}) (Version: 3.0 - Adobe Systems Incorporated)
    Adobe Edge Code CC (HKLM-x32\...\{641F742F-1497-51B4-F481-1037096A90A0}) (Version: 0.97 - Adobe Systems Incorporated)
    Adobe Edge Inspect CC (HKLM-x32\...\{67D22EA0-4601-4450-9C99-042DABB0A315}) (Version: 1.0.408 - Adobe Systems Incorporated)
    Adobe Edge Reflow CC Preview (HKLM\...\{4CBD2327-FA4C-4D42-8903-CE1E96FE0FBF}) (Version: 0.37.15833 - Adobe Systems Incorporated)
    Adobe Exchange Panel (HKLM-x32\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)
    Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
    Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.1.1 - Adobe Systems Incorporated)
    Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
    Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Gaming SDK 1.3 (HKLM-x32\...\{62FFC6DD-18BB-49FC-AF65-71FB1C0B08AA}) (Version: 1.3 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
    Adobe InCopy CC (HKLM-x32\...\{2606D96F-C1A3-1014-9A8F-E3561A1AC78D}) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe Muse (HKLM-x32\...\{9A554C9D-E12D-4205-8101-9F4337CD5673}) (Version: 7.1 - Adobe Systems Incorporated)
    Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 7.1.329 - Adobe Systems Incorporated)
    Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
    Adobe Prelude CC (HKLM-x32\...\{5D73C19B-BE10-44A6-96B2-A516756ED29F}) (Version: 2.2.0 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
    Adobe Scout CC (HKLM\...\{BA573BFE-83B4-11E3-93D2-D231FEB1DC81}) (Version: 1.1.3.354121 - Adobe Systems Incorporated)
    Adobe SpeedGrade CC (HKLM-x32\...\{29AA12E9-934C-485E-A9A1-D823FEB29880}) (Version: 7.2.0 - Adobe Systems Incorporated)
    Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.0 - Adobe Systems Incorporated)
    ADOM (Ancient Domains Of Mystery) (HKLM-x32\...\Steam App 333300) (Version: - Thomas Biskup)
    Agarest: Generations of War (HKLM-x32\...\Steam App 237890) (Version: - Idea Factory)
    AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.05 - ASUSTeK Computer Inc.)
    AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version: - Arcen Games, LLC)
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
    ASUS Easy Update 2 (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 3.00.08 - ASUSTeK Computer Inc.)
    ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.3.3 - MAGIX AG)
    ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
    ASUS MX Suite (HKLM-x32\...\MAGIX_{CFA9C800-9B0B-42E3-92E7-08B5AF2E192E}) (Version: 1.13.0.121 - MAGIX AG)
    ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
    ASUS Video easy (HKLM-x32\...\MAGIX_{E3185090-8796-46FB-A27F-6C844F106DAC}) (Version: 4.0.1.90 - MAGIX AG)
    ASUS Video easy (Version: 4.0.1.90 - MAGIX AG) Hidden
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
    ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
    ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
    Aveyond 3-1: Lord of Twilight (HKLM-x32\...\Steam App 272010) (Version: - Amaranth Games, LLC)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
    Chronicle (HKLM-x32\...\{9F6D8B64-4D34-4CB0-837C-27EAE669F703}) (Version: 1.0.2 - Jagex)
    Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
    Cockatrice (HKLM-x32\...\Cockatrice) (Version: - )
    Craft The World (HKLM-x32\...\Steam App 248390) (Version: - Dekovir Entertainment)
    Creeper World 3: Arc Eternal (HKLM-x32\...\Steam App 280220) (Version: - Knuckle Cracker)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version: - Level Up Labs, LLC)
    Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
    Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
    Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version: - AMPLITUDE Studios)
    Dwarfs!? (HKLM-x32\...\Steam App 35480) (Version: - Power of 2)
    eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
    Endless Legend (HKLM-x32\...\Steam App 289130) (Version: - AMPLITUDE Studios)
    Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)
    Evoland (HKLM-x32\...\Steam App 233470) (Version: - Shiro Games)
    Fallen Enchantress (HKLM-x32\...\Steam App 216390) (Version: - Stardock Entertainment)
    Fallen Enchantress: Legendary Heroes (HKLM-x32\...\Steam App 228260) (Version: - Stardock Entertainment)
    FORCED (HKLM-x32\...\Steam App 249990) (Version: - BetaDwarf)
    Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
    Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
    GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
    GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
    Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
    Hallmark Card Studio 2015 Deluxe (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home)
    Hand Of Fate (HKLM-x32\...\Steam App 266510) (Version: - Defiant Development)
    HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    Infested Planet (HKLM-x32\...\Steam App 204530) (Version: - Rocket Bear Games)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
    Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
    Kingdom Rush (HKLM-x32\...\Steam App 246420) (Version: - Ironhide Game Studio)
    Labyrinthine Dreams (HKLM-x32\...\Steam App 278570) (Version: - Solest Games)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Little Inferno (HKLM-x32\...\Steam App 221260) (Version: - Tomorrow Corporation)
    Magical Diary (HKLM-x32\...\Steam App 211340) (Version: - Hanako Games)
    Magical Diary 1.0.38.1 (HKLM-x32\...\Magical Diary - Horse Hall_is1) (Version: - Hanako Games)
    Majesty 2 Collection (HKLM-x32\...\Steam App 73020) (Version: - 1C:InoCo)
    Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microcosmum: survival of cells (HKLM-x32\...\Steam App 386260) (Version: - Alexander Byzov)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2036 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MyFreeCodec (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001\...\MyFreeCodec) (Version: - )
    MyFreeCodec (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
    MyFreeCodec (HKU\S-1-5-21-4140476658-2958252324-4128759861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MyFreeCodec) (Version: - )
    NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.5 - NETGEAR)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.82 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
    NVIDIA Graphics Driver 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
    Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
    Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
    PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
    PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version: - Ndemic Creations)
    Planet Stronghold (HKLM-x32\...\Steam App 291050) (Version: - Winter Wolves)
    Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    Psychonauts (HKLM-x32\...\Steam App 3830) (Version: - Double Fine Productions)
    Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
    Risen (HKLM-x32\...\Steam App 40300) (Version: - Piranha – Bytes)
    Sakura Spirit (HKLM-x32\...\Steam App 313740) (Version: - Winged Cloud)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version: - Firaxis Games)
    Sins of a Solar Empire®: Rebellion (HKLM-x32\...\Steam App 204880) (Version: - Ironclad Games)
    SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
    Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
    Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - Keen Software House)
    Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - MinMax Games Ltd.)
    SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
    The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
    The Red Solstice (HKLM-x32\...\Steam App 265590) (Version: - Ironward)
    Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
    Unepic (HKLM-x32\...\Steam App 233980) (Version: - Francisco Téllez de Meneses)
    Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001_Classes\CLSID\{7ee50b5d-d2de-5faa-aa85-392bd9800210}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect64.dll (Adobe Systems)
    CustomCLSID: HKU\S-1-5-21-4140476658-2958252324-4128759861-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00F76B61-B300-4D87-AB09-D2DCA259F209} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {028FF2C3-387D-4F3F-B84A-2C684C0278C3} - System32\Tasks\HP AR Program Upload - b5d0b6dc90ff4614af0646233a2eff59bc155295766b4969b44e334266c951ef => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
    Task: {04C26281-F316-47EB-A71D-F759822F67D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
    Task: {06B14C42-BAD4-4309-A092-3C72215FF0E4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
    Task: {0745290B-F701-4F1D-96D5-C42FC0935E3C} - System32\Tasks\{C445B01E-249E-47AA-9627-69366864E6DE} => Firefox.exe hxxp://ui.skype.com/ui/0/7.5.0.102/en/abandoninstall?page=tsMain
    Task: {0F413D4D-9491-48A8-B66F-2C7919C4C739} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
    Task: {1DC90499-3415-4A80-99B5-A81C952F51B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
    Task: {1FED96F2-6F79-485F-B3B2-8BD6FED97292} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {287520CC-B997-483F-AA26-28827AF1DA33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {3FD2FF3E-338C-44B3-BC93-14B2F721262A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {450D5914-B6BF-4C08-9BD2-C3BD8E9512EF} - \Safer-Surf Update -> No File <==== ATTENTION
    Task: {52829621-8B6A-4034-A7A2-089022C57E82} - System32\Tasks\AdobeAAMUpdater-1.0-Perrin-Enlonwhite => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
    Task: {59479234-D30D-477E-8B3F-DCE12AC16F07} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
    Task: {5FE9D6A8-33EB-499A-80E4-9FE4E84604B1} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
    Task: {68DEDADD-A6A0-4037-8720-5F85C4A6FD85} - System32\Tasks\ASUS\ASUS Easy Update 2 => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2013-07-04] (ASUSTeK Computer Inc.)
    Task: {7E78315D-51B4-45EC-8390-B2FA65D4F992} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {89A90BF3-E0CC-4EDD-BA7E-04A30507E304} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
    Task: {8C749E6F-0976-4F23-8010-314D7740396D} - \Safer-Surf_wd -> No File <==== ATTENTION
    Task: {9F1578F2-3470-4928-BC4F-310518E1E9D8} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {D6B45A1C-7A11-4D40-B6C1-E7D39E3F7507} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {EF7E62E1-1AEF-4A34-8AD7-4DF4A5821379} - System32\Tasks\HP AR Program Upload - afd52654200f4d5c9db2d279770b0c76090ca7b5ae094463a0d59d04dc2c9bee => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2013-08-20 10:07 - 2012-06-01 02:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2012-12-18 23:10 - 2012-12-18 23:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    2014-09-22 13:21 - 2014-08-18 14:50 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    2013-09-04 05:58 - 2015-08-25 07:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-02-11 03:21 - 2014-02-11 03:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
    2015-12-15 12:36 - 2015-12-15 12:36 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2014-09-22 13:21 - 2014-12-11 15:48 - 08397536 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    2014-03-13 15:51 - 2015-10-22 22:32 - 00175080 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
    2013-10-23 05:15 - 2015-10-22 22:32 - 00103400 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
    2013-10-23 05:15 - 2015-10-22 22:32 - 00108008 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
    2013-10-23 05:15 - 2015-10-22 22:32 - 00312296 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
    2013-10-23 05:15 - 2015-10-22 22:32 - 00483816 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
    2014-03-13 15:51 - 2015-09-27 16:28 - 00317440 _____ () C:\Program Files\TeamSpeak 3 Client\ssleay32.dll
    2014-03-13 15:51 - 2015-09-27 16:28 - 01709056 _____ () C:\Program Files\TeamSpeak 3 Client\LIBEAY32.dll
    2014-01-21 13:54 - 2014-01-21 13:54 - 01301688 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
    2016-01-20 22:48 - 2016-01-20 22:48 - 02344440 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.7\deploy\LoLLauncher.exe
    2016-01-20 22:48 - 2016-01-20 22:48 - 04319736 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\LoLPatcher.exe
    2016-01-20 22:48 - 2016-01-20 22:48 - 03107320 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\LoLPatcherUx.exe
    2013-08-20 10:07 - 2016-01-01 14:13 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2013-08-20 10:07 - 2010-06-28 19:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
    2014-07-17 09:17 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-07-17 09:17 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-07-17 09:17 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-09-22 13:21 - 2015-03-05 15:22 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
    2015-06-01 00:53 - 2015-06-24 04:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2014-09-22 13:21 - 2014-07-22 07:18 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 01424376 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\RiotLauncher.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 34851320 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\libcef.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 01383416 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\icui18n.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 01142264 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\icuuc.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 04382200 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\v8.dll
    2015-04-02 20:37 - 2015-11-10 12:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-04-02 20:37 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-04-02 20:37 - 2015-12-14 13:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-04-02 20:37 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-04-02 20:37 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-04-02 20:37 - 2015-09-23 17:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-04-02 20:37 - 2015-09-23 17:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-04-02 20:37 - 2015-09-23 17:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-04-02 20:37 - 2015-09-23 17:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-04-02 20:37 - 2015-09-23 17:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-04-02 20:37 - 2015-12-14 13:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2015-08-03 15:27 - 2015-11-03 15:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
    2016-01-20 22:48 - 2016-01-20 22:48 - 00953336 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\ffmpegsumo.dll
    2015-04-02 20:37 - 2015-11-16 17:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-04-02 20:37 - 2015-09-24 16:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...