TechSpot

Malwarebytes Blocking Malicious Sites

By ZenWaves
May 20, 2015
  1. As the title says. I feel like im being watched.. please help lol

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
    Ran by javonmhawk (administrator) on ZEN on 20-05-2015 15:31:47
    Running from C:\Users\javonmhawk\Downloads
    Loaded Profiles: javonmhawk & (Available profiles: javonmhawk)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQPCRTP.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessus-service.exe
    (Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessusd.exe
    (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQPCTray.exe
    (vdc) C:\vdc.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    (Spotify Ltd) C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    (Spotify Ltd) C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\QQPCNetFlow.exe
    (Spotify Ltd) C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe
    (Spotify Ltd) C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe
    Failed to access process -> explorer.exe
    (Microsoft Corporation) C:\Windows\System32\WerFault.exe
    (Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQPCRealTimeSpeedup.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)
    HKLM\...\Run: [vdc] => c:\vdc.exe [29696 2015-05-16] (vdc)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-01] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQPCTray.exe [355296 2015-05-15] (Tencent)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-13] (Electronic Arts)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [4726872 2015-03-18] (AAA Internet Publishing, Inc.)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [Spotify Web Helper] => C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-18] (Spotify Ltd)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [Spotify] => C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-18] (Spotify Ltd)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\MountPoints2: {e3faffaa-9b89-11e4-8257-806e6f6e6963} - "D:\Autorun.exe"
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [131072 2013-08-22] (Microsoft Corporation)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-13] (Electronic Arts)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [4726872 2015-03-18] (AAA Internet Publishing, Inc.)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-18] (Spotify Ltd)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-18] (Spotify Ltd)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e3faffaa-9b89-11e4-8257-806e6f6e6963} - "D:\Autorun.exe"
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [131072 2013-08-22] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-26]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QMGCShellExt64.dll [2015-05-15] (Tencent)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-30] (Oracle Corporation)
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TSWebMon64.dat [2015-05-15] (Tencent)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO-x32: 应用宝一键安装插件 -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-30] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
    Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-03-24] (Initex)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-03-24] (Initex)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-03-24] (Initex)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-03-24] (Initex)
    Winsock: Catalog9 15 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152 2015-03-24] (Tencent)
    Winsock: Catalog9 16 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152 2015-03-24] (Tencent)
    Winsock: Catalog9 17 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152 2015-03-24] (Tencent)
    Winsock: Catalog9 18 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152 2015-03-24] (Tencent)
    Winsock: Catalog9 19 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-03-24] (Initex)
    Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2015-03-24] (Initex)
    Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2015-03-24] (Initex)
    Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2015-03-24] (Initex)
    Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2015-03-24] (Initex)
    Winsock: Catalog9-x64 15 C:\Windows\system32\WTFastDrv.dll [79464 2015-03-24] (Initex)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default
    FF SearchEngineOrder.1: Search By ZoneAlarm
    FF SelectedSearchEngine: Search By ZoneAlarm
    FF Homepage: https://duckduckgo.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-02] ()
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-30] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-30] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-30] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-30] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\npQMExtensionsMozilla.dll [2015-05-15] (Tencent Technology (Shenzhen) Company Limited)
    FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTLogin.dll [2013-12-30] (Tencent)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\user.js [2015-03-25]
    FF SearchPlugin: C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\searchplugins\zonealarm.xml [2015-03-25]
    FF Extension: zonealarm.com - C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\Extensions\ffxtlbr@zonealarm.com [2015-03-25]
    FF Extension: Adblock Plus - C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-23]
    FF HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    FF HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
    S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-03-22] (Microsoft Corporation)
    R2 iprip; C:\Windows\System32\iprip.dll [34816 2015-03-22] (Microsoft Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-23] (Electronic Arts)
    R2 QQPCRTP; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQPCRTP.exe [297608 2015-05-15] (Tencent)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    S3 TAOFrame; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TAOFrame.exe [293728 2015-05-15] (Tencent)
    R2 Tenable Nessus; C:\Program Files\Tenable\Nessus\nessus-service.exe [17376 2015-03-27] (Tenable Network Security, Inc)
    R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
    R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-10] (Kaspersky Lab ZAO)
    S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-06-10] (Kaspersky Lab)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-10] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490080 2014-06-10] (Kaspersky Lab ZAO)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-20] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed]
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R1 QMUdisk; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QMUdisk64.sys [62264 2015-04-17] (Tencent)
    R1 QqGameMasterControl; C:\Windows\system32\drivers\QMTgpNetflow764.sys [47928 2013-12-13] (tencent)
    R1 QqGameMasterControl; C:\Windows\SysWOW64\drivers\QMTgpNetflow764.sys [47928 2013-12-13] (tencent)
    R2 QQSysMonX64; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQSysMonX64.sys [129336 2015-05-15] (电脑管家)
    S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
    R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99640 2015-05-15] (Tencent)
    R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-05-15] (Tencent Technology(Shenzhen) Company Limited)
    S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-04-12] (TENCENT)
    R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-05-15] (电脑管家)
    R3 TS888x64; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TS888x64.sys [28984 2015-05-20] (Tencent)
    R1 TSCPM; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\tscpm64.sys [42296 2015-05-15] (电脑管家)
    S1 TSDefenseBt; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TSDefenseBT64.sys [28472 2015-05-15] (Tencent)
    R1 TSSysKit; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TSSysKit64.sys [87352 2015-05-15] (电脑管家)
    R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-20 15:31 - 2015-05-20 15:31 - 02107904 _____ (Farbar) C:\Users\javonmhawk\Downloads\FRST64.exe
    2015-05-20 15:31 - 2015-05-20 15:31 - 00019232 _____ () C:\Users\javonmhawk\Downloads\FRST.txt
    2015-05-20 15:31 - 2015-05-20 15:31 - 00000000 ____D () C:\FRST
    2015-05-20 15:30 - 2015-05-20 15:30 - 01146880 _____ (Farbar) C:\Users\javonmhawk\Downloads\FRST.exe
    2015-05-18 17:07 - 2015-05-20 15:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-18 16:00 - 2015-05-18 16:00 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-05-18 16:00 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-05-18 16:00 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-05-18 16:00 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-05-18 14:46 - 2015-05-18 14:47 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\javonmhawk\Downloads\mbam-setup-2.1.6.1022.exe
    2015-05-16 11:54 - 2015-05-16 11:54 - 00029696 _____ (vdc) C:\vdc.exe
    2015-05-15 16:55 - 2015-05-15 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2015-05-15 15:54 - 2015-05-15 15:53 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2015-05-15 15:54 - 2015-05-15 15:53 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2015-05-13 01:24 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-13 01:24 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-13 01:24 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-13 01:24 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-13 01:24 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-13 01:24 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-13 01:24 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-13 01:24 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-13 01:24 - 2015-04-21 11:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2015-05-13 01:24 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-13 01:24 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-13 01:24 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-13 01:24 - 2015-04-21 11:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-05-13 01:24 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-13 01:24 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-13 01:24 - 2015-04-21 10:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-05-13 01:24 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-13 01:24 - 2015-04-21 10:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-05-13 01:24 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-13 01:24 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-05-13 01:24 - 2015-04-21 10:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-05-13 01:24 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-13 01:24 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-13 01:24 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-13 01:24 - 2015-04-21 10:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-05-13 01:24 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-13 01:24 - 2015-04-21 10:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-05-13 01:24 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-13 01:24 - 2015-04-21 10:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-05-13 01:24 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-13 01:24 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-13 01:24 - 2015-04-21 10:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-05-13 01:24 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-13 01:24 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-13 01:24 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-13 01:24 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-05-13 01:24 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-13 01:24 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-13 01:24 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-05-13 01:22 - 2015-04-30 15:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 01:22 - 2015-04-30 15:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-12 18:05 - 2015-04-13 17:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-12 18:05 - 2015-04-09 20:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-12 18:05 - 2015-04-09 19:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-12 18:05 - 2015-04-09 19:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-12 18:05 - 2015-03-30 00:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-05-12 18:05 - 2015-03-26 22:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-12 18:05 - 2015-03-26 21:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-05-12 18:05 - 2015-03-26 21:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-05-12 18:05 - 2014-10-28 21:42 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-05-12 18:05 - 2014-10-28 20:19 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-05-12 18:05 - 2014-10-28 19:59 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-05-12 18:04 - 2015-04-30 18:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-12 18:04 - 2015-04-30 17:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-12 18:03 - 2015-04-08 17:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-08 17:10 - 2015-05-08 17:13 - 78683444 _____ () C:\Users\javonmhawk\Downloads\preservation__september_1200.zip
    2015-05-02 12:57 - 2015-05-02 12:57 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Macromedia
    2015-04-24 15:53 - 2015-04-24 15:54 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\yspkg5eua0il

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-20 15:31 - 2014-12-30 11:49 - 01236270 _____ () C:\Windows\WindowsUpdate.log
    2015-05-20 15:28 - 2015-04-03 21:58 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Spotify
    2015-05-20 15:24 - 2015-04-03 22:00 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Spotify
    2015-05-20 15:23 - 2015-03-24 10:00 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    2015-05-20 15:19 - 2015-04-12 15:24 - 00001024 _____ () C:\.rnd
    2015-05-20 15:19 - 2014-03-18 04:54 - 00065416 _____ () C:\Windows\PFRO.log
    2015-05-20 15:19 - 2013-08-22 09:46 - 00064717 _____ () C:\Windows\setupact.log
    2015-05-20 15:19 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-19 23:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-05-19 22:17 - 2015-03-23 20:37 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Warframe
    2015-05-19 20:05 - 2015-03-20 19:06 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A46DFE9-4646-4D03-92DD-360A27E6859E}
    2015-05-18 19:09 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Branding
    2015-05-18 17:48 - 2015-03-20 18:59 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-1002
    2015-05-17 19:47 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-05-17 08:53 - 2015-03-24 03:00 - 00435308 _____ () C:\Windows\system32\prfh0804.dat
    2015-05-17 08:53 - 2015-03-24 03:00 - 00135332 _____ () C:\Windows\system32\prfc0804.dat
    2015-05-17 08:53 - 2014-03-18 05:03 - 01434808 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-16 04:48 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-05-15 16:15 - 2015-03-23 20:00 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Tencent
    2015-05-15 15:54 - 2015-03-24 07:37 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2015-05-15 15:53 - 2015-03-24 07:37 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2015-05-15 11:33 - 2014-12-30 12:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-05-14 20:24 - 2015-03-23 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-05-13 17:11 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
    2015-05-13 16:12 - 2013-08-22 09:44 - 00337616 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-13 01:26 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-05-12 18:06 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-04 00:21 - 2015-03-20 18:53 - 00000000 ____D () C:\Users\javonmhawk
    2015-05-02 00:51 - 2015-03-26 12:30 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Adobe
    2015-04-28 17:06 - 2015-03-25 19:20 - 00004489 ____H () C:\Windows\SysWOW64\BTImages.dat

    ==================== Files in the root of some directories =======

    2014-12-30 11:55 - 2014-12-30 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-03-24 11:49 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0001.dat
    2015-03-24 11:29 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0006.dat

    Files to move or delete:
    ====================
    C:\ProgramData\DT0001.dat
    C:\ProgramData\DT0006.dat


    Some content of TEMP:
    ====================
    C:\Users\javonmhawk\AppData\Local\Temp\i4jdel0.exe
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_AndroidServer.exe
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_7_16066_216.exe
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_9_16349_225.exe
    C:\Users\javonmhawk\AppData\Local\Temp\TENCENTDOWNLOAD.EXE
    C:\Users\javonmhawk\AppData\Local\Temp\TXPltSafeInit.dll
    C:\Users\javonmhawk\AppData\Local\Temp\uninst.exe
    C:\Users\javonmhawk\AppData\Local\Temp\uninstall_complete.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-15 13:28

    ==================== End Of Log ============================
     
  2. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
    Ran by javonmhawk at 2015-05-20 15:34:47
    Running from C:\Users\javonmhawk\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1748747307-3260626592-723431498-500 - Administrator - Disabled)
    Guest (S-1-5-21-1748747307-3260626592-723431498-501 - Limited - Enabled)
    javonmhawk (S-1-5-21-1748747307-3260626592-723431498-1002 - Administrator - Enabled) => C:\Users\javonmhawk

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
    AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{76E8353E-9CE9-ED86-8631-7FBE17A17C31}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    China Localization Patcher (HKLM-x32\...\{D04987F6-486C-449A-9F8B-C6F411E57221}) (Version: 2.0.4.0 - LokiReborn)
    Cybertron Support (HKLM-x32\...\{37DC4BBF-7374-4990-A794-20932267D4AC}) (Version: 1.0.0 - CybertronPC)
    Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.7 - Electronic Arts)
    HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
    Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
    Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
    Spotify (HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
    Spotify (HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
    Tenable Nessus (x64) (HKLM\...\{3BAEB8B8-4F71-48B3-A378-80A56BBD0522}) (Version: 6.3.4.20022 - Tenable Network Security, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Warframe (HKLM-x32\...\{14C25CC2-D3E2-4298-B927-32B22760754B}) (Version: 1.0.0 - Digital Extremes)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.5.428 - Initex & AAA Internet Publishing)
    ZoneAlarm Antivirus (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Firewall (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.052.000 - Check Point)
    ZoneAlarm Security (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
    ZoneAlarm Security Toolbar (HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
    ZoneAlarm Security Toolbar (HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
    剑灵_腾讯 (HKLM-x32\...\剑灵_腾讯) (Version: - Tencent)
    电脑管家10.9 (HKLM-x32\...\QQPCMgr) (Version: 10.9.16349.225 - 腾讯科技(深圳)有限公司)
    腾讯游戏平台 (HKLM-x32\...\腾讯游戏平台Formal) (Version: - Tencent)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    28-04-2015 16:57:18 Scheduled Checkpoint
    08-05-2015 23:14:20 Scheduled Checkpoint
    12-05-2015 18:01:59 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


    ==================== Loaded Modules (Whitelisted) ==============

    2013-11-01 14:46 - 2013-11-01 14:46 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00481632 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\sqlite.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00100704 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\tinyxml.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00088416 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\zlib.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00063840 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00051552 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
    2015-05-15 15:56 - 2015-04-17 05:02 - 00018784 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\oDayProtect.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00203104 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQFileFlt.dll
    2014-01-27 18:43 - 2014-01-27 18:43 - 00065936 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\Community.CsharpSqlite.SQLiteClient.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00194912 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\xImage.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00342040 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\arkGraphic.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00092184 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\xGraphic32.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00158048 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\libpng.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00285024 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\libjpegturbo.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00137568 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\libexpatw.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00045920 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\jgImage.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00014176 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\jgIOStub.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00076128 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\MemDefrag.dll
    2015-05-15 15:53 - 2015-05-07 06:04 - 00571800 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QMLoader\QQPCDetector.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00268640 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\StartupMgr\SoftMon.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00235872 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QMWlanMacDll.dll
    2015-04-03 22:00 - 2015-05-18 19:11 - 41287224 _____ () C:\Users\javonmhawk\AppData\Roaming\Spotify\libcef.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00092184 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\xGraphic32.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00088416 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\zlib.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00137568 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\libexpatw.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00100704 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\tinyxml.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00342040 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\arkGraphic.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00045920 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\jgImage.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00014176 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\jgIOStub.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00158048 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\libpng.dll
    2015-05-15 15:53 - 2015-05-15 15:53 - 00285024 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\libjpegturbo.dll
    2015-04-03 22:00 - 2015-05-18 19:11 - 01488440 _____ () C:\Users\javonmhawk\AppData\Roaming\Spotify\libglesv2.dll
    2015-04-03 22:00 - 2015-05-18 19:11 - 00079928 _____ () C:\Users\javonmhawk\AppData\Roaming\Spotify\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\javonmhawk\AppData\Local\Microsoft\Windows\INetCache\IE\G08ZYFC4\miyamoto-musashi_png[1].png
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\javonmhawk\AppData\Local\Microsoft\Windows\INetCache\IE\G08ZYFC4\miyamoto-musashi_png[1].png
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\StartupApproved\Run: => "EADM"
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\StartupApproved\Run: => "WTFast Tray"
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EADM"
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "WTFast Tray"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{BECF7625-F656-4B82-9498-C1001F27ADB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7EB7E096-3067-4BB7-A7CD-76211BE61171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{705E7AF4-659A-41D0-A434-8DFBB53E0159}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\MiniQQDL.exe
    FirewallRules: [{FC935B1A-99AC-4D4F-A045-88658BCD8D52}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\MiniQQDL.exe
    FirewallRules: [{B1827F65-B962-4DC5-9351-C7415590FEC9}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
    FirewallRules: [{A814739B-5B38-49D6-B115-A9654D9A042B}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
    FirewallRules: [TCP Query User{C99EA740-5E02-4117-90CE-36988EB10877}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe
    FirewallRules: [UDP Query User{7BF2407B-4A02-41F3-8EDE-68DE0E5921E5}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe
    FirewallRules: [TCP Query User{072EBE69-40DE-4E01-ACA2-6F624236A216}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe
    FirewallRules: [UDP Query User{77A270B6-067E-452B-8F7C-69439F65E9E1}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe
    FirewallRules: [{E448C705-87A3-4FD1-A7B1-628957F4ADCD}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCmgrInstallGuide.exe
    FirewallRules: [{6617C360-3029-4FC8-A8BE-8E2EA99627DA}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCTray.exe
    FirewallRules: [{1954820D-162F-48B4-A4BD-EF16F0ADC46B}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCMgr.exe
    FirewallRules: [{F0D6F8F5-396F-42AF-ADAF-88AA70F71761}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCRTP.exe
    FirewallRules: [{9AC4A959-8184-4940-BEF3-92C74ABF3493}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\bugreport.exe
    FirewallRules: [{EC2F0A96-2E02-4D4D-B49E-511B4B8C5656}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCFileOpen.exe
    FirewallRules: [{7EB652F6-CB58-423B-95FF-EDA463F6AC7A}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLeakScan.exe
    FirewallRules: [{CE9363EE-7AE0-4E3F-B63C-1C4A3F54E203}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLoader.exe
    FirewallRules: [{A5F5BEAB-B686-46A5-9B30-6FF76D0B06E6}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPConfig.exe
    FirewallRules: [{D42998D0-069E-4F15-8993-9BE9854FD832}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSoftMgr.exe
    FirewallRules: [{BF4E055F-40E4-4C26-ABFE-7E8BBCA2AAE5}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\plugins\QMNetMon\QQPCNetFlow.exe
    FirewallRules: [{9758CAEB-ABE1-45E2-AD6E-B029C9929634}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QDeskSetup.exe
    FirewallRules: [{30DA8BFF-4164-4CFF-8DFA-267BC4032EBB}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCBTU.exe
    FirewallRules: [{34389B3E-EEDC-4355-921A-15153AE08137}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCClinic.exe
    FirewallRules: [{2D2CCEDF-EFF4-457F-8C72-3C5CFD069C4B}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLaunch.exe
    FirewallRules: [{A5FAC437-5E26-4857-8A64-B7634D682DA1}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMUpdate\QQPCMgrUpdate.exe
    FirewallRules: [{5BE57A46-649D-43F8-8578-0CCB03198762}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSoftGame.exe
    FirewallRules: [{ADAB8652-7A13-4993-B77B-82485098BEAF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSysOptimize.exe
    FirewallRules: [{1E12A57D-834D-4561-9CD0-7AD646AA4501}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCUpdateAVLib.exe
    FirewallRules: [{95A04BF1-98C4-43D2-ABA1-D3E8611EB4F8}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQRepair.exe
    FirewallRules: [{3BC76FFB-0207-45B6-8FD7-7D9AAA840AAF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\Uninst.exe
    FirewallRules: [{85F0AFF1-ED71-4638-B79F-04811D877EFF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCPatch.exe
    FirewallRules: [{520974BD-31C2-4A9F-A409-D66EED125B60}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\TpkUpdate.exe
    FirewallRules: [{DC564761-19CB-4796-B097-9923E6725D7A}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMDL.exe
    FirewallRules: [{F1727150-6D80-45D9-82F7-F7070277B546}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMDL.exe
    FirewallRules: [{26B4B996-A3E5-4DC1-B43B-FA7B0FDD2000}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMAccountProtection.exe
    FirewallRules: [TCP Query User{D11F2F95-1AEE-475A-ABFE-D098890E26D9}C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe
    FirewallRules: [UDP Query User{6C5E803B-1959-4D4A-95D1-6E44A5E44209}C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe
    FirewallRules: [{84B62119-C3A2-49CF-B3D6-07BC77865E15}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\tcls_core.exe
    FirewallRules: [{95C1776D-35CA-42CE-8BCE-3AC7103E78FE}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\tcls_core.exe
    FirewallRules: [{FC03684F-5D04-4299-9602-16637348D43C}] => (Allow) C:\Users\javonmhawk\TP\TGP\tgp_daemon.exe
    FirewallRules: [{56667FD1-BD42-4BFC-BF47-3307475A350E}] => (Allow) C:\Users\javonmhawk\TP\TGP\tgp_daemon.exe
    FirewallRules: [{F7BF7742-CE75-4BC9-82E6-77B324FDC047}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{C0E8FFFF-125D-40F7-9BBC-15B5FAAAC960}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{9286CF8D-6CFD-4BC5-90DB-B488A400E716}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe
    FirewallRules: [{92F52CAD-7B01-4C1B-B719-F5FB093C87F9}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe
    FirewallRules: [{FE889FF6-DE68-41B3-A8C5-30643C4BA493}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe
    FirewallRules: [{E19EA465-3463-41EC-ACE5-6E51C0C92E89}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe
    FirewallRules: [{145287FD-92B4-4041-BA4F-227734206441}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{D72FF3D1-CDC6-4F56-9CD2-C0C8FC466470}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{BF400CF0-CB3C-42E4-B4F2-71640F545275}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\TenioDL.exe
    FirewallRules: [{FD48D7F1-FF58-4BA3-B5BA-AF1A627BB4CA}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\TenioDL.exe
    FirewallRules: [{967129CA-ECE8-489A-BB39-372CE00F7529}] => (Allow) C:\Program Files\Tencent\TGP\tcls\tcls_core.exe
    FirewallRules: [{A3262ADB-2815-4642-9F78-062B802CC823}] => (Allow) C:\Program Files\Tencent\TGP\tcls\tcls_core.exe
    FirewallRules: [{10D2C3C2-6D4B-4822-881A-9BB0FED2FEF1}] => (Allow) C:\Program Files\Tencent\TGP\tgp_daemon.exe
    FirewallRules: [{A650826B-82DA-49CA-AE02-4A800094B61D}] => (Allow) C:\Program Files\Tencent\TGP\tgp_daemon.exe
    FirewallRules: [{03541D16-E599-4784-B0D4-5EED5BE23E2D}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\Tencent\TGPMiniDown.1367.2.1.4.7357\TenioDL\TenioDL.exe
    FirewallRules: [{3C2E7CD0-005F-499D-8624-522397C81B18}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\Tencent\TGPMiniDown.1367.2.1.4.7357\TenioDL\TenioDL.exe
    FirewallRules: [{6BC61635-82A1-4B98-B166-A01862F58E06}] => (Allow) C:\Program Files\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{54D73933-AD5A-471A-8D25-8C23C1E68C95}] => (Allow) C:\Program Files\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{377DC9D1-9FFB-4D01-A92D-4A53AEAAD389}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
    FirewallRules: [{53D25F20-261F-442C-8143-7E2A08C7F7F2}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
    FirewallRules: [{0613248B-27AA-446D-84AC-3B664F0888F0}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\CrossProxy.exe
    FirewallRules: [{3AF89A33-C9A2-4783-97B2-EFC24C8DADAA}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\CrossProxy.exe
    FirewallRules: [{FB7EDF8A-3185-4DF1-A49E-C5B86602AFBC}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
    FirewallRules: [{EE69F494-CD09-47A1-9EC5-A851023FDA69}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
    FirewallRules: [{2E06D05E-EE16-4917-9AFB-FBE1801BACBA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{B94D79ED-A850-4D7E-BF43-6EF52C611FD1}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{EA9BA323-65EB-4494-9FBA-9BC210EEE30C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{777D4481-E7F2-4C46-9163-4442EF147037}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{64180F4E-C1F5-463C-9D40-BD48B2ADF4D0}] => (Allow) C:\Users\javonmhawk\AppData\Roaming\Tencent\剑灵\7AA487D7EED5B7D8C829D33144690A0C\TenioDL\TenioDL.exe
    FirewallRules: [{968B83A2-B9B2-4758-AAAC-52DEF0BF0381}] => (Allow) C:\Users\javonmhawk\AppData\Roaming\Tencent\剑灵\7AA487D7EED5B7D8C829D33144690A0C\TenioDL\TenioDL.exe
    FirewallRules: [{09F59D33-7C74-48B3-AAAC-429FAA61AF02}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
    FirewallRules: [{A7624E23-59B3-4609-8363-6488972C9592}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{53AF5444-AEF3-4B16-90AE-60B3A63DCB1E}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
    FirewallRules: [{B3C15CEA-C1E2-4544-9E66-F60F206DA9B7}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{7DACC1DB-4C65-41D8-9E2E-39879FE0EF4A}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
    FirewallRules: [{1E19A3A3-EFA2-4A19-9044-25BD86215185}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
    FirewallRules: [{8805776B-A8BA-493F-B374-0D7CD3000857}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
    FirewallRules: [{C3C0247C-9611-4267-8B57-E082589CE42A}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{52E9A190-AFFD-4BCB-9666-3F0CC4FB6140}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
    FirewallRules: [{01E731B6-2120-4853-B3B8-7E64D3D5CF44}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{D32DC36C-AC1A-461A-BEFA-EA53DAB236CA}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
    FirewallRules: [{028411A4-E7FA-456A-8801-3EE3A46394E7}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
    FirewallRules: [{20E379E4-BAE1-4106-921C-C145FE828A5A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
    FirewallRules: [{BBED977F-D92A-4661-B45A-BFB92DAA6F2D}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/20/2015 03:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000025c008c
    Faulting process id: 0x978
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/18/2015 07:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Spotify.exe version 1.0.5.178 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: b70

    Start Time: 01d091a14188139b

    Termination Time: 219

    Application Path: C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe

    Report Id: d590e6bb-fdba-11e4-82a4-d8cb8a1844c4

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (05/16/2015 11:55:01 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4

    Error: (05/14/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000005
    Fault offset: 0x00000000000694f7
    Faulting process id: 0xe60
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/13/2015 04:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0000000002e6008c
    Faulting process id: 0x9d4
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/11/2015 09:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000027f00c5
    Faulting process id: 0xdb8
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/11/2015 06:07:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0000000003c5008c
    Faulting process id: 0xa64
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/04/2015 02:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000005
    Fault offset: 0x00000000000694f7
    Faulting process id: 0x5bc
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/01/2015 02:00:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000026c008c
    Faulting process id: 0xf98
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/01/2015 01:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Warframe.x64.exe, version: 2015.4.28.16, time stamp: 0x553ff455
    Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000005
    Fault offset: 0x0000000000031873
    Faulting process id: 0xf40
    Faulting application start time: 0xWarframe.x64.exe0
    Faulting application path: Warframe.x64.exe1
    Faulting module path: Warframe.x64.exe2
    Report Id: Warframe.x64.exe3
    Faulting package full name: Warframe.x64.exe4
    Faulting package-relative application ID: Warframe.x64.exe5


    System errors:
    =============
    Error: (05/19/2015 11:44:15 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (05/19/2015 11:44:14 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (05/19/2015 08:28:34 AM) (Source: DCOM) (EventID: 10010) (User: Zen)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (05/19/2015 08:28:04 AM) (Source: DCOM) (EventID: 10010) (User: Zen)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (05/18/2015 10:59:45 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (05/18/2015 10:59:45 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (05/18/2015 02:42:55 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (05/18/2015 02:42:25 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (05/17/2015 11:40:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Superfetch service terminated with the following error:
    %%1062

    Error: (05/17/2015 11:39:58 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


    Microsoft Office Sessions:
    =========================
    Error: (05/20/2015 03:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000025c008c97801d0933abca83ef9C:\Windows\Explorer.EXEunknown2f288ba7-ff2e-11e4-82a7-d8cb8a1844c4

    Error: (05/18/2015 07:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Spotify.exe1.0.5.178b7001d091a14188139b219C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exed590e6bb-fdba-11e4-82a4-d8cb8a1844c4

    Error: (05/16/2015 11:55:01 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4

    Error: (05/14/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcntdll.dll6.3.9600.17736550f4336c000000500000000000694f7e6001d08e8bea00c2c8C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll4a62d1e3-fa7f-11e4-82a0-d8cb8a1844c4

    Error: (05/13/2015 04:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c00000050000000002e6008c9d401d08dc30167e122C:\Windows\Explorer.EXEunknown5765a819-f9b6-11e4-829f-d8cb8a1844c4

    Error: (05/11/2015 09:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000027f00c5db801d08bf9d8b0e512C:\Windows\Explorer.EXEunknown2f894311-f7ed-11e4-829d-d8cb8a1844c4

    Error: (05/11/2015 06:07:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c00000050000000003c5008ca6401d08bdaa8045cd4C:\Windows\Explorer.EXEunknownfa44d9a2-f7cd-11e4-829c-d8cb8a1844c4

    Error: (05/04/2015 02:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcntdll.dll6.3.9600.17736550f4336c000000500000000000694f75bc01d086a1dda4f5f3C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll2e580e48-f295-11e4-8296-d8cb8a1844c4

    Error: (05/01/2015 02:00:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000026c008cf9801d08440fb1713f2C:\Windows\Explorer.EXEunknown4edd6d7c-f034-11e4-8293-d8cb8a1844c4

    Error: (05/01/2015 01:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Warframe.x64.exe2015.4.28.16553ff455ntdll.dll6.3.9600.17736550f4336c00000050000000000031873f4001d0842a19626926C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exeC:\Windows\SYSTEM32\ntdll.dll94924269-f033-11e4-8292-d8cb8a1844c4


    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-21 05:45:45.238
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:10.347
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:09.003
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:06.800
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:06.503
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:04.441
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:03.691
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:03.238
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:02.988
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:02.628
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 70%
    Total physical RAM: 3272.11 MB
    Available physical RAM: 971.18 MB
    Total Pagefile: 5576.11 MB
    Available Pagefile: 2390.34 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.42 GB) (Free:356.62 GB) NTFS
    Drive d: (DA Inquisition 1) (CDROM) (Total:7.91 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9A00759D)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    [​IMG] I'd assume this 电脑管家系统防护 is some AV program by Tencent?
    If so, you're also running ZoneAlarm antivirus.
    You must uninstall one of them.

    [​IMG] Are you familiar with this file?
    C:\vdc.exe
     
  4. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    I uninstalled the tencent program. And no I am not. Is it some sort of exploit?
     
  5. Broni

    Broni Malware Annihilator Posts: 52,889   +344

  6. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    An encoded exploit for my specific os using TRid to hide in my system logs to open a hidden ssl to some malicious site?

    Developer metadata

    Copyright
    Copyright © vdc 2014
    Publisher vdc
    Product vdc
    Original name vdc.exe
    Internal name vdc.exe
    File version 1.0.0.0
    Description vdc
    PE header basic information
    Target machine Intel 386 or later processors and compatible processors
    Compilation timestamp 2014-12-10 19:58:01
    Link date 8:58 PM 12/10/2014
    Entry Point 0x000058AE
    Number of sections 4
    .NET details
    Module Version ID 2501f48a-693f-4880-bfbf-37e347060d04
    TypeLib ID 1de3a5d1-aeeb-4214-a55c-89c341a606e7
    PE sections
    Name Virtual address Virtual size Raw size Entropy MD5
    .text 8192 14516 14848 5.57 28eb2a2f1180d5a0a9371547139927b6
    .sdata 24576 312 512 2.03 85459836be3fabbd8f28cf83463b6a07
    .rsrc 32768 12768 12800 3.59 58b519f384631426d17b7d9ecf858695
    .reloc 49152 12 512 0.08 2cbdb34009b7fafc12a8660d01ddb333
    PE imports
    [+] mscoree.dll
    Number of PE resources by type
    RT_ICON 7
    RT_MANIFEST 1
    RT_VERSION 1
    RT_GROUP_ICON 1
    Number of PE resources by language
    NEUTRAL 10
    ExifTool file metadata
    SubsystemVersion
    4.0
    InitializedDataSize
    13824
    ImageVersion
    0.0
    FileSubtype
    0
    FileVersionNumber
    1.0.0.0
    UninitializedDataSize
    0
    LanguageCode
    Neutral
    FileFlagsMask
    0x003f
    CharacterSet
    Unicode
    LinkerVersion
    11.0
    FileOS
    Win32
    EntryPoint
    0x58ae
    MIMEType
    application/octet-stream
    LegalCopyright
    Copyright vdc 2014
    FileVersion
    1.0.0.0
    TimeStamp
    2014:12:10 20:58:01+01:00
    FileType
    Win32 EXE
    PEType
    PE32
    InternalName
    vdc.exe
    ProductVersion
    1.0.0.0
    FileDescription
    vdc
    OSVersion
    4.0
    OriginalFilename
    vdc.exe
    Subsystem
    Windows GUI
    MachineType
    Intel 386 or later, and compatibles
    CompanyName
    vdc
    CodeSize
    14848
    ProductName
    vdc
    ProductVersionNumber
    1.0.0.0
    FileTypeExtension
    exe
    ObjectFileType
    Executable application
    AssemblyVersion
    1.0.0.0
    File identification
    MD5 f5776ff681973290fc788e1375ef2dce
    SHA1 79645cd38f7a53b74343474602b75c978b7a8e4e
    SHA256 854abfe614b8fae4d776ae6409844c135656b531c6a646fcac7a64330e163f34
    ssdeep
    384:voWjQHxRe6VdoMSra2d+MyxeFLk245UuonG/Nw/:AWjkXzVLKa2kfxeZTL
    authentihash 2b1851d0b00d410b375c3220a5e3c89fd3f585d89d75af2558ef3571b2557f75
    imphash f34d5f2d4577ed6d9ceec516c1f5a744
    File size 29.0 KB ( 29696 bytes )
    File type Win32 EXE
    Magic literal
    PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
    TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
    Win64 Executable (generic) (21.0%)
    Windows screen saver (9.9%)
    Win32 Dynamic Link Library (generic) (5.0%)
    Win32 Executable (generic) (3.4%)
    Tags
    peexe assembly
    VirusTotal metadata
    First submission 2014-12-14 23:36:35 UTC ( 5 months, 1 week ago )
    Last submission 2015-05-18 13:59:48 UTC ( 2 days, 11 hours ago )
    File names vt-upload-kRlYUE
    vdc.exe
    vdc.exe
    vdc.exe
    vti-rescan
    file-7877778_exe
     
  7. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    What was scan result by AV engines?
     
  8. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    Using malwarebytes and nothing comes back..
     
  9. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    At VirusTotal site.
     
  10. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    Ikarus: Trojan.MSIL.Crypt 20150518
    Symantec: WS.Reputation.1 20150518
    TrendMicro-HouseCall: Suspicious_GEN.F47V0321 20150518
    ViRobot: Trojan.Win32.A.BHO.29696[h] 20150518
     
  11. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  12. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    # AdwCleaner v4.205 - Logfile created 23/05/2015 at 19:13:00
    # Updated 21/05/2015 by Xplode
    # Database : 2015-05-21.2 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : javonmhawk - ZEN
    # Running from : C:\Users\javonmhawk\Downloads\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****

    Service Deleted : QMUdisk

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\KingSoft
    Folder Deleted : C:\ProgramData\tencent
    Folder Deleted : C:\Program Files (x86)\Check Point Software Technologies LTD
    Folder Deleted : C:\Program Files (x86)\tencent
    Folder Deleted : C:\Program Files (x86)\Common Files\tencent
    Folder Deleted : C:\Users\JAVONM~1\AppData\Local\Temp\mt_ffx
    Folder Deleted : C:\Users\JAVONM~1\AppData\Local\Temp\tencent
    Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
    Folder Deleted : C:\Program Files\tencent
    Folder Deleted : C:\Program Files\Common Files\tencent
    Folder Deleted : C:\Users\javonmhawk\AppData\Roaming\Check Point Software Technologies LTD
    Folder Deleted : C:\Users\javonmhawk\AppData\Roaming\tencent
    Folder Deleted : C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\Extensions\ffxtlbr@zonealarm.com
    File Deleted : C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\searchplugins\zonealarm.xml
    File Deleted : C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\user.js

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v38.0.1 (x86 en-US)

    [jxxtznra.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=c5c0f92c701e41e895fcb0ccbccb4c3a&tu=10GAz00J12D30q0&sku=&tstsId=&ver=&&q=");
    [jxxtznra.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=c5c0f92c701e41e895fcb0ccbccb4c3a&tu=10GAz00J12D30q0&sku=&tstsId=&ver=&&q=");

    *************************

    AdwCleaner[R0].txt - [4527 bytes] - [23/05/2015 19:07:37]
    AdwCleaner[S0].txt - [4557 bytes] - [23/05/2015 19:13:00]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4616 bytes] ##########
     
  13. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.7.8 (05.23.2015:2)
    OS: Windows 8.1 x64
    Ran by javonmhawk on 05/23/2015 Sat at 19:27:53.42
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-1002
    Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-500



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted the following from C:\Users\javonmhawk\AppData\Roaming\mozilla\firefox\profiles\jxxtznra.default\prefs.js

    user_pref(browser.startup.homepage, hxxps://duckduckgo.com/);





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 05/23/2015 Sat at 19:36:20.81
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  14. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Any reason why you're not running scans in prescribed order?
     
  15. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    Well uhhh.. Malwarebytes didnt come back with anything..
     
  16. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    My os is running a lot faster though..
     
  17. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    RogueKiller?
     
  18. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    My bad I thought I posted the log for rk here it is:
    RogueKiller V10.6.5.0 [May 20 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : javonmhawk [Administrator]
    Started from : C:\Users\javonmhawk\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 05/21/2015 17:01:31

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] SpotifyCrashService.exe(2444) -- C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyCrashService.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 9 ¤¤¤
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904} -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤
    [PUP][FIREFX:Addon] jxxtznra.default : zonealarm.com [ffxtlbr@zonealarm.com] -> Not selected
    [PUM.HomePage][FIREFX:Config] jxxtznra.default : user_pref("browser.startup.homepage", "https://duckduckgo.com/"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA DT01ACA050 SATA Disk Device +++++
    --- User ---
    [MBR] 56582a0f7aced9244b6571d47b404afd
    [BSP] 89b4af2082215f1f35a6c643d6901173 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 476588 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_05212015_170040.log
     
  19. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  20. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
    Ran by javonmhawk (administrator) on ZEN on 24-05-2015 21:34:33
    Running from C:\Users\javonmhawk\Downloads
    Loaded Profiles: javonmhawk (Available Profiles: javonmhawk)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessus-service.exe
    (Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessusd.exe
    (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    (Spotify Ltd) C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (www.motioninjoy.com) C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)
    HKLM\...\Run: [vdc] => c:\vdc.exe
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-01] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-13] (Electronic Arts)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [4726872 2015-03-18] (AAA Internet Publishing, Inc.)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [Spotify Web Helper] => C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-18] (Spotify Ltd)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [Spotify] => C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-18] (Spotify Ltd)
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\RunOnce: [Adobe Speed Launcher] => 1432487534
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\MountPoints2: {e3faffaa-9b89-11e4-8257-806e6f6e6963} - "D:\Autorun.exe"
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [131072 2013-08-22] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-26]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-30] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-30] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default
    FF SearchEngineOrder.1: Search By ZoneAlarm
    FF SelectedSearchEngine: Search By ZoneAlarm
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-02] ()
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-30] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-30] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-30] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-30] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Extension: Adblock Plus - C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-23]
    FF HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) []
    S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-03-22] (Microsoft Corporation)
    U2 iprip; C:\Windows\System32\iprip.dll [34816 2015-03-22] (Microsoft Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-23] (Electronic Arts)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    R2 Tenable Nessus; C:\Program Files\Tenable\Nessus\nessus-service.exe [17376 2015-03-27] (Tenable Network Security, Inc)
    R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
    R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-10] (Kaspersky Lab ZAO)
    S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-06-10] (Kaspersky Lab)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-10] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490080 2014-06-10] (Kaspersky Lab ZAO)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-24] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) []
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R1 QqGameMasterControl; C:\Windows\system32\drivers\QMTgpNetflow764.sys [47928 2013-12-13] (tencent)
    R1 QqGameMasterControl; C:\Windows\SysWOW64\drivers\QMTgpNetflow764.sys [47928 2013-12-13] (tencent)
    S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
    S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-04-12] (TENCENT)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-21] ()
    R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    S3 TS888x64; \??\C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TS888x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-24 21:34 - 2015-05-24 21:34 - 00000000 ____D () C:\Users\javonmhawk\Downloads\FRST-OlderVersion
    2015-05-24 12:16 - 2015-05-24 19:58 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-1002
    2015-05-23 19:36 - 2015-05-23 19:36 - 00001540 _____ () C:\Users\javonmhawk\Desktop\JRT.txt
    2015-05-23 19:28 - 2015-05-23 19:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ZEN-Windows-8.1-(64-bit).dat
    2015-05-23 19:27 - 2015-05-23 19:27 - 02720636 _____ (Thisisu) C:\Users\javonmhawk\Downloads\JRT.exe
    2015-05-23 19:27 - 2015-05-23 19:27 - 00000000 ____D () C:\RegBackup
    2015-05-23 19:07 - 2015-05-23 19:16 - 00000000 ____D () C:\AdwCleaner
    2015-05-23 19:04 - 2015-05-23 19:04 - 02223104 _____ () C:\Users\javonmhawk\Downloads\AdwCleaner.exe
    2015-05-21 17:03 - 2015-05-21 17:03 - 00003275 _____ () C:\Users\javonmhawk\Desktop\RKreport_DEL_05212015_170131.log
    2015-05-21 16:50 - 2015-05-21 19:47 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-05-21 16:50 - 2015-05-21 16:50 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-05-21 16:48 - 2015-05-21 16:49 - 16986200 _____ () C:\Users\javonmhawk\Downloads\RogueKiller.exe
    2015-05-20 15:34 - 2015-05-20 15:36 - 00041154 _____ () C:\Users\javonmhawk\Downloads\Addition.txt
    2015-05-20 15:31 - 2015-05-24 21:34 - 02108416 _____ (Farbar) C:\Users\javonmhawk\Downloads\FRST64.exe
    2015-05-20 15:31 - 2015-05-24 21:34 - 00013331 _____ () C:\Users\javonmhawk\Downloads\FRST.txt
    2015-05-20 15:31 - 2015-05-24 21:34 - 00000000 ____D () C:\FRST
    2015-05-18 17:07 - 2015-05-24 21:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-18 16:00 - 2015-05-18 16:00 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-05-18 16:00 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-05-18 16:00 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-05-18 16:00 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-05-18 14:46 - 2015-05-18 14:47 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\javonmhawk\Downloads\mbam-setup-2.1.6.1022.exe
    2015-05-15 16:55 - 2015-05-20 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2015-05-13 01:24 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-13 01:24 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-13 01:24 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-13 01:24 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-13 01:24 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-13 01:24 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-13 01:24 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-13 01:24 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-13 01:24 - 2015-04-21 11:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2015-05-13 01:24 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-13 01:24 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-13 01:24 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-13 01:24 - 2015-04-21 11:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-05-13 01:24 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-13 01:24 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-13 01:24 - 2015-04-21 10:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-05-13 01:24 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-13 01:24 - 2015-04-21 10:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-05-13 01:24 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-13 01:24 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-05-13 01:24 - 2015-04-21 10:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-05-13 01:24 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-13 01:24 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-13 01:24 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-13 01:24 - 2015-04-21 10:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-05-13 01:24 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-13 01:24 - 2015-04-21 10:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-05-13 01:24 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-13 01:24 - 2015-04-21 10:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-05-13 01:24 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-13 01:24 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-13 01:24 - 2015-04-21 10:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-05-13 01:24 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-13 01:24 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-13 01:24 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-13 01:24 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-05-13 01:24 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-13 01:24 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-13 01:24 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-05-13 01:22 - 2015-04-30 15:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 01:22 - 2015-04-30 15:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-12 18:05 - 2015-04-13 17:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-12 18:05 - 2015-04-09 20:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-12 18:05 - 2015-04-09 19:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-12 18:05 - 2015-04-09 19:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-12 18:05 - 2015-03-30 00:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-05-12 18:05 - 2015-03-26 22:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-12 18:05 - 2015-03-26 21:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-05-12 18:05 - 2015-03-26 21:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-05-12 18:05 - 2014-10-28 21:42 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-05-12 18:05 - 2014-10-28 20:19 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-05-12 18:05 - 2014-10-28 19:59 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-05-12 18:04 - 2015-04-30 18:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-12 18:04 - 2015-04-30 17:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-12 18:03 - 2015-04-08 17:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-08 17:10 - 2015-05-08 17:13 - 78683444 _____ () C:\Users\javonmhawk\Downloads\preservation__september_1200.zip
    2015-05-02 12:57 - 2015-05-02 12:57 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Macromedia
    2015-04-24 15:53 - 2015-04-24 15:54 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\yspkg5eua0il

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-24 21:31 - 2015-03-23 20:37 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Warframe
    2015-05-24 21:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-05-24 19:48 - 2014-12-30 11:49 - 01523264 _____ () C:\Windows\WindowsUpdate.log
    2015-05-24 14:14 - 2015-04-03 22:00 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Spotify
    2015-05-24 12:57 - 2015-04-03 21:58 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Spotify
    2015-05-24 11:36 - 2015-04-12 15:24 - 00001024 _____ () C:\.rnd
    2015-05-24 11:36 - 2013-08-22 09:46 - 00065413 _____ () C:\Windows\setupact.log
    2015-05-24 11:36 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-23 22:21 - 2015-03-20 19:06 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A46DFE9-4646-4D03-92DD-360A27E6859E}
    2015-05-23 19:16 - 2014-12-30 11:54 - 00001218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
    2015-05-22 03:33 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-05-21 14:58 - 2014-03-18 04:54 - 00065792 _____ () C:\Windows\PFRO.log
    2015-05-20 19:57 - 2015-03-24 07:37 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2015-05-20 15:23 - 2015-03-24 10:00 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    2015-05-18 19:09 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Branding
    2015-05-17 19:47 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-05-17 08:53 - 2015-03-24 03:00 - 00435308 _____ () C:\Windows\system32\prfh0804.dat
    2015-05-17 08:53 - 2015-03-24 03:00 - 00135332 _____ () C:\Windows\system32\prfc0804.dat
    2015-05-17 08:53 - 2014-03-18 05:03 - 01434808 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-15 15:53 - 2015-03-24 07:37 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2015-05-15 11:33 - 2014-12-30 12:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-05-14 20:24 - 2015-03-23 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-05-13 17:11 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
    2015-05-13 16:12 - 2013-08-22 09:44 - 00337616 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-13 01:26 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-05-12 18:06 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-04 00:21 - 2015-03-20 18:53 - 00000000 ____D () C:\Users\javonmhawk
    2015-05-02 00:51 - 2015-03-26 12:30 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Adobe
    2015-04-28 17:06 - 2015-03-25 19:20 - 00004489 ____H () C:\Windows\SysWOW64\BTImages.dat

    ==================== Files in the root of some directories =======

    2014-12-30 11:55 - 2014-12-30 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-03-24 11:49 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0001.dat
    2015-03-24 11:29 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0006.dat

    Files to move or delete:
    ====================
    C:\ProgramData\DT0001.dat
    C:\ProgramData\DT0006.dat


    Some files in TEMP:
    ====================
    C:\Users\javonmhawk\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\javonmhawk\AppData\Local\Temp\i4jdel0.exe
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_AndroidServer.exe
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_7_16066_216.exe
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_9_16349_225.exe
    C:\Users\javonmhawk\AppData\Local\Temp\Quarantine.exe
    C:\Users\javonmhawk\AppData\Local\Temp\sqlite3.dll
    C:\Users\javonmhawk\AppData\Local\Temp\TENCENTDOWNLOAD.EXE
    C:\Users\javonmhawk\AppData\Local\Temp\TXPltSafeInit.dll
    C:\Users\javonmhawk\AppData\Local\Temp\uninst.exe
    C:\Users\javonmhawk\AppData\Local\Temp\uninstall_complete.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-15 13:28

    ==================== End of log ============================
     
  21. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
    Ran by javonmhawk at 2015-05-24 21:36:35
    Running from C:\Users\javonmhawk\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1748747307-3260626592-723431498-500 - Administrator - Disabled)
    Guest (S-1-5-21-1748747307-3260626592-723431498-501 - Limited - Enabled)
    javonmhawk (S-1-5-21-1748747307-3260626592-723431498-1002 - Administrator - Enabled) => C:\Users\javonmhawk

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
    AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{76E8353E-9CE9-ED86-8631-7FBE17A17C31}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    China Localization Patcher (HKLM-x32\...\{D04987F6-486C-449A-9F8B-C6F411E57221}) (Version: 2.0.4.0 - LokiReborn)
    Cybertron Support (HKLM-x32\...\{37DC4BBF-7374-4990-A794-20932267D4AC}) (Version: 1.0.0 - CybertronPC)
    Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.7 - Electronic Arts)
    HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
    Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
    Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
    Spotify (HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
    Tenable Nessus (x64) (HKLM\...\{3BAEB8B8-4F71-48B3-A378-80A56BBD0522}) (Version: 6.3.4.20022 - Tenable Network Security, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Warframe (HKLM-x32\...\{14C25CC2-D3E2-4298-B927-32B22760754B}) (Version: 1.0.0 - Digital Extremes)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.5.428 - Initex & AAA Internet Publishing)
    ZoneAlarm Antivirus (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Firewall (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.052.000 - Check Point)
    ZoneAlarm Security (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
    ZoneAlarm Security Toolbar (HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
    剑灵_腾讯 (HKLM-x32\...\剑灵_腾讯) (Version: - Tencent)
    腾讯游戏平台 (HKLM-x32\...\腾讯游戏平台Formal) (Version: - Tencent)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    28-04-2015 16:57:18 Scheduled Checkpoint
    08-05-2015 23:14:20 Scheduled Checkpoint
    12-05-2015 18:01:59 Windows Update
    20-05-2015 17:56:26 Scheduled Checkpoint

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {FDBECD64-11C7-4595-B201-C862A3C92426} - \Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-500 No Task File <==== ATTENTION

    ==================== Loaded Modules (Whitelisted) ==============

    2013-11-01 14:46 - 2013-11-01 14:46 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\javonmhawk\AppData\Local\Microsoft\Windows\INetCache\IE\G08ZYFC4\miyamoto-musashi_png[1].png
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER Error getting ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\StartupApproved\Run: => "EADM"
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\StartupApproved\Run: => "WTFast Tray"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{BECF7625-F656-4B82-9498-C1001F27ADB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7EB7E096-3067-4BB7-A7CD-76211BE61171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{705E7AF4-659A-41D0-A434-8DFBB53E0159}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\MiniQQDL.exe
    FirewallRules: [{FC935B1A-99AC-4D4F-A045-88658BCD8D52}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\MiniQQDL.exe
    FirewallRules: [{B1827F65-B962-4DC5-9351-C7415590FEC9}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
    FirewallRules: [{A814739B-5B38-49D6-B115-A9654D9A042B}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
    FirewallRules: [TCP Query User{C99EA740-5E02-4117-90CE-36988EB10877}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe
    FirewallRules: [UDP Query User{7BF2407B-4A02-41F3-8EDE-68DE0E5921E5}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe
    FirewallRules: [TCP Query User{072EBE69-40DE-4E01-ACA2-6F624236A216}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe
    FirewallRules: [UDP Query User{77A270B6-067E-452B-8F7C-69439F65E9E1}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe
    FirewallRules: [{E448C705-87A3-4FD1-A7B1-628957F4ADCD}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCmgrInstallGuide.exe
    FirewallRules: [{6617C360-3029-4FC8-A8BE-8E2EA99627DA}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCTray.exe
    FirewallRules: [{1954820D-162F-48B4-A4BD-EF16F0ADC46B}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCMgr.exe
    FirewallRules: [{F0D6F8F5-396F-42AF-ADAF-88AA70F71761}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCRTP.exe
    FirewallRules: [{9AC4A959-8184-4940-BEF3-92C74ABF3493}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\bugreport.exe
    FirewallRules: [{EC2F0A96-2E02-4D4D-B49E-511B4B8C5656}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCFileOpen.exe
    FirewallRules: [{7EB652F6-CB58-423B-95FF-EDA463F6AC7A}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLeakScan.exe
    FirewallRules: [{CE9363EE-7AE0-4E3F-B63C-1C4A3F54E203}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLoader.exe
    FirewallRules: [{A5F5BEAB-B686-46A5-9B30-6FF76D0B06E6}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPConfig.exe
    FirewallRules: [{D42998D0-069E-4F15-8993-9BE9854FD832}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSoftMgr.exe
    FirewallRules: [{BF4E055F-40E4-4C26-ABFE-7E8BBCA2AAE5}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\plugins\QMNetMon\QQPCNetFlow.exe
    FirewallRules: [{9758CAEB-ABE1-45E2-AD6E-B029C9929634}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QDeskSetup.exe
    FirewallRules: [{30DA8BFF-4164-4CFF-8DFA-267BC4032EBB}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCBTU.exe
    FirewallRules: [{34389B3E-EEDC-4355-921A-15153AE08137}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCClinic.exe
    FirewallRules: [{2D2CCEDF-EFF4-457F-8C72-3C5CFD069C4B}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLaunch.exe
    FirewallRules: [{A5FAC437-5E26-4857-8A64-B7634D682DA1}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMUpdate\QQPCMgrUpdate.exe
    FirewallRules: [{5BE57A46-649D-43F8-8578-0CCB03198762}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSoftGame.exe
    FirewallRules: [{ADAB8652-7A13-4993-B77B-82485098BEAF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSysOptimize.exe
    FirewallRules: [{1E12A57D-834D-4561-9CD0-7AD646AA4501}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCUpdateAVLib.exe
    FirewallRules: [{95A04BF1-98C4-43D2-ABA1-D3E8611EB4F8}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQRepair.exe
    FirewallRules: [{3BC76FFB-0207-45B6-8FD7-7D9AAA840AAF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\Uninst.exe
    FirewallRules: [{85F0AFF1-ED71-4638-B79F-04811D877EFF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCPatch.exe
    FirewallRules: [{520974BD-31C2-4A9F-A409-D66EED125B60}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\TpkUpdate.exe
    FirewallRules: [{DC564761-19CB-4796-B097-9923E6725D7A}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMDL.exe
    FirewallRules: [{F1727150-6D80-45D9-82F7-F7070277B546}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMDL.exe
    FirewallRules: [{26B4B996-A3E5-4DC1-B43B-FA7B0FDD2000}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMAccountProtection.exe
    FirewallRules: [TCP Query User{D11F2F95-1AEE-475A-ABFE-D098890E26D9}C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe
    FirewallRules: [UDP Query User{6C5E803B-1959-4D4A-95D1-6E44A5E44209}C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe
    FirewallRules: [{84B62119-C3A2-49CF-B3D6-07BC77865E15}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\tcls_core.exe
    FirewallRules: [{95C1776D-35CA-42CE-8BCE-3AC7103E78FE}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\tcls_core.exe
    FirewallRules: [{FC03684F-5D04-4299-9602-16637348D43C}] => (Allow) C:\Users\javonmhawk\TP\TGP\tgp_daemon.exe
    FirewallRules: [{56667FD1-BD42-4BFC-BF47-3307475A350E}] => (Allow) C:\Users\javonmhawk\TP\TGP\tgp_daemon.exe
    FirewallRules: [{F7BF7742-CE75-4BC9-82E6-77B324FDC047}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{C0E8FFFF-125D-40F7-9BBC-15B5FAAAC960}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{9286CF8D-6CFD-4BC5-90DB-B488A400E716}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe
    FirewallRules: [{92F52CAD-7B01-4C1B-B719-F5FB093C87F9}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe
    FirewallRules: [{FE889FF6-DE68-41B3-A8C5-30643C4BA493}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe
    FirewallRules: [{E19EA465-3463-41EC-ACE5-6E51C0C92E89}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe
    FirewallRules: [{145287FD-92B4-4041-BA4F-227734206441}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{D72FF3D1-CDC6-4F56-9CD2-C0C8FC466470}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{BF400CF0-CB3C-42E4-B4F2-71640F545275}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\TenioDL.exe
    FirewallRules: [{FD48D7F1-FF58-4BA3-B5BA-AF1A627BB4CA}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\TenioDL.exe
    FirewallRules: [{967129CA-ECE8-489A-BB39-372CE00F7529}] => (Allow) C:\Program Files\Tencent\TGP\tcls\tcls_core.exe
    FirewallRules: [{A3262ADB-2815-4642-9F78-062B802CC823}] => (Allow) C:\Program Files\Tencent\TGP\tcls\tcls_core.exe
    FirewallRules: [{10D2C3C2-6D4B-4822-881A-9BB0FED2FEF1}] => (Allow) C:\Program Files\Tencent\TGP\tgp_daemon.exe
    FirewallRules: [{A650826B-82DA-49CA-AE02-4A800094B61D}] => (Allow) C:\Program Files\Tencent\TGP\tgp_daemon.exe
    FirewallRules: [{03541D16-E599-4784-B0D4-5EED5BE23E2D}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\Tencent\TGPMiniDown.1367.2.1.4.7357\TenioDL\TenioDL.exe
    FirewallRules: [{3C2E7CD0-005F-499D-8624-522397C81B18}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\Tencent\TGPMiniDown.1367.2.1.4.7357\TenioDL\TenioDL.exe
    FirewallRules: [{6BC61635-82A1-4B98-B166-A01862F58E06}] => (Allow) C:\Program Files\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{54D73933-AD5A-471A-8D25-8C23C1E68C95}] => (Allow) C:\Program Files\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
    FirewallRules: [{377DC9D1-9FFB-4D01-A92D-4A53AEAAD389}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
    FirewallRules: [{53D25F20-261F-442C-8143-7E2A08C7F7F2}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
    FirewallRules: [{0613248B-27AA-446D-84AC-3B664F0888F0}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\CrossProxy.exe
    FirewallRules: [{3AF89A33-C9A2-4783-97B2-EFC24C8DADAA}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\CrossProxy.exe
    FirewallRules: [{FB7EDF8A-3185-4DF1-A49E-C5B86602AFBC}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
    FirewallRules: [{EE69F494-CD09-47A1-9EC5-A851023FDA69}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
    FirewallRules: [{2E06D05E-EE16-4917-9AFB-FBE1801BACBA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{B94D79ED-A850-4D7E-BF43-6EF52C611FD1}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{EA9BA323-65EB-4494-9FBA-9BC210EEE30C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{777D4481-E7F2-4C46-9163-4442EF147037}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{64180F4E-C1F5-463C-9D40-BD48B2ADF4D0}] => (Allow) C:\Users\javonmhawk\AppData\Roaming\Tencent\剑灵\7AA487D7EED5B7D8C829D33144690A0C\TenioDL\TenioDL.exe
    FirewallRules: [{968B83A2-B9B2-4758-AAAC-52DEF0BF0381}] => (Allow) C:\Users\javonmhawk\AppData\Roaming\Tencent\剑灵\7AA487D7EED5B7D8C829D33144690A0C\TenioDL\TenioDL.exe
    FirewallRules: [{09F59D33-7C74-48B3-AAAC-429FAA61AF02}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
    FirewallRules: [{A7624E23-59B3-4609-8363-6488972C9592}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{53AF5444-AEF3-4B16-90AE-60B3A63DCB1E}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
    FirewallRules: [{B3C15CEA-C1E2-4544-9E66-F60F206DA9B7}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{7DACC1DB-4C65-41D8-9E2E-39879FE0EF4A}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
    FirewallRules: [{1E19A3A3-EFA2-4A19-9044-25BD86215185}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
    FirewallRules: [{8805776B-A8BA-493F-B374-0D7CD3000857}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
    FirewallRules: [{C3C0247C-9611-4267-8B57-E082589CE42A}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{52E9A190-AFFD-4BCB-9666-3F0CC4FB6140}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
    FirewallRules: [{01E731B6-2120-4853-B3B8-7E64D3D5CF44}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
    FirewallRules: [{D32DC36C-AC1A-461A-BEFA-EA53DAB236CA}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
    FirewallRules: [{028411A4-E7FA-456A-8801-3EE3A46394E7}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
    FirewallRules: [{20E379E4-BAE1-4106-921C-C145FE828A5A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
    FirewallRules: [{BBED977F-D92A-4661-B45A-BFB92DAA6F2D}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/20/2015 03:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000025c008c
    Faulting process id: 0x978
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/18/2015 07:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Spotify.exe version 1.0.5.178 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: b70

    Start Time: 01d091a14188139b

    Termination Time: 219

    Application Path: C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe

    Report Id: d590e6bb-fdba-11e4-82a4-d8cb8a1844c4

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (05/16/2015 11:55:01 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4

    Error: (05/14/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000005
    Fault offset: 0x00000000000694f7
    Faulting process id: 0xe60
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/13/2015 04:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0000000002e6008c
    Faulting process id: 0x9d4
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/11/2015 09:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000027f00c5
    Faulting process id: 0xdb8
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/11/2015 06:07:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0000000003c5008c
    Faulting process id: 0xa64
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/04/2015 02:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000005
    Fault offset: 0x00000000000694f7
    Faulting process id: 0x5bc
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/01/2015 02:00:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000026c008c
    Faulting process id: 0xf98
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/01/2015 01:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Warframe.x64.exe, version: 2015.4.28.16, time stamp: 0x553ff455
    Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000005
    Fault offset: 0x0000000000031873
    Faulting process id: 0xf40
    Faulting application start time: 0xWarframe.x64.exe0
    Faulting application path: Warframe.x64.exe1
    Faulting module path: Warframe.x64.exe2
    Report Id: Warframe.x64.exe3
    Faulting package full name: Warframe.x64.exe4
    Faulting package-relative application ID: Warframe.x64.exe5


    System errors:
    =============
    Error: (05/24/2015 11:37:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The RIP Listener service hung on starting.

    Error: (05/24/2015 11:36:06 AM) (Source: IPRIP) (EventID: 29048) (User: )
    Description: RIP listener service failed during initialization

    Error: (05/24/2015 03:07:01 AM) (Source: DCOM) (EventID: 10010) (User: Zen)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (05/24/2015 03:06:30 AM) (Source: DCOM) (EventID: 10010) (User: Zen)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (05/23/2015 07:29:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Tenable Nessus service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/23/2015 07:28:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/23/2015 07:28:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/23/2015 07:28:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/23/2015 07:28:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/23/2015 07:28:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.


    Microsoft Office:
    =========================
    Error: (05/20/2015 03:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000025c008c97801d0933abca83ef9C:\Windows\Explorer.EXEunknown2f288ba7-ff2e-11e4-82a7-d8cb8a1844c4

    Error: (05/18/2015 07:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Spotify.exe1.0.5.178b7001d091a14188139b219C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exed590e6bb-fdba-11e4-82a4-d8cb8a1844c4

    Error: (05/16/2015 11:55:01 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4

    Error: (05/14/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcntdll.dll6.3.9600.17736550f4336c000000500000000000694f7e6001d08e8bea00c2c8C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll4a62d1e3-fa7f-11e4-82a0-d8cb8a1844c4

    Error: (05/13/2015 04:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c00000050000000002e6008c9d401d08dc30167e122C:\Windows\Explorer.EXEunknown5765a819-f9b6-11e4-829f-d8cb8a1844c4

    Error: (05/11/2015 09:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000027f00c5db801d08bf9d8b0e512C:\Windows\Explorer.EXEunknown2f894311-f7ed-11e4-829d-d8cb8a1844c4

    Error: (05/11/2015 06:07:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c00000050000000003c5008ca6401d08bdaa8045cd4C:\Windows\Explorer.EXEunknownfa44d9a2-f7cd-11e4-829c-d8cb8a1844c4

    Error: (05/04/2015 02:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcntdll.dll6.3.9600.17736550f4336c000000500000000000694f75bc01d086a1dda4f5f3C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll2e580e48-f295-11e4-8296-d8cb8a1844c4

    Error: (05/01/2015 02:00:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000026c008cf9801d08440fb1713f2C:\Windows\Explorer.EXEunknown4edd6d7c-f034-11e4-8293-d8cb8a1844c4

    Error: (05/01/2015 01:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Warframe.x64.exe2015.4.28.16553ff455ntdll.dll6.3.9600.17736550f4336c00000050000000000031873f4001d0842a19626926C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exeC:\Windows\SYSTEM32\ntdll.dll94924269-f033-11e4-8292-d8cb8a1844c4


    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-21 05:45:45.238
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:10.347
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:09.003
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:06.800
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:06.503
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:04.441
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:03.691
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:03.238
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:02.988
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-21 05:45:02.628
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 45%
    Total physical RAM: 3272.11 MB
    Available physical RAM: 1796.36 MB
    Total Pagefile: 5576.11 MB
    Available Pagefile: 3221.82 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.42 GB) (Free:356.33 GB) NTFS
    Drive d: (DA Inquisition 1) (CDROM) (Total:7.91 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9A00759D)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

    ==================== End of log ============================
     
  22. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    [​IMG] Uninstall McAfee Security Scan, typical foistware.

    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  23. ZenWaves

    ZenWaves TS Rookie Topic Starter Posts: 18

    Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
    Ran by javonmhawk at 2015-05-24 22:54:05 Run:1
    Running from C:\Users\javonmhawk\Desktop
    Loaded Profiles: javonmhawk (Available Profiles: javonmhawk)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    HKLM\...\Run: [vdc] => c:\vdc.exe
    c:\vdc.exe
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\RunOnce: [Adobe Speed Launcher] => 1432487534
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\MountPoints2: {e3faffaa-9b89-11e4-8257-806e6f6e6963} - "D:\Autorun.exe"
    FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
    S3 TS888x64; \??\C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TS888x64.sys [X]
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    2015-05-15 16:55 - 2015-05-20 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2015-05-20 19:57 - 2015-03-24 07:37 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2015-05-15 15:53 - 2015-03-24 07:37 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2014-12-30 11:55 - 2014-12-30 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-03-24 11:49 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0001.dat
    2015-03-24 11:29 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0006.dat
    C:\ProgramData\DT0001.dat
    C:\ProgramData\DT0006.dat
    C:\Users\javonmhawk\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\javonmhawk\AppData\Local\Temp\i4jdel0.exe
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_AndroidServer.exe
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_7_16066_216.exe
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_9_16349_225.exe
    C:\Users\javonmhawk\AppData\Local\Temp\Quarantine.exe
    C:\Users\javonmhawk\AppData\Local\Temp\sqlite3.dll
    C:\Users\javonmhawk\AppData\Local\Temp\TENCENTDOWNLOAD.EXE
    C:\Users\javonmhawk\AppData\Local\Temp\TXPltSafeInit.dll
    C:\Users\javonmhawk\AppData\Local\Temp\uninst.exe
    C:\Users\javonmhawk\AppData\Local\Temp\uninstall_complete.exe
    Task: {FDBECD64-11C7-4595-B201-C862A3C92426} - \Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-500 No Task File <==== ATTENTION



    *****************

    Restore point was successfully created.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vdc => value Removed successfully
    "c:\vdc.exe" => File/Folder not found.
    HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value Removed successfully
    "HKU\S-1-5-21-1748747307-3260626592-723431498-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3faffaa-9b89-11e4-8257-806e6f6e6963}" => key Removed successfully
    HKCR\CLSID\{e3faffaa-9b89-11e4-8257-806e6f6e6963} => key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant" => key Removed successfully
    TS888x64 => Service Removed successfully
    MSICDSetup => Service Removed successfully
    NTIOLib_1_0_C => Service Removed successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 => Moved successfully.
    C:\Users\javonmhawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 => Moved successfully.
    C:\Windows\system32\Drivers\TFsFltX64.sys => Moved successfully.
    C:\ProgramData\DP45977C.lfl => Moved successfully.
    C:\ProgramData\DT0001.dat => Moved successfully.
    C:\ProgramData\DT0006.dat => Moved successfully.
    "C:\ProgramData\DT0001.dat" => File/Folder not found.
    "C:\ProgramData\DT0006.dat" => File/Folder not found.
    C:\Users\javonmhawk\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\javonmhawk\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_AndroidServer.exe => Moved successfully.
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_7_16066_216.exe => Moved successfully.
    C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_9_16349_225.exe => Moved successfully.
    C:\Users\javonmhawk\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\javonmhawk\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    C:\Users\javonmhawk\AppData\Local\Temp\TENCENTDOWNLOAD.EXE => Moved successfully.
    C:\Users\javonmhawk\AppData\Local\Temp\TXPltSafeInit.dll => Moved successfully.
    C:\Users\javonmhawk\AppData\Local\Temp\uninst.exe => Moved successfully.
    C:\Users\javonmhawk\AppData\Local\Temp\uninstall_complete.exe => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDBECD64-11C7-4595-B201-C862A3C92426}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDBECD64-11C7-4595-B201-C862A3C92426}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-500" => key Removed successfully

    ==== End of Fixlog 22:54:57 ====
     
  24. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  25. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Still with me?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...