Solved Malwarebytes Blocking Malicious Sites

ZenWaves · May 20, 2015

As the title says. I feel like im being watched.. please help lol

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by javonmhawk (administrator) on ZEN on 20-05-2015 15:31:47
Running from C:\Users\javonmhawk\Downloads
Loaded Profiles: javonmhawk & (Available profiles: javonmhawk)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQPCRTP.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessus-service.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessusd.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQPCTray.exe
(vdc) C:\vdc.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Spotify Ltd) C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Spotify Ltd) C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\QQPCNetFlow.exe
(Spotify Ltd) C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe
Failed to access process -> explorer.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQPCRealTimeSpeedup.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)
HKLM\...\Run: [vdc] => c:\vdc.exe [29696 2015-05-16] (vdc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQPCTray.exe [355296 2015-05-15] (Tencent)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-13] (Electronic Arts)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [4726872 2015-03-18] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [Spotify Web Helper] => C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-18] (Spotify Ltd)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [Spotify] => C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-18] (Spotify Ltd)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\MountPoints2: {e3faffaa-9b89-11e4-8257-806e6f6e6963} - "D:\Autorun.exe"
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [131072 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-13] (Electronic Arts)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [4726872 2015-03-18] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-18] (Spotify Ltd)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-18] (Spotify Ltd)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e3faffaa-9b89-11e4-8257-806e6f6e6963} - "D:\Autorun.exe"
HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [131072 2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QMGCShellExt64.dll [2015-05-15] (Tencent)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-30] (Oracle Corporation)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TSWebMon64.dat [2015-05-15] (Tencent)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: 应用宝一键安装插件 -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-03-24] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-03-24] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-03-24] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-03-24] (Initex)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152 2015-03-24] (Tencent)
Winsock: Catalog9 16 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152 2015-03-24] (Tencent)
Winsock: Catalog9 17 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152 2015-03-24] (Tencent)
Winsock: Catalog9 18 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1348152 2015-03-24] (Tencent)
Winsock: Catalog9 19 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-03-24] (Initex)
Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2015-03-24] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2015-03-24] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2015-03-24] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2015-03-24] (Initex)
Winsock: Catalog9-x64 15 C:\Windows\system32\WTFastDrv.dll [79464 2015-03-24] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Homepage: https://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-02] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\npQMExtensionsMozilla.dll [2015-05-15] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTLogin.dll [2013-12-30] (Tencent)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\user.js [2015-03-25]
FF SearchPlugin: C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\searchplugins\zonealarm.xml [2015-03-25]
FF Extension: zonealarm.com - C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\Extensions\ffxtlbr@zonealarm.com [2015-03-25]
FF Extension: Adblock Plus - C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-23]
FF HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-03-22] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [34816 2015-03-22] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-23] (Electronic Arts)
R2 QQPCRTP; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQPCRTP.exe [297608 2015-05-15] (Tencent)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 TAOFrame; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TAOFrame.exe [293728 2015-05-15] (Tencent)
R2 Tenable Nessus; C:\Program Files\Tenable\Nessus\nessus-service.exe [17376 2015-03-27] (Tenable Network Security, Inc)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-10] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-06-10] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490080 2014-06-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 QMUdisk; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QMUdisk64.sys [62264 2015-04-17] (Tencent)
R1 QqGameMasterControl; C:\Windows\system32\drivers\QMTgpNetflow764.sys [47928 2013-12-13] (tencent)
R1 QqGameMasterControl; C:\Windows\SysWOW64\drivers\QMTgpNetflow764.sys [47928 2013-12-13] (tencent)
R2 QQSysMonX64; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQSysMonX64.sys [129336 2015-05-15] (电脑管家)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99640 2015-05-15] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-05-15] (Tencent Technology(Shenzhen) Company Limited)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-04-12] (TENCENT)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-05-15] (电脑管家)
R3 TS888x64; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TS888x64.sys [28984 2015-05-20] (Tencent)
R1 TSCPM; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\tscpm64.sys [42296 2015-05-15] (电脑管家)
S1 TSDefenseBt; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TSDefenseBT64.sys [28472 2015-05-15] (Tencent)
R1 TSSysKit; C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TSSysKit64.sys [87352 2015-05-15] (电脑管家)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 15:31 - 2015-05-20 15:31 - 02107904 _____ (Farbar) C:\Users\javonmhawk\Downloads\FRST64.exe
2015-05-20 15:31 - 2015-05-20 15:31 - 00019232 _____ () C:\Users\javonmhawk\Downloads\FRST.txt
2015-05-20 15:31 - 2015-05-20 15:31 - 00000000 ____D () C:\FRST
2015-05-20 15:30 - 2015-05-20 15:30 - 01146880 _____ (Farbar) C:\Users\javonmhawk\Downloads\FRST.exe
2015-05-18 17:07 - 2015-05-20 15:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 16:00 - 2015-05-18 16:00 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-18 16:00 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 16:00 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 16:00 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 14:46 - 2015-05-18 14:47 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\javonmhawk\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-16 11:54 - 2015-05-16 11:54 - 00029696 _____ (vdc) C:\vdc.exe
2015-05-15 16:55 - 2015-05-15 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-05-15 15:54 - 2015-05-15 15:53 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-05-15 15:54 - 2015-05-15 15:53 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-05-13 01:24 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 01:24 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 01:24 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 01:24 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 01:24 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 01:24 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 01:24 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 01:24 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 01:24 - 2015-04-21 11:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 01:24 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 01:24 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 01:24 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 01:24 - 2015-04-21 11:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 01:24 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 01:24 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 01:24 - 2015-04-21 10:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 01:24 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 01:24 - 2015-04-21 10:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 01:24 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 01:24 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 01:24 - 2015-04-21 10:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 01:24 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 01:24 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 01:24 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 01:24 - 2015-04-21 10:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 01:24 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 01:24 - 2015-04-21 10:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 01:24 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 01:24 - 2015-04-21 10:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 01:24 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 01:24 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 01:24 - 2015-04-21 10:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 01:24 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 01:24 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 01:24 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 01:24 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 01:24 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 01:24 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 01:24 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 01:22 - 2015-04-30 15:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:22 - 2015-04-30 15:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:05 - 2015-04-13 17:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 18:05 - 2015-04-09 20:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 18:05 - 2015-04-09 19:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 18:05 - 2015-04-09 19:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 18:05 - 2015-03-30 00:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 18:05 - 2015-03-26 22:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 18:05 - 2015-03-26 21:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 18:05 - 2015-03-26 21:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 18:05 - 2014-10-28 21:42 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 18:05 - 2014-10-28 20:19 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 18:05 - 2014-10-28 19:59 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 18:04 - 2015-04-30 18:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 18:04 - 2015-04-30 17:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 18:03 - 2015-04-08 17:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-08 17:10 - 2015-05-08 17:13 - 78683444 _____ () C:\Users\javonmhawk\Downloads\preservation__september_1200.zip
2015-05-02 12:57 - 2015-05-02 12:57 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Macromedia
2015-04-24 15:53 - 2015-04-24 15:54 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\yspkg5eua0il

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 15:31 - 2014-12-30 11:49 - 01236270 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 15:28 - 2015-04-03 21:58 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Spotify
2015-05-20 15:24 - 2015-04-03 22:00 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Spotify
2015-05-20 15:23 - 2015-03-24 10:00 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-05-20 15:19 - 2015-04-12 15:24 - 00001024 _____ () C:\.rnd
2015-05-20 15:19 - 2014-03-18 04:54 - 00065416 _____ () C:\Windows\PFRO.log
2015-05-20 15:19 - 2013-08-22 09:46 - 00064717 _____ () C:\Windows\setupact.log
2015-05-20 15:19 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 23:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-19 22:17 - 2015-03-23 20:37 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Warframe
2015-05-19 20:05 - 2015-03-20 19:06 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A46DFE9-4646-4D03-92DD-360A27E6859E}
2015-05-18 19:09 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Branding
2015-05-18 17:48 - 2015-03-20 18:59 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-1002
2015-05-17 19:47 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-17 08:53 - 2015-03-24 03:00 - 00435308 _____ () C:\Windows\system32\prfh0804.dat
2015-05-17 08:53 - 2015-03-24 03:00 - 00135332 _____ () C:\Windows\system32\prfc0804.dat
2015-05-17 08:53 - 2014-03-18 05:03 - 01434808 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-16 04:48 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-15 16:15 - 2015-03-23 20:00 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Tencent
2015-05-15 15:54 - 2015-03-24 07:37 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-05-15 15:53 - 2015-03-24 07:37 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-05-15 11:33 - 2014-12-30 12:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-14 20:24 - 2015-03-23 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 17:11 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-05-13 16:12 - 2013-08-22 09:44 - 00337616 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 01:26 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-12 18:06 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-04 00:21 - 2015-03-20 18:53 - 00000000 ____D () C:\Users\javonmhawk
2015-05-02 00:51 - 2015-03-26 12:30 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Adobe
2015-04-28 17:06 - 2015-03-25 19:20 - 00004489 ____H () C:\Windows\SysWOW64\BTImages.dat

==================== Files in the root of some directories =======

2014-12-30 11:55 - 2014-12-30 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-24 11:49 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0001.dat
2015-03-24 11:29 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0006.dat

Files to move or delete:
====================
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat

Some content of TEMP:
====================
C:\Users\javonmhawk\AppData\Local\Temp\i4jdel0.exe
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_AndroidServer.exe
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_7_16066_216.exe
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_9_16349_225.exe
C:\Users\javonmhawk\AppData\Local\Temp\TENCENTDOWNLOAD.EXE
C:\Users\javonmhawk\AppData\Local\Temp\TXPltSafeInit.dll
C:\Users\javonmhawk\AppData\Local\Temp\uninst.exe
C:\Users\javonmhawk\AppData\Local\Temp\uninstall_complete.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-15 13:28

==================== End Of Log ============================

ZenWaves · May 20, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by javonmhawk at 2015-05-20 15:34:47
Running from C:\Users\javonmhawk\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1748747307-3260626592-723431498-500 - Administrator - Disabled)
Guest (S-1-5-21-1748747307-3260626592-723431498-501 - Limited - Enabled)
javonmhawk (S-1-5-21-1748747307-3260626592-723431498-1002 - Administrator - Enabled) => C:\Users\javonmhawk

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{76E8353E-9CE9-ED86-8631-7FBE17A17C31}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
China Localization Patcher (HKLM-x32\...\{D04987F6-486C-449A-9F8B-C6F411E57221}) (Version: 2.0.4.0 - LokiReborn)
Cybertron Support (HKLM-x32\...\{37DC4BBF-7374-4990-A794-20932267D4AC}) (Version: 1.0.0 - CybertronPC)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.7 - Electronic Arts)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Spotify (HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Tenable Nessus (x64) (HKLM\...\{3BAEB8B8-4F71-48B3-A378-80A56BBD0522}) (Version: 6.3.4.20022 - Tenable Network Security, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warframe (HKLM-x32\...\{14C25CC2-D3E2-4298-B927-32B22760754B}) (Version: 1.0.0 - Digital Extremes)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.5.428 - Initex & AAA Internet Publishing)
ZoneAlarm Antivirus (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar (HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar (HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
剑灵_腾讯 (HKLM-x32\...\剑灵_腾讯) (Version: - Tencent)
电脑管家10.9 (HKLM-x32\...\QQPCMgr) (Version: 10.9.16349.225 - 腾讯科技(深圳)有限公司)
腾讯游戏平台 (HKLM-x32\...\腾讯游戏平台Formal) (Version: - Tencent)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

28-04-2015 16:57:18 Scheduled Checkpoint
08-05-2015 23:14:20 Scheduled Checkpoint
12-05-2015 18:01:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

==================== Loaded Modules (Whitelisted) ==============

2013-11-01 14:46 - 2013-11-01 14:46 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00481632 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\sqlite.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00100704 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\tinyxml.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00088416 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\zlib.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00063840 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00051552 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2015-05-15 15:56 - 2015-04-17 05:02 - 00018784 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\oDayProtect.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00203104 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QQFileFlt.dll
2014-01-27 18:43 - 2014-01-27 18:43 - 00065936 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\Community.CsharpSqlite.SQLiteClient.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00194912 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\xImage.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00342040 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\arkGraphic.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00092184 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\xGraphic32.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00158048 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\libpng.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00285024 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\libjpegturbo.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00137568 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\libexpatw.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00045920 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\jgImage.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00014176 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\jgIOStub.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00076128 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\MemDefrag.dll
2015-05-15 15:53 - 2015-05-07 06:04 - 00571800 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QMLoader\QQPCDetector.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00268640 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\StartupMgr\SoftMon.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00235872 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\QMWlanMacDll.dll
2015-04-03 22:00 - 2015-05-18 19:11 - 41287224 _____ () C:\Users\javonmhawk\AppData\Roaming\Spotify\libcef.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00092184 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\xGraphic32.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00088416 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\zlib.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00137568 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\libexpatw.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00100704 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\tinyxml.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00342040 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\arkGraphic.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00045920 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\jgImage.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00014176 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\jgIOStub.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00158048 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\libpng.dll
2015-05-15 15:53 - 2015-05-15 15:53 - 00285024 _____ () C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\plugins\QMNetMon\libjpegturbo.dll
2015-04-03 22:00 - 2015-05-18 19:11 - 01488440 _____ () C:\Users\javonmhawk\AppData\Roaming\Spotify\libglesv2.dll
2015-04-03 22:00 - 2015-05-18 19:11 - 00079928 _____ () C:\Users\javonmhawk\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\javonmhawk\AppData\Local\Microsoft\Windows\INetCache\IE\G08ZYFC4\miyamoto-musashi_png[1].png
HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\javonmhawk\AppData\Local\Microsoft\Windows\INetCache\IE\G08ZYFC4\miyamoto-musashi_png[1].png
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\StartupApproved\Run: => "WTFast Tray"
HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1748747307-3260626592-723431498-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "WTFast Tray"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BECF7625-F656-4B82-9498-C1001F27ADB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7EB7E096-3067-4BB7-A7CD-76211BE61171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{705E7AF4-659A-41D0-A434-8DFBB53E0159}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\MiniQQDL.exe
FirewallRules: [{FC935B1A-99AC-4D4F-A045-88658BCD8D52}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\MiniQQDL.exe
FirewallRules: [{B1827F65-B962-4DC5-9351-C7415590FEC9}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{A814739B-5B38-49D6-B115-A9654D9A042B}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [TCP Query User{C99EA740-5E02-4117-90CE-36988EB10877}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe
FirewallRules: [UDP Query User{7BF2407B-4A02-41F3-8EDE-68DE0E5921E5}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe
FirewallRules: [TCP Query User{072EBE69-40DE-4E01-ACA2-6F624236A216}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe
FirewallRules: [UDP Query User{77A270B6-067E-452B-8F7C-69439F65E9E1}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe
FirewallRules: [{E448C705-87A3-4FD1-A7B1-628957F4ADCD}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCmgrInstallGuide.exe
FirewallRules: [{6617C360-3029-4FC8-A8BE-8E2EA99627DA}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCTray.exe
FirewallRules: [{1954820D-162F-48B4-A4BD-EF16F0ADC46B}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCMgr.exe
FirewallRules: [{F0D6F8F5-396F-42AF-ADAF-88AA70F71761}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCRTP.exe
FirewallRules: [{9AC4A959-8184-4940-BEF3-92C74ABF3493}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\bugreport.exe
FirewallRules: [{EC2F0A96-2E02-4D4D-B49E-511B4B8C5656}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCFileOpen.exe
FirewallRules: [{7EB652F6-CB58-423B-95FF-EDA463F6AC7A}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLeakScan.exe
FirewallRules: [{CE9363EE-7AE0-4E3F-B63C-1C4A3F54E203}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLoader.exe
FirewallRules: [{A5F5BEAB-B686-46A5-9B30-6FF76D0B06E6}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPConfig.exe
FirewallRules: [{D42998D0-069E-4F15-8993-9BE9854FD832}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSoftMgr.exe
FirewallRules: [{BF4E055F-40E4-4C26-ABFE-7E8BBCA2AAE5}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{9758CAEB-ABE1-45E2-AD6E-B029C9929634}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QDeskSetup.exe
FirewallRules: [{30DA8BFF-4164-4CFF-8DFA-267BC4032EBB}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCBTU.exe
FirewallRules: [{34389B3E-EEDC-4355-921A-15153AE08137}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCClinic.exe
FirewallRules: [{2D2CCEDF-EFF4-457F-8C72-3C5CFD069C4B}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLaunch.exe
FirewallRules: [{A5FAC437-5E26-4857-8A64-B7634D682DA1}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{5BE57A46-649D-43F8-8578-0CCB03198762}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSoftGame.exe
FirewallRules: [{ADAB8652-7A13-4993-B77B-82485098BEAF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSysOptimize.exe
FirewallRules: [{1E12A57D-834D-4561-9CD0-7AD646AA4501}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCUpdateAVLib.exe
FirewallRules: [{95A04BF1-98C4-43D2-ABA1-D3E8611EB4F8}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQRepair.exe
FirewallRules: [{3BC76FFB-0207-45B6-8FD7-7D9AAA840AAF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\Uninst.exe
FirewallRules: [{85F0AFF1-ED71-4638-B79F-04811D877EFF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCPatch.exe
FirewallRules: [{520974BD-31C2-4A9F-A409-D66EED125B60}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\TpkUpdate.exe
FirewallRules: [{DC564761-19CB-4796-B097-9923E6725D7A}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMDL.exe
FirewallRules: [{F1727150-6D80-45D9-82F7-F7070277B546}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMDL.exe
FirewallRules: [{26B4B996-A3E5-4DC1-B43B-FA7B0FDD2000}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMAccountProtection.exe
FirewallRules: [TCP Query User{D11F2F95-1AEE-475A-ABFE-D098890E26D9}C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe
FirewallRules: [UDP Query User{6C5E803B-1959-4D4A-95D1-6E44A5E44209}C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe
FirewallRules: [{84B62119-C3A2-49CF-B3D6-07BC77865E15}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\tcls_core.exe
FirewallRules: [{95C1776D-35CA-42CE-8BCE-3AC7103E78FE}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\tcls_core.exe
FirewallRules: [{FC03684F-5D04-4299-9602-16637348D43C}] => (Allow) C:\Users\javonmhawk\TP\TGP\tgp_daemon.exe
FirewallRules: [{56667FD1-BD42-4BFC-BF47-3307475A350E}] => (Allow) C:\Users\javonmhawk\TP\TGP\tgp_daemon.exe
FirewallRules: [{F7BF7742-CE75-4BC9-82E6-77B324FDC047}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{C0E8FFFF-125D-40F7-9BBC-15B5FAAAC960}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{9286CF8D-6CFD-4BC5-90DB-B488A400E716}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{92F52CAD-7B01-4C1B-B719-F5FB093C87F9}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{FE889FF6-DE68-41B3-A8C5-30643C4BA493}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{E19EA465-3463-41EC-ACE5-6E51C0C92E89}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{145287FD-92B4-4041-BA4F-227734206441}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{D72FF3D1-CDC6-4F56-9CD2-C0C8FC466470}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{BF400CF0-CB3C-42E4-B4F2-71640F545275}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\TenioDL.exe
FirewallRules: [{FD48D7F1-FF58-4BA3-B5BA-AF1A627BB4CA}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\TenioDL.exe
FirewallRules: [{967129CA-ECE8-489A-BB39-372CE00F7529}] => (Allow) C:\Program Files\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{A3262ADB-2815-4642-9F78-062B802CC823}] => (Allow) C:\Program Files\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{10D2C3C2-6D4B-4822-881A-9BB0FED2FEF1}] => (Allow) C:\Program Files\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{A650826B-82DA-49CA-AE02-4A800094B61D}] => (Allow) C:\Program Files\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{03541D16-E599-4784-B0D4-5EED5BE23E2D}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\Tencent\TGPMiniDown.1367.2.1.4.7357\TenioDL\TenioDL.exe
FirewallRules: [{3C2E7CD0-005F-499D-8624-522397C81B18}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\Tencent\TGPMiniDown.1367.2.1.4.7357\TenioDL\TenioDL.exe
FirewallRules: [{6BC61635-82A1-4B98-B166-A01862F58E06}] => (Allow) C:\Program Files\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{54D73933-AD5A-471A-8D25-8C23C1E68C95}] => (Allow) C:\Program Files\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{377DC9D1-9FFB-4D01-A92D-4A53AEAAD389}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{53D25F20-261F-442C-8143-7E2A08C7F7F2}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{0613248B-27AA-446D-84AC-3B664F0888F0}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\CrossProxy.exe
FirewallRules: [{3AF89A33-C9A2-4783-97B2-EFC24C8DADAA}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\CrossProxy.exe
FirewallRules: [{FB7EDF8A-3185-4DF1-A49E-C5B86602AFBC}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
FirewallRules: [{EE69F494-CD09-47A1-9EC5-A851023FDA69}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
FirewallRules: [{2E06D05E-EE16-4917-9AFB-FBE1801BACBA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{B94D79ED-A850-4D7E-BF43-6EF52C611FD1}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{EA9BA323-65EB-4494-9FBA-9BC210EEE30C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{777D4481-E7F2-4C46-9163-4442EF147037}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{64180F4E-C1F5-463C-9D40-BD48B2ADF4D0}] => (Allow) C:\Users\javonmhawk\AppData\Roaming\Tencent\剑灵\7AA487D7EED5B7D8C829D33144690A0C\TenioDL\TenioDL.exe
FirewallRules: [{968B83A2-B9B2-4758-AAAC-52DEF0BF0381}] => (Allow) C:\Users\javonmhawk\AppData\Roaming\Tencent\剑灵\7AA487D7EED5B7D8C829D33144690A0C\TenioDL\TenioDL.exe
FirewallRules: [{09F59D33-7C74-48B3-AAAC-429FAA61AF02}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{A7624E23-59B3-4609-8363-6488972C9592}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{53AF5444-AEF3-4B16-90AE-60B3A63DCB1E}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{B3C15CEA-C1E2-4544-9E66-F60F206DA9B7}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{7DACC1DB-4C65-41D8-9E2E-39879FE0EF4A}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{1E19A3A3-EFA2-4A19-9044-25BD86215185}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{8805776B-A8BA-493F-B374-0D7CD3000857}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{C3C0247C-9611-4267-8B57-E082589CE42A}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{52E9A190-AFFD-4BCB-9666-3F0CC4FB6140}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{01E731B6-2120-4853-B3B8-7E64D3D5CF44}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{D32DC36C-AC1A-461A-BEFA-EA53DAB236CA}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{028411A4-E7FA-456A-8801-3EE3A46394E7}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{20E379E4-BAE1-4106-921C-C145FE828A5A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{BBED977F-D92A-4661-B45A-BFB92DAA6F2D}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 03:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000025c008c
Faulting process id: 0x978
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/18/2015 07:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spotify.exe version 1.0.5.178 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b70

Start Time: 01d091a14188139b

Termination Time: 219

Application Path: C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe

Report Id: d590e6bb-fdba-11e4-82a4-d8cb8a1844c4

Faulting package full name:

Faulting package-relative application ID:

Error: (05/16/2015 11:55:01 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (05/14/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x00000000000694f7
Faulting process id: 0xe60
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/13/2015 04:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000002e6008c
Faulting process id: 0x9d4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/11/2015 09:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000027f00c5
Faulting process id: 0xdb8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/11/2015 06:07:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000003c5008c
Faulting process id: 0xa64
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/04/2015 02:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x00000000000694f7
Faulting process id: 0x5bc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/01/2015 02:00:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000026c008c
Faulting process id: 0xf98
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/01/2015 01:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Warframe.x64.exe, version: 2015.4.28.16, time stamp: 0x553ff455
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x0000000000031873
Faulting process id: 0xf40
Faulting application start time: 0xWarframe.x64.exe0
Faulting application path: Warframe.x64.exe1
Faulting module path: Warframe.x64.exe2
Report Id: Warframe.x64.exe3
Faulting package full name: Warframe.x64.exe4
Faulting package-relative application ID: Warframe.x64.exe5

System errors:
=============
Error: (05/19/2015 11:44:15 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/19/2015 11:44:14 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/19/2015 08:28:34 AM) (Source: DCOM) (EventID: 10010) (User: Zen)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/19/2015 08:28:04 AM) (Source: DCOM) (EventID: 10010) (User: Zen)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/18/2015 10:59:45 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/18/2015 10:59:45 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/18/2015 02:42:55 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/18/2015 02:42:25 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/17/2015 11:40:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (05/17/2015 11:39:58 PM) (Source: DCOM) (EventID: 10010) (User: Zen)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Microsoft Office Sessions:
=========================
Error: (05/20/2015 03:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000025c008c97801d0933abca83ef9C:\Windows\Explorer.EXEunknown2f288ba7-ff2e-11e4-82a7-d8cb8a1844c4

Error: (05/18/2015 07:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Spotify.exe1.0.5.178b7001d091a14188139b219C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exed590e6bb-fdba-11e4-82a4-d8cb8a1844c4

Error: (05/16/2015 11:55:01 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (05/14/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcntdll.dll6.3.9600.17736550f4336c000000500000000000694f7e6001d08e8bea00c2c8C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll4a62d1e3-fa7f-11e4-82a0-d8cb8a1844c4

Error: (05/13/2015 04:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c00000050000000002e6008c9d401d08dc30167e122C:\Windows\Explorer.EXEunknown5765a819-f9b6-11e4-829f-d8cb8a1844c4

Error: (05/11/2015 09:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000027f00c5db801d08bf9d8b0e512C:\Windows\Explorer.EXEunknown2f894311-f7ed-11e4-829d-d8cb8a1844c4

Error: (05/11/2015 06:07:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c00000050000000003c5008ca6401d08bdaa8045cd4C:\Windows\Explorer.EXEunknownfa44d9a2-f7cd-11e4-829c-d8cb8a1844c4

Error: (05/04/2015 02:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcntdll.dll6.3.9600.17736550f4336c000000500000000000694f75bc01d086a1dda4f5f3C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll2e580e48-f295-11e4-8296-d8cb8a1844c4

Error: (05/01/2015 02:00:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000026c008cf9801d08440fb1713f2C:\Windows\Explorer.EXEunknown4edd6d7c-f034-11e4-8293-d8cb8a1844c4

Error: (05/01/2015 01:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Warframe.x64.exe2015.4.28.16553ff455ntdll.dll6.3.9600.17736550f4336c00000050000000000031873f4001d0842a19626926C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exeC:\Windows\SYSTEM32\ntdll.dll94924269-f033-11e4-8292-d8cb8a1844c4

CodeIntegrity Errors:
===================================
Date: 2015-03-21 05:45:45.238
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:10.347
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:09.003
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:06.800
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:06.503
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:04.441
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:03.691
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:03.238
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:02.988
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:02.628
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 70%
Total physical RAM: 3272.11 MB
Available physical RAM: 971.18 MB
Total Pagefile: 5576.11 MB
Available Pagefile: 2390.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:356.62 GB) NTFS
Drive d: (DA Inquisition 1) (CDROM) (Total:7.91 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9A00759D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Broni · May 20, 2015

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

I'd assume this 电脑管家系统防护 is some AV program by Tencent?
If so, you're also running ZoneAlarm antivirus.
You must uninstall one of them.

Are you familiar with this file?
C:\vdc.exe

ZenWaves · May 20, 2015

I uninstalled the tencent program. And no I am not. Is it some sort of exploit?

Broni · May 20, 2015

Not sure yet.
Upload vdc.exe file here: https://www.virustotal.com/ for security check.

ZenWaves · May 20, 2015

An encoded exploit for my specific os using TRid to hide in my system logs to open a hidden ssl to some malicious site?

Developer metadata
Copyright
Copyright © vdc 2014
Publisher vdc
Product vdc
Original name vdc.exe
Internal name vdc.exe
File version 1.0.0.0
Description vdc
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-10 19:58:01
Link date 8:58 PM 12/10/2014
Entry Point 0x000058AE
Number of sections 4
.NET details
Module Version ID 2501f48a-693f-4880-bfbf-37e347060d04
TypeLib ID 1de3a5d1-aeeb-4214-a55c-89c341a606e7
PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.text 8192 14516 14848 5.57 28eb2a2f1180d5a0a9371547139927b6
.sdata 24576 312 512 2.03 85459836be3fabbd8f28cf83463b6a07
.rsrc 32768 12768 12800 3.59 58b519f384631426d17b7d9ecf858695
.reloc 49152 12 512 0.08 2cbdb34009b7fafc12a8660d01ddb333
PE imports
[+] mscoree.dll
Number of PE resources by type
RT_ICON 7
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
ExifTool file metadata
SubsystemVersion
4.0
InitializedDataSize
13824
ImageVersion
0.0
FileSubtype
0
FileVersionNumber
1.0.0.0
UninitializedDataSize
0
LanguageCode
Neutral
FileFlagsMask
0x003f
CharacterSet
Unicode
LinkerVersion
11.0
FileOS
Win32
EntryPoint
0x58ae
MIMEType
application/octet-stream
LegalCopyright
Copyright vdc 2014
FileVersion
1.0.0.0
TimeStamp
2014:12:10 20:58:01+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
vdc.exe
ProductVersion
1.0.0.0
FileDescription
vdc
OSVersion
4.0
OriginalFilename
vdc.exe
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
CompanyName
vdc
CodeSize
14848
ProductName
vdc
ProductVersionNumber
1.0.0.0
FileTypeExtension
exe
ObjectFileType
Executable application
AssemblyVersion
1.0.0.0
File identification
MD5 f5776ff681973290fc788e1375ef2dce
SHA1 79645cd38f7a53b74343474602b75c978b7a8e4e
SHA256 854abfe614b8fae4d776ae6409844c135656b531c6a646fcac7a64330e163f34
ssdeep
384:voWjQHxRe6VdoMSra2d+MyxeFLk245UuonG/Nw/:AWjkXzVLKa2kfxeZTL
authentihash 2b1851d0b00d410b375c3220a5e3c89fd3f585d89d75af2558ef3571b2557f75
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 29.0 KB ( 29696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly
VirusTotal metadata
First submission 2014-12-14 23:36:35 UTC ( 5 months, 1 week ago )
Last submission 2015-05-18 13:59:48 UTC ( 2 days, 11 hours ago )
File names vt-upload-kRlYUE
vdc.exe
vdc.exe
vdc.exe
vti-rescan
file-7877778_exe

Broni · May 20, 2015

What was scan result by AV engines?

ZenWaves · May 20, 2015

Using malwarebytes and nothing comes back..

Broni · May 20, 2015

At VirusTotal site.

ZenWaves · May 20, 2015

Ikarus: Trojan.MSIL.Crypt 20150518
Symantec: WS.Reputation.1 20150518
TrendMicro-HouseCall: Suspicious_GEN.F47V0321 20150518
ViRobot: Trojan.Win32.A.BHO.29696[h] 20150518

Broni · May 21, 2015

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

ZenWaves · May 23, 2015

# AdwCleaner v4.205 - Logfile created 23/05/2015 at 19:13:00
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : javonmhawk - ZEN
# Running from : C:\Users\javonmhawk\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : QMUdisk

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\KingSoft
Folder Deleted : C:\ProgramData\tencent
Folder Deleted : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Deleted : C:\Program Files (x86)\tencent
Folder Deleted : C:\Program Files (x86)\Common Files\tencent
Folder Deleted : C:\Users\JAVONM~1\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\JAVONM~1\AppData\Local\Temp\tencent
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
Folder Deleted : C:\Program Files\tencent
Folder Deleted : C:\Program Files\Common Files\tencent
Folder Deleted : C:\Users\javonmhawk\AppData\Roaming\Check Point Software Technologies LTD
Folder Deleted : C:\Users\javonmhawk\AppData\Roaming\tencent
Folder Deleted : C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\Extensions\ffxtlbr@zonealarm.com
File Deleted : C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\searchplugins\zonealarm.xml
File Deleted : C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\user.js

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v38.0.1 (x86 en-US)

[jxxtznra.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=c5c0f92c701e41e895fcb0ccbccb4c3a&tu=10GAz00J12D30q0&sku=&tstsId=&ver=&&q=");
[jxxtznra.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=c5c0f92c701e41e895fcb0ccbccb4c3a&tu=10GAz00J12D30q0&sku=&tstsId=&ver=&&q=");

*************************

AdwCleaner[R0].txt - [4527 bytes] - [23/05/2015 19:07:37]
AdwCleaner[S0].txt - [4557 bytes] - [23/05/2015 19:13:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4616 bytes] ##########

ZenWaves · May 23, 2015

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.8 (05.23.2015:2)
OS: Windows 8.1 x64
Ran by javonmhawk on 05/23/2015 Sat at 19:27:53.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-1002
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-500

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\javonmhawk\AppData\Roaming\mozilla\firefox\profiles\jxxtznra.default\prefs.js

user_pref(browser.startup.homepage, hxxps://duckduckgo.com/);

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/23/2015 Sat at 19:36:20.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · May 23, 2015

Any reason why you're not running scans in prescribed order?

ZenWaves · May 23, 2015

Well uhhh.. Malwarebytes didnt come back with anything..

ZenWaves · May 23, 2015

My os is running a lot faster though..

Broni · May 23, 2015

RogueKiller?

ZenWaves · May 23, 2015

My bad I thought I posted the log for rk here it is:
RogueKiller V10.6.5.0 [May 20 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : javonmhawk [Administrator]
Started from : C:\Users\javonmhawk\Downloads\RogueKiller.exe
Mode : Delete -- Date : 05/21/2015 17:01:31

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] SpotifyCrashService.exe(2444) -- C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyCrashService.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 9 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904} -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] jxxtznra.default : zonealarm.com [ffxtlbr@zonealarm.com] -> Not selected
[PUM.HomePage][FIREFX:Config] jxxtznra.default : user_pref("browser.startup.homepage", "https://duckduckgo.com/"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA DT01ACA050 SATA Disk Device +++++
--- User ---
[MBR] 56582a0f7aced9244b6571d47b404afd
[BSP] 89b4af2082215f1f35a6c643d6901173 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 476588 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_05212015_170040.log

Broni · May 23, 2015

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

ZenWaves · May 24, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by javonmhawk (administrator) on ZEN on 24-05-2015 21:34:33
Running from C:\Users\javonmhawk\Downloads
Loaded Profiles: javonmhawk (Available Profiles: javonmhawk)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessus-service.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessusd.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Spotify Ltd) C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(www.motioninjoy.com) C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)
HKLM\...\Run: [vdc] => c:\vdc.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-13] (Electronic Arts)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [4726872 2015-03-18] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [Spotify Web Helper] => C:\Users\javonmhawk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-18] (Spotify Ltd)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Run: [Spotify] => C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-18] (Spotify Ltd)
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\RunOnce: [Adobe Speed Launcher] => 1432487534
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\MountPoints2: {e3faffaa-9b89-11e4-8257-806e6f6e6963} - "D:\Autorun.exe"
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [131072 2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-30] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-02] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\javonmhawk\AppData\Roaming\Mozilla\Firefox\Profiles\jxxtznra.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-23]
FF HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) []
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-03-22] (Microsoft Corporation)
U2 iprip; C:\Windows\System32\iprip.dll [34816 2015-03-22] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-23] (Electronic Arts)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 Tenable Nessus; C:\Program Files\Tenable\Nessus\nessus-service.exe [17376 2015-03-27] (Tenable Network Security, Inc)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-10] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-06-10] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490080 2014-06-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) []
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 QqGameMasterControl; C:\Windows\system32\drivers\QMTgpNetflow764.sys [47928 2013-12-13] (tencent)
R1 QqGameMasterControl; C:\Windows\SysWOW64\drivers\QMTgpNetflow764.sys [47928 2013-12-13] (tencent)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-04-12] (TENCENT)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-21] ()
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 TS888x64; \??\C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TS888x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 21:34 - 2015-05-24 21:34 - 00000000 ____D () C:\Users\javonmhawk\Downloads\FRST-OlderVersion
2015-05-24 12:16 - 2015-05-24 19:58 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-1002
2015-05-23 19:36 - 2015-05-23 19:36 - 00001540 _____ () C:\Users\javonmhawk\Desktop\JRT.txt
2015-05-23 19:28 - 2015-05-23 19:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ZEN-Windows-8.1-(64-bit).dat
2015-05-23 19:27 - 2015-05-23 19:27 - 02720636 _____ (Thisisu) C:\Users\javonmhawk\Downloads\JRT.exe
2015-05-23 19:27 - 2015-05-23 19:27 - 00000000 ____D () C:\RegBackup
2015-05-23 19:07 - 2015-05-23 19:16 - 00000000 ____D () C:\AdwCleaner
2015-05-23 19:04 - 2015-05-23 19:04 - 02223104 _____ () C:\Users\javonmhawk\Downloads\AdwCleaner.exe
2015-05-21 17:03 - 2015-05-21 17:03 - 00003275 _____ () C:\Users\javonmhawk\Desktop\RKreport_DEL_05212015_170131.log
2015-05-21 16:50 - 2015-05-21 19:47 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-21 16:50 - 2015-05-21 16:50 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-21 16:48 - 2015-05-21 16:49 - 16986200 _____ () C:\Users\javonmhawk\Downloads\RogueKiller.exe
2015-05-20 15:34 - 2015-05-20 15:36 - 00041154 _____ () C:\Users\javonmhawk\Downloads\Addition.txt
2015-05-20 15:31 - 2015-05-24 21:34 - 02108416 _____ (Farbar) C:\Users\javonmhawk\Downloads\FRST64.exe
2015-05-20 15:31 - 2015-05-24 21:34 - 00013331 _____ () C:\Users\javonmhawk\Downloads\FRST.txt
2015-05-20 15:31 - 2015-05-24 21:34 - 00000000 ____D () C:\FRST
2015-05-18 17:07 - 2015-05-24 21:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 16:00 - 2015-05-18 16:00 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-18 16:00 - 2015-05-18 16:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-18 16:00 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 16:00 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 16:00 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 14:46 - 2015-05-18 14:47 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\javonmhawk\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-15 16:55 - 2015-05-20 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-05-13 01:24 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 01:24 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 01:24 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 01:24 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 01:24 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 01:24 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 01:24 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 01:24 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 01:24 - 2015-04-21 11:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 01:24 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 01:24 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 01:24 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 01:24 - 2015-04-21 11:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 01:24 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 01:24 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 01:24 - 2015-04-21 10:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 01:24 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 01:24 - 2015-04-21 10:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 01:24 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 01:24 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 01:24 - 2015-04-21 10:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 01:24 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 01:24 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 01:24 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 01:24 - 2015-04-21 10:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 01:24 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 01:24 - 2015-04-21 10:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 01:24 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 01:24 - 2015-04-21 10:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 01:24 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 01:24 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 01:24 - 2015-04-21 10:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 01:24 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 01:24 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 01:24 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 01:24 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 01:24 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 01:24 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 01:24 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 01:22 - 2015-04-30 15:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:22 - 2015-04-30 15:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:05 - 2015-04-13 17:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 18:05 - 2015-04-09 20:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 18:05 - 2015-04-09 19:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 18:05 - 2015-04-09 19:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 18:05 - 2015-03-30 00:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 18:05 - 2015-03-26 22:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 18:05 - 2015-03-26 21:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 18:05 - 2015-03-26 21:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 18:05 - 2014-10-28 21:42 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 18:05 - 2014-10-28 20:19 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 18:05 - 2014-10-28 19:59 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 18:04 - 2015-04-30 18:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 18:04 - 2015-04-30 17:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 18:03 - 2015-04-08 17:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-08 17:10 - 2015-05-08 17:13 - 78683444 _____ () C:\Users\javonmhawk\Downloads\preservation__september_1200.zip
2015-05-02 12:57 - 2015-05-02 12:57 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Macromedia
2015-04-24 15:53 - 2015-04-24 15:54 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\yspkg5eua0il

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 21:31 - 2015-03-23 20:37 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Warframe
2015-05-24 21:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-24 19:48 - 2014-12-30 11:49 - 01523264 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 14:14 - 2015-04-03 22:00 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Spotify
2015-05-24 12:57 - 2015-04-03 21:58 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Spotify
2015-05-24 11:36 - 2015-04-12 15:24 - 00001024 _____ () C:\.rnd
2015-05-24 11:36 - 2013-08-22 09:46 - 00065413 _____ () C:\Windows\setupact.log
2015-05-24 11:36 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 22:21 - 2015-03-20 19:06 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A46DFE9-4646-4D03-92DD-360A27E6859E}
2015-05-23 19:16 - 2014-12-30 11:54 - 00001218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
2015-05-22 03:33 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-21 14:58 - 2014-03-18 04:54 - 00065792 _____ () C:\Windows\PFRO.log
2015-05-20 19:57 - 2015-03-24 07:37 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-05-20 15:23 - 2015-03-24 10:00 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-05-18 19:09 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Branding
2015-05-17 19:47 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-17 08:53 - 2015-03-24 03:00 - 00435308 _____ () C:\Windows\system32\prfh0804.dat
2015-05-17 08:53 - 2015-03-24 03:00 - 00135332 _____ () C:\Windows\system32\prfc0804.dat
2015-05-17 08:53 - 2014-03-18 05:03 - 01434808 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 15:53 - 2015-03-24 07:37 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-05-15 11:33 - 2014-12-30 12:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-14 20:24 - 2015-03-23 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 17:11 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-05-13 16:12 - 2013-08-22 09:44 - 00337616 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 01:26 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-12 18:06 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-04 00:21 - 2015-03-20 18:53 - 00000000 ____D () C:\Users\javonmhawk
2015-05-02 00:51 - 2015-03-26 12:30 - 00000000 ____D () C:\Users\javonmhawk\AppData\Local\Adobe
2015-04-28 17:06 - 2015-03-25 19:20 - 00004489 ____H () C:\Windows\SysWOW64\BTImages.dat

==================== Files in the root of some directories =======

2014-12-30 11:55 - 2014-12-30 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-24 11:49 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0001.dat
2015-03-24 11:29 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0006.dat

Files to move or delete:
====================
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat

Some files in TEMP:
====================
C:\Users\javonmhawk\AppData\Local\Temp\dllnt_dump.dll
C:\Users\javonmhawk\AppData\Local\Temp\i4jdel0.exe
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_AndroidServer.exe
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_7_16066_216.exe
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_9_16349_225.exe
C:\Users\javonmhawk\AppData\Local\Temp\Quarantine.exe
C:\Users\javonmhawk\AppData\Local\Temp\sqlite3.dll
C:\Users\javonmhawk\AppData\Local\Temp\TENCENTDOWNLOAD.EXE
C:\Users\javonmhawk\AppData\Local\Temp\TXPltSafeInit.dll
C:\Users\javonmhawk\AppData\Local\Temp\uninst.exe
C:\Users\javonmhawk\AppData\Local\Temp\uninstall_complete.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-15 13:28

==================== End of log ============================

ZenWaves · May 24, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by javonmhawk at 2015-05-24 21:36:35
Running from C:\Users\javonmhawk\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1748747307-3260626592-723431498-500 - Administrator - Disabled)
Guest (S-1-5-21-1748747307-3260626592-723431498-501 - Limited - Enabled)
javonmhawk (S-1-5-21-1748747307-3260626592-723431498-1002 - Administrator - Enabled) => C:\Users\javonmhawk

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{76E8353E-9CE9-ED86-8631-7FBE17A17C31}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
China Localization Patcher (HKLM-x32\...\{D04987F6-486C-449A-9F8B-C6F411E57221}) (Version: 2.0.4.0 - LokiReborn)
Cybertron Support (HKLM-x32\...\{37DC4BBF-7374-4990-A794-20932267D4AC}) (Version: 1.0.0 - CybertronPC)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.7 - Electronic Arts)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Tenable Nessus (x64) (HKLM\...\{3BAEB8B8-4F71-48B3-A378-80A56BBD0522}) (Version: 6.3.4.20022 - Tenable Network Security, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warframe (HKLM-x32\...\{14C25CC2-D3E2-4298-B927-32B22760754B}) (Version: 1.0.0 - Digital Extremes)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.5.428 - Initex & AAA Internet Publishing)
ZoneAlarm Antivirus (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar (HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
剑灵_腾讯 (HKLM-x32\...\剑灵_腾讯) (Version: - Tencent)
腾讯游戏平台 (HKLM-x32\...\腾讯游戏平台Formal) (Version: - Tencent)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

28-04-2015 16:57:18 Scheduled Checkpoint
08-05-2015 23:14:20 Scheduled Checkpoint
12-05-2015 18:01:59 Windows Update
20-05-2015 17:56:26 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {FDBECD64-11C7-4595-B201-C862A3C92426} - \Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-500 No Task File <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2013-11-01 14:46 - 2013-11-01 14:46 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\javonmhawk\AppData\Local\Microsoft\Windows\INetCache\IE\G08ZYFC4\miyamoto-musashi_png[1].png
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\StartupApproved\Run: => "WTFast Tray"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BECF7625-F656-4B82-9498-C1001F27ADB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7EB7E096-3067-4BB7-A7CD-76211BE61171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{705E7AF4-659A-41D0-A434-8DFBB53E0159}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\MiniQQDL.exe
FirewallRules: [{FC935B1A-99AC-4D4F-A045-88658BCD8D52}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\MiniQQDL.exe
FirewallRules: [{B1827F65-B962-4DC5-9351-C7415590FEC9}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{A814739B-5B38-49D6-B115-A9654D9A042B}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [TCP Query User{C99EA740-5E02-4117-90CE-36988EB10877}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe
FirewallRules: [UDP Query User{7BF2407B-4A02-41F3-8EDE-68DE0E5921E5}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\tensafe_1.exe
FirewallRules: [TCP Query User{072EBE69-40DE-4E01-ACA2-6F624236A216}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe
FirewallRules: [UDP Query User{77A270B6-067E-452B-8F7C-69439F65E9E1}C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\tenprotect\taslogin.exe
FirewallRules: [{E448C705-87A3-4FD1-A7B1-628957F4ADCD}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCmgrInstallGuide.exe
FirewallRules: [{6617C360-3029-4FC8-A8BE-8E2EA99627DA}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCTray.exe
FirewallRules: [{1954820D-162F-48B4-A4BD-EF16F0ADC46B}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCMgr.exe
FirewallRules: [{F0D6F8F5-396F-42AF-ADAF-88AA70F71761}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCRTP.exe
FirewallRules: [{9AC4A959-8184-4940-BEF3-92C74ABF3493}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\bugreport.exe
FirewallRules: [{EC2F0A96-2E02-4D4D-B49E-511B4B8C5656}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCFileOpen.exe
FirewallRules: [{7EB652F6-CB58-423B-95FF-EDA463F6AC7A}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLeakScan.exe
FirewallRules: [{CE9363EE-7AE0-4E3F-B63C-1C4A3F54E203}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLoader.exe
FirewallRules: [{A5F5BEAB-B686-46A5-9B30-6FF76D0B06E6}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPConfig.exe
FirewallRules: [{D42998D0-069E-4F15-8993-9BE9854FD832}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSoftMgr.exe
FirewallRules: [{BF4E055F-40E4-4C26-ABFE-7E8BBCA2AAE5}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{9758CAEB-ABE1-45E2-AD6E-B029C9929634}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QDeskSetup.exe
FirewallRules: [{30DA8BFF-4164-4CFF-8DFA-267BC4032EBB}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCBTU.exe
FirewallRules: [{34389B3E-EEDC-4355-921A-15153AE08137}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCClinic.exe
FirewallRules: [{2D2CCEDF-EFF4-457F-8C72-3C5CFD069C4B}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCLaunch.exe
FirewallRules: [{A5FAC437-5E26-4857-8A64-B7634D682DA1}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{5BE57A46-649D-43F8-8578-0CCB03198762}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSoftGame.exe
FirewallRules: [{ADAB8652-7A13-4993-B77B-82485098BEAF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCSysOptimize.exe
FirewallRules: [{1E12A57D-834D-4561-9CD0-7AD646AA4501}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCUpdateAVLib.exe
FirewallRules: [{95A04BF1-98C4-43D2-ABA1-D3E8611EB4F8}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQRepair.exe
FirewallRules: [{3BC76FFB-0207-45B6-8FD7-7D9AAA840AAF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\Uninst.exe
FirewallRules: [{85F0AFF1-ED71-4638-B79F-04811D877EFF}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QQPCPatch.exe
FirewallRules: [{520974BD-31C2-4A9F-A409-D66EED125B60}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\TpkUpdate.exe
FirewallRules: [{DC564761-19CB-4796-B097-9923E6725D7A}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMDL.exe
FirewallRules: [{F1727150-6D80-45D9-82F7-F7070277B546}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMDL.exe
FirewallRules: [{26B4B996-A3E5-4DC1-B43B-FA7B0FDD2000}] => (Allow) C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMAccountProtection.exe
FirewallRules: [TCP Query User{D11F2F95-1AEE-475A-ABFE-D098890E26D9}C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe
FirewallRules: [UDP Query User{6C5E803B-1959-4D4A-95D1-6E44A5E44209}C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe] => (Allow) C:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe
FirewallRules: [{84B62119-C3A2-49CF-B3D6-07BC77865E15}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\tcls_core.exe
FirewallRules: [{95C1776D-35CA-42CE-8BCE-3AC7103E78FE}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\tcls_core.exe
FirewallRules: [{FC03684F-5D04-4299-9602-16637348D43C}] => (Allow) C:\Users\javonmhawk\TP\TGP\tgp_daemon.exe
FirewallRules: [{56667FD1-BD42-4BFC-BF47-3307475A350E}] => (Allow) C:\Users\javonmhawk\TP\TGP\tgp_daemon.exe
FirewallRules: [{F7BF7742-CE75-4BC9-82E6-77B324FDC047}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{C0E8FFFF-125D-40F7-9BBC-15B5FAAAC960}] => (Allow) C:\Users\javonmhawk\TP\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{9286CF8D-6CFD-4BC5-90DB-B488A400E716}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{92F52CAD-7B01-4C1B-B719-F5FB093C87F9}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{FE889FF6-DE68-41B3-A8C5-30643C4BA493}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{E19EA465-3463-41EC-ACE5-6E51C0C92E89}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{145287FD-92B4-4041-BA4F-227734206441}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{D72FF3D1-CDC6-4F56-9CD2-C0C8FC466470}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{BF400CF0-CB3C-42E4-B4F2-71640F545275}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\TenioDL.exe
FirewallRules: [{FD48D7F1-FF58-4BA3-B5BA-AF1A627BB4CA}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\QQGameDownloader\bns_1425346859_61356\TenioDL.exe
FirewallRules: [{967129CA-ECE8-489A-BB39-372CE00F7529}] => (Allow) C:\Program Files\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{A3262ADB-2815-4642-9F78-062B802CC823}] => (Allow) C:\Program Files\Tencent\TGP\tcls\tcls_core.exe
FirewallRules: [{10D2C3C2-6D4B-4822-881A-9BB0FED2FEF1}] => (Allow) C:\Program Files\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{A650826B-82DA-49CA-AE02-4A800094B61D}] => (Allow) C:\Program Files\Tencent\TGP\tgp_daemon.exe
FirewallRules: [{03541D16-E599-4784-B0D4-5EED5BE23E2D}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\Tencent\TGPMiniDown.1367.2.1.4.7357\TenioDL\TenioDL.exe
FirewallRules: [{3C2E7CD0-005F-499D-8624-522397C81B18}] => (Allow) C:\Users\javonmhawk\AppData\Local\Temp\Tencent\TGPMiniDown.1367.2.1.4.7357\TenioDL\TenioDL.exe
FirewallRules: [{6BC61635-82A1-4B98-B166-A01862F58E06}] => (Allow) C:\Program Files\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{54D73933-AD5A-471A-8D25-8C23C1E68C95}] => (Allow) C:\Program Files\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe
FirewallRules: [{377DC9D1-9FFB-4D01-A92D-4A53AEAAD389}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{53D25F20-261F-442C-8143-7E2A08C7F7F2}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{0613248B-27AA-446D-84AC-3B664F0888F0}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\CrossProxy.exe
FirewallRules: [{3AF89A33-C9A2-4783-97B2-EFC24C8DADAA}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\CrossProxy.exe
FirewallRules: [{FB7EDF8A-3185-4DF1-A49E-C5B86602AFBC}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
FirewallRules: [{EE69F494-CD09-47A1-9EC5-A851023FDA69}] => (Allow) C:\Program Files\腾讯游戏\剑灵_腾讯\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe
FirewallRules: [{2E06D05E-EE16-4917-9AFB-FBE1801BACBA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{B94D79ED-A850-4D7E-BF43-6EF52C611FD1}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{EA9BA323-65EB-4494-9FBA-9BC210EEE30C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{777D4481-E7F2-4C46-9163-4442EF147037}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{64180F4E-C1F5-463C-9D40-BD48B2ADF4D0}] => (Allow) C:\Users\javonmhawk\AppData\Roaming\Tencent\剑灵\7AA487D7EED5B7D8C829D33144690A0C\TenioDL\TenioDL.exe
FirewallRules: [{968B83A2-B9B2-4758-AAAC-52DEF0BF0381}] => (Allow) C:\Users\javonmhawk\AppData\Roaming\Tencent\剑灵\7AA487D7EED5B7D8C829D33144690A0C\TenioDL\TenioDL.exe
FirewallRules: [{09F59D33-7C74-48B3-AAAC-429FAA61AF02}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{A7624E23-59B3-4609-8363-6488972C9592}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{53AF5444-AEF3-4B16-90AE-60B3A63DCB1E}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{B3C15CEA-C1E2-4544-9E66-F60F206DA9B7}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{7DACC1DB-4C65-41D8-9E2E-39879FE0EF4A}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{1E19A3A3-EFA2-4A19-9044-25BD86215185}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{8805776B-A8BA-493F-B374-0D7CD3000857}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{C3C0247C-9611-4267-8B57-E082589CE42A}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{52E9A190-AFFD-4BCB-9666-3F0CC4FB6140}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{01E731B6-2120-4853-B3B8-7E64D3D5CF44}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{D32DC36C-AC1A-461A-BEFA-EA53DAB236CA}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{028411A4-E7FA-456A-8801-3EE3A46394E7}] => (Allow) C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{20E379E4-BAE1-4106-921C-C145FE828A5A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{BBED977F-D92A-4661-B45A-BFB92DAA6F2D}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 03:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000025c008c
Faulting process id: 0x978
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/18/2015 07:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spotify.exe version 1.0.5.178 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b70

Start Time: 01d091a14188139b

Termination Time: 219

Application Path: C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exe

Report Id: d590e6bb-fdba-11e4-82a4-d8cb8a1844c4

Faulting package full name:

Faulting package-relative application ID:

Error: (05/16/2015 11:55:01 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (05/14/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x00000000000694f7
Faulting process id: 0xe60
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/13/2015 04:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000002e6008c
Faulting process id: 0x9d4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/11/2015 09:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000027f00c5
Faulting process id: 0xdb8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/11/2015 06:07:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000003c5008c
Faulting process id: 0xa64
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/04/2015 02:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x00000000000694f7
Faulting process id: 0x5bc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/01/2015 02:00:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000026c008c
Faulting process id: 0xf98
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/01/2015 01:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Warframe.x64.exe, version: 2015.4.28.16, time stamp: 0x553ff455
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x0000000000031873
Faulting process id: 0xf40
Faulting application start time: 0xWarframe.x64.exe0
Faulting application path: Warframe.x64.exe1
Faulting module path: Warframe.x64.exe2
Report Id: Warframe.x64.exe3
Faulting package full name: Warframe.x64.exe4
Faulting package-relative application ID: Warframe.x64.exe5

System errors:
=============
Error: (05/24/2015 11:37:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The RIP Listener service hung on starting.

Error: (05/24/2015 11:36:06 AM) (Source: IPRIP) (EventID: 29048) (User: )
Description: RIP listener service failed during initialization

Error: (05/24/2015 03:07:01 AM) (Source: DCOM) (EventID: 10010) (User: Zen)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/24/2015 03:06:30 AM) (Source: DCOM) (EventID: 10010) (User: Zen)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/23/2015 07:29:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Tenable Nessus service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 07:28:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 07:28:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 07:28:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 07:28:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 07:28:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Microsoft Office:
=========================
Error: (05/20/2015 03:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000025c008c97801d0933abca83ef9C:\Windows\Explorer.EXEunknown2f288ba7-ff2e-11e4-82a7-d8cb8a1844c4

Error: (05/18/2015 07:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Spotify.exe1.0.5.178b7001d091a14188139b219C:\Users\javonmhawk\AppData\Roaming\Spotify\Spotify.exed590e6bb-fdba-11e4-82a4-d8cb8a1844c4

Error: (05/16/2015 11:55:01 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (05/14/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcntdll.dll6.3.9600.17736550f4336c000000500000000000694f7e6001d08e8bea00c2c8C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll4a62d1e3-fa7f-11e4-82a0-d8cb8a1844c4

Error: (05/13/2015 04:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c00000050000000002e6008c9d401d08dc30167e122C:\Windows\Explorer.EXEunknown5765a819-f9b6-11e4-829f-d8cb8a1844c4

Error: (05/11/2015 09:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000027f00c5db801d08bf9d8b0e512C:\Windows\Explorer.EXEunknown2f894311-f7ed-11e4-829d-d8cb8a1844c4

Error: (05/11/2015 06:07:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c00000050000000003c5008ca6401d08bdaa8045cd4C:\Windows\Explorer.EXEunknownfa44d9a2-f7cd-11e4-829c-d8cb8a1844c4

Error: (05/04/2015 02:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcntdll.dll6.3.9600.17736550f4336c000000500000000000694f75bc01d086a1dda4f5f3C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll2e580e48-f295-11e4-8296-d8cb8a1844c4

Error: (05/01/2015 02:00:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000026c008cf9801d08440fb1713f2C:\Windows\Explorer.EXEunknown4edd6d7c-f034-11e4-8293-d8cb8a1844c4

Error: (05/01/2015 01:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Warframe.x64.exe2015.4.28.16553ff455ntdll.dll6.3.9600.17736550f4336c00000050000000000031873f4001d0842a19626926C:\Users\javonmhawk\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exeC:\Windows\SYSTEM32\ntdll.dll94924269-f033-11e4-8292-d8cb8a1844c4

CodeIntegrity Errors:
===================================
Date: 2015-03-21 05:45:45.238
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:10.347
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:09.003
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:06.800
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:06.503
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:04.441
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:03.691
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:03.238
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:02.988
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-21 05:45:02.628
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 45%
Total physical RAM: 3272.11 MB
Available physical RAM: 1796.36 MB
Total Pagefile: 5576.11 MB
Available Pagefile: 3221.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:356.33 GB) NTFS
Drive d: (DA Inquisition 1) (CDROM) (Total:7.91 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9A00759D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

==================== End of log ============================

Broni · May 24, 2015

Uninstall McAfee Security Scan, typical foistware.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

ZenWaves · May 24, 2015

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by javonmhawk at 2015-05-24 22:54:05 Run:1
Running from C:\Users\javonmhawk\Desktop
Loaded Profiles: javonmhawk (Available Profiles: javonmhawk)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [vdc] => c:\vdc.exe
c:\vdc.exe
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\RunOnce: [Adobe Speed Launcher] => 1432487534
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\...\MountPoints2: {e3faffaa-9b89-11e4-8257-806e6f6e6963} - "D:\Autorun.exe"
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
S3 TS888x64; \??\C:\Program Files\腾讯游戏\QQPCMgr\10.9.16349.225\TS888x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
2015-05-15 16:55 - 2015-05-20 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-05-20 19:57 - 2015-03-24 07:37 - 00000000 ____D () C:\Users\javonmhawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-05-15 15:53 - 2015-03-24 07:37 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2014-12-30 11:55 - 2014-12-30 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-24 11:49 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0001.dat
2015-03-24 11:29 - 2015-04-12 14:02 - 0000040 _____ () C:\ProgramData\DT0006.dat
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat
C:\Users\javonmhawk\AppData\Local\Temp\dllnt_dump.dll
C:\Users\javonmhawk\AppData\Local\Temp\i4jdel0.exe
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_AndroidServer.exe
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_7_16066_216.exe
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_9_16349_225.exe
C:\Users\javonmhawk\AppData\Local\Temp\Quarantine.exe
C:\Users\javonmhawk\AppData\Local\Temp\sqlite3.dll
C:\Users\javonmhawk\AppData\Local\Temp\TENCENTDOWNLOAD.EXE
C:\Users\javonmhawk\AppData\Local\Temp\TXPltSafeInit.dll
C:\Users\javonmhawk\AppData\Local\Temp\uninst.exe
C:\Users\javonmhawk\AppData\Local\Temp\uninstall_complete.exe
Task: {FDBECD64-11C7-4595-B201-C862A3C92426} - \Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-500 No Task File <==== ATTENTION

*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vdc => value Removed successfully
"c:\vdc.exe" => File/Folder not found.
HKU\S-1-5-21-1748747307-3260626592-723431498-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value Removed successfully
"HKU\S-1-5-21-1748747307-3260626592-723431498-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3faffaa-9b89-11e4-8257-806e6f6e6963}" => key Removed successfully
HKCR\CLSID\{e3faffaa-9b89-11e4-8257-806e6f6e6963} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant" => key Removed successfully
TS888x64 => Service Removed successfully
MSICDSetup => Service Removed successfully
NTIOLib_1_0_C => Service Removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 => Moved successfully.
C:\Users\javonmhawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 => Moved successfully.
C:\Windows\system32\Drivers\TFsFltX64.sys => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\ProgramData\DT0001.dat => Moved successfully.
C:\ProgramData\DT0006.dat => Moved successfully.
"C:\ProgramData\DT0001.dat" => File/Folder not found.
"C:\ProgramData\DT0006.dat" => File/Folder not found.
C:\Users\javonmhawk\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\javonmhawk\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_AndroidServer.exe => Moved successfully.
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_7_16066_216.exe => Moved successfully.
C:\Users\javonmhawk\AppData\Local\Temp\PCMgr_Setup_10_9_16349_225.exe => Moved successfully.
C:\Users\javonmhawk\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\javonmhawk\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\javonmhawk\AppData\Local\Temp\TENCENTDOWNLOAD.EXE => Moved successfully.
C:\Users\javonmhawk\AppData\Local\Temp\TXPltSafeInit.dll => Moved successfully.
C:\Users\javonmhawk\AppData\Local\Temp\uninst.exe => Moved successfully.
C:\Users\javonmhawk\AppData\Local\Temp\uninstall_complete.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDBECD64-11C7-4595-B201-C862A3C92426}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDBECD64-11C7-4595-B201-C862A3C92426}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-500" => key Removed successfully

==== End of Fixlog 22:54:57 ====

Broni · May 25, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Broni · May 29, 2015

Still with me?

Solved Malwarebytes Blocking Malicious Sites

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Attachments

Posts: 18 +0

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads