Solved Random Audio Ads

ChummyXRay

Posts: 26   +0
I apologize if I'm posting this in the wrong place, but I need some help. As of this last week or so I've been hearing random audio ads, mostly some ford ad along with some music. I've seen many users have similar issues solved by a user named Broni. I'm not sure where to begin, so I'm hoping someone can assist me as this is getting incredibly annoying. Avast, Malwarebytes, and Kaspersky weren't able to solve this issue either.
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thanks a ton for being willing to help. Splitting the scans into multiple posts.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01

Ran by Ricky (administrator) on Bob on 18-07-2015 17:05:37

Running from C:\Users\Ricky\Downloads

Loaded Profiles: Ricky (Available Profiles: Ricky)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool:


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Flux Software LLC) C:\Users\Ricky\AppData\Local\FluxSoftware\Flux\flux.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Dropbox, Inc.) C:\Users\Ricky\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(NCSOFT Corporation) C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe

(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(LINE Corporation) C:\Program Files (x86)\LINE\LINE.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Microsoft Corporation) C:\Windows\System32\SndVol.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Spotify Ltd) C:\Users\Ricky\AppData\Roaming\Spotify\Spotify.exe

(Spotify Ltd) C:\Users\Ricky\AppData\Roaming\Spotify\SpotifyCrashService.exe

(Spotify Ltd) C:\Users\Ricky\AppData\Roaming\Spotify\Spotify.exe

(Spotify Ltd) C:\Users\Ricky\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(Spotify Ltd) C:\Users\Ricky\AppData\Roaming\Spotify\Spotify.exe

() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.249\deploy\LoLLauncher.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.33\deploy\LoLPatcher.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.151\deploy\LolClient.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe



==================== Registry (Whitelisted) ==================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)

HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2015-07-18] (NCSOFT Corporation)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-07-09] (Raptr, Inc)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)

HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)

HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)

HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\Run: [Spotify Web Helper] => C:\Users\Ricky\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-18] (Spotify Ltd)

HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\Run: [Spotify] => C:\Users\Ricky\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-18] (Spotify Ltd)

HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\Run: [Dropbox Update] => C:\Users\Ricky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-24] (Dropbox, Inc.)

HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\Run: [GoogleChromeAutoLaunch_91666D2DFC6D4A8FF60FE6A7C745B87B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-13] (Google Inc.)

HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\Run: [f.lux] => C:\Users\Ricky\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-12-04]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)

Startup: C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-12-25]

ShortcutTarget: Dropbox.lnk -> C:\Users\Ricky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


HKU\S-1-5-21-1678945104-314155054-3090002174-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

HKU\S-1-5-21-1678945104-314155054-3090002174-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com

HKU\S-1-5-21-1678945104-314155054-3090002174-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com

HKU\S-1-5-21-1678945104-314155054-3090002174-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-1678945104-314155054-3090002174-1000 -> DefaultScope {B34FA415-F211-4D09-9213-AFB820A3F763} URL =

SearchScopes: HKU\S-1-5-21-1678945104-314155054-3090002174-1000 -> {E7756F41-1EDE-457D-98D7-52BF6E6DE619} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-03-11] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)

BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-03-11] (Oracle Corporation)

BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File

BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)

BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-15] (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-15] (Microsoft Corporation.)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{A63E367D-B78B-4C1E-B9C7-4AB6CAE91B7C}: [NameServer] 8.8.8.4,8.8.8.8

Tcpip\..\Interfaces\{A63E367D-B78B-4C1E-B9C7-4AB6CAE91B7C}: [DhcpNameServer] 192.168.1.1


FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()

FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-11] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-11] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation)

FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-18] ()

FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-18] ()

FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-18] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-1678945104-314155054-3090002174-1000: @nsroblox.roblox.com/launcher -> C:\Users\Ricky\AppData\Local\Roblox\Versions\version-d2fd1d56447746e9\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-1678945104-314155054-3090002174-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Ricky\AppData\Local\Roblox\Versions\version-d2fd1d56447746e9\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-1678945104-314155054-3090002174-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ricky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-1678945104-314155054-3090002174-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-12-24] ()

FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-18]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-18]

FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-18]


Chrome:

=======

CHR Profile: C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-23]

CHR Extension: (AdBlock) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-12-25]

CHR Extension: (Hola Better Internet) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-01-13]

CHR Extension: (Avast Online Security) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-09]

CHR Extension: (LOL Brand) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\keganldfkppgkkgidbippbkalkfcgahf [2014-12-02]

CHR Extension: (League of Legends Summoner Search) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkknigchnappcgnagdnfeefkgnjonfpo [2014-06-24]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]

CHR Extension: (Skype Click to Call) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-18]

CHR Extension: (Google Wallet) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR Profile: C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-30]

CHR Extension: (Google Docs) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30]

CHR Extension: (Google Drive) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]

CHR Extension: (YouTube) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-30]

CHR Extension: (Adblock Plus) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-07]

CHR Extension: (Google Search) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-30]

CHR Extension: (Link Klipper - Extract all links) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fahollcgofmpnehocdgofnhkkchiekoo [2015-07-14]

CHR Extension: (Google Sheets) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-30]

CHR Extension: (AdBlock) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-30]

CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-06-30]

CHR Extension: (LOL Brand) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\keganldfkppgkkgidbippbkalkfcgahf [2015-07-07]

CHR Extension: (League of Legends Summoner Search) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kkknigchnappcgnagdnfeefkgnjonfpo [2015-06-30]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-30]

CHR Extension: (Skype Click to Call) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-06-30]

CHR Extension: (Shortkeys) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\logpjaacgmcbpdkdchjiaagddngobkck [2015-07-06]

CHR Extension: (Google Wallet) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-30]

CHR Extension: (Gmail) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]

CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]


==================== Services (Whitelisted) =================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-12-26] () [File not signed]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)

S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123096 2015-02-18] (altPUG LLC)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-10-11] (EasyAntiCheat Ltd)

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-09-14] (Echobit LLC)

R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-07-18] (Hi-Rez Studios) [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-15] (Electronic Arts)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-05] ()

R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-10] (Razer, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R3 WinHttpAutoProxySvc; winhttp.dll [X]


==================== Drivers (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd)

R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-01-06] (Echobit, LLC)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO)

R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO)

R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO)

R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-27] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [850608 2015-06-27] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-27] (Kaspersky Lab ZAO)

S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO)

S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-27] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-27] (Kaspersky Lab ZAO)

R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-06-27] (Kaspersky Lab ZAO)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)

S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129856 2014-04-25] (Razer, Inc.)

R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()

S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)

R4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-07-18 16:58 - 2015-07-18 16:58 - 00102311 _____ C:\Users\Ricky\Downloads\Addition.txt

2015-07-18 16:57 - 2015-07-18 17:05 - 00032000 _____ C:\Users\Ricky\Downloads\FRST.txt

2015-07-18 16:56 - 2015-07-18 17:05 - 00000000 ____D C:\FRST

2015-07-18 16:56 - 2015-07-18 16:56 - 02134528 _____ (Farbar) C:\Users\Ricky\Downloads\FRST64.exe

2015-07-18 03:32 - 2015-07-18 03:32 - 00000082 _____ C:\Users\Ricky\Downloads\funnyjunk.com_18th_Jul_2015.csv

2015-07-18 01:49 - 2015-07-18 01:49 - 00000000 ____D C:\TDSSKiller_Quarantine

2015-07-18 01:43 - 2015-07-18 01:43 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Ricky\Downloads\tdsskiller.exe

2015-07-18 01:24 - 2015-07-18 01:24 - 00002310 _____ C:\Users\Ricky\Desktop\Safe Money.lnk

2015-07-18 01:24 - 2015-07-18 01:24 - 00002060 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk

2015-07-18 01:24 - 2015-07-18 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security

2015-07-18 01:23 - 2015-07-18 15:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2015-07-18 01:23 - 2015-07-18 01:23 - 00000000 ____D C:\Windows\ELAMBKUP

2015-07-18 01:23 - 2015-07-18 01:23 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab

2015-07-18 01:23 - 2015-06-27 22:14 - 00850608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys

2015-07-18 01:23 - 2015-06-27 22:14 - 00225976 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys

2015-07-18 01:23 - 2015-06-27 22:14 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys

2015-07-18 01:23 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll

2015-07-18 01:01 - 2015-07-18 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2015-07-18 01:01 - 2015-07-18 01:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2015-07-18 00:58 - 2015-07-18 00:58 - 01592432 _____ (Kaspersky Lab) C:\Users\Ricky\Downloads\kts15.0.2.361abcen_8109.exe

2015-07-16 13:28 - 2015-07-16 13:28 - 00000073 _____ C:\Users\Ricky\Downloads\us16.tribalwars.us_16th_Jul_2015.csv

2015-07-14 22:13 - 2015-07-14 22:13 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-07-14 18:44 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll

2015-07-14 18:44 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll

2015-07-14 18:43 - 2015-07-09 12:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2015-07-14 18:43 - 2015-07-09 12:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-07-14 18:43 - 2015-07-09 12:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-07-14 18:43 - 2015-07-09 12:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-07-14 18:43 - 2015-07-09 12:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-07-14 18:43 - 2015-07-09 12:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-07-14 18:43 - 2015-07-09 12:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-07-14 18:43 - 2015-07-09 12:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-07-14 18:43 - 2015-07-09 12:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
 
2nd part of FRST


2015-07-14 18:43 - 2015-07-09 12:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-07-14 18:43 - 2015-07-09 12:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-07-14 18:43 - 2015-07-04 13:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2015-07-14 18:43 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

2015-07-14 18:43 - 2015-07-03 13:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-07-14 18:43 - 2015-07-03 13:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-07-14 18:43 - 2015-07-03 13:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-07-14 18:43 - 2015-07-03 13:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-07-14 18:43 - 2015-07-03 12:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-07-14 18:43 - 2015-07-03 12:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-07-14 18:43 - 2015-07-03 12:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-07-14 18:43 - 2015-07-03 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-07-14 18:43 - 2015-07-03 11:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-07-14 18:43 - 2015-07-03 11:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-07-14 18:43 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-07-14 18:43 - 2015-07-02 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-07-14 18:43 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-07-14 18:43 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-07-14 18:43 - 2015-07-02 15:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-07-14 18:43 - 2015-07-02 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-07-14 18:43 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-07-14 18:43 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-07-14 18:43 - 2015-07-02 15:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-07-14 18:43 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-07-14 18:43 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-07-14 18:43 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-07-14 18:43 - 2015-07-01 15:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-07-14 18:43 - 2015-07-01 15:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-07-14 18:43 - 2015-07-01 15:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-07-14 18:43 - 2015-07-01 15:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-07-14 18:43 - 2015-07-01 15:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-07-14 18:43 - 2015-07-01 15:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-07-14 18:43 - 2015-07-01 15:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-07-14 18:43 - 2015-07-01 15:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-07-14 18:43 - 2015-07-01 15:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-07-14 18:43 - 2015-07-01 15:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-07-14 18:43 - 2015-07-01 15:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-07-14 18:43 - 2015-07-01 15:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-07-14 18:43 - 2015-07-01 15:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-07-14 18:43 - 2015-07-01 15:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2015-07-14 18:43 - 2015-07-01 15:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-07-14 18:43 - 2015-07-01 15:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-07-14 18:43 - 2015-07-01 15:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-07-14 18:43 - 2015-07-01 15:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-07-14 18:43 - 2015-07-01 15:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-07-14 18:43 - 2015-07-01 15:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-07-14 18:43 - 2015-07-01 15:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-07-14 18:43 - 2015-07-01 15:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-07-14 18:43 - 2015-07-01 15:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-07-14 18:43 - 2015-07-01 15:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-07-14 18:43 - 2015-07-01 15:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-07-14 18:43 - 2015-07-01 15:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-07-14 18:43 - 2015-07-01 15:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2015-07-14 18:43 - 2015-07-01 15:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-07-14 18:43 - 2015-07-01 15:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-07-14 18:43 - 2015-07-01 15:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-07-14 18:43 - 2015-07-01 15:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-07-14 18:43 - 2015-07-01 15:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-07-14 18:43 - 2015-07-01 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-07-14 18:43 - 2015-07-01 15:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-07-14 18:43 - 2015-07-01 15:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-07-14 18:43 - 2015-07-01 14:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-07-14 18:43 - 2015-07-01 14:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-07-14 18:43 - 2015-07-01 14:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-07-14 18:43 - 2015-06-26 21:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-07-14 18:43 - 2015-06-26 21:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-07-14 18:43 - 2015-06-26 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-07-14 18:43 - 2015-06-26 20:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-07-14 18:43 - 2015-06-25 13:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-07-14 18:43 - 2015-06-25 12:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-07-14 18:43 - 2015-06-25 03:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-07-14 18:43 - 2015-06-20 15:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-07-14 18:43 - 2015-06-20 14:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-07-14 18:43 - 2015-06-20 14:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-07-14 18:43 - 2015-06-20 14:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-07-14 18:43 - 2015-06-20 14:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-07-14 18:43 - 2015-06-20 14:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-07-14 18:43 - 2015-06-20 14:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-07-14 18:43 - 2015-06-20 14:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-07-14 18:43 - 2015-06-20 14:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-07-14 18:43 - 2015-06-20 14:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-07-14 18:43 - 2015-06-20 14:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-07-14 18:43 - 2015-06-20 14:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-07-14 18:43 - 2015-06-20 14:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-07-14 18:43 - 2015-06-20 14:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-07-14 18:43 - 2015-06-20 14:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-07-14 18:43 - 2015-06-20 14:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-07-14 18:43 - 2015-06-20 14:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-07-14 18:43 - 2015-06-20 13:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-07-14 18:43 - 2015-06-20 13:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-07-14 18:43 - 2015-06-20 13:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-07-14 18:43 - 2015-06-20 13:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-07-14 18:43 - 2015-06-20 13:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-07-14 18:43 - 2015-06-20 13:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-07-14 18:43 - 2015-06-19 13:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-07-14 18:43 - 2015-06-19 13:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-07-14 18:43 - 2015-06-19 13:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-07-14 18:43 - 2015-06-19 13:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-07-14 18:43 - 2015-06-19 13:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-07-14 18:43 - 2015-06-19 13:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-07-14 18:43 - 2015-06-19 13:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-07-14 18:43 - 2015-06-19 13:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-07-14 18:43 - 2015-06-19 13:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-07-14 18:43 - 2015-06-19 13:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-07-14 18:43 - 2015-06-19 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-07-14 18:43 - 2015-06-19 12:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-07-14 18:43 - 2015-06-19 12:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-07-14 18:43 - 2015-06-19 12:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-07-14 18:43 - 2015-06-19 12:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-07-14 18:43 - 2015-06-19 12:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-07-14 18:43 - 2015-06-19 12:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-07-14 18:43 - 2015-06-19 12:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-07-14 18:43 - 2015-06-19 12:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-07-14 18:43 - 2015-06-17 12:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-07-14 18:43 - 2015-06-17 12:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2015-07-14 18:43 - 2015-06-09 13:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-07-14 18:43 - 2015-06-09 13:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-07-14 18:43 - 2015-04-27 14:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-07-14 18:43 - 2015-04-27 14:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-07-14 18:43 - 2015-04-27 14:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-07-14 18:43 - 2015-04-27 14:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-07-14 18:43 - 2015-04-27 14:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-07-14 18:43 - 2015-04-27 14:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-07-14 18:43 - 2015-04-27 14:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-07-14 18:43 - 2015-04-27 14:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2015-07-14 05:32 - 2015-07-14 05:32 - 00597304 _____ C:\Users\Ricky\Downloads\flux-setup (1).exe

2015-07-14 05:32 - 2015-07-14 05:32 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux

2015-07-14 02:57 - 2015-07-14 02:57 - 00074366 _____ C:\Users\Ricky\Downloads\us16.tribalwars.us_14th_Jul_2015 (1).txt

2015-07-14 02:56 - 2015-07-14 02:56 - 00000398 _____ C:\Users\Ricky\Downloads\us16.tribalwars.us_14th_Jul_2015.txt

2015-07-14 02:55 - 2015-07-14 02:55 - 00003484 _____ C:\Users\Ricky\Downloads\us16.tribalwars.us_14th_Jul_2015 (1).csv

2015-07-14 02:54 - 2015-07-14 02:54 - 00000167 _____ C:\Users\Ricky\Downloads\us16.tribalwars.us_14th_Jul_2015.csv

2015-07-13 15:21 - 2015-07-13 15:21 - 26590818 _____ (Dustin Blackman ) C:\Users\Ricky\Downloads\Championify.Windows_Setup.0-3-2.exe

2015-07-13 15:21 - 2015-07-13 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Championify

2015-07-13 15:21 - 2015-07-13 15:21 - 00000000 ____D C:\Program Files (x86)\Championify

2015-07-09 23:20 - 2015-07-14 05:32 - 00000000 ____D C:\Users\Ricky\AppData\Local\FluxSoftware

2015-07-09 23:20 - 2015-07-09 23:20 - 00597304 _____ C:\Users\Ricky\Downloads\flux-setup.exe

2015-07-09 14:47 - 2015-07-09 14:47 - 00000000 ____D C:\ProgramData\ATI

2015-07-09 14:42 - 2015-07-18 01:18 - 00320924 _____ C:\Windows\PFRO.log

2015-07-09 04:25 - 2015-07-09 04:25 - 00053615 _____ C:\Windows\SysWOW64\CCCInstall_201507090425339236.log

2015-07-09 04:25 - 2015-07-09 04:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2015-07-09 04:22 - 2015-07-18 01:19 - 00001111 _____ C:\Windows\setupact.log

2015-07-09 04:22 - 2015-07-09 04:22 - 00000000 _____ C:\Windows\setuperr.log

2015-07-09 04:11 - 2015-07-09 04:11 - 00000836 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk

2015-07-09 04:11 - 2015-07-09 04:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID

2015-07-09 04:11 - 2015-07-09 04:11 - 00000000 ____D C:\Program Files\CPUID

2015-07-09 04:10 - 2015-07-09 04:10 - 01580912 _____ ( ) C:\Users\Ricky\Downloads\cpu-z_1.72.1-en.exe

2015-07-09 03:20 - 2015-07-09 03:20 - 02359849 _____ C:\Users\Ricky\Downloads\IMG_1541.MOV

2015-07-09 03:08 - 2015-07-09 03:08 - 06565736 _____ (Piriform Ltd) C:\Users\Ricky\Downloads\ccsetup507.exe

2015-07-08 20:56 - 2015-07-08 20:56 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-07-06 23:29 - 2015-07-06 23:30 - 34759416 _____ (Opera Software ASA) C:\Users\Ricky\Downloads\Opera_20.0.1387.64_Setup.exe

2015-07-06 23:27 - 2015-07-06 23:27 - 00687056 _____ (Opera Software) C:\Users\Ricky\Downloads\Opera_NI_stable.exe

2015-07-06 23:20 - 2015-07-06 23:20 - 00003822 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1436242852

2015-07-06 23:20 - 2015-07-06 23:20 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 30.lnk

2015-06-27 22:14 - 2015-06-27 22:14 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys

2015-06-27 22:14 - 2015-06-27 22:14 - 00247016 _____ (Kaspersky Lab UK Ltd) C:\Windows\system32\Drivers\cm_km_w.sys

2015-06-27 22:14 - 2015-06-27 22:14 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys

2015-06-27 22:14 - 2015-06-27 22:14 - 00085360 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys

2015-06-27 22:14 - 2015-06-27 22:14 - 00065208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys

2015-06-27 22:14 - 2015-06-27 22:14 - 00064368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys

2015-06-27 22:14 - 2015-06-27 22:14 - 00040304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys

2015-06-27 22:14 - 2015-06-27 22:14 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys

2015-06-27 22:14 - 2015-06-27 22:14 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys

2015-06-27 22:14 - 2015-06-27 22:14 - 00024944 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klpd.sys

2015-06-24 16:50 - 2015-07-18 17:01 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1678945104-314155054-3090002174-1000UA.job

2015-06-24 16:50 - 2015-07-17 23:01 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1678945104-314155054-3090002174-1000Core.job

2015-06-24 16:50 - 2015-07-17 22:56 - 00003888 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1678945104-314155054-3090002174-1000UA

2015-06-24 16:50 - 2015-07-17 22:56 - 00003492 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1678945104-314155054-3090002174-1000Core

2015-06-24 16:50 - 2015-06-24 16:50 - 00000000 ____D C:\Users\Ricky\AppData\Local\Dropbox

2015-06-24 16:50 - 2015-06-24 16:50 - 00000000 ____D C:\ProgramData\Dropbox

2015-06-22 21:09 - 2015-06-22 21:09 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll

2015-06-22 21:09 - 2015-06-22 21:09 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll

2015-06-22 21:09 - 2015-06-22 21:09 - 00107784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll

2015-06-22 21:09 - 2015-06-22 21:09 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll

2015-06-22 21:09 - 2015-06-22 21:09 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll

2015-06-22 21:09 - 2015-06-22 21:09 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll

2015-06-22 21:09 - 2015-06-22 21:09 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll

2015-06-22 21:08 - 2015-06-22 21:08 - 11941000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll

2015-06-22 21:08 - 2015-06-22 21:08 - 08890576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll

2015-06-22 21:08 - 2015-06-22 21:08 - 08786040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll

2015-06-22 21:08 - 2015-06-22 21:08 - 01440592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll

2015-06-22 21:08 - 2015-06-22 21:08 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll

2015-06-22 21:08 - 2015-06-22 21:08 - 00120144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll

2015-06-22 21:05 - 2015-06-22 21:05 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys

2015-06-22 21:03 - 2015-06-22 21:03 - 21612032 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys

2015-06-22 20:59 - 2015-06-22 20:59 - 47782912 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll

2015-06-22 20:59 - 2015-06-22 20:59 - 00235008 _____ C:\Windows\system32\clinfo.exe

2015-06-22 20:57 - 2015-06-22 20:57 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2015-06-22 20:57 - 2015-06-22 20:57 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2015-06-22 20:55 - 2015-06-22 20:55 - 27535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll

2015-06-22 20:55 - 2015-06-22 20:55 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll

2015-06-22 20:33 - 2015-06-22 20:33 - 06476288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll

2015-06-22 20:33 - 2015-06-22 20:33 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll

2015-06-22 20:33 - 2015-06-22 20:33 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll

2015-06-22 20:28 - 2015-06-22 20:28 - 05067264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll

2015-06-22 20:27 - 2015-06-22 20:27 - 30749184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll

2015-06-22 20:25 - 2015-06-22 20:25 - 00093184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll

2015-06-22 20:25 - 2015-06-22 20:25 - 00086528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll

2015-06-22 20:22 - 2015-06-22 20:22 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll

2015-06-22 20:22 - 2015-06-22 20:22 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll

2015-06-22 20:21 - 2015-06-22 20:21 - 25296896 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll

2015-06-22 20:21 - 2015-06-22 20:21 - 00865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll

2015-06-22 20:20 - 2015-06-22 20:20 - 03437632 _____ C:\Windows\system32\atiumd6a.cap

2015-06-22 20:19 - 2015-06-22 20:19 - 00660224 _____ C:\Windows\SysWOW64\atiapfxx.blb

2015-06-22 20:19 - 2015-06-22 20:19 - 00660224 _____ C:\Windows\system32\atiapfxx.blb

2015-06-22 20:19 - 2015-06-22 20:19 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe

2015-06-22 20:19 - 2015-06-22 20:19 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll

2015-06-22 20:19 - 2015-06-22 20:19 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll

2015-06-22 20:19 - 2015-06-22 20:19 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll

2015-06-22 20:19 - 2015-06-22 20:19 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll

2015-06-22 20:18 - 2015-06-22 20:18 - 15716864 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll

2015-06-22 20:18 - 2015-06-22 20:18 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll

2015-06-22 20:16 - 2015-06-22 20:16 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap

2015-06-22 20:14 - 2015-06-22 20:14 - 00670720 _____ (AMD) C:\Windows\system32\atieclxx.exe

2015-06-22 20:14 - 2015-06-22 20:14 - 00245760 _____ (AMD) C:\Windows\system32\atiesrxx.exe

2015-06-22 20:14 - 2015-06-22 20:14 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll

2015-06-22 20:14 - 2015-06-22 20:14 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll

2015-06-22 20:14 - 2015-06-22 20:14 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll

2015-06-22 20:14 - 2015-06-22 20:14 - 00160256 _____ C:\Windows\system32\atieah64.exe

2015-06-22 20:14 - 2015-06-22 20:14 - 00143872 _____ C:\Windows\SysWOW64\atieah32.exe

2015-06-22 20:14 - 2015-06-22 20:14 - 00029696 _____ (AMD) C:\Windows\system32\atimuixx.dll

2015-06-22 20:12 - 2015-06-22 20:12 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll

2015-06-22 20:12 - 2015-06-22 20:12 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll

2015-06-22 20:11 - 2015-06-22 20:11 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll

2015-06-22 20:10 - 2015-06-22 20:10 - 00663552 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys

2015-06-22 20:10 - 2015-06-22 20:10 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll

2015-06-22 20:10 - 2015-06-22 20:10 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll

2015-06-22 20:10 - 2015-06-22 20:10 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll

2015-06-22 20:10 - 2015-06-22 20:10 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll

2015-06-22 20:09 - 2015-06-22 20:09 - 00102912 _____ C:\Windows\system32\hsa-thunk64.dll

2015-06-22 20:09 - 2015-06-22 20:09 - 00102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll

2015-06-22 20:07 - 2015-06-22 20:07 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll

2015-06-22 02:14 - 2015-06-22 02:14 - 00830518 _____ C:\Windows\system32\amdicdxx.dat

2015-06-21 00:39 - 2015-06-21 00:39 - 00000000 ____D C:\ProgramData\Age of Empires 3


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-07-18 16:55 - 2012-12-25 08:07 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\Skype

2015-07-18 16:22 - 2015-03-16 22:30 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\Spotify

2015-07-18 16:22 - 2012-12-25 08:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-18 16:13 - 2013-04-12 16:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-07-18 15:43 - 2012-11-26 17:07 - 01371868 _____ C:\Windows\WindowsUpdate.log

2015-07-18 13:20 - 2014-12-26 04:12 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\Raptr

2015-07-18 11:00 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-18 11:00 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-18 09:34 - 2013-12-22 18:40 - 00000000 ____D C:\Users\Ricky\AppData\Local\LogMeIn Hamachi

2015-07-18 04:35 - 2013-04-30 19:01 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\TS3Client

2015-07-18 03:32 - 2013-02-04 18:20 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\SoftGrid Client

2015-07-18 02:17 - 2015-03-16 22:31 - 00000000 ____D C:\Users\Ricky\AppData\Local\Spotify

2015-07-18 01:54 - 2012-12-25 11:27 - 00000000 ____D C:\Program Files (x86)\Steam

2015-07-18 01:25 - 2009-07-14 00:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI

2015-07-18 01:24 - 2012-12-26 00:32 - 00000000 ____D C:\Users\hedev

2015-07-18 01:22 - 2013-12-25 17:13 - 00000000 ___RD C:\Users\Ricky\Dropbox

2015-07-18 01:21 - 2013-12-25 17:12 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\Dropbox

2015-07-18 01:19 - 2012-12-25 08:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-18 01:19 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-18 01:18 - 2012-12-26 00:46 - 00000000 ____D C:\ProgramData\AVAST Software

2015-07-18 01:11 - 2013-09-15 20:44 - 00000000 ____D C:\Users\Ricky\AppData\Local\CrashDumps

2015-07-18 00:51 - 2013-01-27 20:21 - 00000000 ____D C:\Users\Ricky\Desktop\Reaction

2015-07-18 00:20 - 2013-10-05 16:05 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2015-07-18 00:15 - 2015-02-05 00:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-07-17 03:00 - 2015-05-12 03:49 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-07-17 03:00 - 2015-05-12 03:49 - 00000000 ___SD C:\Windows\system32\GWX

2015-07-16 00:17 - 2012-12-25 08:07 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-07-16 00:17 - 2012-12-25 08:07 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-07-15 21:44 - 2015-03-22 02:08 - 00000964 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk

2015-07-15 21:44 - 2015-03-22 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE

2015-07-15 16:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2015-07-15 08:18 - 2013-05-31 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-07-15 07:40 - 2014-12-26 04:12 - 00000000 ____D C:\Program Files (x86)\Raptr

2015-07-15 07:29 - 2009-07-13 23:45 - 04833992 _____ C:\Windows\system32\FNTCACHE.DAT

2015-07-15 07:27 - 2015-05-12 03:49 - 00000000 ____D C:\Windows\system32\appraiser

2015-07-15 07:27 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-07-15 07:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-07-15 03:08 - 2013-07-31 03:00 - 00000000 ____D C:\Windows\system32\MRT

2015-07-14 22:13 - 2013-04-12 16:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-07-14 22:13 - 2013-04-12 16:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-07-14 22:13 - 2013-04-12 15:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-07-14 11:44 - 2013-05-25 13:18 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

2015-07-13 19:30 - 2013-05-07 21:52 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2015-07-13 01:42 - 2015-02-05 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-07-13 01:42 - 2015-02-05 00:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-07-09 04:24 - 2014-12-26 04:09 - 00000000 ____D C:\Program Files\AMD

2015-07-09 04:21 - 2012-11-26 17:19 - 00000000 ____D C:\AMD

2015-07-09 03:24 - 2012-12-26 07:32 - 00000000 ____D C:\Windows\Minidump

2015-07-08 03:52 - 2014-11-03 22:01 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\OBS

2015-07-07 23:01 - 2012-12-25 08:07 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-07-07 23:01 - 2012-12-25 08:07 - 00000000 ____D C:\ProgramData\Skype

2015-07-07 22:59 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2015-07-07 22:58 - 2013-03-31 16:05 - 00000000 ____D C:\Users\Ricky\AppData\Local\Conduit

2015-07-07 22:58 - 2013-03-31 16:05 - 00000000 ____D C:\Program Files (x86)\Conduit

2015-07-07 22:56 - 2012-12-25 08:07 - 00000000 ____D C:\Users\Ricky\AppData\Local\Google

2015-07-07 18:25 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files (x86)\Opera

2015-07-07 18:25 - 2012-12-25 01:28 - 00001420 _____ C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-07-03 08:43 - 2013-01-24 19:28 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-07-01 18:52 - 2012-12-27 19:41 - 00000000 ____D C:\Users\Ricky\Documents\My Games

2015-06-29 02:30 - 2015-05-13 19:24 - 00001176 _____ C:\Users\Ricky\Desktop\ROBLOX Studio.lnk

2015-06-29 02:30 - 2015-05-13 19:24 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2015-06-23 13:30 - 2010-11-20 22:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-06-23 01:14 - 2014-11-03 22:01 - 00000000 ____D C:\Program Files\OBS

2015-06-22 21:09 - 2013-08-30 17:37 - 00100568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll

2015-06-22 21:08 - 2013-08-30 19:14 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll

2015-06-22 21:08 - 2013-08-30 19:13 - 10087472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll

2015-06-22 21:08 - 2012-07-27 23:09 - 07407400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll

2015-06-22 21:08 - 2012-07-27 21:15 - 01191320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll

2015-06-22 21:08 - 2012-07-27 20:32 - 07927568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll

2015-06-22 21:08 - 2012-07-27 20:13 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll

2015-06-22 20:58 - 2014-11-20 21:32 - 39712256 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll

2015-06-22 20:14 - 2012-12-19 14:57 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll

2015-06-22 20:11 - 2014-11-20 21:09 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll

2015-06-22 20:11 - 2012-12-19 14:33 - 01246208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll

2015-06-22 20:10 - 2014-11-20 21:08 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll

2015-06-20 02:55 - 2015-06-17 18:22 - 00000000 ____D C:\Users\Ricky\AppData\Roaming\Championify

2015-06-18 08:41 - 2015-02-05 00:26 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-06-18 08:41 - 2015-02-05 00:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-06-18 08:41 - 2015-02-05 00:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys


==================== Files in the root of some directories =======


2013-05-07 00:01 - 2013-11-28 05:17 - 0000132 _____ () C:\Users\Ricky\AppData\Roaming\Adobe PNG Format CS5 Prefs

2013-09-01 00:38 - 2014-07-18 20:18 - 0047104 _____ () C:\Users\Ricky\AppData\Roaming\RZR_00607c0b4543887d10eb9264679a.db

2013-01-02 00:26 - 2013-01-02 00:26 - 0581642 _____ () C:\Users\Ricky\AppData\Roaming\technic-launcher.jar

2013-10-09 02:17 - 2013-10-11 23:02 - 0000498 _____ () C:\Users\Ricky\AppData\Roaming\XP500UserMetrics.osl

2013-04-18 01:09 - 2013-08-14 01:11 - 0001456 _____ () C:\Users\Ricky\AppData\Local\Adobe Save for Web 12.0 Prefs

2014-10-06 14:24 - 2015-06-14 04:00 - 0007602 _____ () C:\Users\Ricky\AppData\Local\Resmon.ResmonCfg


Some files in TEMP:

====================

C:\Users\Ricky\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnthkjs.dll

C:\Users\Ricky\AppData\Local\Temp\tmpDC7.exe



==================== Bamital & volsnap Check =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



LastRegBack: 2015-07-13 07:19


==================== End of log ============================
 
First part of Additional text.


Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01

Ran by Ricky at 2015-07-18 17:05:53

Running from C:\Users\Ricky\Downloads

Boot Mode: Normal

==========================================================



==================== Accounts: =============================


Administrator (S-1-5-21-1678945104-314155054-3090002174-500 - Administrator - Disabled)

Guest (S-1-5-21-1678945104-314155054-3090002174-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1678945104-314155054-3090002174-1002 - Limited - Enabled)

Ricky (S-1-5-21-1678945104-314155054-3090002174-1000 - Administrator - Enabled) => C:\Users\Ricky


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}


==================== Installed Programs ======================


(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)

Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)

Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios)

Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)

AMD Catalyst Install Manager (HKLM\...\{14D58A97-B60E-A858-34D8-95469C02F7EC}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)

Arma 2 (HKLM-x32\...\Steam App 33900) (Version: - Bohemia Interactive)

Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - )

ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)

ARMA 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version: - )

Army Men RTS (HKLM-x32\...\Army Men RTS) (Version: - )

AutoHotkey 1.1.22.02 (HKLM\...\AutoHotkey) (Version: 1.1.22.02 - Lexikos)

Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.1.419 - Bandisoft.com)

Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)

Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)

BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )

BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )

Bing Bar (HKLM-x32\...\{F0839DB3-FBB8-4D14-936F-1D457A088224}) (Version: 7.0.601.0 - Microsoft Corporation)

BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)

BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)

BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)

Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version: - )

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)

Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version: - 2K Australia)

CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)

CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )

Championify version 0.3.2 (HKLM-x32\...\{1AE5DA33-DB00-453C-9190-FB14C0BBDBE7}_is1) (Version: 0.3.2 - Dustin Blackman)

Command & Conquer 3 Tiberium Wars™ (HKLM-x32\...\{CAC9DCAF-0EA8-442C-97EA-CA6F5755390A}) (Version: 1.0.0.0 - Electronic Arts)

Command & Conquer™ 3 Kane's Wrath (HKLM-x32\...\{8D37C28B-D1A5-41C0-9E5E-80D01355FEBC}) (Version: 1.0.0.0 - Electronic Arts)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)

CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )

Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)

Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)

Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)

Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)

Dropbox (HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)

Dying Light (HKLM-x32\...\Steam App 239140) (Version: - Techland)

Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)

Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.8 - Echobit, LLC)

f.lux (HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\Flux) (Version: - )

Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)

Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)

Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)

Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version: - Scott Cawthon)

foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)

Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Garry)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)

Google Drive (HKLM-x32\...\{192A227B-A8C8-4C6D-B939-21FAEB007E1E}) (Version: 1.12.5329.1887 - Google, Inc.)

Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden

Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)

H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Sony Online Entertainment)

Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)

Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)

Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)

Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)

Horizon v2.8.5.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.8.5.0 - Daring Development Inc.)

Howling version 3 (HKLM-x32\...\{4CB3C185-14BC-4AF4-BBE8-B3651D79AFC9}_is1) (Version: 3 - Vector Wolf Studios)

Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)

Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)

iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)

Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)

Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.25 - Oracle Corporation)

join.me (HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\JoinMe) (Version: 1.17.0.112 - LogMeIn, Inc.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Kaspersky Total Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)

Kaspersky Total Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden

Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - )

League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)

Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - )

LINE (HKLM-x32\...\LINE) (Version: 4.1.1.423 - LINE Corporation)

Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster)

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden

LOOT (HKLM-x32\...\LOOT) (Version: 0.6.1 - LOOT Development Team)

Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version: - Spark Unlimited)

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )

Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)

Origin (HKLM-x32\...\Origin) (Version: 9.3.7.2735 - Electronic Arts, Inc.)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)

PAYDAY 2 Beta (HKLM-x32\...\Steam App 246210) (Version: - )

PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)

PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)

Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)

Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version: - )

POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

R.U.S.E (HKLM-x32\...\Steam App 21970) (Version: - Eugen Systems)

Raptr (HKLM-x32\...\Raptr) (Version: - )

Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.65 - Razer Inc)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)

ROBLOX Player for Ricky (HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)

Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)

Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)

Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)

SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )

Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)

Skype Quote Creator (HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\ad08ab58bc77059a) (Version: 1.0.6.0 - MKing)

Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)

Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2215.10 - Hi-Rez Studios)

Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version: - Yager)

Spotify (HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)

Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)

Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)

Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)

Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - LucasArts)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.11.26825 - Blizzard Entertainment)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Styx: Master of Shadows (HKLM-x32\...\Steam App 242640) (Version: - Cyanide Studio)

Sunless Sea (HKLM-x32\...\Steam App 304650) (Version: - Failbetter Games)

Survivalist (HKLM-x32\...\Steam App 340050) (Version: - Bob the Game Development Bot)

Synergy (HKLM-x32\...\Steam App 17520) (Version: - Synergy Team)

System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.17396 - TeamViewer)

Terraria (HKLM-x32\...\Steam App 105600) (Version: - )

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)

The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)

The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )

This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios)

Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version: - )

TSLRCM 1.8.1 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version: - )

Unity Web Player (HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)

Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version: - )

Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)

Virtual Audio Cable 4.12 (HKLM\...\Virtual Audio Cable 4.12) (Version: - )

VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg)

Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)

Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version: - Eugen Systems)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version: - Machine Games)

Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)

XP500 Advanced Sound Editor (HKLM-x32\...\{5BF6D4DE-C915-44C4-9176-AF6D3B27052F}) (Version: 1.0.0.1 - Turtle Beach)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-1678945104-314155054-3090002174-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ricky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1678945104-314155054-3090002174-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Roblox\Versions\version-d2fd1d56447746e9\RobloxProxy64.dll (ROBLOX Corporation)

CustomCLSID: HKU\S-1-5-21-1678945104-314155054-3090002174-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1678945104-314155054-3090002174-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1678945104-314155054-3090002174-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1678945104-314155054-3090002174-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1678945104-314155054-3090002174-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1678945104-314155054-3090002174-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1678945104-314155054-3090002174-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1678945104-314155054-3090002174-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1678945104-314155054-3090002174-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)


==================== Restore Points =========================


16-07-2015 03:00:11 Windows Update

17-07-2015 03:00:10 Windows Update

18-07-2015 01:08:29 avast! antivirus system restore point

18-07-2015 01:14:11 avast! antivirus system restore point

18-07-2015 03:00:11 Windows Update


==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {0A565255-1811-4DE6-BC33-85A99426F412} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)

Task: {1B136395-78F4-4486-B918-4F795D2D7727} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)

Task: {532A51A9-98CB-42D3-856E-05072D6BF41B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1678945104-314155054-3090002174-1000Core => C:\Users\Ricky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)

Task: {57EA1FAE-F97B-4DD4-AA22-5C5F77ECDA89} - \BackgroundContainer Startup Task No Task File <==== ATTENTION

Task: {710F5F87-F7DE-471F-ACB2-F324C0C27ED8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {7F797AE3-D3B9-43A9-89A1-D38E980F3E42} - \ProPCCleaner_Popup No Task File <==== ATTENTION

Task: {9789ADC4-2272-4979-9933-F947D4BB5BA1} - System32\Tasks\{B1C23C9A-42D4-4CEE-BF0F-7600185FFA86} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register

Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe

Task: {ADBF70F2-9C8B-43A5-AE8D-1D96122A6EA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25] (Google Inc.)

Task: {AF538505-BEA2-4887-A633-0567B1795455} - \ProPCCleaner_Start No Task File <==== ATTENTION

Task: {BA4AAF1B-6E56-4520-B7B6-6CD4BFB19932} - System32\Tasks\{E7E07ACC-603C-4174-835F-37DAA5BD3586} => pcalua.exe -a "C:\Users\Ricky\Mic Spam\setup.exe" -d "C:\Users\Ricky\Mic Spam"

Task: {CA9A78A7-E008-4E27-B9FC-E348D8E2CA9D} - System32\Tasks\Opera scheduled Autoupdate 1436242852 => C:\Program Files (x86)\Opera\launcher.exe

Task: {DD57BE4B-076B-43B1-B59E-0528FFDF30C3} - System32\Tasks\{C6F21F7D-49DC-41C3-9C87-952D5CF00624} => pcalua.exe -a "C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWO388ZB\JavaSetup8u45.exe" -d C:\Users\Ricky\Desktop

Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe

Task: {EFCA893E-8786-44BF-A6E9-A86905A483E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25] (Google Inc.)

Task: {EFCC0BFA-1374-4664-98A3-F43A86DB79A5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1678945104-314155054-3090002174-1000UA => C:\Users\Ricky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1678945104-314155054-3090002174-1000Core.job => C:\Users\Ricky\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1678945104-314155054-3090002174-1000UA.job => C:\Users\Ricky\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


==================== Loaded Modules (Whitelisted) ==============


2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-01-02 18:34 - 2013-10-05 16:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-01-21 16:54 - 2015-05-03 12:56 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

2015-07-09 15:31 - 2015-07-09 15:31 - 02337784 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.249\deploy\LoLLauncher.exe

2015-07-09 15:31 - 2015-07-09 15:31 - 03727352 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.33\deploy\LoLPatcher.exe

2013-07-10 18:12 - 2013-07-10 18:12 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.151\deploy\LolClient.exe

2010-02-28 03:33 - 2010-02-28 03:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

2015-07-18 01:20 - 2015-07-18 01:20 - 00043008 _____ () c:\users\ricky\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnthkjs.dll

2015-03-04 16:45 - 2015-03-19 02:15 - 00750080 _____ () C:\Users\Ricky\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-04 16:45 - 2015-03-19 02:15 - 00047616 _____ () C:\Users\Ricky\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-03-04 16:45 - 2015-03-19 02:15 - 00865280 _____ () C:\Users\Ricky\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-03-04 16:45 - 2015-03-19 02:15 - 00200704 _____ () C:\Users\Ricky\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2015-03-04 16:45 - 2015-03-19 02:15 - 00010240 _____ () C:\Users\Ricky\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll

2015-03-04 16:45 - 2015-03-19 02:15 - 00726016 _____ () C:\Users\Ricky\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-03-04 16:45 - 2015-03-19 02:15 - 00010240 _____ () C:\Users\Ricky\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

2015-07-14 11:18 - 2015-07-13 16:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll

2015-07-14 11:18 - 2015-07-13 16:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll

2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd

2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd

2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd

2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd

2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd

2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd

2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd

2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd

2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll

2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd

2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd

2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd

2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd

2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd

2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll

2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd

2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd

2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd

2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd

2014-08-13 19:37 - 2014-08-13 19:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll

2014-08-13 19:37 - 2014-08-13 19:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll

2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll

2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd

2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll

2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd

2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd

2015-07-14 11:18 - 2015-07-13 16:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll

2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd

2014-06-17 19:56 - 2014-06-17 19:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd

2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll

2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll

2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll

2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll

2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll

2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll

2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll

2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll

2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll

2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll

2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll

2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll

2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll

2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll

2015-05-12 04:01 - 2015-05-12 04:01 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll

2012-11-26 17:27 - 2011-11-29 23:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

2012-11-26 17:26 - 2012-02-07 20:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

2015-07-15 13:02 - 2015-07-15 13:02 - 03129368 _____ () C:\Program Files (x86)\LINE\ampkit_windows.dll

2015-06-16 06:19 - 2015-06-16 06:19 - 00123416 _____ () C:\Program Files (x86)\LINE\PlayerHelper.dll

2013-03-12 17:10 - 2015-04-16 12:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-01-19 23:48 - 2015-04-22 21:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll

2015-01-19 23:48 - 2015-04-22 21:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-01-19 23:48 - 2015-04-22 21:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2014-05-24 20:47 - 2015-06-04 13:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll

2014-09-13 19:54 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-09-13 19:54 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-09-13 19:54 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-09-13 19:54 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2014-09-13 19:54 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2012-12-25 11:34 - 2015-06-04 13:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2012-12-25 11:34 - 2015-05-11 14:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2015-05-13 23:25 - 2015-05-11 14:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll

2015-03-16 22:31 - 2015-07-18 02:17 - 41287224 _____ () C:\Users\Ricky\AppData\Roaming\Spotify\libcef.dll

2015-03-16 22:31 - 2015-07-18 02:17 - 01488440 _____ () C:\Users\Ricky\AppData\Roaming\Spotify\libglesv2.dll

2015-03-16 22:31 - 2015-07-18 02:17 - 00079928 _____ () C:\Users\Ricky\AppData\Roaming\Spotify\libegl.dll

2015-03-16 22:31 - 2015-03-18 19:25 - 09305656 _____ () C:\Users\Ricky\AppData\Roaming\Spotify\pdf.dll

2015-07-09 15:31 - 2015-07-09 15:31 - 01715704 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.33\deploy\RiotLauncher.dll

2013-07-10 18:12 - 2013-07-10 18:12 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.151\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)



==================== Safe Mode (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"


==================== EXE Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)



==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE trusted site: HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-21-1678945104-314155054-3090002174-1000\...\sony.com -> sony.com



==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1678945104-314155054-3090002174-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 8.8.8.4 - 8.8.8.8


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

MSCONFIG\startupreg: EvolveClient => "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun

MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

MSCONFIG\startupreg: uTorrent => "C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{A2CE2911-1476-4E85-B49F-C2F2919DAE8D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{59CE9ED5-E4DF-4C01-9F55-B243297E604D}] => (Allow) LPort=2869

FirewallRules: [{5BCBE92F-39F1-4B81-891A-D19AC5A9B50B}] => (Allow) LPort=1900

FirewallRules: [{474F3568-53A2-4C04-B23F-8877DBC3799C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{39FCEAD8-37B4-43F5-8548-54C8BBAC4BB5}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{99B0481E-6B2B-47EB-9DE9-0E1E3239C100}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{59E5CD47-C573-4D03-8FCD-0C5878C3AEE5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{B3896CDC-0F8B-4237-9873-585412A7D69D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{B683336B-3C1E-438B-B099-75C51FB1E682}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe

FirewallRules: [{C020AB2A-DBA2-434F-898B-C0D83A9E9F69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
 
2nd part


FirewallRules: [{6025FC94-BE38-4D11-A198-85FF41633AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe

FirewallRules: [{CE5129DF-29D5-40B7-A5A8-AE376F301E33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe

FirewallRules: [{7DD4E2F1-CC6D-4E60-9474-EA8212CCBD31}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

FirewallRules: [{58A8DE32-FA0F-4147-B58F-E3F508D3E809}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

FirewallRules: [{61A94FD4-03D9-4F38-9680-08FBEB9B7F4B}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

FirewallRules: [{82BCE77B-FA26-4CFE-B42F-447AD6A14F0F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

FirewallRules: [TCP Query User{F9A5234B-C0FF-46E7-A543-B478F9F92CAF}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe] => (Block) C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe

FirewallRules: [UDP Query User{DE570485-ABE9-4896-8C70-91E229226F59}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe] => (Block) C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe

FirewallRules: [TCP Query User{4C8496C1-1975-4FCC-9775-586E9109546C}C:\program files (x86)\steam\steamapps\xray1112\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\xray1112\team fortress 2\hl2.exe

FirewallRules: [UDP Query User{1DDB57C0-827C-48A5-99DF-603D44056773}C:\program files (x86)\steam\steamapps\xray1112\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\xray1112\team fortress 2\hl2.exe

FirewallRules: [TCP Query User{55F2716E-1ABA-4528-A977-611C393E41CA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [UDP Query User{C641C588-A055-4F90-A9BF-FD77C2FF8725}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [{057405B5-1D9D-4FBA-9E37-25D1822BA8A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe

FirewallRules: [{F7A32F5C-7E81-43BD-9179-BBEB8E498D04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe

FirewallRules: [TCP Query User{235F8BF5-B8C4-4CF1-98B4-06551787DA01}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe

FirewallRules: [UDP Query User{5AFC160B-1E6F-4CF9-A215-2595826F5E0F}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe

FirewallRules: [{6F800F94-9436-4746-9616-90AF4BE6774D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe

FirewallRules: [{D7BF0B2B-0C4B-48C7-A5BE-B5F2D85DC97C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe

FirewallRules: [{B27893ED-95DD-4C92-827E-0BA7FE9035F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{24773853-E348-4CEF-8097-DE6E80195D07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{BB2F5A1B-60D0-4429-9616-D0A47944530D}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe

FirewallRules: [{EF49A49A-5A9D-42DD-BA40-37A3C64C90EE}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe

FirewallRules: [{5CE8CA5E-B212-4E24-957A-407D130AF381}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe

FirewallRules: [{FCBD15EF-689A-4BC7-880B-FB30824B2C25}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe

FirewallRules: [{6FB05110-BD21-4C80-8E72-69B079AE3973}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

FirewallRules: [{939F16BB-F992-4987-8C3B-3AEB45EF483A}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

FirewallRules: [{A33DEDEB-EF5F-42E8-BECE-CE116711DD78}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

FirewallRules: [{F43BD5FF-A72D-4A74-A8CB-0D2FAF8C7BF6}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

FirewallRules: [{F8FA4631-3657-47E5-9564-44BA10A9E00A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe

FirewallRules: [{3BB5D99E-16A6-4A0C-8204-4D6C687EEF67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe

FirewallRules: [TCP Query User{FEFC6CB5-3674-4F1A-AB17-D11E5E1A8060}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe

FirewallRules: [UDP Query User{790297ED-678E-4708-B07A-09FA464DB283}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe

FirewallRules: [{1A598AF5-C454-4572-94A0-EA998637F2CE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

FirewallRules: [{70FB8BEB-34EB-4E69-AE64-342A86D5D6E4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

FirewallRules: [{C9702456-4A7E-46B7-B1FF-AD877961F26E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

FirewallRules: [{353D8833-2761-47FC-9F74-A24BB082CD07}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

FirewallRules: [{A8E65259-AB81-416E-9B77-885E049C9EC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribes\Binaries\Win32\HirezBridge.exe

FirewallRules: [{581802A5-660A-468E-8079-A818F5EBAD5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribes\Binaries\Win32\HirezBridge.exe

FirewallRules: [TCP Query User{B912AE4C-E7A4-45A0-80BF-5497CC4EA2F4}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe

FirewallRules: [UDP Query User{52E1A768-694A-4872-8EC5-E8D0A34D6BC4}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe

FirewallRules: [{E753820B-07EB-41A8-8175-369492B7648D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Universe Sandbox\Universe Sandbox.exe

FirewallRules: [{2E81221C-40C7-49E9-9263-9DFCDCD6D6BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Universe Sandbox\Universe Sandbox.exe

FirewallRules: [{810D2B7B-3E9F-4E43-9943-27D6408042D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe

FirewallRules: [{34717169-5172-427F-9191-CF5E2E1C1FEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe

FirewallRules: [{BBCDC48E-8EE5-41A5-8CA1-76FA34D2495C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe

FirewallRules: [{67EA2224-E5CC-42E2-9AE0-520D9083843A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe

FirewallRules: [TCP Query User{DE764D80-200F-410E-A4EC-A751E8CB04DF}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [UDP Query User{01478290-9AC0-49EB-B344-A71B5BF7BD40}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [TCP Query User{D283C51A-3A89-4065-AD47-2D3FFE1D80E7}C:\program files\java\jdk1.7.0_17\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_17\bin\java.exe

FirewallRules: [UDP Query User{1FD83392-C1E4-4E6C-8508-AE7BB35FCC98}C:\program files\java\jdk1.7.0_17\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_17\bin\java.exe

FirewallRules: [{CF958C84-69FE-47DF-A74E-FEA3FAF0826A}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe

FirewallRules: [{3EE45BF3-A368-4347-96C8-36DB439A9D92}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe

FirewallRules: [{C8F8C9EE-2391-4CFA-8842-CEDE729F6146}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe

FirewallRules: [{97E35DA5-626D-43A2-ABE4-587D817F842F}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe

FirewallRules: [{8516C41E-781E-4F68-9390-C0320D0001CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe

FirewallRules: [{41924B25-2DB9-4A56-B49F-FF6AD1A65140}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe

FirewallRules: [{FE1793C5-A7BC-4FE4-A819-2FEA50460DF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe

FirewallRules: [{E81C291F-61B8-404C-BF99-85D0213F6234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe

FirewallRules: [{B311F493-88D3-48FC-83D5-46D5A51FF391}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe

FirewallRules: [{4266CBF0-8F62-40F4-909A-8F58ED202C66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe

FirewallRules: [{DD43A155-01E4-4D39-8449-9AF4FF5A89D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe

FirewallRules: [{B187FB0D-5C42-468B-A7F2-EED33558AAF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe

FirewallRules: [{EB660313-F746-45FB-8935-74CFD34B5F12}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{E55FA2D5-F859-4908-85E1-8F811CE0E434}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [TCP Query User{7135D55B-D161-486B-9E1E-6BF5D8523270}C:\users\ricky\appdata\local\temp\rar$exa0.428\survivers - copy\survivers_beta_3.exe] => (Block) C:\users\ricky\appdata\local\temp\rar$exa0.428\survivers - copy\survivers_beta_3.exe

FirewallRules: [UDP Query User{4838BA7B-DC49-4CBC-8C79-F2DEF41D68A0}C:\users\ricky\appdata\local\temp\rar$exa0.428\survivers - copy\survivers_beta_3.exe] => (Block) C:\users\ricky\appdata\local\temp\rar$exa0.428\survivers - copy\survivers_beta_3.exe

FirewallRules: [TCP Query User{2C3CC42D-231D-449E-998E-E84FA5AA1A4F}C:\users\ricky\appdata\local\temp\rar$exa0.920\survivers - copy\survivers_beta_3.exe] => (Block) C:\users\ricky\appdata\local\temp\rar$exa0.920\survivers - copy\survivers_beta_3.exe

FirewallRules: [UDP Query User{EA9A6EA2-46AE-4CCF-A10F-A841C53483B5}C:\users\ricky\appdata\local\temp\rar$exa0.920\survivers - copy\survivers_beta_3.exe] => (Block) C:\users\ricky\appdata\local\temp\rar$exa0.920\survivers - copy\survivers_beta_3.exe

FirewallRules: [TCP Query User{D83D9E7F-7A9A-4E54-834E-624DF66DDE97}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe

FirewallRules: [UDP Query User{CDE0A41A-5B38-4AB2-B40C-5D285034EB56}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe

FirewallRules: [{B0BC5CB2-4B76-49B9-A42C-7B565D12E9DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2 Beta\payday2_win32_release.exe

FirewallRules: [{25AF9718-F690-45F0-998E-4313302D71A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2 Beta\payday2_win32_release.exe

FirewallRules: [{ED44926B-2A01-46DE-8F9C-9A23EFBC1FEF}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

FirewallRules: [{9C8D8040-7A14-47C0-B73A-D9974316E83A}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

FirewallRules: [{66389ABE-73DA-4CE5-99E3-F8DE67874518}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkDMS.exe

FirewallRules: [{A8A1F92D-14D4-49B6-95CA-EFDB7FA18A93}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkDMS.exe

FirewallRules: [{98A2E566-4778-493C-821A-6A49C69E856B}] => (Allow) LPort=8743

FirewallRules: [{F785E04A-8DEF-4A58-9B0C-749D67AD4CA7}] => (Allow) LPort=8643

FirewallRules: [{45BCC31B-7219-4636-8C8D-B823708A9951}] => (Allow) LPort=7676

FirewallRules: [{CF01F4A0-7BE6-4076-8DF6-40670194E661}] => (Allow) LPort=7679

FirewallRules: [{C6F2753C-309A-413A-B8F7-335387D35567}] => (Allow) LPort=24234

FirewallRules: [{8F2D9429-CC2A-4FB2-B6E4-DCC97A59832C}] => (Allow) LPort=7900

FirewallRules: [{55C56237-A487-461D-8B77-9A85D8CB5BAA}] => (Allow) LPort=1900

FirewallRules: [TCP Query User{8636F925-2E5F-4DA8-9FE0-78EAAB26CEE2}C:\program files (x86)\razer\core\razercore.exe] => (Block) C:\program files (x86)\razer\core\razercore.exe

FirewallRules: [UDP Query User{440DA21F-0974-42E2-9AB4-00A9926D3175}C:\program files (x86)\razer\core\razercore.exe] => (Block) C:\program files (x86)\razer\core\razercore.exe

FirewallRules: [{02B3520F-D3BF-4A2A-AD6D-77FBB6445112}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{F16CF3C0-F972-4F00-B10E-44C3516E5988}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{24374044-1125-4257-BCDA-DB960CD48AD9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{9EB04EEA-F432-4C82-9588-124E9A2C286E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{0A1EAA1F-9234-48FE-9646-735010D52CFF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe

FirewallRules: [{0A6DD8ED-CE0C-40C1-B191-FE9384C67DE7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe

FirewallRules: [{9D00E2E2-0A4C-4D39-80EF-E6F6908229A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe

FirewallRules: [{556C8D1E-E9E5-481F-A6E2-4BF994146B54}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe

FirewallRules: [{2BBB6A38-176D-47AB-818E-F5E6D46DE9EA}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe

FirewallRules: [{C3DD0E57-5F16-4E58-B0FD-7334A7099E8F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe

FirewallRules: [{33766110-678E-4611-AC95-95FFDB87CD26}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe

FirewallRules: [{F84AADA3-7146-4851-AEDD-3A9679A435A1}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe

FirewallRules: [TCP Query User{CC0B3959-2AEE-4E17-8480-3A622C795C10}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe

FirewallRules: [UDP Query User{C351D522-9BCC-46A0-AECF-18FD43E226F3}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe

FirewallRules: [{FFAEFD8A-7060-4E2E-95FB-0FCF5E1A63BB}] => (Allow) C:\Program Files (x86)\Origin Games\Command Conquer 3 Kanes Wrath\RetailExe\1.2\cnc3ep1.dat

FirewallRules: [TCP Query User{F35B17E4-B761-4E5F-BD1D-E43D915F421E}C:\program files\voicemaster\voicemaster.exe] => (Allow) C:\program files\voicemaster\voicemaster.exe

FirewallRules: [UDP Query User{7BBDAAE4-7D1E-4F64-A2A0-1A7F65216D0F}C:\program files\voicemaster\voicemaster.exe] => (Allow) C:\program files\voicemaster\voicemaster.exe

FirewallRules: [{9D5DCB15-FB7E-4FDE-8B9D-5FD2DCAD5DD4}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe

FirewallRules: [{8E1F8CFC-D0E3-4A77-A095-859CAE5D6681}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe

FirewallRules: [{A5181572-5102-49C8-BBB9-F3E53DD37BCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe

FirewallRules: [{1844F23E-D1F4-4CB2-A62E-9B87EF65F031}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe

FirewallRules: [{D25600D4-4906-4C47-9CD3-54143BF82F23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe

FirewallRules: [{1615D141-9C59-4439-BBC8-F3344A537F7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe

FirewallRules: [{90B36D12-9CA9-40DE-9142-628F53258CCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe

FirewallRules: [{4B349066-8E73-44B8-AD76-7F59C09A3A94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe

FirewallRules: [{8C2FCA0A-DF0A-4C52-BEF6-99306F0DAB08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe

FirewallRules: [{9F64DE7A-5172-4C2B-8FC9-8837A106B5DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe

FirewallRules: [{55B7A96E-AB4A-413E-B1F2-B37BDA7B322C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe

FirewallRules: [{ED8D7966-732C-4549-9A2D-C4E88BA511C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe

FirewallRules: [{4240DAD6-8B77-4F97-A05A-4505C950F7DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

FirewallRules: [{8032D5D6-082E-4C25-A159-8B4FB0531E49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

FirewallRules: [{70037AEE-4920-450A-AC46-7710C5F897D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{CC7FE5A3-BBC3-4168-A251-1F9542EF60F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{5C1E2624-B1DF-4E26-95B0-6F7DCBE0ED13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{0DB415D8-FDC2-4A56-9084-FC82EA658FE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{D193DEE8-5250-4983-A0A0-7154CD46D8D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{02B8AF31-8924-4C6B-A3DC-8AC37C54ADC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{46D06FE9-AB6A-4F9C-B83E-ED86D5E41D1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{76F0D9A7-CF88-4AA6-87D4-BC3897B9525A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{7F8E988F-86D8-45B1-AE38-E3D2D7A81F3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{A0AE40AD-72A5-4E24-9956-00074C220617}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{1F37CB6E-AE39-4363-8B70-646DC36DEF3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{E1C1CD56-8A22-4AAF-BDB9-188C807BB99F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{6F6DE77E-5069-497E-96DF-FB285BF310D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{C0A7B2E0-0170-4C4F-89D3-C59AE3EBA259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{8E738E9A-641B-4B0A-925A-EFB35D42AE01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{A62238B1-90F3-4689-ADDE-88F6F619EA7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{35309D96-1B92-4379-AEEE-8EEB01492EBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{8B435D7F-0281-47A5-9445-658A2DA665D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{0526484E-E75C-4973-A4D7-D8FC5FC1332F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{5AE76EFE-B33E-4B03-9AC2-D508707A6564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{7BB44732-F8EA-493C-8A67-C612AFCFEA84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{BFBD4EB0-586C-4180-960A-A62A5AAE87BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{6D1DB779-25A7-47BD-AAD7-7B0670E849F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{07BEB0B6-F44D-4A44-A58D-C2FE956A6901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{0F767766-A095-4EAD-8911-388DF0F663BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe

FirewallRules: [{3BC9E91B-589F-4E4A-8A83-BE8B0C18C864}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe

FirewallRules: [{E0C42728-4CE8-4EA4-BADD-84D565F546F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{9E326A01-C754-4BE0-A076-7F8AA21E882D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{9E3BE4BB-2ABA-4D5A-AA79-9486556A3A20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{CD720482-0D4B-4F92-902D-1213DD72BF41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{99235C3B-CA4B-47B6-A217-62FD62EB641E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{D50E5469-A2C0-4614-A37C-D5E672ADC902}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{1E4217D4-3AA7-4694-874B-4F4CD4873938}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [{2696F90C-6726-4FA8-93F9-12DCA809EBD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [{40947A27-CD23-4B1C-B0AF-8ED45B8FDECE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{5AABCD54-EF5D-45DA-8553-64D6EC983890}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{392329F1-8FB2-42BE-A8CD-8F4657F2BB9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [{F551A37C-0405-430E-BDE5-12DEFDB5A220}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [{7CC55493-8595-48AC-A114-FE3D47E819BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{FC8076CB-15F4-463F-8A5F-DF71C1C577C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{D923EC30-089A-4770-A5F1-184ED305AB67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{AE55CC90-D1AB-47F8-8A47-67FCC81520EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{66969C7E-A19B-4441-AA4C-961625FB6248}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{01024137-5A8E-4E95-82A8-2BA3F0388916}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{91990051-BC3F-4733-BB8B-FAE24D997CED}] => (Allow) C:\Users\Ricky\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{8279C50A-CD2B-4870-855F-6421F3FCBA59}] => (Allow) C:\Users\Ricky\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{EE429871-1CD8-4A8C-BFED-113605576A70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe

FirewallRules: [{B12DD052-4104-4EC8-9BAF-879371B18A2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe

FirewallRules: [{2949624F-C8F7-460A-A607-1797EE5D2F4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space 2\deadspace2.exe

FirewallRules: [{4A341636-BFFC-475F-A6F2-E68DA37EE1D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space 2\deadspace2.exe

FirewallRules: [{F47454C6-43A6-463D-9020-E3B851EF22A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space 2\Support\EA Help\Electronic_Arts_Technical_Support.htm

FirewallRules: [{7B89F2DB-4639-467C-B506-1F072E69F268}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space 2\Support\EA Help\Electronic_Arts_Technical_Support.htm

FirewallRules: [{9D7BB3EE-E32B-49D5-B76F-8C8E1F19801C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe

FirewallRules: [{39B0B1E5-1289-46A0-847B-8A011D002D42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe

FirewallRules: [{BE488A69-3F9B-4D9E-987A-17BBC52F54F3}] => (Allow) %ProgramFiles% (x86)\Skype\Phone\Skype.exe

FirewallRules: [{1EDDFC8E-BD21-4740-ACA1-053F02413337}] => (Allow) %ProgramFiles% (x86)\Skype\Phone\Skype.exe

FirewallRules: [{4FA356DF-B9FA-4B47-BE15-83E3BC0CB378}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

FirewallRules: [{71D90C83-9EA0-4CBA-B448-8CE324051924}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

FirewallRules: [{2F838E3F-8B3D-40D3-A5AE-D0A676712B73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe

FirewallRules: [{C62BF67A-E8D3-44C9-9FDB-4E37AEBDBDDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe

FirewallRules: [{9B0A796C-6202-482D-940E-08623574D6E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe

FirewallRules: [{E5EA1040-E14D-4D98-947D-176AA1E3C28F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe

FirewallRules: [{D3E1F5BB-AABC-43F5-8F86-F67A634BBB22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat

FirewallRules: [{EA64C176-3C26-46D3-8907-FF25772F90FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat

FirewallRules: [{B51C5B35-5425-4818-9D4A-60EAC291345C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lost Planet 3\Binaries\Win32\LP3Launcher.exe

FirewallRules: [{4514BAA8-A580-4B05-B7D0-8824BAB1A173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lost Planet 3\Binaries\Win32\LP3Launcher.exe

FirewallRules: [{60CE1D5C-B6E0-4E4B-8026-EC989DA2F75F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{07DB12B6-0D1B-44F1-B015-5A3757C38F7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{8D77BE41-210E-41D5-8334-13EBD9874CB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe

FirewallRules: [{B5B97DE7-664C-4EF2-8AFF-8807149E73E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe

FirewallRules: [{F9EEBF3F-689F-4321-A2FE-C27334FF7434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rust.exe

FirewallRules: [{DAD3541C-75F1-456C-ABDB-906DBC0F7AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rust.exe

FirewallRules: [TCP Query User{F9BD67B4-BD49-4F7E-80B0-A9A56FC08618}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe

FirewallRules: [UDP Query User{713270FD-5785-4CA5-B697-B0B2A03EE6E2}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe

FirewallRules: [{7CB0A6AD-E334-46F0-A7DC-E0BD15137B90}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe

FirewallRules: [{FAC1EB6B-3C9F-4161-A6EE-2236BC153795}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe

FirewallRules: [{20D90FDD-E179-4E05-A4F2-011C7DBB9E96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rust.exe

FirewallRules: [{F3DF5376-3022-40B2-A25D-6F412DB1A016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rust.exe

FirewallRules: [{6CFFC0B3-B1CA-4160-AB94-5270973858FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rust.exe

FirewallRules: [{1D08EC31-8475-4722-897F-D47F512BE0AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rust.exe

FirewallRules: [{623FB58A-6DB4-435A-992B-1402DBEEA058}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{4A9CABF8-C793-4010-AE86-9392D96EC8F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{BE962F05-1897-4A25-9790-60BCBC0FD5CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rustlauncher.exe

FirewallRules: [{085F0F5F-B02F-45A1-9CE9-2FA03C4208CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rustlauncher.exe

FirewallRules: [{FB1288F6-DA29-4E5B-B420-E7AB81FBDD87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
 
3rd and final part


FirewallRules: [{E34C214C-2562-499D-BD13-3F75964AC4FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe

FirewallRules: [{E6FCDAF5-020F-406A-9F4F-5423639A7FB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe

FirewallRules: [{960F3C86-226C-4968-8FAA-20D0E004A840}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe

FirewallRules: [TCP Query User{83E579EB-2742-4045-B814-651076A39836}C:\programdata\howling\howling.exe] => (Allow) C:\programdata\howling\howling.exe

FirewallRules: [UDP Query User{B14F28C4-1AEA-4DC6-A25A-CC6BD35281D5}C:\programdata\howling\howling.exe] => (Allow) C:\programdata\howling\howling.exe

FirewallRules: [TCP Query User{F7C6FE20-9890-4F0C-8CBE-5312D6F556D3}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe

FirewallRules: [UDP Query User{8E844302-6FA6-43FE-856F-69530C52DFDB}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe

FirewallRules: [{D48B8B13-971D-467B-964C-366516FA56E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe

FirewallRules: [{318A918E-2150-4075-8F1E-DEC5B7DFD2A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe

FirewallRules: [{F377C286-5076-408F-9ED9-864C2AFFCA85}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{8F32743C-BAC5-41D5-965C-931F201D161B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{58D790E5-D162-4F50-985A-A4E4F1739C33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\experimental\Rust.exe

FirewallRules: [{ACED1379-B0E1-4226-9B9A-0C3DBAD43EB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\experimental\Rust.exe

FirewallRules: [{E002F79B-D6FA-428D-9950-90FFA76E0512}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe

FirewallRules: [{0A2FFE5C-5895-438C-A0AE-9DCAB22273FC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe

FirewallRules: [{EA781829-FBD0-4BFA-9478-F9613008BCA5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe

FirewallRules: [{A00CF537-AB1E-49E7-B383-5412FE301121}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe

FirewallRules: [TCP Query User{87797CD1-455E-4A3A-8D12-B7022683799B}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe

FirewallRules: [UDP Query User{48573449-0C14-4A1B-826D-B4A02A78B267}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe

FirewallRules: [{9C72FB32-70D9-4A96-B079-AEA6420B7250}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe

FirewallRules: [{C92528B6-F5D1-4335-96DF-5A74BC48580E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe

FirewallRules: [{CB020BFC-0EB4-4FC9-99AE-986B440CB6B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe

FirewallRules: [{8B9E3024-55FB-40E0-8C9F-6693E2D43EB5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe

FirewallRules: [{B1C1508B-AAF5-4E1B-8D21-9CBAB5DD6B13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe

FirewallRules: [{6246C8D8-EA73-4CDB-95A8-E17FC3928F81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe

FirewallRules: [TCP Query User{B297F08B-481F-46B6-84D2-0BCD98B9AD50}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe

FirewallRules: [UDP Query User{5B59A5C4-20A7-447F-9CD0-E07B6333F9AE}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe

FirewallRules: [{44770405-A27F-4E9E-9AB8-0DF2767A0DD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe

FirewallRules: [{DCCC1645-04F3-4A89-A2A4-D27C81190A22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe

FirewallRules: [{4B08856C-6AD2-49D8-8973-D69B9EFB52DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship\ship.exe

FirewallRules: [{BB92AEF1-08B9-4D3B-9BF6-CCCE3A5B9D03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship\ship.exe

FirewallRules: [{7190D23C-8C6E-4B2B-A5AC-7FFB4A266008}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe

FirewallRules: [{12DB160D-AA52-4B2A-B023-4ECC6FEB579D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe

FirewallRules: [{E2DAFFE0-9E52-4826-AD3D-36460D24BD9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe

FirewallRules: [{27F5EAEB-C142-4474-B088-6B87F49CA85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe

FirewallRules: [{4EA97044-050F-4F4F-821C-B2B8F9F74A16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe

FirewallRules: [{4EC5537A-8FC6-41F6-A7D5-293F0B86BE7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe

FirewallRules: [{E41B878D-3CDD-4FD3-A733-F61CE2D1ABB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe

FirewallRules: [{C92C5E7C-079D-482F-8F45-E8E9056C2F9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe

FirewallRules: [{42481C05-2417-4190-995E-F79B11066F15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe

FirewallRules: [{BF8CDC34-1C9A-4D57-A5B7-0B73172F11A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe

FirewallRules: [{65B66080-2D16-4991-B97C-811D41951084}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe

FirewallRules: [{A95D2195-973B-46C5-AE67-6996EE41E5DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe

FirewallRules: [{8E22AA42-A60B-47EA-9F08-F93232CCFAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe

FirewallRules: [{8945CB31-2615-4E3F-8BF8-005BDBBAE5B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe

FirewallRules: [{501C5D68-471B-4BB1-854E-9562CDC424BA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{D6A0323E-5A5B-45B0-9AC0-FBA511147856}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [TCP Query User{5391EDD1-AFEB-4463-ACBC-54F3490F6E83}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [UDP Query User{380CBD5A-4120-4118-8916-63AB6DDA694D}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [TCP Query User{613EC418-9393-417B-A576-22C5091ABA45}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [UDP Query User{54B90094-0FB6-4053-BEBF-A182DF777661}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [{933B52F2-C955-444B-B67B-3826D6E12A5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe

FirewallRules: [{E82F5A3C-9F84-4B76-8D1D-0CCFE74D4D61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe

FirewallRules: [TCP Query User{DF710094-80B9-431D-9D21-87BD68E374FE}C:\users\ricky\appdata\local\temp\rar$exa0.623\server.exe] => (Allow) C:\users\ricky\appdata\local\temp\rar$exa0.623\server.exe

FirewallRules: [UDP Query User{C6188B56-2B40-45DA-9596-D4A13C464CC2}C:\users\ricky\appdata\local\temp\rar$exa0.623\server.exe] => (Allow) C:\users\ricky\appdata\local\temp\rar$exa0.623\server.exe

FirewallRules: [TCP Query User{CF6B2BAC-BDE8-4A4E-9C60-B29B02DEE483}C:\users\ricky\appdata\local\temp\rar$exa0.006\server.exe] => (Block) C:\users\ricky\appdata\local\temp\rar$exa0.006\server.exe

FirewallRules: [UDP Query User{70E0C17A-94AE-4E87-8624-1850353EE612}C:\users\ricky\appdata\local\temp\rar$exa0.006\server.exe] => (Block) C:\users\ricky\appdata\local\temp\rar$exa0.006\server.exe

FirewallRules: [TCP Query User{511E71AC-BF6C-4390-8679-1CE68FE0F0BE}C:\users\ricky\appdata\local\temp\ixp000.tmp\ez multiplayer gm8.exe] => (Block) C:\users\ricky\appdata\local\temp\ixp000.tmp\ez multiplayer gm8.exe

FirewallRules: [UDP Query User{CCC4FD2D-C372-4247-8336-69AC714B736D}C:\users\ricky\appdata\local\temp\ixp000.tmp\ez multiplayer gm8.exe] => (Block) C:\users\ricky\appdata\local\temp\ixp000.tmp\ez multiplayer gm8.exe

FirewallRules: [TCP Query User{C659EBCF-5BCC-4C49-BD02-42038538A38C}C:\users\ricky\appdata\local\temp\ixp000.tmp\freddyserver.exe] => (Allow) C:\users\ricky\appdata\local\temp\ixp000.tmp\freddyserver.exe

FirewallRules: [UDP Query User{539E8D22-A273-4C7E-9220-7B0835E52D76}C:\users\ricky\appdata\local\temp\ixp000.tmp\freddyserver.exe] => (Allow) C:\users\ricky\appdata\local\temp\ixp000.tmp\freddyserver.exe

FirewallRules: [{FBD6920C-05DD-45E7-BA28-E825A68D6A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{0BA3EAFE-1C2C-4D9A-B8C4-86A0FB51E409}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{C4F5397A-28EA-4C46-B81A-BBBE25473606}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe

FirewallRules: [{D2B97772-6A1A-46D4-8C79-CB53C7945428}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe

FirewallRules: [{B87DC025-4952-429E-A167-7B6BF0717896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe

FirewallRules: [{5B7DCB1F-63B9-496F-9DB2-DDE24467C1DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe

FirewallRules: [{01A7DF99-D0B7-4718-8B62-58ED1FA7F734}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe

FirewallRules: [{2DBBFE0B-1E61-4089-9D47-0235758EB8AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe

FirewallRules: [{C06E1D3C-0F3E-4370-B9FF-055F420F0011}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe

FirewallRules: [{DE987E7F-3C78-43BA-AB4D-58ECF5A02AF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe

FirewallRules: [{9521B46D-44AD-49F6-B62C-DA58509A1B35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

FirewallRules: [{912F5BE7-75D0-486E-876A-132BDA7F4156}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

FirewallRules: [{64A6744A-1E6C-429A-9167-93543C7E1D04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe

FirewallRules: [{A336F74C-E3FE-4CAF-ACE1-074FC7BE990D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe

FirewallRules: [{99E28514-C824-4955-9E48-1758119B81C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe

FirewallRules: [{1BA8167A-B0B6-45CE-9CF3-A106BFEDC864}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe

FirewallRules: [TCP Query User{7B7B6720-D470-4466-BC88-2DD16CDCEA6F}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe

FirewallRules: [UDP Query User{194933CC-19B4-461F-B7B1-183CB34C0707}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe

FirewallRules: [TCP Query User{575C91A8-0F3C-48F2-A6A9-D8E001EC6451}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe

FirewallRules: [UDP Query User{EFA33CF4-5040-4B24-82D6-1ADBC7E60E7A}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe

FirewallRules: [{1ABDEBEE-C376-4AEC-BB82-1CDB6A90391C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Airland Battle\WarGame2.exe

FirewallRules: [{2F07E43D-8E18-4747-AAD7-5F91FD3A7732}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Airland Battle\WarGame2.exe

FirewallRules: [TCP Query User{0C452484-9DA8-47F2-A9EC-BA9683781067}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe

FirewallRules: [UDP Query User{4A67A199-E1F4-4C33-B27D-990E24B97BD3}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe

FirewallRules: [{CB786C45-369C-4B2A-B9DB-9DA837426D4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe

FirewallRules: [{110BC35C-DC1A-4578-9039-BB11239069D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe

FirewallRules: [TCP Query User{9064EC7A-219C-40B5-89F9-92E7F6A4B678}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe

FirewallRules: [UDP Query User{81021574-0946-47D3-A79E-2943FA994C14}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe

FirewallRules: [TCP Query User{B7A6381B-3E0A-4250-82A5-E5050B37C510}C:\program files\java\jdk1.7.0_17\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_17\bin\javaw.exe

FirewallRules: [UDP Query User{12650D1E-241B-4A6B-A92D-D8A86F0472F3}C:\program files\java\jdk1.7.0_17\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_17\bin\javaw.exe

FirewallRules: [TCP Query User{E5E21891-6595-40DA-89C8-8D80ED2FEBBD}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe

FirewallRules: [UDP Query User{FC3EDEF8-E738-43F4-A255-12AD26925534}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe

FirewallRules: [{BA38E1C2-3362-474D-89F5-54DF9D1DB25B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{656CC9F3-DEC0-4310-84CD-BCC2C357079B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{40C711DF-2BF1-4130-B6FD-28B10B0F1A6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{749C2807-DE46-4EB1-83AA-23BAD2EABEB4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{B977EC36-1F44-46FB-92AA-42B86020408D}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [TCP Query User{51F9B8E5-A47D-4A9D-9875-994CC1F5B3AD}C:\users\ricky\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ricky\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{7D86BFA9-04BD-402A-BD20-A388B03402C3}C:\users\ricky\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ricky\appdata\roaming\spotify\spotify.exe

FirewallRules: [{74821D87-895D-48D1-87B4-35E1DED3B145}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe

FirewallRules: [{A3213938-049F-4BAF-968F-12489E3290C2}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe

FirewallRules: [{54207A6F-093D-4BAF-B340-7201FDC46A72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe

FirewallRules: [{0F34CC84-45A8-4403-9069-4A2FF97662E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe

FirewallRules: [{1A480071-6C3C-41DF-8B76-B62E3313BEE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe

FirewallRules: [{8485DD5B-6F54-4BD7-81DC-9842AC37E429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\legacy\rust.exe

FirewallRules: [{15B059A4-E1C7-4D6C-A007-11C9B438410C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe

FirewallRules: [{D7CD62C5-E761-4D5C-9DEA-E201F63722B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe

FirewallRules: [{FF0B0EB1-8245-4157-841C-2E517FEEDA50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe

FirewallRules: [{8F11B65B-E7B3-424B-BB4F-6139C320CE20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe

FirewallRules: [{D1837DFB-2B0E-458E-82FA-881A4A55D897}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe

FirewallRules: [{E21BDB8D-A034-4389-84E2-DD71F0EA922A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe

FirewallRules: [{2B097D37-E28E-4BB7-98AA-0702393A4156}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe

FirewallRules: [{9C9CE205-F19E-40DD-A5EA-316FA97ADC50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe

FirewallRules: [{DC85597C-BDB1-4124-9291-ADA442A03FF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SunlessSea\Sunless Sea.exe

FirewallRules: [{0FB40891-5522-487C-A234-3E782883941F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SunlessSea\Sunless Sea.exe

FirewallRules: [{3B7976B1-2080-4461-A0DA-72000BFF4FE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survivalist\Survivalist.exe

FirewallRules: [{4629AB9E-8A71-4DAD-BB6A-70F093FB1C46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survivalist\Survivalist.exe

FirewallRules: [{DEC96AB7-B2A1-40D3-866A-B1AFC380DDEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe

FirewallRules: [{CCA72D22-B022-4591-8747-EB9D4F8FC1F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe

FirewallRules: [{A6185AF9-73B6-4CD5-88DE-279993FFDDCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe

FirewallRules: [{B3005BC9-E2AE-4F49-9B09-8E14212161DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe

FirewallRules: [{E03AF402-A7B9-48A2-BD02-BEF83483C41A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe

FirewallRules: [{86AA5857-5E2F-438D-A34D-CA35A2919172}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe

FirewallRules: [{3654E064-E372-4FD3-B824-F2B6F5FAF6C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Styx\Binaries\Win64\StyxGame.exe

FirewallRules: [{F8BFCAFF-B6E3-4E57-8B5B-A98FA83A5E36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Styx\Binaries\Win64\StyxGame.exe

FirewallRules: [{5616A254-7369-45A1-8F75-77D0E708107D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe

FirewallRules: [{86387D7A-2192-4A04-9AB7-15B143B87372}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe

FirewallRules: [{1151C999-C520-42D2-9970-3DC1E4D4DF9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe

FirewallRules: [{69B15389-F80A-4B99-AB08-BBCC2EE63215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe

FirewallRules: [{FF5ED654-3699-4733-9925-96CE11557381}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{5D4CB0D4-C61E-4AD4-9EB8-67436468CFC8}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{E3A569AC-2A8A-4DEB-BCBF-89FB68CCD7CB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{3824FF46-0C85-4B83-BCAD-DA9676AE416C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

FirewallRules: [{B1294C18-B153-48FB-929B-9B61D3B5F780}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe


==================== Faulty Device Manager Devices =============



==================== Event log errors: =========================


Application errors:

==================

Error: (07/18/2015 01:20:43 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.



Details:

AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.


System Error:

The system cannot find the file specified.

.


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.



Details:

AddLegacyDriverFiles: Unable to back up image of binary aswSP.


System Error:

The system cannot find the file specified.

.


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.



Details:

AddLegacyDriverFiles: Unable to back up image of binary aswSnx.


System Error:

The system cannot find the file specified.

.


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.



Details:

AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.


System Error:

The system cannot find the file specified.

.


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.



Details:

AddLegacyDriverFiles: Unable to back up image of binary aswRdr.


System Error:

The system cannot find the file specified.

.


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.



Details:

AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.


System Error:

The system cannot find the file specified.

.


Error: (07/18/2015 01:10:48 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Instup.exe, version: 10.0.2208.712, time stamp: 0x545b6e40

Faulting module name: ltc_game32-99265.dll_unloaded, version: 0.0.0.0, time stamp: 0x559eccc7

Exception code: 0xc0000005

Fault offset: 0x0f2c7e0d

Faulting process id: 0x1db8

Faulting application start time: 0xInstup.exe0

Faulting application path: Instup.exe1

Faulting module path: Instup.exe2

Report Id: Instup.exe3


Error: (07/18/2015 01:09:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: kts15.0.2.361abcen_8109.exe, version: 15.0.2.361, time stamp: 0x54997f66

Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636317

Exception code: 0xc0000374

Fault offset: 0x000cea5f

Faulting process id: 0x1030

Faulting application start time: 0xkts15.0.2.361abcen_8109.exe0

Faulting application path: kts15.0.2.361abcen_8109.exe1

Faulting module path: kts15.0.2.361abcen_8109.exe2

Report Id: kts15.0.2.361abcen_8109.exe3


Error: (07/18/2015 01:06:03 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



System errors:

=============

Error: (07/18/2015 03:02:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB3072630).


Error: (07/18/2015 01:23:36 AM) (Source: KLIF) (EventID: 0) (User: )

Description: Сonnection is not established


Error: (07/18/2015 01:23:36 AM) (Source: KLIF) (EventID: 0) (User: )

Description: Сonnection is not established


Error: (07/18/2015 01:19:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

RzFilter


Error: (07/18/2015 01:06:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

RzFilter


Error: (07/18/2015 01:04:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Update service terminated with the following error:

%%-2147467243


Error: (07/18/2015 01:02:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Error: (07/18/2015 01:01:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

RzFilter


Error: (07/17/2015 03:00:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB3072630).


Error: (07/16/2015 03:01:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB3072630).



Microsoft Office:

=========================

Error: (07/18/2015 01:20:43 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.


System Error:

The system cannot find the file specified.


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary aswSP.


System Error:

The system cannot find the file specified.


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary aswSnx.


System Error:

The system cannot find the file specified.


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.


System Error:

The system cannot find the file specified.


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary aswRdr.


System Error:

The system cannot find the file specified.


Error: (07/18/2015 01:14:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.


System Error:

The system cannot find the file specified.


Error: (07/18/2015 01:10:48 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Instup.exe10.0.2208.712545b6e40ltc_game32-99265.dll_unloaded0.0.0.0559eccc7c00000050f2c7e0d1db801d0c12010b27f10C:\Program Files\AVAST Software\Avast\Setup\Instup.exeltc_game32-99265.dllbb8007fa-2d13-11e5-8a41-10bf4887c8af


Error: (07/18/2015 01:09:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: kts15.0.2.361abcen_8109.exe15.0.2.36154997f66ntdll.dll6.1.7601.1886955636317c0000374000cea5f103001d0c11fd5622803C:\Users\Ricky\Downloads\kts15.0.2.361abcen_8109.exeC:\Windows\SysWOW64\ntdll.dll863129b7-2d13-11e5-8a41-10bf4887c8af


Error: (07/18/2015 01:06:03 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



==================== Memory info ===========================


Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz

Percentage of memory in use: 47%

Total physical RAM: 16338.96 MB

Available physical RAM: 8544.25 MB

Total Virtual: 32676.12 MB

Available Virtual: 24111.86 MB


==================== Drives ================================


Drive c: (Windows) (Fixed) (Total:1862.92 GB) (Free:920.69 GB) NTFS

Drive d: (DYING_LIGHT_D2) (CDROM) (Total:7.87 GB) (Free:0 GB) UDF


==================== MBR & Partition Table ==================


========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 429E694F)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)


==================== End of log ============================
 
redtarget.gif
In the future please use Notepad instead of Wordpad to open logs.
Wordpad creates an extra space and all logs are twice as long and harder for me to read.
Thank you :)

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Really sorry for not responding. Been gone the last few days and haven't had much access to my computer. I'll be able to get all this going again tomorrow.

Also, I'll make sure to use wordpad. I hadn't noticed how much larger word made the posts.
 
Turns out my plans were cancelled or at least pushed back.

These are the results of RogueKiller.exe.


RogueKiller V10.9.3.0 [Jul 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ricky [Administrator]
Started from : C:\Users\Ricky\Downloads\RogueKiller.exe
Mode : Delete -- Date : 07/22/2015 17:33:23

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1678945104-314155054-3090002174-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.bing.com -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1678945104-314155054-3090002174-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.bing.com -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1678945104-314155054-3090002174-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1678945104-314155054-3090002174-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1678945104-314155054-3090002174-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : www.bing.com -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1678945104-314155054-3090002174-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : www.bing.com -> Replaced (http://search.msn.com/spbasic.htm)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS723020BLE640 +++++
--- User ---
[MBR] 3b9c4d5691dbaa2ab61cce26eb7f5ae0
[BSP] 2cd2ffcb6b4ad636037c0c1f325032c1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Anti Malware scan with results attached.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/22/2015
Scan Time: 5:36 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.22.07
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ricky

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385413
Time Elapsed: 14 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

Attachments

  • Malwarebytes Anti-Malware Results.txt
    1.1 KB · Views: 0
AdwCleaner results


# AdwCleaner v4.208 - Logfile created 22/07/2015 at 18:06:47
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ricky - BOB
# Running from : C:\Users\Ricky\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Ricky\AppData\Local\Conduit
Folder Deleted : C:\Users\Ricky\AppData\LocalLow\Conduit
File Deleted : C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_translation.babylon.com_0.localstorage
File Deleted : C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_translation.babylon.com_0.localstorage-journal
File Deleted : C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_translator.babylon.com_0.localstorage
File Deleted : C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_translator.babylon.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Google Chrome v43.0.2357.134

[C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [2731 bytes] - [22/07/2015 18:01:20]
AdwCleaner[S0].txt - [2649 bytes] - [22/07/2015 18:06:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2708 bytes] ##########
 
I've seem to run into an issue with JRT. I open it up, press a key as instructed, it says "reg is not a recognized as an internal or external commands, operable program or batch file. After a moment it shoots out a few lines of text I can't read fast enough then goes away. I open task manager and don't see it in processes or anything after. I used gyazo gif to make a little capture of what happens if you'd like to see. http://gyazo.com/183105255215026614b9e0ba9fe5a020
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Yep, sorry. Internet troubles the last few days. Cox isn't the best in my area. Running combo fix right now. Been stuck on stage 4 for about 10 or more minutes now. Sorry that I keep vanishing, something always seems to come up.
 
Still on stage 4, is this normal Well, it's been completed stage 4 since the original post 11 minutes ago, so I'm asking is it going to do anymore or should I look at restarting it.
 
And Combo is done, took a long time, but that might explain this large wall of text that I don't understand. Here ya go,

Edit: Appears I didn't turn off windows defender, I never use it so I forgot all about it. Hopefully that didn't mess with anything.


ComboFix 15-07-23.01 - Ricky 07/27/2015 17:57:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16339.10463 [GMT -5:00]
Running from: c:\users\Ricky\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Ricky\AppData\Roaming\technic-launcher.jar
c:\windows\msdownld.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2015-06-28 to 2015-07-28 )))))))))))))))))))))))))))))))
.
.
2015-07-28 00:37 . 2015-07-28 00:37 -------- d-----w- c:\users\hedev\AppData\Local\temp
2015-07-28 00:37 . 2015-07-28 00:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-24 06:36 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17B8EE47-F395-4DF9-A9D4-0FD2D0AAA09C}\mpengine.dll
2015-07-22 23:51 . 2015-07-22 23:51 -------- d-----w- c:\users\Ricky\AppData\Roaming\AVAST Software
2015-07-22 23:50 . 2015-07-22 23:50 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-07-22 23:50 . 2015-07-22 23:50 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-22 23:50 . 2015-07-22 23:50 150160 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-22 23:50 . 2015-07-22 23:50 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-22 23:50 . 2015-07-22 23:50 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-22 23:50 . 2015-07-22 23:50 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-22 23:50 . 2015-07-22 23:50 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-22 23:50 . 2015-07-22 23:50 1048856 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-22 23:50 . 2015-07-22 23:50 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-07-22 23:50 . 2015-07-22 23:50 43112 ----a-w- c:\windows\avastSS.scr
2015-07-22 23:49 . 2015-07-22 23:49 -------- d-----w- c:\program files\AVAST Software
2015-07-22 23:01 . 2015-07-22 23:06 -------- d-----w- C:\AdwCleaner
2015-07-22 22:20 . 2015-07-22 22:20 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-22 22:20 . 2015-07-22 23:00 -------- d-----w- c:\programdata\RogueKiller
2015-07-22 02:10 . 2015-07-22 02:10 -------- d-----w- c:\users\Ricky\AppData\Local\CEF
2015-07-20 19:14 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-20 19:14 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-20 19:14 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-20 19:14 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-20 19:14 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-20 19:14 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-20 19:14 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-20 19:14 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-20 19:14 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-20 19:14 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-18 21:56 . 2015-07-18 22:06 -------- d-----w- C:\FRST
2015-07-18 06:49 . 2015-07-18 06:49 -------- d-----w- C:\TDSSKiller_Quarantine
2015-07-18 06:23 . 2015-07-22 23:19 -------- d-----w- c:\programdata\Kaspersky Lab
2015-07-18 06:09 . 2015-07-18 06:09 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-07-18 06:01 . 2015-07-18 06:01 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2015-07-15 03:13 . 2015-07-15 03:13 18524336 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-07-14 23:44 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-07-14 23:44 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-07-13 20:21 . 2015-07-13 20:21 -------- d-----w- c:\program files (x86)\Championify
2015-07-10 04:20 . 2015-07-14 10:32 -------- d-----w- c:\users\Ricky\AppData\Local\FluxSoftware
2015-07-09 19:47 . 2015-07-09 19:47 -------- d-----w- c:\programdata\ATI
2015-07-09 09:11 . 2015-07-09 09:11 -------- d-----w- c:\program files\CPUID
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-27 22:47 . 2015-02-05 05:28 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-15 03:13 . 2013-04-12 21:10 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 03:13 . 2013-04-12 20:52 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-14 16:44 . 2013-05-25 18:18 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-07-03 13:43 . 2013-01-25 00:28 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-06-23 18:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-23 02:09 . 2015-06-23 02:09 107784 ----a-w- c:\windows\system32\amdave64.dll
2015-06-23 02:09 . 2013-08-30 22:37 100568 ----a-w- c:\windows\SysWow64\amdave32.dll
2015-06-23 02:09 . 2015-06-23 02:09 141792 ----a-w- c:\windows\system32\amdhcp64.dll
2015-06-23 02:09 . 2015-06-23 02:09 128384 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2015-06-23 02:09 . 2015-06-23 02:09 78432 ----a-w- c:\windows\system32\atimpc64.dll
2015-06-23 02:09 . 2015-06-23 02:09 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2015-06-23 02:09 . 2015-06-23 02:09 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2015-06-23 02:09 . 2015-06-23 02:09 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2015-06-23 02:08 . 2015-06-23 02:08 152056 ----a-w- c:\windows\system32\atiuxp64.dll
2015-06-23 02:08 . 2013-08-31 00:14 133016 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2015-06-23 02:08 . 2015-06-23 02:08 120144 ----a-w- c:\windows\system32\atiu9p64.dll
2015-06-23 02:08 . 2012-07-28 01:13 102616 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2015-06-23 02:08 . 2015-06-23 02:08 1440592 ----a-w- c:\windows\system32\aticfx64.dll
2015-06-23 02:08 . 2012-07-28 02:15 1191320 ----a-w- c:\windows\SysWow64\aticfx32.dll
2015-06-23 02:08 . 2015-06-23 02:08 11941000 ----a-w- c:\windows\system32\atidxx64.dll
2015-06-23 02:08 . 2013-08-31 00:13 10087472 ----a-w- c:\windows\SysWow64\atidxx32.dll
2015-06-23 02:08 . 2012-07-28 01:32 7927568 ----a-w- c:\windows\SysWow64\atiumdva.dll
2015-06-23 02:08 . 2012-07-28 04:09 7407400 ----a-w- c:\windows\SysWow64\atiumdag.dll
2015-06-23 02:08 . 2015-06-23 02:08 8890576 ----a-w- c:\windows\system32\atiumd6a.dll
2015-06-23 02:08 . 2015-06-23 02:08 8786040 ----a-w- c:\windows\system32\atiumd64.dll
2015-06-23 02:05 . 2015-06-23 02:05 297672 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2015-06-23 02:03 . 2015-06-23 02:03 21612032 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2015-06-23 01:59 . 2015-06-23 01:59 235008 ----a-w- c:\windows\system32\clinfo.exe
2015-06-23 01:59 . 2015-06-23 01:59 47782912 ----a-w- c:\windows\system32\amdocl64.dll
2015-06-23 01:58 . 2014-11-21 02:32 39712256 ----a-w- c:\windows\SysWow64\amdocl.dll
2015-06-23 01:57 . 2015-06-23 01:57 65024 ----a-w- c:\windows\system32\OpenCL.dll
2015-06-23 01:57 . 2015-06-23 01:57 59392 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-06-23 01:55 . 2015-06-23 01:55 27535872 ----a-w- c:\windows\system32\amdocl12cl64.dll
2015-06-23 01:55 . 2015-06-23 01:55 22318592 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2015-06-23 01:33 . 2015-06-23 01:33 127488 ----a-w- c:\windows\system32\mantle64.dll
2015-06-23 01:33 . 2015-06-23 01:33 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2015-06-23 01:33 . 2015-06-23 01:33 6476288 ----a-w- c:\windows\system32\amdmantle64.dll
2015-06-23 01:28 . 2015-06-23 01:28 5067264 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2015-06-23 01:27 . 2015-06-23 01:27 30749184 ----a-w- c:\windows\system32\atio6axx.dll
2015-06-23 01:25 . 2015-06-23 01:25 93184 ----a-w- c:\windows\system32\mantleaxl64.dll
2015-06-23 01:25 . 2015-06-23 01:25 86528 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2015-06-23 01:22 . 2015-06-23 01:22 50688 ----a-w- c:\windows\system32\amdmmcl6.dll
2015-06-23 01:22 . 2015-06-23 01:22 39424 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2015-06-23 01:21 . 2015-06-23 01:21 865792 ----a-w- c:\windows\system32\coinst_15.20.dll
2015-06-23 01:21 . 2015-06-23 01:21 25296896 ----a-w- c:\windows\SysWow64\atioglxx.dll
2015-06-23 01:19 . 2015-06-23 01:19 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2015-06-23 01:19 . 2015-06-23 01:19 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2015-06-23 01:19 . 2015-06-23 01:19 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2015-06-23 01:19 . 2015-06-23 01:19 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2015-06-23 01:19 . 2015-06-23 01:19 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2015-06-23 01:18 . 2015-06-23 01:18 15716864 ----a-w- c:\windows\system32\aticaldd64.dll
2015-06-23 01:18 . 2015-06-23 01:18 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2015-06-23 01:14 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2015-06-23 01:14 . 2015-06-23 01:14 160256 ----a-w- c:\windows\system32\atieah64.exe
2015-06-23 01:14 . 2015-06-23 01:14 143872 ----a-w- c:\windows\SysWow64\atieah32.exe
2015-06-23 01:14 . 2015-06-23 01:14 204800 ----a-w- c:\windows\system32\amdgfxinfo64.dll
2015-06-23 01:14 . 2015-06-23 01:14 189952 ----a-w- c:\windows\SysWow64\amdgfxinfo32.dll
2015-06-23 01:14 . 2015-06-23 01:14 670720 ----a-w- c:\windows\system32\atieclxx.exe
2015-06-23 01:14 . 2015-06-23 01:14 29696 ----a-w- c:\windows\system32\atimuixx.dll
2015-06-23 01:14 . 2015-06-23 01:14 245760 ----a-w- c:\windows\system32\atiesrxx.exe
2015-06-23 01:14 . 2015-06-23 01:14 190976 ----a-w- c:\windows\system32\atitmm64.dll
2015-06-23 01:12 . 2015-06-23 01:12 89088 ----a-w- c:\windows\system32\atisamu64.dll
2015-06-23 01:12 . 2015-06-23 01:12 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2015-06-23 01:11 . 2012-12-19 19:33 1246208 ----a-w- c:\windows\system32\atiadlxx.dll
2015-06-23 01:11 . 2015-06-23 01:11 926720 ----a-w- c:\windows\SysWow64\atiadlxx.dll
2015-06-23 01:11 . 2014-11-21 02:09 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-06-23 01:10 . 2015-06-23 01:10 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2015-06-23 01:10 . 2015-06-23 01:10 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2015-06-23 01:10 . 2015-06-23 01:10 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2015-06-23 01:10 . 2015-06-23 01:10 156672 ----a-w- c:\windows\system32\atig6txx.dll
2015-06-23 01:10 . 2014-11-21 02:08 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-06-23 01:10 . 2015-06-23 01:10 663552 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2015-06-23 01:09 . 2015-06-23 01:09 102912 ----a-w- c:\windows\system32\hsa-thunk64.dll
2015-06-23 01:09 . 2015-06-23 01:09 102400 ----a-w- c:\windows\SysWow64\hsa-thunk.dll
2015-06-23 01:07 . 2015-06-23 01:07 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2015-06-18 13:41 . 2015-02-05 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 13:41 . 2015-02-05 05:26 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 13:41 . 2015-02-05 05:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-25 18:24 . 2015-06-10 07:28 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-10 07:28 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 07:28 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 07:28 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 07:28 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 07:28 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 07:28 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 07:28 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 07:28 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 07:28 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 07:28 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 07:28 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 07:28 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 07:28 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 07:28 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 07:28 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 07:28 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 07:28 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 07:28 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 07:28 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 07:28 43008 ----a-w- c:\windows\system32\relog.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2013-10-31 2990304]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-29 53288576]
"Spotify Web Helper"="c:\users\Ricky\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-07-18 2008632]
"Spotify"="c:\users\Ricky\AppData\Roaming\Spotify\Spotify.exe" [2015-07-18 7334968]
"Dropbox Update"="c:\users\Ricky\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-24 134512]
"GoogleChromeAutoLaunch_91666D2DFC6D4A8FF60FE6A7C745B87B"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-07-13 813896]
"f.lux"="c:\users\Ricky\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2015-07-18 526240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-06-23 767176]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-07-14 5579624]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-22 6109776]
.
c:\users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ricky\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 44236896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 celavimushost;Celavimus Client Host;c:\program files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe;c:\program files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-25 10:22 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-12 03:13]
.
2015-07-27 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1678945104-314155054-3090002174-1000Core.job
- c:\users\Ricky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24 21:50]
.
2015-07-28 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1678945104-314155054-3090002174-1000UA.job
- c:\users\Ricky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24 21:50]
.
2015-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25 13:07]
.
2015-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25 13:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-22 23:50 777544 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Ricky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-06-20 18:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-06-20 18:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-06-20 18:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-06-20 18:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-06-20 18:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-06-20 18:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{A63E367D-B78B-4C1E-B9C7-4AB6CAE91B7C}: NameServer = 8.8.8.4,8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-StarCraft II - c:\program files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1678945104-314155054-3090002174-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:1d,b5,e9,f4,47,3e,bc,96,4b,d9,1e,83,3f,c0,8b,9c,f9,9b,07,a6,27,
5a,ff,76,88,56,07,c8,69,50,b0,37,b3,7d,42,7d,c1,d5,f7,99,56,52,84,bd,80,a7,\
"rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-07-27 19:51:26 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-28 00:51
.
Pre-Run: 984,979,492,864 bytes free
Post-Run: 985,599,725,568 bytes free
.
- - End Of File - - 4137C73005CE7CBEB44504DAD4AA2D29
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Back