TechSpot

Random spyware that i think ive managed to remove

By Randy icenhour
Sep 10, 2015
  1. Had some random bsod that kept getting worse ran all the simple scans avast malwarebytes and so and so never found anything then had one and had to do what has been my go to for stuff like that junkware removal tool rougekiller malwarebyes anti root kit and then combo fix and ive got it now stable enough to do this first step logs to follow
     
  2. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
    Ran by icenhour76 (administrator) on ICENHOUR76-PC (10-09-2015 01:30:13)
    Running from C:\Users\icenhour76\Downloads
    Loaded Profiles: icenhour76 (Available Profiles: icenhour76)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek)
    HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13320808 2011-10-25] (Realtek Semiconductor)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-21] (NVIDIA Corporation)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2015-01-12] (Logitech, Inc.)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-08-20] (Logitech Inc.)
    HKLM-x32\...\Run: [Zboard] => C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe [182784 2011-02-22] (Ideazon, Inc.)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2015-01-10] (DivX, LLC)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-05] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk [2013-12-06]
    ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
    Startup: C:\Users\icenhour76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2012-11-19]
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
    Tcpip\..\Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137}: [NameServer] 208.67.220.222
    Tcpip\..\Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137}: [DhcpNameServer] 10.0.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3248671020-3738731255-3598294349-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-03] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-03] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
    DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\icenhour76\AppData\Roaming\Mozilla\Firefox\Profiles\ntebj8uu.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-03] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-03] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-09-05] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-21] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-21] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
    FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
    FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3248671020-3738731255-3598294349-1001: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll [2012-06-28] (OnLive)
    FF Plugin HKU\S-1-5-21-3248671020-3738731255-3598294349-1001: @plugin.couponnetwork.com/Coupon Print Activator;version=4.5 -> C:\Users\icenhour76\AppData\Roaming\E-centives\NPcolPM460.dll [2011-12-31] (Invenda)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-05-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-05-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-05-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-05-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-05-24] (Apple Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-28]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-12]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com","https://www.yahoo.com/?fr=hp-avast&type=odc179"
    CHR Profile: C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-10]
    CHR Extension: (Google Docs) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-10]
    CHR Extension: (Google Drive) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-10]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-09-09]
    CHR Extension: (YouTube) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-09]
    CHR Extension: (Google Cast) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-09-09]
    CHR Extension: (Classic Games) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2015-09-09]
    CHR Extension: (Guitarist's Reference) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk [2015-09-09]
    CHR Extension: (Adblock Plus) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-09]
    CHR Extension: (Google Search) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-09]
    CHR Extension: (Netflix) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-09-09]
    CHR Extension: (Logitech Smooth Scrolling) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-09-09]
    CHR Extension: (uBlock) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2015-09-09]
    CHR Extension: (Google Sheets) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-10]
    CHR Extension: (Full Screen Weather) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-09-09]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-09-09]
    CHR Extension: (Google Docs Offline) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-10]
    CHR Extension: (Click&Clean) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-09-09]
    CHR Extension: (No Name) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-09-10]
    CHR Extension: (Avast Online Security) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-18]
    CHR Extension: (Crackle) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-09]
    CHR Extension: (Disconnect) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-09-09]
    CHR Extension: (Google Play) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-09-09]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-18]
    CHR Extension: (Monster Force 5) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnalgkbpcpkocdkonfbnghhgjccnnga [2015-09-09]
    CHR Extension: (Click&Clean App) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-09-09]
    CHR Extension: (Gmail) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]

    Opera:
    =======
    OPR Extension: (Adblock Plus) - C:\Users\icenhour76\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-09-18]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-05] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-05] (Avast Software)
    S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe [69448 2015-08-18] (Google Inc.)
    R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.)
    R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-21] (NVIDIA Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-08-18] (Malwarebytes Corporation)
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2015-04-17] (Motorola Mobility LLC)
    R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-21] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-21] (NVIDIA Corporation)
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2015-04-17] (Motorola) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
    R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-05] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-05] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-05] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-05] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-13] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-05] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-05] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-05] (AVAST Software)
    R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-19] (Disc Soft Ltd)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-06-22] (Glarysoft Ltd)
    S3 L6PODHDBEAN; C:\Windows\System32\Drivers\L6PODHDBEAN64.sys [772864 2015-04-15] (Line 6)
    S3 L6PODX3; C:\Windows\System32\Drivers\L6PODX364.sys [772096 2011-11-30] (Line 6)
    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
    R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-08-20] (Logitech Inc.)
    R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2015-08-20] (Logitech Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-08-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-08-18] (Malwarebytes Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-05] (AVAST Software)
    S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
    R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-17] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-21] (NVIDIA Corporation)
    S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2012-02-04] ()
    S3 SaiKF622; C:\Windows\System32\DRIVERS\SaiKF622.sys [140800 2009-06-02] (Saitek)
    R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek)
    R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek)
    S3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [23040 2010-12-17] (Sagatek Co. Ltd.) [File not signed]
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-05] (Avast Software)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
    S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
    S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
    S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-10 01:30 - 2015-09-10 01:30 - 00026204 _____ C:\Users\icenhour76\Downloads\FRST.txt
    2015-09-10 01:29 - 2015-09-10 01:30 - 00000000 ____D C:\FRST
    2015-09-10 01:29 - 2015-09-10 01:29 - 02190336 _____ (Farbar) C:\Users\icenhour76\Downloads\FRST64.exe
    2015-09-10 01:22 - 2015-09-10 01:22 - 00052538 _____ C:\ComboFix.txt
    2015-09-10 00:40 - 2015-09-10 00:40 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-09-10 00:40 - 2015-09-10 00:40 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-09-10 00:40 - 2015-09-10 00:40 - 00256000 _____ C:\Windows\PEV.exe
    2015-09-10 00:40 - 2015-09-10 00:40 - 00098816 _____ C:\Windows\sed.exe
    2015-09-10 00:40 - 2015-09-10 00:40 - 00080412 _____ C:\Windows\grep.exe
    2015-09-10 00:40 - 2015-09-10 00:40 - 00068096 _____ C:\Windows\zip.exe
    2015-09-10 00:40 - 2015-09-10 00:40 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-09-10 00:40 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-09-09 23:47 - 2015-09-09 23:47 - 00000000 ____D C:\Users\icenhour76\Desktop\mbar
    2015-09-09 23:30 - 2015-09-09 23:30 - 05635119 ____R (Swearware) C:\Users\icenhour76\Desktop\ComboFix.exe
    2015-09-09 23:30 - 2015-09-09 23:30 - 01800104 _____ (Malwarebytes Corporation) C:\Users\icenhour76\Desktop\JRT.exe
    2015-09-09 23:20 - 2015-09-09 23:20 - 00001449 _____ C:\AdwCleaner[C13].txt
    2015-09-09 23:19 - 2015-09-09 23:20 - 00001277 _____ C:\AdwCleaner[S15].txt
    2015-09-09 19:02 - 2015-09-09 19:02 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\icenhour76\Desktop\TDSSKiller.exe
    2015-09-09 19:01 - 2015-09-09 19:01 - 04383777 _____ C:\Users\icenhour76\Desktop\tdsskiller.zip
    2015-09-09 18:45 - 2015-09-10 01:05 - 00000504 _____ C:\Windows\setupact.log
    2015-09-09 18:45 - 2015-09-10 01:03 - 00001878 _____ C:\Windows\PFRO.log
    2015-09-09 18:45 - 2015-09-09 18:45 - 00283448 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-09-09 18:45 - 2015-09-09 18:45 - 00000000 _____ C:\Windows\setuperr.log
    2015-09-09 18:43 - 2015-09-09 18:43 - 00002142 _____ C:\AdwCleaner[C12].txt
    2015-09-09 18:41 - 2015-09-09 18:42 - 00019050 _____ C:\AdwCleaner[S14].txt
    2015-09-09 18:33 - 2015-09-09 18:35 - 00018986 _____ C:\AdwCleaner[S13].txt
    2015-09-09 18:11 - 2015-09-09 18:11 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-09-09 18:11 - 2015-09-09 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-09-09 18:09 - 2015-09-09 18:09 - 00059992 _____ C:\Users\icenhour76\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-09-04 19:23 - 2015-09-04 19:28 - 147484216 _____ (Seagate) C:\Users\icenhour76\Documents\Seagate Dashboard Installer.exe
    2015-09-03 11:34 - 2015-09-03 11:34 - 00178915 _____ C:\Users\icenhour76\Desktop\smdk_fat322.zip
    2015-09-03 11:30 - 2015-09-03 11:31 - 00000000 ____D C:\Users\icenhour76\Desktop\ExtFat32_v2.00
    2015-09-03 11:30 - 2015-09-03 11:30 - 00564213 _____ C:\Users\icenhour76\Desktop\ExtFat32_v2.00.zip
    2015-09-03 10:24 - 2015-09-03 10:25 - 00000000 ____D C:\Users\icenhour76\Desktop\PS4
    2015-08-21 07:44 - 2015-08-21 07:44 - 00573048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-08-21 07:43 - 2015-08-21 07:43 - 00937592 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2015-08-21 07:43 - 2015-08-07 00:34 - 06883448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-08-21 07:43 - 2015-08-07 00:34 - 03492144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2015-08-21 07:43 - 2015-08-07 00:34 - 02558768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2015-08-21 07:43 - 2015-08-07 00:34 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2015-08-21 07:43 - 2015-08-07 00:34 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-08-21 07:43 - 2015-08-03 06:12 - 05133709 _____ C:\Windows\system32\nvcoproc.bin
    2015-08-21 07:40 - 2015-08-21 07:43 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
    2015-08-21 07:40 - 2015-08-21 07:43 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2015-08-21 07:40 - 2015-08-21 07:43 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 22520624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 18540336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 17124832 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 16630096 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 15510112 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 14928048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 14673920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 13656016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 12513288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 12179496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 11076216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-08-21 07:40 - 2015-08-21 07:41 - 03518248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 03106384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 02937648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 02624816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 01104440 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 01063216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 01059960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00985208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00942688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00931448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00177088 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2015-08-21 07:40 - 2015-08-07 07:06 - 42840184 _____ C:\Windows\system32\nvcompiler.dll
    2015-08-21 07:40 - 2015-08-07 07:06 - 00033050 _____ C:\Windows\system32\nvinfo.pb
    2015-08-21 06:49 - 2015-08-21 06:49 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
    2015-08-21 06:49 - 2015-08-21 06:49 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
    2015-08-21 05:57 - 2015-08-21 05:58 - 01898104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435560.dll
    2015-08-21 05:57 - 2015-08-21 05:58 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435560.dll
    2015-08-21 02:55 - 2015-08-21 02:55 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2015-08-21 02:55 - 2015-08-21 02:55 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2015-08-20 23:43 - 2015-08-20 23:43 - 08667136 _____ C:\Users\icenhour76\Desktop\SCEVMC1.VME
    2015-08-20 23:43 - 2015-08-20 23:43 - 00334591 _____ C:\Users\icenhour76\Desktop\DJKM 2015 STARTER PACK.max
    2015-08-20 18:59 - 2015-08-20 18:59 - 00000000 ____D C:\Users\icenhour76\AppData\Local\Logitech
    2015-08-20 18:55 - 2015-08-20 18:58 - 00000000 ____D C:\Program Files\Logitech Gaming Software
    2015-08-20 18:44 - 2015-08-20 18:46 - 82596072 _____ (Logitech Inc.) C:\Users\icenhour76\Desktop\LGS_8.70.315_x64_Logitech.exe
    2015-08-20 18:37 - 2015-08-20 18:37 - 01164056 _____ (Logitech Inc.) C:\Users\icenhour76\Desktop\G602Flash.exe
    2015-08-18 01:26 - 2015-08-18 01:26 - 01791580 _____ (Malwarebytes Corporation) C:\Users\icenhour76\Downloads\JRT.exe
    2015-08-18 00:57 - 2015-08-18 00:57 - 00001612 _____ C:\AdwCleaner[C11].txt
    2015-08-18 00:53 - 2015-08-18 00:55 - 00023475 _____ C:\AdwCleaner[S12].txt
    2015-08-18 00:52 - 2015-08-18 00:52 - 01573888 _____ C:\Users\icenhour76\Desktop\AdwCleaner.exe
    2015-08-18 00:23 - 2015-09-10 01:18 - 01291097 _____ C:\Windows\WindowsUpdate.log
    2015-08-17 12:34 - 2015-08-17 12:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01011.Wdf
    2015-08-17 12:33 - 2015-08-17 12:33 - 00000044 _____ C:\Users\icenhour76\Desktop\StdOut_native.txt
    2015-08-17 12:33 - 2015-08-17 12:33 - 00000044 _____ C:\Users\icenhour76\Desktop\StdOut.txt
    2015-08-17 12:33 - 2015-08-17 12:33 - 00000000 ____D C:\usb_driver
    2015-08-17 12:33 - 2015-08-17 12:33 - 00000000 _____ C:\Users\icenhour76\Desktop\Stderr_Native.txt
    2015-08-17 12:33 - 2015-08-17 12:33 - 00000000 _____ C:\Users\icenhour76\Desktop\Stderr.txt
    2015-08-17 12:25 - 2012-11-05 22:26 - 01983440 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110d.dll
    2015-08-17 12:19 - 2015-08-17 12:19 - 00039918 _____ C:\Users\icenhour76\Desktop\SX330-iPV3Li-Upgrade-200W-V1.6-20150623-1435556516.rar
    2015-08-17 12:17 - 2015-08-17 12:17 - 00001051 _____ C:\Users\Public\Desktop\SXi.lnk
    2015-08-17 12:17 - 2015-08-17 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YiHi SXi
    2015-08-17 12:17 - 2015-08-17 12:17 - 00000000 ____D C:\Program Files (x86)\YiHiEcigar
    2015-08-17 01:50 - 2015-08-17 01:50 - 05324377 _____ C:\Users\icenhour76\Desktop\1636 - Pokemon Fire Red (U)(Squirrels).zip

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-10 01:23 - 2012-10-25 14:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-09-10 01:23 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-09-10 01:23 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-09-10 01:22 - 2014-01-16 09:20 - 00000000 ____D C:\Qoobox
    2015-09-10 01:17 - 2013-06-18 09:36 - 00000000 ____D C:\Windows\erdnt
    2015-09-10 01:17 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
    2015-09-10 01:06 - 2013-02-11 23:46 - 00000000 ____D C:\ProgramData\COMODO
    2015-09-10 01:05 - 2014-01-19 04:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-10 01:05 - 2012-09-25 19:44 - 00000000 ____D C:\temp
    2015-09-10 01:04 - 2012-04-03 18:53 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize.job
    2015-09-10 01:04 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-09-10 01:03 - 2012-02-04 02:06 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-09-10 00:53 - 2014-01-19 04:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-10 00:40 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
    2015-09-10 00:39 - 2013-02-11 23:48 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
    2015-09-10 00:38 - 2013-02-11 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    2015-09-10 00:37 - 2013-02-11 23:46 - 00000000 ____D C:\Program Files (x86)\Comodo
    2015-09-10 00:26 - 2014-01-22 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-09-09 23:49 - 2014-07-24 16:21 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-09-09 23:47 - 2014-01-13 03:51 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-09-09 23:31 - 2014-07-21 00:26 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-09-09 23:27 - 2014-09-29 01:56 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-09-09 23:24 - 2013-02-14 03:41 - 00000000 ____D C:\ProgramData\TEMP
    2015-09-09 18:41 - 2014-06-07 16:06 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-09-09 18:18 - 2015-03-23 08:29 - 00000848 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2015-09-09 18:18 - 2015-03-15 04:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2015-09-09 18:18 - 2015-03-15 04:21 - 00000000 ____D C:\Program Files\RogueKiller
    2015-09-09 18:14 - 2014-01-01 20:39 - 00000000 ____D C:\Users\icenhour76\AppData\Local\CrashDumps
    2015-09-09 18:11 - 2011-12-29 16:10 - 00000000 ____D C:\Program Files (x86)\Google
    2015-09-09 18:09 - 2015-04-20 04:27 - 00000000 __SHD C:\Users\icenhour76\AppData\Local\EmieBrowserModeList
    2015-09-09 18:09 - 2014-06-07 16:27 - 00000000 __SHD C:\Users\icenhour76\AppData\Local\EmieUserList
    2015-09-09 18:09 - 2014-06-07 16:27 - 00000000 __SHD C:\Users\icenhour76\AppData\Local\EmieSiteList
    2015-09-05 04:12 - 2012-01-31 05:31 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-09-04 19:28 - 2009-07-14 01:13 - 00897522 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-08-30 10:45 - 2011-12-29 16:13 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2015-08-30 10:45 - 2011-12-29 16:13 - 00000000 ____D C:\Program Files\CCleaner
    2015-08-29 15:48 - 2014-01-19 04:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-08-29 15:48 - 2014-01-19 04:43 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-08-23 21:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-08-21 16:53 - 2012-11-20 00:18 - 00000000 ____D C:\Users\icenhour76\Desktop\Games
    2015-08-21 07:51 - 2012-02-04 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2015-08-21 07:44 - 2012-02-04 22:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2015-08-21 07:43 - 2012-02-04 02:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2015-08-21 07:42 - 2012-02-04 02:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2015-08-21 06:22 - 2015-06-24 11:48 - 00000000 ____D C:\ProgramData\boost_interprocess
    2015-08-21 02:56 - 2013-05-24 16:44 - 00001381 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2015-08-21 02:55 - 2013-09-03 07:30 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2015-08-20 18:58 - 2015-06-10 19:33 - 00068384 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGJoyXlCore.sys
    2015-08-20 18:58 - 2015-06-10 19:33 - 00037408 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGBusEnum.sys
    2015-08-20 18:58 - 2015-06-10 19:33 - 00026912 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGVirHid.sys
    2015-08-20 18:57 - 2013-05-31 15:19 - 01843480 _____ (Logitech, Inc.) C:\Windows\system32\LkmdfCoInst.dll
    2015-08-20 18:57 - 2013-05-30 12:16 - 00064280 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGSHidFilt.Sys
    2015-08-20 18:57 - 2011-12-29 16:34 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
    2015-08-20 18:56 - 2011-12-29 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2015-08-20 18:55 - 2013-12-16 10:44 - 00000000 ____D C:\ProgramData\Package Cache
    2015-08-20 18:53 - 2011-12-29 16:28 - 00000000 ____D C:\Users\icenhour76\AppData\Roaming\Logishrd
    2015-08-19 14:25 - 2014-11-28 22:18 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1411089266
    2015-08-19 14:25 - 2011-12-29 16:03 - 00000000 ____D C:\Program Files (x86)\Opera
    2015-08-18 03:29 - 2011-12-30 07:46 - 00000000 ____D C:\Windows\Panther
    2015-08-18 03:16 - 2015-07-10 09:39 - 00000000 ____D C:\$Windows.~BT
    2015-08-18 02:31 - 2012-04-27 21:35 - 00000000 ____D C:\Windows\Minidump
    2015-08-18 00:57 - 2013-09-03 20:24 - 00000000 ____D C:\AdwCleaner
    2015-08-18 00:44 - 2014-07-24 16:21 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-08-18 00:44 - 2014-07-24 16:21 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-08-18 00:44 - 2014-07-24 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-08-18 00:44 - 2013-07-21 18:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-08-18 00:44 - 2012-02-03 13:19 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2015-08-17 19:30 - 2014-07-20 21:07 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2015-08-17 19:30 - 2013-10-30 04:44 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2015-08-17 19:29 - 2014-07-20 21:07 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2015-08-17 19:29 - 2013-10-30 04:44 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2015-08-17 12:33 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2015-08-15 11:45 - 2011-12-29 23:17 - 00000000 ____D C:\Users\icenhour76\.FBReader
    2015-08-13 18:59 - 2014-09-29 01:56 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2015-08-12 06:23 - 2012-10-25 14:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-08-12 06:23 - 2012-03-30 00:19 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-08-12 06:23 - 2011-12-29 16:26 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2012-05-26 02:13 - 2012-05-26 02:13 - 0074181 _____ () C:\Users\icenhour76\AppData\Roaming\icarus-dxdiag.xml
    2011-12-29 22:29 - 2012-11-16 08:40 - 0007668 _____ () C:\Users\icenhour76\AppData\Local\Resmon.ResmonCfg
    2011-12-31 19:55 - 2011-12-31 19:55 - 0000057 _____ () C:\ProgramData\Ament.ini
    2012-06-17 12:19 - 2012-04-18 12:19 - 0000032 ____R () C:\ProgramData\hash.dat

    Files to move or delete:
    ====================
    C:\ProgramData\hash.dat
    C:\Users\icenhour76\DisplayLink_6.3M1.exe
    C:\Users\icenhour76\Link Paring Tool v3.exe
    C:\Users\icenhour76\RivaTuner224c-[Guru3D.com].exe
    C:\Users\icenhour76\Saitek_Cyborg_V3_Pad_SD6_64_Drivers_pfw.exe
    C:\Users\icenhour76\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
    C:\Users\icenhour76\Smart_Technology_7_0_2_7_64bit.exe
    C:\Users\icenhour76\SUPERAntiSpyware.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-09-01 00:23

    ==================== End of FRST.txt ============================
     
  3. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
    Ran by icenhour76 (2015-09-10 01:30:53)
    Running from C:\Users\icenhour76\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2011-12-29 19:59:17)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3248671020-3738731255-3598294349-500 - Administrator - Disabled)
    Guest (S-1-5-21-3248671020-3738731255-3598294349-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3248671020-3738731255-3598294349-1002 - Limited - Enabled)
    icenhour76 (S-1-5-21-3248671020-3738731255-3598294349-1001 - Administrator - Enabled) => C:\Users\icenhour76

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
    99 Levels To Hell (HKLM-x32\...\Steam App 264280) (Version: - Zaxis Games)
    Actual Multiple Monitors 3.4.2 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 3.4.2 - Actual Tools)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
    Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
    Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
    Aiseesoft Total Media Converter Platinum 6.3.8 (HKLM-x32\...\{240E8FDB-BF8B-4bc3-963B-B28B7528BEBD}_is1) (Version: - )
    AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
    AnVir Task Manager (HKLM-x32\...\AnVir Task Manager) (Version: - AnVir Software)
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
    ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version: - Spellbound Studios)
    Arcania: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios)
    Armada 2526 Gold Edition (HKLM-x32\...\Steam App 229970) (Version: - )
    Armed and Dangerous (HKLM-x32\...\Steam App 6090) (Version: - Planet Moon Studios)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - BestGameEver)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
    AVG 2012 (Version: 12.0.4031 - AVG Technologies) Hidden
    Aztaka (HKLM-x32\...\Steam App 37100) (Version: - Citeremis)
    Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version: - Overhaul Games)
    Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
    Beyond Divinity (HKLM-x32\...\Steam App 219760) (Version: - )
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.1 - BitRaider, LLC)
    Blade of Darkness (HKLM-x32\...\GOGPACKBLADEOFDARKNESS_is1) (Version: 2.0.0.5 - GOG.com)
    Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
    Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
    Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version: - Rockstar New England)
    Card Hunter (HKLM-x32\...\Steam App 293260) (Version: - Blue Manchu)
    CastleStorm (HKLM-x32\...\Steam App 241410) (Version: - Zen Studios)
    Cave Story+ (HKLM-x32\...\Steam App 200900) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
    Chrome Remote Desktop Host (HKLM-x32\...\{912422D4-0A22-4F70-BF8D-802B4BCD0999}) (Version: 45.0.2454.17 - Google Inc.)
    ComicRack v0.9.155 (HKLM\...\ComicRack) (Version: v0.9.155 - cYo Soft)
    Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{32C46540-7693-49E1-A81E-121B09C8303B}) (Version: 3.00.7187.47 - Sony Computer Entertainment Inc.)
    Cubemen (HKLM-x32\...\Steam App 207250) (Version: - 3 Sprockets)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
    Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - )
    Darwinia (HKLM-x32\...\Steam App 1500) (Version: - Introversion Software)
    DEFCON (HKLM-x32\...\Steam App 1520) (Version: - Introversion Software)
    DEFCON Beta Demo (HKLM-x32\...\Steam App 1523) (Version: - Introversion Software)
    Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version: - )
    Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)
    Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
    Desktop Dungeons (HKLM-x32\...\Steam App 226620) (Version: - QCF Design)
    Deus Ex Human Revolution Augmented Edition Bonus Content (HKLM-x32\...\Steam App 28110) (Version: - )
    Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version: - Eidos)
    Deus Ex: Human Revolution - The Missing Link (HKLM-x32\...\Steam App 201280) (Version: - Eidos Montreal)
    Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)
    Deus Ex: Invisible War (HKLM-x32\...\Steam App 6920) (Version: - Eidos)
    DFOLauncher (HKLM-x32\...\DFO) (Version: - )
    Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Divine Divinity (HKLM-x32\...\Steam App 214170) (Version: - )
    Divinity II: Developer's Cut (HKLM-x32\...\Steam App 219780) (Version: - )
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
    Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - )
    Dungeon Fighter Online (HKLM-x32\...\Steam App 212220) (Version: - )
    Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version: - AMPLITUDE Studios)
    Dungeon Siege 2 (HKLM-x32\...\DungeonSiege2) (Version: - Microsoft)
    Dungeon Siege 2 Broken World (HKLM-x32\...\{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}) (Version: 1.00.0000 - Gas Powered Games)
    Dungeons of Dredmor (HKLM-x32\...\Steam App 98800) (Version: - )
    Earth Defense Force: Insect Armageddon (HKLM-x32\...\Steam App 23530) (Version: - )
    Enclave (HKLM-x32\...\Steam App 253980) (Version: - Topware)
    Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)
    Enhance/MP3 (remove only) (HKLM-x32\...\EnhanceMP3) (Version: - )
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Evil Genius (HKLM-x32\...\Steam App 3720) (Version: - Elixir Studios)
    Evoland (HKLM-x32\...\Steam App 233470) (Version: - )
    Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - )
    Fallen Earth (HKLM-x32\...\Steam App 113420) (Version: - )
    Fallout (HKLM-x32\...\Steam App 38400) (Version: - Black Isle Studios)
    Fallout 2 (HKLM-x32\...\Steam App 38410) (Version: - )
    Fallout 3 (HKLM-x32\...\Steam App 22300) (Version: - Bethesda Softworks)
    Fallout Tactics (HKLM-x32\...\Steam App 38420) (Version: - )
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version: - )
    ffdshow v1.1.3800 [2011-03-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3800.0 - )
    FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
    Fist Puncher (HKLM-x32\...\Steam App 238630) (Version: - Team2Bit)
    Foul Play (HKLM-x32\...\Steam App 244810) (Version: - )
    Freedom Force (HKLM-x32\...\Steam App 8880) (Version: - Irrational Games)
    Freedom Force vs. the 3rd Reich (HKLM-x32\...\Steam App 8890) (Version: - Irrational Games)
    Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version: - )
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - )
    Galactic Civilizations I: Ultimate Edition (HKLM-x32\...\Steam App 214150) (Version: - Stardock Entertainment)
    Galactic Civilizations II: Ultimate Edition (HKLM-x32\...\Steam App 202200) (Version: - Stardock Entertainment)
    GeekBuddy (HKLM-x32\...\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}) (Version: 4.9.73 - Comodo Security Solutions Inc)
    Gemini Wars (HKLM-x32\...\Steam App 216130) (Version: - Iceberg Interactive)
    Ghost Master (HKLM-x32\...\Steam App 6200) (Version: - Empire Interactive)
    Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
    God Mode (HKLM-x32\...\Steam App 227480) (Version: - )
    GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
    GOG.com Planescape Torment (HKLM\...\{8f376ce2-c213-4a6c-a329-0b2a7eb2bad8}.sdb) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
    Google Earth (HKLM-x32\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
    Gothic (HKLM-x32\...\Steam App 65540) (Version: - Piranha – Bytes )
    Gothic 3 (HKLM-x32\...\Steam App 39500) (Version: - Piranha – Bytes )
    Gothic 3 Forsaken Gods Enhanced Edition (HKLM-x32\...\Steam App 65600) (Version: - Trine Studios)
    Gothic II: Gold Edition (HKLM-x32\...\Steam App 39510) (Version: - Piranha – Bytes)
    GPGNet (HKLM-x32\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
    Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version: - Positech Games)
    Grim Dawn (HKLM-x32\...\Steam App 219990) (Version: - )
    Grotesque Tactics 2 - Dungeons and Donuts (HKLM-x32\...\Steam App 46570) (Version: - )
    Grotesque Tactics: Evil Heroes (HKLM-x32\...\Steam App 46450) (Version: - Silent Dreams)
    Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
    Hack, Slash, Loot (HKLM-x32\...\Steam App 207430) (Version: - David Williamson)
    Half Minute Hero: Super Mega Neo Climax Ultimate Boy (HKLM-x32\...\Steam App 214830) (Version: - )
    Hammerwatch (HKLM-x32\...\Steam App 239070) (Version: - )
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
    Hero Siege (HKLM-x32\...\Steam App 269210) (Version: - Elias Viglione)
    Heroes of Steel: Tactics RPG (HKLM-x32\...\Steam App 291190) (Version: - Trese Brothers)
    Highborn (HKLM-x32\...\Steam App 209850) (Version: - Jet Set Games)
    Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
    HP Photosmart 6510 series Basic Device Software (HKLM\...\{EB0D4D8B-A604-42D3-84D8-CCAFA75F753E}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
    HP Photosmart 6510 series Product Improvement Study (HKLM\...\{7EC37923-61DD-4C31-A602-8A9F0C5CF2A1}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
    Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
    JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
    Krater (HKLM-x32\...\Steam App 42170) (Version: - )
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Leawo Video Accelerator Version: 4.1.0.1 (HKLM-x32\...\{6D217AEE-2D67-4486-A73D-106C726BCDF1}_is1) (Version: - )
    Legend of Dungeon (HKLM-x32\...\Steam App 238280) (Version: - )
    Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version: - )
    Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
    Live Update 5 (HKLM-x32\...\{36F6E986-D2D1-403C-8BD3-D95EF7BC705D}}_is1) (Version: 5.0.109 - MSI)
    Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Magic DVD Copier V7.1.1 (HKLM-x32\...\Magic DVD Copier_is1) (Version: - Magic DVD Software, Inc.)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Marvel Heroes (HKLM-x32\...\Steam App 226320) (Version: - )
    Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare)
    Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version: - BioWare)
    MechWarrior Online (HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\...\{74d11f91-05cc-44f6-8e49-94fe7f33c79b}) (Version: 1.2.0.0 - Piranha Games Inc.)
    MechWarrior Online (x32 Version: 1.2.0.0 - Piranha Games Inc.) Hidden
    Mercenary Kings (HKLM-x32\...\Steam App 218820) (Version: - Tribute Games Inc.)
    Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - THQ)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games)
    Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
    Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
    Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Multiwinia (HKLM-x32\...\Steam App 1530) (Version: - Introversion Software)
    Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.60 - NVIDIA Corporation)
    NVIDIA 3DTV Play Activation Utility (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DTV) (Version: 266.7 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.13.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.13.6 - NVIDIA Corporation)
    NVIDIA Graphics Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
    NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
    One Way Heroics (HKLM-x32\...\Steam App 266210) (Version: - Smoking WOLF)
    OnLive (HKLM-x32\...\OnLive) (Version: - OnLive)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
    Opera Stable 31.0.1889.174 (HKLM-x32\...\Opera 31.0.1889.174) (Version: 31.0.1889.174 - Opera Software)
    Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - Robot Entertainment)
    Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
    Overlord (HKLM-x32\...\Steam App 11450) (Version: - CodeMasters)
    Overlord II (HKLM-x32\...\Steam App 12810) (Version: - Codemasters)
    Overlord: Raising Hell (HKLM-x32\...\Steam App 12710) (Version: - )
    Painkiller Overdose (HKLM-x32\...\Steam App 3270) (Version: - DreamCatcher)
    Painkiller: Black Edition (HKLM-x32\...\Steam App 39530) (Version: - People Can Fly)
    Painkiller: Resurrection (HKLM-x32\...\Steam App 39560) (Version: - Homegrown Games)
    Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
    PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
    Planescape Torment (HKLM-x32\...\GOGPACKPLANESCAPETORMENT_is1) (Version: 2.0.0.8 - GOG.com)
    PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
    Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap)
    Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
    PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.53.0 - PS3 Media Server)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.4 r1678 - )
    Realizer 1.1 for Winamp (HKLM-x32\...\Realizer 1.1 for Winamp) (Version: - )
    Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - )
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6487 - Realtek Semiconductor Corp.)
    Retrovirus (HKLM-x32\...\Steam App 227800) (Version: - Cadenza Interactive)
    Reus (HKLM-x32\...\Steam App 222730) (Version: - Abbey Games)
    Risen (HKLM-x32\...\Steam App 40300) (Version: - Piranha – Bytes )
    Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - Piranha Bytes)
    Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
    Rocksmith (HKLM-x32\...\Steam App 205190) (Version: - )
    RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
    S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version: - GSC Game World)
    S.T.A.L.K.E.R.: Clear Sky (HKLM-x32\...\Steam App 20510) (Version: - GSC Game World)
    S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version: - GSC Game World)
    Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
    Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
    Sanctum (HKLM-x32\...\Steam App 91600) (Version: - Coffee Stain Studios)
    Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)
    Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - )
    Serious Sam 2 (HKLM-x32\...\Steam App 204340) (Version: - )
    Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam)
    Serious Sam Classic: The First Encounter (HKLM-x32\...\Steam App 41050) (Version: - )
    Serious Sam Classic: The Second Encounter (HKLM-x32\...\Steam App 41060) (Version: - )
    Serious Sam Double D (HKLM-x32\...\Steam App 111600) (Version: - Mommy's Best Games)
    Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version: - Croteam)
    Serious Sam HD: The Second Encounter (HKLM-x32\...\Steam App 41010) (Version: - Croteam)
    Serious Sam: The Random Encounter (HKLM-x32\...\Steam App 201480) (Version: - )
    Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
    SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
    Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version: - Firaxis)
    Sir, You Are Being Hunted (HKLM-x32\...\Steam App 242880) (Version: - )
    Smart Technology Programming Software 7.0.2.7 (HKLM\...\{6D41B4C4-FCD7-4F9B-99B9-A01F63F71F0F}) (Version: 7.0.2.7 - Mad Catz)
    Sol Survivor (HKLM-x32\...\Steam App 45000) (Version: - Cadenza Interactive)
    Solar 2 (HKLM-x32\...\Steam App 97000) (Version: - Murudai)
    South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
    Space Empires IV Deluxe (HKLM-x32\...\Steam App 1610) (Version: - Malfador Machinations)
    Space Empires V (HKLM-x32\...\Steam App 1690) (Version: - Malfador Machinations)
    Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - )
    Space Siege (HKLM-x32\...\Steam App 10530) (Version: - Gas Powered Games)
    SpaceForce: Rogue Universe (HKLM-x32\...\Steam App 3220) (Version: - Provox)
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - SEGA)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
    Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
    Star Wars - Jedi Knight II: Jedi Outcast (HKLM-x32\...\Steam App 6030) (Version: - Raven Software)
    Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
    Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version: - LucasArts)
    Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
    Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - LucasArts)
    Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
    Starpoint Gemini (HKLM-x32\...\Steam App 108110) (Version: - Little Green Man Games)
    State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    STP (HKLM-x32\...\{0B5A201C-A9D3-4596-AAE6-9FD71ED7A5FD}) (Version: 1.0.0 - Dawning.ca)
    Sunless Sea (HKLM-x32\...\Steam App 304650) (Version: - Failbetter Games)
    Supreme Commander (HKLM-x32\...\Steam App 9350) (Version: - )
    Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version: - )
    Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version: - Kerberos Productions)
    Symphony (HKLM-x32\...\GOGPACKSYMPHONY_is1) (Version: 2.0.0.10 - GOG.com)
    System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
    Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version: - Test3 Projects)
    Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
    The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
    The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Softworks)
    The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Softworks)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Incredible Adventures of Van Helsing (HKLM-x32\...\Steam App 215530) (Version: - NeocoreGames)
    The Incredible Adventures of Van Helsing II (HKLM-x32\...\Steam App 272470) (Version: - NeocoreGames)
    The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
    The Witcher 2: Bonus Content (HKLM-x32\...\Steam App 20930) (Version: - )
    The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
    Time Gentlemen, Please! (HKLM-x32\...\Steam App 37400) (Version: - Zombie Cow)
    Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
    Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
    To the Moon (HKLM-x32\...\Steam App 206440) (Version: - )
    Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games, Inc.)
    Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - )
    Tower of Guns (HKLM-x32\...\1207660863_is1) (Version: 2.1.0.9 - GOG.com)
    Tower Wars (HKLM-x32\...\Steam App 214360) (Version: - )
    Two Worlds II (HKLM-x32\...\Steam App 7520) (Version: - Reality Pump Studios)
    Two Worlds II Castle Defense (HKLM-x32\...\Steam App 7530) (Version: - Reality Pump Studios)
    Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version: - Reality Pump Studios)
    UFO: Afterlight (HKLM-x32\...\Steam App 237950) (Version: - Altar Games)
    Unepic (HKLM-x32\...\Steam App 233980) (Version: - Francisco Téllez de Meneses)
    Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version: - Giant Army)
    Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
    Uplink (HKLM-x32\...\Steam App 1510) (Version: - Introversion Software)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
    Vigil: Blood Bitterness (HKLM-x32\...\Steam App 2570) (Version: - Meridian4)
    VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
    VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Wanderlust: Rebirth (HKLM-x32\...\Steam App 211580) (Version: - )
    Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version: - Relic)
    Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic)
    Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic)
    Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic)
    Wasteland Angel (HKLM-x32\...\Steam App 46520) (Version: - Octane Games)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.541 - Nullsoft, Inc)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
    WinUtilities 10.53 Professional Edition (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043009}_is1) (Version: - YL Computing, Inc)
    WinX DVD Ripper Platinum 6.9.2 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
    X-COM: Apocalypse (HKLM-x32\...\Steam App 7660) (Version: - MicroProse)
    X-COM: Enforcer (HKLM-x32\...\Steam App 7770) (Version: - MicroProse)
    X-COM: Interceptor (HKLM-x32\...\Steam App 7730) (Version: - MicroProse)
    X-COM: Terror from the Deep (HKLM-x32\...\Steam App 7650) (Version: - MicroProse)
    X-COM: UFO Defense (HKLM-x32\...\Steam App 7760) (Version: - MicroProse)
    XIII (HKLM-x32\...\XIII_is1) (Version: - GOG.com)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    yBook2 (HKLM-x32\...\yBook2_is1) (Version: - Spacejock Software)
    YiHi SXi (HKLM-x32\...\{83D44CC3-6F2D-4625-A1E7-9C6CA633DA50}) (Version: 2.3.0 - YiHiEcigar)
    Ys I (HKLM-x32\...\Steam App 223810) (Version: - )
    Ys II (HKLM-x32\...\Steam App 223870) (Version: - )
    Ys Origin (HKLM-x32\...\Steam App 207350) (Version: - Falcom)
    Ys: The Oath in Felghana (HKLM-x32\...\Steam App 207320) (Version: - Falcom)
    Z Engine (HKLM-x32\...\{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}) (Version: 2.5.0.30_NA - Ideazon)
    Zafehouse Diaries (HKLM-x32\...\GOGPACKZAFEHOUSEDIARIES_is1) (Version: 2.0.0.3 - GOG.com)
    Zeno Clash (HKLM-x32\...\Steam App 22200) (Version: - ACE Team)
    Zombie Bowl-O-Rama (HKLM-x32\...\Steam App 32160) (Version: - MumboJumbo)
    Zombie Driver (HKLM-x32\...\Steam App 31410) (Version: - EXOR Studios)
     
  4. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3248671020-3738731255-3598294349-1001_Classes\CLSID\{83AC3620-533A-4FEA-902E-88978E9C51E8}\InprocServer32 -> C:\Users\icenhour76\AppData\Roaming\E-centives\BSTIEPrintCtl2PM.dll (Invenda)

    ==================== Restore Points =========================

    10-09-2015 00:40:18 ComboFix created restore point

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2015-09-10 01:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {116669EB-1D7B-4E01-AEC0-CA2C93F95E45} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: {11FBB195-ED29-4425-A982-420236426DE5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {2B05F928-F4D0-424D-94EF-CC7631585846} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {31332FD8-AF95-44B2-B810-7DAE826370B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: {51C43AB2-2F3E-46F4-8316-2C90891539CE} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2015-04-17] ()
    Task: {53304530-8B46-4882-A4A5-C4ABAA7ECC90} - System32\Tasks\Opera scheduled Autoupdate 1411089266 => C:\Program Files (x86)\Opera\launcher.exe [2015-08-19] (Opera Software)
    Task: {68A2268E-AD9E-43FA-9032-B24DE47AA9F5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {6943994E-753E-4136-B8D2-50F5380A27C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-17] (Adobe Systems Incorporated)
    Task: {81EEC6B2-B43A-481F-B82D-E2DA0642E9E9} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2015-04-17] ()
    Task: {83EFE047-FDEE-47E1-9B63-3A4C9777D837} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
    Task: {8F4499E7-2960-4D62-A2CA-587456606667} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-05] (AVAST Software)
    Task: {90267D06-F92F-4A3A-8ED1-761BA13272F1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {921178A8-6443-4F97-A066-CEC944E874C7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Task: {959C9530-DB6C-44B2-B414-2B2169696B6A} - System32\Tasks\HPCustParticipation HP Photosmart 6510 series => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-05-25] (Hewlett-Packard Co.)
    Task: {A42E3CD8-E866-4328-89E0-EF998B918BC0} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
    Task: {B6A498E9-92FA-41BB-BAA4-F54174E60887} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {C52AD2F5-9B3C-4C6C-AB20-DD1E40EB566C} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
    Task: {CB7B5DE7-3AF4-4192-B8BD-E4C4EFD43046} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {D5A4FBB1-E9E9-4C79-8EE5-BC9814EEDCA1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
    Task: {D6DF9C04-F0B4-4B4B-8DEB-C62EEDB26D20} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
    Task: {F67B994E-B498-4220-BBFC-0F06DF93A894} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    Task: {F94EB559-7C27-4B9A-851D-08819CA0F928} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-08-21 07:43 - 2015-08-07 00:34 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-08-05 06:58 - 2015-08-05 06:58 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-08-05 06:58 - 2015-08-05 06:58 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-09-09 22:55 - 2015-09-09 22:55 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15090902\algo.dll
    2014-04-07 10:31 - 2014-04-07 10:31 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
    2015-04-23 17:08 - 2015-08-17 19:31 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
    2012-01-05 23:40 - 2012-01-05 23:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
    2012-01-05 23:40 - 2012-01-05 23:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
    2012-01-05 23:40 - 2012-01-05 23:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
    2012-01-05 23:40 - 2012-01-05 23:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
    2012-01-05 23:40 - 2012-01-05 23:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
    2012-01-05 23:40 - 2012-01-05 23:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
    2012-01-05 23:40 - 2012-01-05 23:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
    2012-01-05 23:40 - 2012-01-05 23:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
    2012-01-05 23:40 - 2012-01-05 23:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
    2012-01-05 23:40 - 2012-01-05 23:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
    2012-02-22 17:46 - 2012-02-22 17:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
    2012-01-05 23:40 - 2012-01-05 23:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
    2015-09-09 18:11 - 2015-08-27 20:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
    2015-09-09 18:11 - 2015-08-27 20:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
    2015-09-09 18:11 - 2015-08-27 20:17 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID
    AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\l6podhdbean_x64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\LkmdfCoInst.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\LMouFiltCoInst.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvdispco6435362.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvdispco6435560.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvdispgenco6435362.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvdispgenco6435560.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvumdshimx.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\l6podhdbean.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\L6PODHDBEAN64.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\LEqdUsb.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\LGBusEnum.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\LGJoyXlCore.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\LGSHidFilt.Sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\LGVirHid.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\LHidEqd.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\LHidFilt.Sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\LMouFilt.Sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
    AlternateDataStreams: C:\ProgramData\TEMP:966F7784
    AlternateDataStreams: C:\Users\icenhour76\Desktop\1636 - Pokemon Fire Red (U)(Squirrels).zip:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\188IC_3.MP3:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\18H2B_3.MP3:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\18YON_3.MP3:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\AdwCleaner.exe:$CmdTcID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\AdwCleaner.exe:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\Disconnect+Desktop.pkg:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\DJKM 2015 STARTER PACK.max:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\ExtFat32_v2.00.zip:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\G602Flash.exe:$CmdTcID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\G602Flash.exe:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\Ipv3-original-150w-software:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\LGS_8.70.315_x64_Logitech.exe:$CmdTcID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\LGS_8.70.315_x64_Logitech.exe:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\MeAmBobbo_PodHD_Guide.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\MotorolaDeviceManager_2.5.4.exe:$CmdTcID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\MotorolaDeviceManager_2.5.4.exe:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\podhd patches.zip:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\SCEVMC1.VME:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\smdk_fat322.zip:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\SX330-iPV3Li-Upgrade-200W-V1.6-20150623-1435556516.rar:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\SX330_iPV3Li_T_200W_20150623-1034_V1.6.SXI:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\TaskSTRun.exe:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\TDSSKiller.exe:$CmdTcID
    AlternateDataStreams: C:\Users\icenhour76\Desktop\YiHi-SXi Setup-v20150522-1621.msi:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Downloads\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Users\icenhour76\Documents\Seagate Dashboard Installer.exe:$CmdZnID

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
    IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7849 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\icenhour76\AppData\Roaming\Rainmeter\Layouts\aaa\Wallpaper.bmp
    DNS Servers: 208.67.220.222
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)
     
  5. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D96B1ADD-E225-429D-9FCA-B1BAB0333EF5}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
    FirewallRules: [{ABEF6071-CC03-4FB8-900E-77D4ACD3E2E0}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
    FirewallRules: [{54DB7433-2FD9-4287-BFC9-CE41748652C1}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{3BF2E464-7049-484C-A69E-2754A28140A0}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{5EA3E5E6-2786-46AD-8169-6FDA0B26BA83}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
    FirewallRules: [{8913ADC5-14CF-42D8-911C-C8A94EB093D7}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{E2D46C56-052F-4F05-B286-EACEED8243B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{F4611910-A70D-4B74-9362-C84DF7B4B7FB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [TCP Query User{EF952AD9-CC29-4737-ADB0-2127BF2DA9EC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{47FFF789-75B7-4839-8C5B-182CE9627A0B}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [TCP Query User{7BD32096-3BC8-4E32-9B12-10FEA18A1186}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
    FirewallRules: [UDP Query User{FF501A26-1EF6-4713-96BA-F72D55121FC2}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
    FirewallRules: [{BA199E21-D3AA-4B0A-AEF0-4399F2515EEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\realm of the mad god\Realm of the Mad God.exe
    FirewallRules: [{ADA7C8BD-5649-4F14-9954-C94977B88458}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\realm of the mad god\Realm of the Mad God.exe
    FirewallRules: [{04A8DE90-B818-4301-84D9-6A16E764D51B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\stalker clear sky\bin\xrEngine.exe
    FirewallRules: [{939630C5-DDD0-4CEB-90AE-0DB917A30572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\stalker clear sky\bin\xrEngine.exe
    FirewallRules: [{3DB80484-B371-4467-A61D-4F18C7E3871A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\stalker call of pripyat\Stalker-COP.exe
    FirewallRules: [{3DAA0B2C-2395-4D15-9CBC-E1B2893D806E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\stalker call of pripyat\Stalker-COP.exe
    FirewallRules: [{68D8CB99-BEE7-4ECB-A28A-606B1B698630}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grotesque tactics\GrotesqueTactics.exe
    FirewallRules: [{71261D82-8117-4A57-9E7B-435A882932C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grotesque tactics\GrotesqueTactics.exe
    FirewallRules: [{F729D466-C447-471E-A5F9-9953FD365FBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freedom Force\fforce.exe
    FirewallRules: [{315600B5-0698-4FA9-B6C6-0CDBEFB7C6A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freedom Force\fforce.exe
    FirewallRules: [{D30518AC-9022-4F29-9BA5-E7A4A80FC22D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grotesque tactics 2\x86_installer\GrotesqueTactics.exe
    FirewallRules: [{BF86E863-816D-4E2D-8D41-724871D966EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grotesque tactics 2\x86_installer\GrotesqueTactics.exe
    FirewallRules: [{5794C406-9780-4220-8430-F9B576A25D13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Painkiller Overdose\Bin\Overdose.exe
    FirewallRules: [{BAA70EA2-6C37-4B82-964C-398D058FC444}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Painkiller Overdose\Bin\Overdose.exe
    FirewallRules: [{93AF9614-3A67-41B5-AE8C-496FCF8A083E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freedom Force vs. the 3rd Reich\ffvt3r.exe
    FirewallRules: [{07797FB1-027F-4C7E-A63A-F6886A70E958}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freedom Force vs. the 3rd Reich\ffvt3r.exe
    FirewallRules: [{E1AA3874-2DBA-4D36-8A1E-5705D05CBACD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\painkiller black edition\Bin\Painkiller.exe
    FirewallRules: [{D3B39CD2-02BA-4383-9F4C-20454F265503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\painkiller black edition\Bin\Painkiller.exe
    FirewallRules: [{9FC65B5A-2910-4611-8B59-EC380FB51FEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\painkiller resurrection\bin\Resurrection.exe
    FirewallRules: [{F29BA3B2-036A-43A2-9662-388331360DE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\painkiller resurrection\bin\Resurrection.exe
    FirewallRules: [{3F3A5258-54EA-4B79-A61B-994EA1F80D47}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{960ACCDF-2F88-4FB2-A1CF-2349FD1D3339}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{3D1591DE-51E8-482E-8FC3-1634C7B43831}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe
    FirewallRules: [{C8A00469-003D-4FB7-920C-03A178D9BF6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe
    FirewallRules: [{0AB6E948-1D6F-4DBB-9F50-0844975B9666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Siege\Space Siege\SpaceSiege.exe
    FirewallRules: [{D0E66F8E-9609-40FF-8F58-6E77C6C4C47D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Siege\Space Siege\SpaceSiege.exe
    FirewallRules: [{3126E95A-936D-451C-A269-95C73EDF6B9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallen earth f2p\FEUpdater.exe
    FirewallRules: [{4B7D1716-9F4E-4A3D-A54B-A2AA7066489D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallen earth f2p\FEUpdater.exe
    FirewallRules: [{B5923E1E-A4DF-42C6-BC11-09CFEC3CB150}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\champions online\Champions Online.exe
    FirewallRules: [{FDBB4350-2BB7-467A-B35C-BA2AC1D3B43D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\champions online\Champions Online.exe
    FirewallRules: [TCP Query User{B5890FAB-AE44-42DE-9C16-9559B369A7F4}C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe
    FirewallRules: [UDP Query User{7B18B990-604B-4D20-A12A-9C1FA46C1FDC}C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe
    FirewallRules: [TCP Query User{A5DC87F4-9C1D-4A5A-8DA9-C8FCEF9E06CC}C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe
    FirewallRules: [UDP Query User{E642FF52-F8A5-45D3-BB0B-D1C80FBCC6C9}C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe
    FirewallRules: [{E9E46DAB-41CC-4D97-8026-138C0907DD9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout\falloutw.exe
    FirewallRules: [{5DA76E80-5377-4EEF-A395-31FBB08E0231}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout\falloutw.exe
    FirewallRules: [{B379164D-58E8-45C0-B074-4560C16BD3E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout 2\FALLOUT2.exe
    FirewallRules: [{4846255E-2541-4B33-BDFF-F25744EC464C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout 2\FALLOUT2.exe
    FirewallRules: [{15528728-B6E2-4FC8-90A9-49315EAD92E6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [TCP Query User{43D2BF5E-CDB1-4850-82A8-0977763FB6E1}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
    FirewallRules: [UDP Query User{62AB32BA-C4EC-45E0-909A-1A1B2A14AF5A}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
    FirewallRules: [{95076098-ACC2-4FCC-9140-343E243EE737}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
    FirewallRules: [{7CC46A96-7761-4B7A-955F-8C72EE48DDF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
    FirewallRules: [{DB0C126C-B69F-4B19-A5FF-7B7BDF7A714E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
    FirewallRules: [{A1330284-4929-4F41-9C58-2C46206FE580}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
    FirewallRules: [{632E230B-C95D-40EC-A84C-D6A66AF5B6B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X-COM Terror from the Deep\runme.exe
    FirewallRules: [{74BB0B16-2B62-4F5A-B788-E9FA1AD076EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X-COM Terror from the Deep\runme.exe
    FirewallRules: [{1A7ADCDA-268D-42B6-88EA-D1858314BCFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X-COM Terror from the Deep\TFD\Terror From the Deep_patched.exe
    FirewallRules: [{7E634650-18D7-4174-8546-462777A76863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X-COM Terror from the Deep\TFD\Terror From the Deep_patched.exe
    FirewallRules: [{B5E490F9-193C-4D01-B5BC-0D316E4DB944}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom Apocalypse\dosbox.exe
    FirewallRules: [{9332F223-3A69-49DB-B966-3E1D94C846F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom Apocalypse\dosbox.exe
    FirewallRules: [{BCFB8C16-D7D8-477B-A611-5A946402EFFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom Interceptor\Interceptor.exe
    FirewallRules: [{F3B37426-275E-40B4-8899-ED45E7EF765C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom Interceptor\Interceptor.exe
    FirewallRules: [{7054DBFC-DD13-4D4F-B40A-B9A1E4672318}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom UFO Defense\dosbox.exe
    FirewallRules: [{1D3555BE-8646-41D7-A969-71AF25751409}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom UFO Defense\dosbox.exe
    FirewallRules: [{C6C2A126-BB5F-4BF1-A761-00DDFD7BDF23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
    FirewallRules: [{3D073CDE-AEAD-4BD6-B4B5-C3A5FDBC935C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
    FirewallRules: [{7366F08B-1393-4394-810F-6D2BBB80CA59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom Enforcer\System\XCom.exe
    FirewallRules: [{3E96957F-5DEA-4579-BD00-2D2AF5F52394}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom Enforcer\System\XCom.exe
    FirewallRules: [{4E9EFA67-B205-44CB-A12A-483581B53F06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
    FirewallRules: [{44E19D28-EB6B-4BDB-A9A6-675B9BB97DB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
    FirewallRules: [{A2B39AE3-0C9E-4DF9-B125-D0C0914DFBB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\torchlight\Torchlight.exe
    FirewallRules: [{9F9A8712-099C-4760-8418-81D35B5718C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\torchlight\Torchlight.exe
    FirewallRules: [{EB3E4861-50C8-4265-8B50-0438572305D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe
    FirewallRules: [{9C86E38E-41B1-4C16-83A4-B76A3C50056F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe
    FirewallRules: [{809F1149-9326-464E-805A-271B63D12CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm
    FirewallRules: [{C070D1CE-E5BF-4B5B-97B9-3282FF3658A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm
    FirewallRules: [{5AEE1A83-5F19-4FA3-9435-CCFD665ED59B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DFO\nxsteam.exe
    FirewallRules: [{AF4CA024-8B5A-4C37-90CC-60C5C6C6456A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DFO\nxsteam.exe
    FirewallRules: [{8986E4BA-2D58-4CD4-BA2B-BF7A86760A65}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
    FirewallRules: [{E38AA7B9-1FB2-421B-B3C5-BE3B8006D953}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe
    FirewallRules: [{AE972006-4AC2-4E38-8799-17D602C46DF6}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
    FirewallRules: [{51BDB620-9B9E-485E-84FA-93701B922B2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
    FirewallRules: [{D8125D66-06CE-44EF-A568-5009A30159F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
    FirewallRules: [{C882B6DC-6987-44AA-9011-0C06B06225BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\BOS.exe
    FirewallRules: [{D99C911B-3A0D-4228-90C9-1826B92E7C17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\BOS.exe
    FirewallRules: [{A6768D04-9888-4632-8C32-D4239475D70E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\FT Tools.exe
    FirewallRules: [{12B93EA2-B558-40F7-A9B2-D74DC9F21A75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\FT Tools.exe
    FirewallRules: [{4FE99869-C2A2-4C83-AEA8-7A08ED780426}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
    FirewallRules: [{9599BCFF-40EF-4558-BC95-BCE505511F85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
    FirewallRules: [TCP Query User{03CA2781-45A4-4AC3-A75B-4345C7021E5F}C:\program files (x86)\gog.com\xiii\system\xiii.exe] => (Allow) C:\program files (x86)\gog.com\xiii\system\xiii.exe
    FirewallRules: [UDP Query User{A0F195D6-94DF-4147-B5B9-DC2552EC21AA}C:\program files (x86)\gog.com\xiii\system\xiii.exe] => (Allow) C:\program files (x86)\gog.com\xiii\system\xiii.exe
    FirewallRules: [{FD357FC9-6B4E-48DF-A2B1-F3367409CBC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe
    FirewallRules: [{BF03B6AD-5C82-4022-84DE-8AD13CBDB4E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe
    FirewallRules: [{D56A2C8E-9A21-4B6D-A5A2-27517C588E71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
    FirewallRules: [{C7BA308E-F175-4D3B-A010-74F30FE13FA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
    FirewallRules: [{1CD06B25-998E-4E42-84F9-19603DC52852}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
    FirewallRules: [{92C2EF7B-0877-4B5B-8D6D-FBCBD6ECC021}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
    FirewallRules: [{F8AA672D-3183-481C-933F-6952000CAE2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander\bin\SupremeCommander.exe
    FirewallRules: [{0A8ECE8C-A7A5-437E-8B1C-6C141DDED542}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander\bin\SupremeCommander.exe
    FirewallRules: [{D316C663-F341-4163-9777-46EFB2E81B10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
    FirewallRules: [{27849435-6F12-4C53-AAF2-55B0B8755174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
    FirewallRules: [{4173B5EB-D871-4C94-91D0-ACD4418A6BD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\Torchlight2.exe
    FirewallRules: [{CB475E45-1917-4425-BC41-AC33634C29BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\Torchlight2.exe
    FirewallRules: [{29A93D95-C7B3-4257-B8C8-41FA8A80286B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirates and Zombies\SpazGame.exe
    FirewallRules: [{0941ED6B-ED6B-42C8-9CA7-021D5A24672B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirates and Zombies\SpazGame.exe
    FirewallRules: [{C09D8E77-4D30-4E84-A93E-C2BCD8BE2B3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe
    FirewallRules: [{3453A936-1DE4-4848-95BA-CAAB76F53341}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe
    FirewallRules: [{BF2F0FE7-559C-4A57-BFFC-87D550D065F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe
    FirewallRules: [{9D347029-5630-4545-855B-E6732E216E8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe
    FirewallRules: [{54737929-037B-473A-84DE-06989981B8DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
    FirewallRules: [{4B55A0F5-B901-4763-8DC3-511EE9644641}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
    FirewallRules: [{6750C51E-3F9A-4438-9088-7CE268F1128E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half Minute Hero\HMH.exe
    FirewallRules: [{E197CB09-A1A8-4574-805A-1F1E0CF0174A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half Minute Hero\HMH.exe
    FirewallRules: [{5793555C-9DC9-4411-925B-1E4655BD0CEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceForce Rogue Universe\System\Start.exe
    FirewallRules: [{430912E8-37FB-4CBA-A548-C72116B1E5CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceForce Rogue Universe\System\Start.exe
    FirewallRules: [{7470FEB8-D0BE-4858-8645-B28DB08E8B4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Earth Defense Force Insect Armageddon\EDF-IA.exe
    FirewallRules: [{4A956E57-47AB-49CF-A288-E599513EC115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Earth Defense Force Insect Armageddon\EDF-IA.exe
    FirewallRules: [{38813752-C7ED-47EC-A6BE-D93537F728D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legend of Grimrock\grimrock.exe
    FirewallRules: [{A0564507-9D09-4F3B-B467-41E0621BDD13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legend of Grimrock\grimrock.exe
    FirewallRules: [{19D5BBAC-B9A9-46DA-B8D7-312FD5240B89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Genius\EvilGeniusLauncher.exe
    FirewallRules: [{43499584-2EC0-4566-947E-97619E232ECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Genius\EvilGeniusLauncher.exe
    FirewallRules: [{FF88D4E9-60EB-4E4B-B3F4-10A1EA701B74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ghost Master\ghost.exe
    FirewallRules: [{18E19864-E803-43F0-AB8C-8B3082157B96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ghost Master\ghost.exe
    FirewallRules: [{BD727344-D384-418A-9B7C-1E2DF3E301FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable The Lost Chapters\Fable.exe
    FirewallRules: [{96487B79-C2DC-4BB8-98AD-B08802A8F08F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable The Lost Chapters\Fable.exe
    FirewallRules: [{C264D24C-F440-478A-BC16-E1ADA2C09510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Solar 2\Solar2.exe
    FirewallRules: [{29521A0F-2F09-4ECB-8BB6-965F7FE5450D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Solar 2\Solar2.exe
    FirewallRules: [{2BCC1784-4F45-4C47-BEF5-EDFE2D63464C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frozen Synapse\FrozenSynapse.exe
    FirewallRules: [{DEA86431-C106-4237-9CD5-6413B195F097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frozen Synapse\FrozenSynapse.exe
    FirewallRules: [{40C51CF4-BBFD-4147-81BF-D77A0B853E6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
    FirewallRules: [{549B8C6C-9F0F-4B10-AE5A-9D366C2F8DEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
    FirewallRules: [{3E01C00D-065A-43D3-A58F-1C57F21B16BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darwinia\darwinia.exe
    FirewallRules: [{539912BB-BDA9-4650-B868-B8CC635807FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darwinia\darwinia.exe
    FirewallRules: [{0933BB59-0336-4CB6-9A95-7BF77C0CC19F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\defcon.exe
    FirewallRules: [{085D353A-C071-4FD9-9882-FDCE60E20C94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\defcon.exe
    FirewallRules: [{6ED272B4-598B-408C-9639-60BAC81E7235}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Multiwinia\multiwinia.exe
    FirewallRules: [{4B533A90-24A4-44BF-ACF2-A360576A8B39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Multiwinia\multiwinia.exe
    FirewallRules: [{76B95367-6D72-4312-BDED-C43BFDA5B5AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
    FirewallRules: [{FFA7831B-B8CB-4C7A-9C2E-CCDD4FBAA5D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
    FirewallRules: [{618E466A-6230-4891-B008-B950BB93A01E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Pirates!\Pirates!.exe
    FirewallRules: [{7AF96A63-5EB4-424C-8ADF-58C2A105AD8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Pirates!\Pirates!.exe
    FirewallRules: [{DA140340-1C3F-42D5-8311-555EF9E43718}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam The Random Encounter\sstre.exe
    FirewallRules: [{647F6E53-3C56-4E54-BCCC-F8C8E952EC5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam The Random Encounter\sstre.exe
    FirewallRules: [{75B3F0BA-7396-4431-9105-745655F67DC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe
    FirewallRules: [{E9AE8920-EEBE-4CCA-8D71-9783A5846F40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe
    FirewallRules: [{F8F76D49-1050-404E-AB88-F7FB44EC5152}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe
    FirewallRules: [{D3C2EB64-B5F1-48F7-994A-FFCE75751DC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe
    FirewallRules: [{9F4BB68E-3031-4A12-AB5D-3D40D5AD6BF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe
    FirewallRules: [{690786FA-27AB-4C5B-AA1B-92772E9218DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe
    FirewallRules: [{C42F0253-C0EC-4051-AEBB-2BCD4EAFAB76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe
    FirewallRules: [{AF806BFB-3173-4AD6-A921-3BCC3F31CBAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe
    FirewallRules: [{3F79F271-275D-453E-8922-DE0D8C79C079}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe
    FirewallRules: [{8C95757F-E731-4D0D-95EE-0A92C0E2F2CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe
    FirewallRules: [{E376D16E-AD6C-40AA-8CDA-60F5E72DC8D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe
    FirewallRules: [{80082ED3-2251-475D-9A5C-96400E2D8D05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe
    FirewallRules: [{D0B68F63-C214-4AAE-B2C2-600C0E03BC05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\serious sam 2\Bin\Sam2.exe
    FirewallRules: [{46270392-169F-4BC9-A6C0-D4730B391BD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\serious sam 2\Bin\Sam2.exe
    FirewallRules: [{6326971D-1BE9-4B20-874D-9298CF5AEAE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\serious sam 2\Bin\DedicatedServer.exe
    FirewallRules: [{7D57E13A-C6D2-444C-BEF1-0314ED495D8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\serious sam 2\Bin\DedicatedServer.exe
    FirewallRules: [{7389CB92-5BB6-47FC-9B7B-2E7BE958DE2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
    FirewallRules: [{C45B325D-B5BC-4B21-95D4-2947040E47E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
    FirewallRules: [{C5A4FDB9-D1FB-4E2F-A986-1394E972411A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Invisible War\System\dx2.exe
    FirewallRules: [{D635FCE7-8D92-466F-94EC-9A1F972F9CE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Invisible War\System\dx2.exe
    FirewallRules: [{F54A078A-F626-4E46-9363-4216A22C52B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe
    FirewallRules: [{F6BB4A1F-EF07-4694-A94B-D1249C9D01DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe
    FirewallRules: [{B201E931-2AF9-4CB9-873C-C0CF66DDD61E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DXHRML\dxhrml.exe
    FirewallRules: [{2B6CF319-742E-4A06-929E-D2857AD9E8BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DXHRML\dxhrml.exe
    FirewallRules: [{F7EF2086-04D6-409D-BEFB-A5B106745149}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
    FirewallRules: [{B8FA5DDF-04DA-426F-AF7B-3135FFFE1205}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
    FirewallRules: [{37EA371C-F862-45FA-BBCB-A76C8CEF0A4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Krater\run_game.exe
    FirewallRules: [{A9291C07-A481-41D8-9B4D-9E71A989CE46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Krater\run_game.exe
    FirewallRules: [{9AE07287-6E87-4D0F-8857-5D130E621E2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
    FirewallRules: [{7D7A07FA-8A90-4B4C-AE5D-F8959A63BEB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
    FirewallRules: [{F2F207AB-69A1-42DA-8A93-4D009CAEFC28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dawn of war 2\DOW2.exe
    FirewallRules: [{0DF98079-8BD4-436E-AA44-4755F8E96B56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dawn of war 2\DOW2.exe
    FirewallRules: [{D72A4B69-ECD8-41CC-BC56-E05A9269AEEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Armada Gold\Armada2526.exe
    FirewallRules: [{FCDFFD1B-FADD-4832-ACB6-95107C2E2D40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Armada Gold\Armada2526.exe
    FirewallRules: [{296A634C-966F-4949-919D-278EF9B269F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEmpiresV\SE5\SE5.exe
    FirewallRules: [{85711915-31E1-43E2-B039-D7CA2FF7E38F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEmpiresV\SE5\SE5.exe
    FirewallRules: [{CDEA74DE-02A8-4645-BC32-9FD39A28A367}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
    FirewallRules: [{46102527-7676-4BAC-9BDF-FD812D0DADCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
    FirewallRules: [{A45F90BA-72A3-4E19-9F31-07001C425A9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vigil Blood Bitterness\vigil blood bitterness.exe
    FirewallRules: [{2575CC36-26DD-4DC0-B923-199A843A5656}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vigil Blood Bitterness\vigil blood bitterness.exe
    FirewallRules: [{D0F2F6B2-9E33-43F5-BA0B-3F5DB7652295}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefenseGridTheAwakening\DefenseGrid.exe
    FirewallRules: [{E3EC229F-682F-4A6A-B79E-1C7D34B93CE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefenseGridTheAwakening\DefenseGrid.exe
    FirewallRules: [{766583D5-1695-4F3D-96BD-E39CD921CDE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{9FF2B6F8-75DB-4A52-A9DE-CAC4B061F2C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{99054100-2843-4455-9544-90D02D871428}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Gentlemen, Please!\TGP.exe
    FirewallRules: [{A9375110-7826-45C3-905C-80C89AEE8566}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Gentlemen, Please!\TGP.exe
    FirewallRules: [{2EC91A84-D709-4B58-83D4-4558A361D819}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Gentlemen, Please!\winsetup.exe
    FirewallRules: [{2FC0DF87-AB08-48B2-9E71-0F9ECAE035C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Gentlemen, Please!\winsetup.exe
    FirewallRules: [{D2DED79E-B205-4B00-8DA5-6EE27549EC7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie Driver\Release\ZombieDriver.exe
    FirewallRules: [{9FFCAAB8-C846-4519-9998-D9289F06B72B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie Driver\Release\ZombieDriver.exe
    FirewallRules: [{C4CD3FD3-FC82-448C-BECD-694DB7DA53AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 2\gta2.exe
    FirewallRules: [{141C9919-DC30-4FDD-BF00-0FB7E94A7A82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 2\gta2.exe
    FirewallRules: [{864B6359-1CD6-42F5-A093-EF9122810DEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto\WINO\Grand Theft Auto.exe
    FirewallRules: [{034B1F43-A1BC-4B47-935A-878B0E16E3FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto\WINO\Grand Theft Auto.exe
    FirewallRules: [{D57A9CD0-E855-4BD2-A38E-9E8859B63237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
    FirewallRules: [{4E958E78-3BF5-41BA-B27E-2F7F2927A3F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
    FirewallRules: [{057A347A-08E3-4442-9949-2599FE7A60B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
    FirewallRules: [{8B5E5E7C-E6AC-4F01-BC03-63A2D794413A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
    FirewallRules: [{047C571D-F507-4DCD-A9B1-0A4258CF0976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
    FirewallRules: [{6247B42C-22E4-472A-8915-F90ECF1FC547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
    FirewallRules: [{39CD4CB1-50E2-405A-A8DA-85B5E40F083A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\beyond_divinity\div.exe
    FirewallRules: [{0592A218-AE06-4202-B728-A634E91FC069}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\beyond_divinity\div.exe
    FirewallRules: [{83AA877E-D624-42C2-9588-8DED4807A700}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\beyond_divinity\configtool.exe
    FirewallRules: [{4527B813-5DAD-45A4-97A4-3836132AB881}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\beyond_divinity\configtool.exe
    FirewallRules: [{75D34B82-E9D0-415A-B0D1-52CCDC3F2997}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divinity2_dev_cut\Autorun.exe
    FirewallRules: [{9D351C07-DBAF-4DD5-A52F-AB348D6B0E8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divinity2_dev_cut\Autorun.exe
    FirewallRules: [{934496F8-EAE4-48E1-BB29-34E9B611AFC6}] => (Allow) C:\Program
     
  6. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
    FirewallRules: [{F071F379-FD37-4280-B9BB-7C9498078F32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
    FirewallRules: [{883E3387-DA4A-4D88-888B-C03BE6D4F766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
    FirewallRules: [{C05059B6-12E3-4732-B058-6F51867A3F8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
    FirewallRules: [{CDF0B90F-5E56-41DD-8A62-D0E8663EC58C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe
    FirewallRules: [{2976F4EA-72FE-4AF3-8F61-143FBE590CA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe
    FirewallRules: [{E63CE703-2CAB-45FA-921B-894E929A6F8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Overlord.exe
    FirewallRules: [{2146A45A-73D0-4946-8C0E-3252F708DD84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Overlord.exe
    FirewallRules: [{B2FE295F-9485-4DAE-88AD-FD7173CFD7CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Config.exe
    FirewallRules: [{6D11A7C6-1841-433A-A334-B32E303FDD1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Config.exe
    FirewallRules: [{19C6A598-69D9-4018-B103-1BF47BB89D85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Overlord2.exe
    FirewallRules: [{1519F775-8E6B-4B10-88F8-9972B846EDD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Overlord2.exe
    FirewallRules: [{94A4ACBA-0552-42C5-9393-138EC18AB914}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Config.exe
    FirewallRules: [{C6235B54-CE8B-4857-8D91-8789AF9F7676}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Config.exe
    FirewallRules: [{8DA61619-BA75-4B3A-B96D-723F59986CD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
    FirewallRules: [{8CD016ED-DFB5-4250-B817-EF5E73E360F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
    FirewallRules: [{9364F592-3629-4D40-A05F-7E3C973A42FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divine_divinity\div.exe
    FirewallRules: [{33CE04C0-ACFB-4D33-B12E-44AEF3D691B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divine_divinity\div.exe
    FirewallRules: [{238DF5FC-4632-40F5-A354-99BF499B964B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divine_divinity\configtool.exe
    FirewallRules: [{7DEA6041-2747-4131-90DC-6A76AB8D5BC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divine_divinity\configtool.exe
    FirewallRules: [{A972CCA8-053E-4FAD-8EDF-866F6FAFC153}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{13593518-F19E-4DD7-B72F-D900C1FDE50E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{48454100-CEE7-4F5B-8D4B-98D0012AE97F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
    FirewallRules: [{13B13476-3A9E-433D-B0D0-3631D3A0DE2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
    FirewallRules: [{5576E563-2D43-4BF9-AF64-579F1F8E8DE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
    FirewallRules: [{A3263725-9548-4DA1-B0D4-338428F7702A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
    FirewallRules: [{0DC1AADD-70A4-44AE-8934-ED285AC5A5FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
    FirewallRules: [{D586A2BA-BBA5-4B17-97F0-9C175399AD56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
    FirewallRules: [{B58A5A33-DD8D-41DD-A383-B1FAB4AF9896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
    FirewallRules: [{E4E1CB1D-E4DE-437E-9153-83419BDA5E09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
    FirewallRules: [{DB908748-627E-48CA-A0AB-24C2D71C8247}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2sp.exe
    FirewallRules: [{BB633C99-223B-4408-AEA7-64F96268128A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2sp.exe
    FirewallRules: [{428EBD5E-D756-49AC-BB71-ED924B55A9DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2mp.exe
    FirewallRules: [{8C364FF6-C22B-439D-B231-CEB5A954CEC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2mp.exe
    FirewallRules: [{29B90567-60AE-44D8-AC7A-F3C1A80DC6F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
    FirewallRules: [{756D50EE-4C1F-4DB3-AF7A-75087D7B382E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
    FirewallRules: [{207CABDE-45D6-46BB-9132-84AD0CADB826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mass Effect 2\Binaries\MassEffect2.exe
    FirewallRules: [{0BE6F067-C5B4-420E-98EA-A130C9E7F378}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mass Effect 2\Binaries\MassEffect2.exe
    FirewallRules: [{719328DD-1D13-4A37-AC32-2FFE32C6621A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mass Effect 2\MassEffect2Launcher.exe
    FirewallRules: [{F984F28D-D7F3-4D2F-ABE7-72C675BB52D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mass Effect 2\MassEffect2Launcher.exe
    FirewallRules: [{6E1D600F-6899-4EB2-B2DC-A0E41D145EA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cubemen\Cubemen.exe
    FirewallRules: [{3735A5FF-EBE0-4C26-BBC1-71E0A54DF4E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cubemen\Cubemen.exe
    FirewallRules: [{9FCA1665-657B-43C6-B149-CB88F02B3CEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocksmith\Rocksmith.exe
    FirewallRules: [{35FE3911-5096-49BB-A88D-03AD31B2400E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocksmith\Rocksmith.exe
    FirewallRules: [{1CBD326D-598C-4A75-B422-B5892517B3C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{73C81354-B7EF-42E2-B6CD-7B9053DC8842}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{A312030E-CEE6-47A0-9394-D5AAD8B44F56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles\GSB.exe
    FirewallRules: [{86CACB42-58FC-48EF-97A7-A304B1E40FAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles\GSB.exe
    FirewallRules: [{2F9EDFE2-0467-48AF-A712-7EC53A22AB54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GeminiWars\gw.exe
    FirewallRules: [{DB840F80-9E31-40A8-8454-A911EB4DDDA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GeminiWars\gw.exe
    FirewallRules: [{8DEAC7E5-A9B3-4500-B9D7-03F317C120E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evoland\Evoland.exe
    FirewallRules: [{4BFF6B79-8727-4EEE-B44F-232B0ED6F81A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evoland\Evoland.exe
    FirewallRules: [{3C020791-F194-4EFB-AED5-DDADCD7A105F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
    FirewallRules: [{BE485679-B052-4CD3-8FF6-66D94542F8B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
    FirewallRules: [{A8F9A66D-29CC-4CA5-A693-87E6A3D3D591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Universe Sandbox\Universe Sandbox.exe
    FirewallRules: [{60E5E292-618A-4258-9A4F-2490D83DC60F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Universe Sandbox\Universe Sandbox.exe
    FirewallRules: [{18FFCCC0-5A38-4744-A057-7480075CDA19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{D216E79E-D895-4D2C-A237-57EDA85E843B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{A2B750FC-61F6-4B19-87C9-D45B65E264A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\launch.bat
    FirewallRules: [{B8760049-0919-4FF7-BAD1-26CB4D6EB2FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\launch.bat
    FirewallRules: [{D2E8FBDF-6EE3-42D8-ADFF-4DDC66556259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex - Human Revolution\AugmentedEditionContent\launch.bat
    FirewallRules: [{24D90667-E6F3-42EB-8F80-5889D53924A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex - Human Revolution\AugmentedEditionContent\launch.bat
    FirewallRules: [{A277DDF2-D786-43C4-AD61-6A351C20D4D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die!\Build\release\OrcsMustDie.exe
    FirewallRules: [{6B164087-F9B5-4549-B892-DC0E0680CC91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die!\Build\release\OrcsMustDie.exe
    FirewallRules: [{05291697-C53C-4DD8-96E6-177589777AD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
    FirewallRules: [{6AA01FA4-91BE-467B-A4E8-35D961119CA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
    FirewallRules: [{B9906F0F-76F0-4C3E-A6A7-364A591C5C3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\aztaka\Aztaka.exe
    FirewallRules: [{4D59912F-D64D-4266-8B58-FB7C17C5C5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\aztaka\Aztaka.exe
    FirewallRules: [{23606062-EA5F-4003-855F-116BDFCAA00E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\aztaka\Setup.exe
    FirewallRules: [{6D22D2FF-E56E-433F-9148-C488FBD13761}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\aztaka\Setup.exe
    FirewallRules: [{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}] => (Allow) LPort=2869
    FirewallRules: [{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}] => (Allow) LPort=1900
    FirewallRules: [{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}] => (Allow) LPort=48113
    FirewallRules: [{740197B5-9B91-43DC-9448-5F2FAA99E4ED}] => (Allow) LPort=48113
    FirewallRules: [{606DA591-CD01-4623-9CD8-38220B40A845}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys The Oath in Felghana\ysf_win_dx9.exe
    FirewallRules: [{94E6E9C2-E217-42C1-8929-E0D1D6A98545}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys The Oath in Felghana\ysf_win_dx9.exe
    FirewallRules: [{D83806DD-967F-4BE9-A29F-116DBF0597F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys The Oath in Felghana\config_dx9.exe
    FirewallRules: [{E32B91FE-4CAF-48CB-9900-D5280934AED5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys The Oath in Felghana\config_dx9.exe
    FirewallRules: [{61484F92-83DC-41AD-B19A-1B5BA1718869}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys The Oath in Felghana\ysf_win.exe
    FirewallRules: [{03891A16-B876-496C-8816-140E1C2B2833}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys The Oath in Felghana\ysf_win.exe
    FirewallRules: [{CE0A5794-FDEF-449D-82FA-9D47CAB4EC9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys The Oath in Felghana\config.exe
    FirewallRules: [{BFAB0872-BDCD-4F6D-BA5D-6D9CD4AE9B85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys The Oath in Felghana\config.exe
    FirewallRules: [{9E852F4A-E73D-4894-B13B-D7679BAC8E87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys Origin\yso_win.exe
    FirewallRules: [{4A33CAA6-264D-4881-B9DB-4A3EDD62912F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys Origin\yso_win.exe
    FirewallRules: [{2513B1B0-7AD1-4734-857B-F3A93BED2C07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys Origin\config.exe
    FirewallRules: [{8A6C96EB-C4A9-4CCF-970D-20AC9DA4434A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys Origin\config.exe
    FirewallRules: [{88AEBE77-0C12-47E2-A7E6-60D835CBFC8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\ys1plus.exe
    FirewallRules: [{524184EE-26CD-4AD7-9E6A-F64C57928CCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\ys1plus.exe
    FirewallRules: [{7815ACD8-8403-4682-81FE-F0440A95B20F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\config.exe
    FirewallRules: [{EB42A81A-84C8-48AD-9A9A-8794E38A6284}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\config.exe
    FirewallRules: [{D96E735E-6D5D-45A0-B22B-366E0DAD6403}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\ys2plus.exe
    FirewallRules: [{67DC8BEB-9A3B-49BA-B66E-B7CDBECC0E2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\ys2plus.exe
    FirewallRules: [{D8D46E4F-5733-4CD5-896E-F61F9145335D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\config.exe
    FirewallRules: [{7D0D761A-531A-4987-BC98-FAA1222B13F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\config.exe
    FirewallRules: [{09E32587-6F52-4527-A82F-B5DCFB83BB6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II Castle Defense\TW2CD.exe
    FirewallRules: [{9A4433A4-2514-47AE-A99B-43182CE5F9BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II Castle Defense\TW2CD.exe
    FirewallRules: [{D5F8795E-E774-4782-8D69-B9E828D7BA9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
    FirewallRules: [{5C53CD6D-655D-4A5C-9418-20AEED156244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
    FirewallRules: [{7961DFF7-8B26-4FC9-8DBB-3E389A852F8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
    FirewallRules: [{AB774198-72BB-4801-89DC-959A90B39B42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
    FirewallRules: [{9008312E-D47C-4622-953C-BC7360F66EA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen\bin\Risen.exe
    FirewallRules: [{E582B390-C1DB-4E33-9621-74399447C880}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen\bin\Risen.exe
    FirewallRules: [{D1DE844C-8E02-45D3-8CCB-4BD4144A1958}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds.exe
    FirewallRules: [{CA6D1AA3-EE0E-4D60-BB6C-63AB22439D4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds.exe
    FirewallRules: [{478216BB-B7C6-417C-BD87-9C4AAD3E99C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds_RADEON.exe
    FirewallRules: [{C2009350-8797-4AE8-9F4B-D6BE9FFDB5A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds_RADEON.exe
    FirewallRules: [{0A405C0B-6896-4AC2-AAD7-04C7D690CCF9}] => (Allow) C:\Program Files (x86)\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe
    FirewallRules: [{34DD1253-D50C-42CF-8C2D-029AF311293D}] => (Allow) C:\Program Files (x86)\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe
    FirewallRules: [{183C6A85-B2A6-4A1B-B7DB-0CC5664CDEC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
    FirewallRules: [{2A526F3A-FE84-4D99-A635-34647C9F1D2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
    FirewallRules: [{B7A5F45B-5450-4C52-A66D-A1CB070A7D47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gothic 3 Forsaken Gods\Gothic III Forsaken Gods.exe
    FirewallRules: [{C83050D5-644B-41EA-91BB-9DA602944AD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gothic 3 Forsaken Gods\Gothic III Forsaken Gods.exe
    FirewallRules: [{3AE98104-C687-4668-831C-5E10364273FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arcania Gothic 4\Arcania.exe
    FirewallRules: [{AE76F8F5-C8CF-4822-94D3-C671E2EE48C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arcania Gothic 4\Arcania.exe
    FirewallRules: [{427FA622-E002-4E38-B57E-92B5548EF6E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gothic 3\Gothic3.exe
    FirewallRules: [{9A24A64B-DA2F-41D4-8255-A45355500572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gothic 3\Gothic3.exe
    FirewallRules: [{E40B8C8D-E8BC-4D83-831B-D8B40718AEE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gothic II\system\Gothic2.exe
    FirewallRules: [{DCE9D8E1-1726-40F5-94BB-579601CB11AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gothic II\system\Gothic2.exe
    FirewallRules: [{FB5FA3AB-6FBA-4A9C-98EE-642A7F98B37B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE
    FirewallRules: [{0660E261-8BAE-4833-8D97-E1144B365C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE
    FirewallRules: [{D4442302-B6D6-439C-A89F-DB0ED533BDA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
    FirewallRules: [{936AEAD5-1FB4-46C5-9401-7F98DCD7D1A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
    FirewallRules: [{604D2B5D-DCE5-4102-9F62-6FAC8C0F7A32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{E492EA7E-7466-46DF-9826-AABE4C548194}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{06B7C32C-D52C-47E3-8901-2180DC6E7D12}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{22A307B5-03DC-431B-99AF-F6B35B618796}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Confrontation\Confrontation.exe
    FirewallRules: [{57366D6A-D119-4F62-821E-5A99717341B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Confrontation\Confrontation.exe
    FirewallRules: [{EAB1E9A0-E366-47BF-9F1D-D03929728ABD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silverfall\Silverfall.exe
    FirewallRules: [{82BC3902-3961-4916-9F14-D0B2FF872FA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silverfall\Silverfall.exe
    FirewallRules: [{111347A6-E92C-4554-8CA8-0B3651E887FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silverfall\GameSetup.exe
    FirewallRules: [{C040BC32-5231-4D01-A259-FFBFB00A326A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silverfall\GameSetup.exe
    FirewallRules: [{8AC0CFE3-DBB8-4C41-A9C2-8AED57022D07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silverfall\MC_GAME_LINK.htm
    FirewallRules: [{F93BD3E3-96D9-4845-A924-2F210FF16BEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silverfall\MC_GAME_LINK.htm
    FirewallRules: [{59A71AC2-40F8-4A43-BE10-325CAF61C20D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silverfall\Register\register.htm
    FirewallRules: [{AFC44621-C07C-4565-AF2E-2711F0C22ACE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silverfall\Register\register.htm
    FirewallRules: [{9881C8A5-0077-4142-942A-93EF21A7E1AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Armed and Dangerous\GameData\game.exe
    FirewallRules: [{B9064FD3-4992-4AD2-9980-0499430DE006}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Armed and Dangerous\GameData\game.exe
    FirewallRules: [{0C24C879-D701-4998-8884-44D9D5104F26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 2\system\Risen2.exe
    FirewallRules: [{C8736737-EC17-4545-8044-E41BE75FB7BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 2\system\Risen2.exe
    FirewallRules: [TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
    FirewallRules: [UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
    FirewallRules: [{6CA04554-9C53-478E-92DE-C50C7DC45962}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SolSurvivor\SolSurvivor.exe
    FirewallRules: [{68BE9CC9-5A00-43C6-A33E-1BAEFF693BC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SolSurvivor\SolSurvivor.exe
    FirewallRules: [{3748340B-A374-4536-94F5-599D8E3D853A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wasteland Angel\bin\x86\dx9\Angel.exe
    FirewallRules: [{8A59553E-1324-46ED-86C3-3CE4476E70B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wasteland Angel\bin\x86\dx9\Angel.exe
    FirewallRules: [{5067CCB4-1C50-4810-BB37-C424B2ECE84F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enclave\Enclave.exe
    FirewallRules: [{6ED47E06-862C-4C5B-A99A-78D355D146A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enclave\Enclave.exe
    FirewallRules: [{6333AFD0-EC03-49D5-8A03-E9EBD7763AAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Retrovirus\RetrovirusLauncher.exe
    FirewallRules: [{3C91E4C4-4943-4569-A1B4-ED3D9669F0FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Retrovirus\RetrovirusLauncher.exe
    FirewallRules: [{ED288DE8-B27F-4BC9-B729-EE7D1E39D861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
    FirewallRules: [{6A6B2437-8281-40B0-BFD3-4878BD215E71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
    FirewallRules: [{FC31F3C3-3D38-44FC-90AC-EF14207C20D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
    FirewallRules: [{58CFB58A-878C-4818-B269-514A782ED1F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
    FirewallRules: [{BB86F7C4-E712-4126-AAB8-6F2A218FFAD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations I Ultimate Edition\AltarianProphecy\GalCiv.exe
    FirewallRules: [{F7BC6BCE-1426-43BB-8BEA-52AE991DB9F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations I Ultimate Edition\AltarianProphecy\GalCiv.exe
    FirewallRules: [{ECACFE3D-CA98-4099-82EC-C9C0E96AE195}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TeleglitchDME\Teleglitch.exe
    FirewallRules: [{97F9120E-3AFA-49E7-932F-E87730C0BF02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TeleglitchDME\Teleglitch.exe
    FirewallRules: [{FA3775E8-794A-4CCF-BD97-5838BCE0FE53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fist Puncher\Fist Puncher.exe
    FirewallRules: [{660EB829-DBEB-4B8C-841B-F5487258BC93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fist Puncher\Fist Puncher.exe
    FirewallRules: [{A8939CDD-980B-42BF-8B13-098D746440D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
    FirewallRules: [{66B60A94-13B9-42D3-A9C2-D62CDCB748C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
    FirewallRules: [{F9794B79-558A-48AA-A7ED-A15B9C0ADE9A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{BE563DD6-81B4-4A2E-8F7B-2FFE74CDA593}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{C4FC5D35-19C1-48F4-A22B-D94930FE3350}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{540FA2C4-174F-4005-B6BF-115AEC5BB8BF}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{2DF41245-5FDB-48C8-88DC-F72828FC8120}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
    FirewallRules: [{ED791F97-F3B0-4515-986F-215429CA036A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
    FirewallRules: [{87E02285-E642-4E0D-B9D5-0C34A4223FAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations II - Ultimate Edition\Twilight\GC2TwilightOfTheArnor.exe
    FirewallRules: [{CFC2F1F4-9F97-4072-9CAF-AF186AC75EF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations II - Ultimate Edition\Twilight\GC2TwilightOfTheArnor.exe
    FirewallRules: [{50CBA5FA-AF06-4A88-864E-F9673E49E953}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{2D44C052-9ABB-4BCD-AC6B-2B04AD49E72E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{013BE907-828C-41A3-A192-415C9D465D00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Pit\ThePit.exe
    FirewallRules: [{8865B8F0-84B4-401B-A3BB-CA5742A9311F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Pit\ThePit.exe
    FirewallRules: [{8C70D2FB-23F3-4C10-B355-DC05B634A98D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe
    FirewallRules: [{B3C34F25-93CD-452D-B99C-8406DED333CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe
    FirewallRules: [{D5F1AFEF-6817-493C-9FF9-FDDE51246093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wanderlust Rebirth\Wanderlust.exe
    FirewallRules: [{8E3FCC52-AB80-46E4-9F37-740D615ABC19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wanderlust Rebirth\Wanderlust.exe
    FirewallRules: [{1F8EB601-EF63-4728-96D7-D5927CA16044}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Highborn\Highborn.exe
    FirewallRules: [{67A333EC-2028-4138-9E3A-D31B26025828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Highborn\Highborn.exe
    FirewallRules: [{3E35ED93-29F9-47C2-82F3-1C20E74B7CA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{C14E6702-E1C8-414A-A199-ABDA8413946E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{819B8299-1864-49B0-98C8-A358BEBA76BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reus\Reus.exe
    FirewallRules: [{B72C8A94-30E5-47B0-BB2C-9714CF76625A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reus\Reus.exe
    FirewallRules: [TCP Query User{400FF114-EAC6-4F85-A38C-EA65FB32823D}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
    FirewallRules: [UDP Query User{3F80C342-5803-4674-BD77-E0CB243D41F3}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
    FirewallRules: [{CA63A7C6-3DA8-412F-8215-DB6E90C88F00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
    FirewallRules: [{5D1C269A-EE70-48DB-94A7-6DFC299D10E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
    FirewallRules: [{C031E85E-984C-4A8C-A7C2-71A1E2186741}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First
    Encounter\Bin\SamHD.exe
    FirewallRules: [{59457290-56C3-4458-9F15-11CFFF3F9BF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
    FirewallRules: [{0A5FAD17-F850-4632-B4D8-40DF1B81452C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
    FirewallRules: [{AD756F03-F597-4A96-8449-F5CAFB6AB3BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
    FirewallRules: [{5BCC01B0-04D7-49F1-B7FF-A6F6C2BBBD18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
    FirewallRules: [{9796EF31-EF7C-49A7-91C6-11361236227C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
    FirewallRules: [{2717D76F-2ACE-4F62-8695-C86AC68D97D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
    FirewallRules: [{70C7C89E-02EC-4573-B5E9-C1CA33B3D3A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
    FirewallRules: [{F1C89D86-E10B-4F7B-BFB3-E67AF4437F8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
    FirewallRules: [{0F8D21E0-D002-4C40-BDC9-8B36D1E25B1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
    FirewallRules: [{5BBD6500-FE0D-4F4C-B22A-0F797E8678B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Highborn\Highborn.exe
    FirewallRules: [{27EEBE5B-EF8B-4C9A-BF43-DD79E10E2F68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Highborn\Highborn.exe
    FirewallRules: [{0D4632D4-40AA-44E9-AF39-166EC00B60A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{F1FA9380-60F2-4C0B-848C-74034C9E788B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{5FBF90F7-6D49-41ED-A8E7-8FF8FDF84877}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{807E26EC-13C3-4F7E-9D68-69479CF0243D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{3F52B23F-96DE-4948-8340-E0634796483B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\State of Decay\StateOfDecay.exe
    FirewallRules: [{60871343-6812-4334-8DC8-64BFF6A931D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\State of Decay\StateOfDecay.exe
    FirewallRules: [TCP Query User{B7F4BC3D-BACE-4F91-9757-D39CF10FA324}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Block) C:\program files (x86)\sony\content manager assistant\cma.exe
    FirewallRules: [UDP Query User{AD546965-C2DA-4357-9CE4-7B792376D5AF}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Block) C:\program files (x86)\sony\content manager assistant\cma.exe
    FirewallRules: [{085F329F-3416-42A3-93C1-6D6573A39225}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe
    FirewallRules: [{F71B8601-D32F-4625-A92D-96984E71C3F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe
    FirewallRules: [{DA44C289-54CD-4915-8A46-12AB5AE07626}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{BEBB4B0C-C76D-4D79-8B0D-CF419CFCD998}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{ED39B539-5C69-429D-B5C4-CAE363B3CE4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\State of Decay\StateOfDecay.exe
    FirewallRules: [{234E2B31-0C40-43A8-87E9-70E48B9D7286}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\State of Decay\StateOfDecay.exe
    FirewallRules: [{3F675631-96BA-40FC-9DE7-42B3EEADDC42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{6656032F-ABD6-4B74-B8C9-D9FCBC0FC476}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{A77F8348-C792-437A-935D-2438BAD69166}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
    FirewallRules: [{9332B719-9792-4686-962C-C526E83A7175}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
    FirewallRules: [{9CD9F0CB-16AC-4A29-94A4-4C6B4BE08BF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{3A2808E2-05DD-4EF5-9639-5CDDD7606C3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{AB123D64-DEB3-41D4-A8E0-1DCEABF81C53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{56CDACB8-9E19-40DA-92A2-9B8E185ABBF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{9AE658BD-624A-4351-BD12-2F940BC5E5E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{BD77D1A9-7FA9-4108-9A00-98854A9ED02A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{E6C4E88A-04AF-4E32-A602-C210689187BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reus\Reus.exe
    FirewallRules: [{72BA6E63-9F7F-45F1-9978-6B0340084189}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reus\Reus.exe
    FirewallRules: [{AA3573D0-0FBC-4FF5-87CC-2FC7DAFF2550}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{7C4A38E6-9C15-4EF9-9967-70B9B8237AE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{A8561F75-5E46-4D78-A0C2-92BA789580B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Highborn\Highborn.exe
    FirewallRules: [{F9451CB1-4D44-4017-94AE-9E06B843C5B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Highborn\Highborn.exe
    FirewallRules: [{7484E0F4-E31F-4273-BB52-64B2D056A08A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SeriousSamDoubleD\SSLauncher.exe
     
  7. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    FirewallRules: [{5DB445D9-8E13-45AE-9B68-EE118D2CDB05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SeriousSamDoubleD\SSLauncher.exe
    FirewallRules: [{50EADB0B-10EC-446D-9951-59B1A958ADF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{BB205D33-F93D-4BBD-B9BF-491028D5BBB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{BA69425F-9D1B-4D77-A83B-241C010A50DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{6FC3A571-EF96-4073-BCB9-EB092511B27D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{675F3750-EE38-4C50-A8C8-5FE54E5A7EE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monaco\MONACO.exe
    FirewallRules: [{784BB661-C0A7-4F96-AEDA-B64FB6F04312}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monaco\MONACO.exe
    FirewallRules: [{17209A37-83B2-4612-8E69-9257B81E22B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
    FirewallRules: [{C0AE10F3-4F25-4254-85D6-1ED0FC018A5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
    FirewallRules: [{1953B73B-59A0-4D6C-82D0-1A90193AB534}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
    FirewallRules: [{04F713A0-73C4-4CF4-8E14-FDB4AA3162CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
    FirewallRules: [{38DF2651-7D42-4FE2-AE4B-022C40EFAA72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe
    FirewallRules: [{A19B98F4-3940-4FB9-8307-0D0F8DAE9EBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe
    FirewallRules: [{E9DCCE53-CB34-4234-8B4B-BDE1DAD44A33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
    FirewallRules: [{792DDC07-C778-4438-BA75-A41F125E49AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
    FirewallRules: [{6612F795-3BB3-4B7A-B213-6BE9BD0A9ECF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
    FirewallRules: [{CEECF137-D423-4BEF-B609-3DE109D58A58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
    FirewallRules: [{CB3970B6-E5D0-4CFC-A217-0AD8B796849A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
    FirewallRules: [{829A8011-9DBC-48D7-97C4-CE22EED36D49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
    FirewallRules: [{71E66BCA-2177-40A7-9318-D2EF11DEE6C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unepic\unepic.exe
    FirewallRules: [{766CC7A5-5B07-457B-B269-21CE1A228228}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unepic\unepic.exe
    FirewallRules: [{B004FD62-FAEB-4C84-A95F-A2064F61A8F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
    FirewallRules: [{83DA41FB-2ECE-4A55-B85E-DAAAF651C6DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
    FirewallRules: [{19F9D09F-FBA8-4F84-A404-F741E4EDF2D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
    FirewallRules: [{E1B72469-8F3D-40C8-885E-E2149ADB2A6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
    FirewallRules: [{44F4D97A-D18D-46A0-B2D1-75FAC93097C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tower Wars\TW.exe
    FirewallRules: [{D637ECB0-78A8-4A5D-9AA4-6D54E0FB515E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tower Wars\TW.exe
    FirewallRules: [{4264BB4F-F2A0-403F-8938-199E3FD8BF06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unepic\unepic.exe
    FirewallRules: [{7A4CD734-167C-4910-A780-2DE75D5EFF3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unepic\unepic.exe
    FirewallRules: [{EC17B787-C17E-4133-BD89-71CDCAD49FE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleStorm\CastleStorm.exe
    FirewallRules: [{D3FC9DC9-C683-4E4D-A4CA-8FA43BD23633}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleStorm\CastleStorm.exe
    FirewallRules: [{21E16391-7A4F-485B-A24E-D994E3C39796}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LegendofDungeon\LegendofDungeon.exe
    FirewallRules: [{39117B82-E3D8-4228-BBF9-D50D3E2E1A02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LegendofDungeon\LegendofDungeon.exe
    FirewallRules: [{E9EA4F0E-DDC4-4369-A11F-B01836269CCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tower Wars\TW.exe
    FirewallRules: [{8C5B1786-FD5A-483E-895A-BB67D7BF4320}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tower Wars\TW.exe
    FirewallRules: [{1C66D957-A280-4539-99E1-3EA2FB0DDEA9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{CAD08521-39E6-4A68-8623-B76652F11F30}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{52C4C221-A931-43E5-9F3F-22A5FC5A3B7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{4749DADE-B4C8-40EE-88E1-0FB4947D88F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe
    FirewallRules: [{3E49BB9A-5D37-4BAA-B60B-FEAB2132CFF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unepic\unepic.exe
    FirewallRules: [{0B2179F3-ACBE-4EF6-9F16-3B460089CC2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unepic\unepic.exe
    FirewallRules: [{251C71D4-8964-4A9A-9EE8-CF20CF3257BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\State of Decay\StateOfDecay.exe
    FirewallRules: [{58AC0AA7-2050-4FDB-AE01-5C1C655C7C82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\State of Decay\StateOfDecay.exe
    FirewallRules: [{4DE5F48D-6151-4087-B844-3C3FFAE9345D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe
    FirewallRules: [{D052BAC2-55E9-43EA-9665-A62EAD3BBFBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe
    FirewallRules: [{51E21B02-747D-44B7-A3A6-FDD7D4930F75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Empires IV Deluxe\se4\Se4.exe
    FirewallRules: [{2F3F2AA3-4107-4691-8F72-DA0B76BD671F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Empires IV Deluxe\se4\Se4.exe
    FirewallRules: [TCP Query User{17D9B4D9-99B5-4A32-B1B9-D6D49B2954C4}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
    FirewallRules: [UDP Query User{BAD7DD09-70AF-4F4B-993E-0054C79E0F0E}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
    FirewallRules: [{A88E6661-A544-4248-8B41-4D3C701A89EE}] => (Allow) C:\Program Files (x86)\Veetle\Player\VeetleNet.exe
    FirewallRules: [TCP Query User{DB9E75EA-9602-42C4-A6EF-FD6840D4B89E}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
    FirewallRules: [UDP Query User{A4D45C86-0506-4A95-9693-7747EB1AB5D7}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
    FirewallRules: [{37CF1729-A822-49E1-B72F-9D46AD46EB07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{4B51E8C9-AE98-44A7-A9D5-7F350F1748F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{0DE51D09-5101-46CF-A69B-E7AD5B1817E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
    FirewallRules: [{000366C5-B616-480B-9240-FAFD3624FF16}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
    FirewallRules: [{24C3F4DA-7F30-46A2-9FE2-797E4A55D1F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frozen Synapse\FrozenSynapse.exe
    FirewallRules: [{4A338FC7-3655-4BB3-9C5B-7E1455EAA49D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frozen Synapse\FrozenSynapse.exe
    FirewallRules: [{2C9E3713-9FB1-40FE-A362-6B20EBC9EB20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
    FirewallRules: [{98735B81-F68C-43E7-8A15-02AA80A13D9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
    FirewallRules: [{5023B782-D28C-4760-8E89-84D1BC634B08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darwinia\darwinia.exe
    FirewallRules: [{0F3CB872-83DC-4A15-9DD6-0830E6B41E0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darwinia\darwinia.exe
    FirewallRules: [{C8296AE5-09E1-448E-87C7-6B2B8AAED774}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mercenary_kings\MercenaryKings.exe
    FirewallRules: [{D78B6F16-351C-4199-86E0-7FFBC040C122}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mercenary_kings\MercenaryKings.exe
    FirewallRules: [{6FA9DA49-4F7C-4596-89EB-BEB04310B823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{0DBB036C-8100-46CF-B7BA-0A1B1B98FCE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{1C009A14-DAA0-4B05-87B8-F4408E834AAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
    FirewallRules: [{234318B2-6A7C-4D15-AF5A-3E0D312292EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
    FirewallRules: [{C3F1BCBF-E5D3-4872-A237-128D03F5A227}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
    FirewallRules: [{ECF0C7D3-228D-4B8A-9291-C3962C57E19F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
    FirewallRules: [{C7EB0431-82F0-4C3B-9D47-6180894118A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie Bowl-O-Rama\ZombieBowl.exe
    FirewallRules: [{AC1A1A52-5DB2-4961-B75E-6D164BC04775}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie Bowl-O-Rama\ZombieBowl.exe
    FirewallRules: [TCP Query User{B4500B9A-E2D9-4E1D-9EB2-227BC2D39094}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe
    FirewallRules: [UDP Query User{9FA7DE6D-9384-4049-B3A3-A7A008A0A5CA}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe
    FirewallRules: [{1FABDCC4-D222-4062-BD53-B8D84142A8DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe
    FirewallRules: [{EE6E1D58-069E-43DC-B5E0-3967B4B89595}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe
    FirewallRules: [{EE02670E-C2EF-4007-B542-C227A842A063}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\TacticsLauncher.exe
    FirewallRules: [{23672A7E-A054-4023-A982-6539CB31EF30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\TacticsLauncher.exe
    FirewallRules: [{9EC3D15D-E9DE-43DB-BF0C-897794AEAC48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout 2\Fallout2Launcher.exe
    FirewallRules: [{A1AEC210-210F-498D-B5D1-233CC1FEF6B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout 2\Fallout2Launcher.exe
    FirewallRules: [{E25AE779-655B-47C0-827D-B44511216DF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout\FalloutLauncher.exe
    FirewallRules: [{1166B80B-97A1-4567-8EF5-55DCE64E62B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout\FalloutLauncher.exe
    FirewallRules: [{E23843AA-9FBC-4282-A660-5FBCECA349CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
    FirewallRules: [{51E97A0D-CE0F-487A-92B7-7E3E016921AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
    FirewallRules: [{02DA4BFC-18EB-49F1-BEA5-79C74A1AB472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
    FirewallRules: [{4115DC97-739F-4589-9B8D-87A63D70B953}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
    FirewallRules: [{D203F458-AF3C-4A0E-B719-1CBD1D7797BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Steel\HeroesOfSteel.win32.exe
    FirewallRules: [{5D6BD3AE-6555-42E2-8AD5-288054CAE7DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Steel\HeroesOfSteel.win32.exe
    FirewallRules: [{43530DDA-FCF9-464E-AC50-7D79210ECF45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarpointGemini\StarpointGemini.exe
    FirewallRules: [{4E5AA6CA-A9DC-4CF2-A60F-02DEBFBD3937}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarpointGemini\StarpointGemini.exe
    FirewallRules: [{54FFA97B-D898-4F5E-BF63-1F3C7789BA50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [{2FFB028F-C07C-48C0-81A5-6C8C339D5A74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [{3728AD2A-B593-4549-8640-32F5D5B921CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{4905F57A-61A0-40C9-B9D6-A61924F26600}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6B4622B9-A4C7-45A4-86E1-817EAB290BB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
    FirewallRules: [{1DD34BD1-1D64-48F1-94D6-D787A79CDB65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
    FirewallRules: [{5F5092A1-9FCF-423B-97FE-6113E00C1F74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\UFO Afterlight\UFO.exe
    FirewallRules: [{D35A6DED-F276-4F08-A532-CEF36F3668DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\UFO Afterlight\UFO.exe
    FirewallRules: [{5E0A6881-A472-403B-BD2E-582FB0A9AD5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
    FirewallRules: [{F71EDE4E-62BC-4F7A-A81B-1F70201004C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
    FirewallRules: [{ADC2185C-32DE-4D16-900F-CEB27984F938}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing II\VanHelsing.exe
    FirewallRules: [{DC67C4C1-7934-4D7A-B74D-56B842E2B0F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing II\VanHelsing.exe
    FirewallRules: [TCP Query User{3E874C55-3D63-4DEA-9FF9-5A0236E27169}C:\gog games\tower of guns\binaries\win32\udk.exe] => (Allow) C:\gog games\tower of guns\binaries\win32\udk.exe
    FirewallRules: [UDP Query User{1065B1C6-9A35-42C9-A7FD-D2845054099D}C:\gog games\tower of guns\binaries\win32\udk.exe] => (Allow) C:\gog games\tower of guns\binaries\win32\udk.exe
    FirewallRules: [{5B717268-F8F2-4D49-95BB-9A429C51D982}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe
    FirewallRules: [{6705A7F9-5215-4235-A425-F081386D8881}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe
    FirewallRules: [{7BBB5FF8-BFF6-47A2-AFD3-A4494141C648}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe
    FirewallRules: [{EAFBC713-62C6-4838-9191-E90A0EF8A060}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe
    FirewallRules: [{A7F45A36-1D87-466B-BF7B-E95C0783FAF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
    FirewallRules: [{2BCAFC24-539D-4AD4-8618-0911525FEC31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
    FirewallRules: [{5EAF7BCB-8756-43B9-BF59-D0EC4329CED8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Config.exe
    FirewallRules: [{439E18E7-156A-4D8C-8B0E-4344C8A3DD7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Config.exe
    FirewallRules: [{1BA48CC1-EA4F-4A77-BC04-C391BE73A992}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\99 Levels To Hell\99 Levels To Hell.exe
    FirewallRules: [{E34543D1-CA80-4507-9F26-94FEFF2FECDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\99 Levels To Hell\99 Levels To Hell.exe
    FirewallRules: [{6CD64E4A-C198-4374-BCE0-3C31757C8AF9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
    FirewallRules: [{65957970-7103-4A16-8A92-F7FA3EDBD817}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
    FirewallRules: [{A61C704D-2121-48C0-B8DF-012E602E61FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
    FirewallRules: [{AE8C1708-C4A3-4DF7-97B6-4A07F028AB8B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
    FirewallRules: [{7958AE51-228C-4CB4-8775-95E7DF03B15A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{C9C6549E-63F4-47F3-8D70-CA595C36D5F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{17FE9D9C-0D55-4F85-8A94-1E59EC6E0520}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HackSlashLoot\HackSlashLoot.exe
    FirewallRules: [{9C743026-8058-4FF8-9DF0-C671F5004DE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HackSlashLoot\HackSlashLoot.exe
    FirewallRules: [{AFE27E84-D6D8-42C7-9CB3-D8C628DA36FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe
    FirewallRules: [{2ED850A6-1A47-4888-94C1-FDD43F076F8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe
    FirewallRules: [{631041D6-F85B-4BB8-AE7B-DBA0B24DE632}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
    FirewallRules: [{46670C22-A78D-4526-BFAD-77A1BB7EA640}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
    FirewallRules: [{1DAA5CB1-9192-4497-9EC4-986C14CC67CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [{ADF0C5D0-0EEE-4B27-B560-C3D4F8A5806F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [{1246F49C-82FC-43D8-8F2C-43CF84667BDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\stalker call of pripyat\bin\xrEngine.exe
    FirewallRules: [{88BBE197-47BC-4E72-994D-BBB0C0590AFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\stalker call of pripyat\bin\xrEngine.exe
    FirewallRules: [{21B58B73-3D18-4EC8-82D3-88EB1A0C4A13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LegendofDungeon\LegendofDungeon_DirectToRift.exe
    FirewallRules: [{F589DDC2-C930-4F07-A470-F472A3223792}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LegendofDungeon\LegendofDungeon_DirectToRift.exe
    FirewallRules: [{10024E54-A75E-4BB0-B7BD-4C84119445C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
    FirewallRules: [{8B3B05AD-51A8-46BF-B09D-CB87B4CE2A1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
    FirewallRules: [{F479D582-B1DD-440C-8E5A-711ADAA73113}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
    FirewallRules: [{03610891-B0EA-4C46-A1C1-1D6BF4B411B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
    FirewallRules: [{6C9C8EF6-2780-4547-A3CC-3F435CDC1E1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
    FirewallRules: [{C3C1974C-C945-477C-8752-476F2ADD1CC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
    FirewallRules: [{938ACB22-5B8B-418A-A282-D4E1EFE16A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
    FirewallRules: [{9BB81EAE-1876-4125-A2FE-10B5614B8AA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
    FirewallRules: [{990A0EDE-C5FC-4D2D-8093-AA06C5B01CCA}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    FirewallRules: [{48623417-04E5-421C-B050-47DD7A7AC9B4}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    FirewallRules: [{ABEF2188-C700-4F94-8555-78D143337DC4}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
    FirewallRules: [TCP Query User{A1203BA6-3834-46DC-B358-5C770661AD50}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
    FirewallRules: [UDP Query User{B645E9CD-3718-4486-8655-98D34191D26D}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
    FirewallRules: [{234874D0-2AFE-4F66-9564-E7620D16D4DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SunlessSea\Sunless Sea.exe
    FirewallRules: [{118CCDAA-BBC3-44A1-A826-34BD1DC66BCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SunlessSea\Sunless Sea.exe
    FirewallRules: [{FF3BD48E-8927-4C84-B998-AA69E9634D07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
    FirewallRules: [{4B154390-7D77-4006-98AD-37E60F852216}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
    FirewallRules: [{48F2ACA3-4671-46A7-8D70-2AD6CC8DAE1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
    FirewallRules: [{3A34D78F-4C61-4A98-99EC-11925E280C0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
    FirewallRules: [{95E17D08-8187-4F93-914A-14E4A74A1814}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{03E331D5-B819-4C99-A31B-1C108447799E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{9A5F0F87-425B-4141-ADDC-8F8FD89F9976}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{21180F54-9332-4402-9F5D-854EFA2558D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{C4850A0C-4D6D-4029-A1B3-D75A528FCD8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{6799C4F8-8CBD-48B8-8147-D89AD0E5323E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
    FirewallRules: [{B2051CD9-4649-42F4-90A2-5C1CC0555DD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
    FirewallRules: [{E57EAFD7-C2AD-41A5-B988-6538B505D752}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe
    FirewallRules: [{BD3B87BC-D161-4C05-819F-BC1C67A8AB78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe
    FirewallRules: [{B8EA3358-BB32-4327-B118-CA1332FD3183}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{56B76B29-0D9D-41D4-9642-2F5CFEBDA277}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{E90334C2-6208-4CB3-B5C4-6917A8BBFDE3}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe
    FirewallRules: [TCP Query User{F83F1EC2-4A09-4D0E-8780-DCC801BCC55C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{804CC5D8-CCB1-4AA5-ACF0-237799B0DC81}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [TCP Query User{AC41B1E1-CAD8-4427-B034-3DF2737EECA6}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{DBF153E6-D37C-406A-9F22-BD9BCF783D8B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [{64637248-8A29-4287-BC0F-99B8F7BC7092}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{5200B5C2-F9AC-43C9-9401-69C5DD298B14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{BA52F12D-59F3-4AD2-AD4B-85591B04CFFB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/10/2015 01:06:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/10/2015 12:40:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary COMODO Internet Security Firewall Driver.

    System Error:
    The system cannot find the file specified.
    .

    Error: (09/10/2015 12:40:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary COMODO Internet Security Eradication Driver.

    System Error:
    The system cannot find the file specified.
    .

    Error: (09/09/2015 11:25:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/09/2015 11:24:55 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (09/09/2015 11:08:43 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (09/09/2015 11:08:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/09/2015 07:09:30 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (09/09/2015 07:09:23 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (09/09/2015 07:09:22 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


    System errors:
    =============
    Error: (09/10/2015 01:15:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (09/10/2015 01:06:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AvastVBox COM Service service failed to start due to the following error:
    %%1053

    Error: (09/10/2015 01:06:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.

    Error: (09/10/2015 01:06:27 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

    Error: (09/10/2015 01:05:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (09/10/2015 01:00:57 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (09/10/2015 01:00:05 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (09/10/2015 01:00:04 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (09/10/2015 12:49:04 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (09/09/2015 11:31:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.


    Microsoft Office:
    =========================
    Error: (09/10/2015 01:06:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/10/2015 12:40:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Details:
    AddLegacyDriverFiles: Unable to back up image of binary COMODO Internet Security Firewall Driver.

    System Error:
    The system cannot find the file specified.

    Error: (09/10/2015 12:40:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Details:
    AddLegacyDriverFiles: Unable to back up image of binary COMODO Internet Security Eradication Driver.

    System Error:
    The system cannot find the file specified.

    Error: (09/09/2015 11:25:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/09/2015 11:24:55 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\icenhour76\Desktop\esetsmartinstaller_enu (1).exe

    Error: (09/09/2015 11:08:43 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\icenhour76\Desktop\esetsmartinstaller_enu (1).exe

    Error: (09/09/2015 11:08:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/09/2015 07:09:30 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\icenhour76\Desktop\esetsmartinstaller_enu (1).exe

    Error: (09/09/2015 07:09:23 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\icenhour76\Desktop\esetsmartinstaller_enu (1).exe

    Error: (09/09/2015 07:09:22 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\icenhour76\Desktop\esetsmartinstaller_enu (1).exe


    CodeIntegrity:
    ===================================
    Date: 2015-09-10 01:00:05.015
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-09-10 01:00:04.905
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-09-10 01:00:04.781
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-09-10 01:00:04.671
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-09-09 22:26:29.750
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-09-09 22:26:29.704
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-09-09 22:26:29.688
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-09-09 22:26:29.002
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-09-09 22:26:28.955
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-09-09 22:26:28.892
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) II X6 1035T Processor
    Percentage of memory in use: 21%
    Total physical RAM: 16383.18 MB
    Available physical RAM: 12918.93 MB
    Total Virtual: 32764.57 MB
    Available Virtual: 28770.61 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.41 GB) (Free:38.06 GB) NTFS
    Drive I: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:703.34 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 64115BDA)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 1397.3 GB) (Disk ID: A4B57300)
    Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  8. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    An d here is the finish log from combo fix that has got me to the point where I can post this just incase its needed
     
  9. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    ComboFix 15-09-07.01 - icenhour76 09/10/2015 0:43.20.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16383.12008 [GMT -4:00]
    Running from: c:\users\icenhour76\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: COMODO Firewall *Disabled* {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Comodo Defense+ *Enabled/Updated* {493CE176-EB84-BC8D-9707-B3ACF7598648}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\ICENHO~1\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\ar\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\bg\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\ca\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\cs\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\da\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\de\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\el\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\en\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\es\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\fi\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\fr\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\gu\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\he\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\hr\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\hu\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\id\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\it\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\ja\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\nb\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\nl\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\pl\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\pt_BR\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\pt_PT\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\ro\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\ru\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\sk\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\sl\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\sr\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\sv\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\te\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\tr\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\uk\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\vi\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\zh_CN\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\zh_TW\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_metadata\computed_hashes.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_metadata\verified_contents.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\adblock_start_chrome.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\adblock_start_common.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\background.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\bandaids.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\button\popup.css
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\button\popup.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\button\popup.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\CHANGELOG.txt
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\checkupdates.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\chrome_oauth_receiver.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\chrome_oauth_receiver.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\datacollection.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\dropbox-datastores.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\domainset.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\filternormalizer.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\filteroptions.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\filterset.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\filtertypes.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\myfilters.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\functions.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\gab_question.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\idlehandler.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\delete.gif
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\dropbox1.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\dropbox2.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\dropbox3.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\facebook-sprite.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\gifloader.gif
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\gplus-sprite.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon128.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon16.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon16_grayscale.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon16_grayscale@2x.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon19-grayscale.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon19-whitelisted.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon19.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon24.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon32.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon38-grayscale.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon38-whitelisted.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon38.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon48.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\logo.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\check.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\magnifying_glass.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\search-engine-card_no-shadow.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\search-engine-icons.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\search-omnibox-card_no-shadow.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\search_engine_select_arrow.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\twitter-sprite.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-icons_056b93_256x240.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\jquery-ui.custom.css
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\override-page.css
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\jquery-ui.custom.min.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\jquery.cookie.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\jquery.min.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\LICENSE
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\manifest.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\notificationoverlay.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\customize.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\customize.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\filters.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\filters.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\general.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\general.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\index.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\index.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\options.css
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\support.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\support.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\pages\adreport.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\pages\adreport.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\pages\subscribe.css
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\pages\subscribe.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\pages\subscribe.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\port.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\punycode.min.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\README.markdown
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\stats.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\survey.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\translators.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\blacklisting\blacklistui.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\blacklisting\clickwatcher.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\blacklisting\elementchain.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\blacklisting\overlay.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\blacklisting\rightclick_hook.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\load_jquery_ui.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\send_content_to_back.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\top_open_blacklist_ui.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\top_open_whitelist_ui.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\ytchannel.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\users\icenhour76\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
    c:\users\icenhour76\Desktop\Setup.exe
    .
    c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-08-10 to 2015-09-10 )))))))))))))))))))))))))))))))
    .
    .
    2015-09-10 05:00 . 2015-09-10 05:00 -------- d-----w- c:\users\Public\AppData\Local\temp
    2015-09-10 05:00 . 2015-09-10 05:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-09-09 23:02 . 2015-09-09 23:02 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{102274E7-1254-49F7-B3BD-398DED6C3C85}\offreg.3248.dll
    2015-09-08 14:36 . 2015-09-08 14:36 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{102274E7-1254-49F7-B3BD-398DED6C3C85}\offreg.4448.dll
    2015-09-08 14:34 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{102274E7-1254-49F7-B3BD-398DED6C3C85}\mpengine.dll
    2015-08-21 11:44 . 2015-08-21 11:44 573048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2015-08-21 11:43 . 2015-08-21 11:43 937592 ----a-w- c:\windows\system32\nvvsvc.exe
    2015-08-21 11:43 . 2015-08-07 04:34 62768 ----a-w- c:\windows\system32\nvshext.dll
    2015-08-21 11:43 . 2015-08-07 04:34 2558768 ----a-w- c:\windows\system32\nvsvcr.dll
    2015-08-21 11:43 . 2015-08-07 04:34 385328 ----a-w- c:\windows\system32\nvmctray.dll
    2015-08-21 11:43 . 2015-08-07 04:34 6883448 ----a-w- c:\windows\system32\nvcpl.dll
    2015-08-21 11:43 . 2015-08-07 04:34 3492144 ----a-w- c:\windows\system32\nvsvc64.dll
    2015-08-21 11:43 . 2015-08-03 10:12 5133709 ----a-w- c:\windows\system32\nvcoproc.bin
    2015-08-21 10:49 . 2015-08-21 10:49 1898128 ----a-w- c:\windows\system32\nvdispco6435362.dll
    2015-08-21 10:49 . 2015-08-21 10:49 1557648 ----a-w- c:\windows\system32\nvdispgenco6435362.dll
    2015-08-21 09:57 . 2015-08-21 09:58 1898104 ----a-w- c:\windows\system32\nvdispco6435560.dll
    2015-08-21 09:57 . 2015-08-21 09:58 1558832 ----a-w- c:\windows\system32\nvdispgenco6435560.dll
    2015-08-21 06:55 . 2015-08-21 06:55 69416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2015-08-21 06:55 . 2015-08-21 06:55 50472 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2015-08-20 22:59 . 2015-08-20 22:59 -------- d-----w- c:\users\icenhour76\AppData\Local\Logitech
    2015-08-20 22:55 . 2015-08-20 22:58 -------- d-----w- c:\program files\Logitech Gaming Software
    2015-08-17 16:33 . 2015-08-17 16:33 -------- d-----w- C:\usb_driver
    2015-08-17 16:25 . 2012-11-06 02:26 1983440 ----a-w- c:\windows\system32\msvcr110d.dll
    2015-08-17 16:17 . 2015-08-17 16:17 -------- d-----w- c:\program files (x86)\YiHiEcigar
    .
    .
    .
    (
     
  10. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    ((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-09-10 03:49 . 2014-07-24 20:21 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-09-10 03:47 . 2014-01-13 07:51 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-09-10 03:31 . 2014-07-21 04:26 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-08-21 06:55 . 2013-09-03 11:30 72504 ----a-w- c:\windows\system32\nvaudcap64v.dll
    2015-08-20 22:58 . 2015-06-10 23:33 26912 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
    2015-08-20 22:58 . 2015-06-10 23:33 68384 ----a-w- c:\windows\system32\drivers\LGJoyXlCore.sys
    2015-08-20 22:58 . 2015-06-10 23:33 37408 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
    2015-08-20 22:57 . 2011-12-29 20:34 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2015-08-20 22:57 . 2013-05-31 19:19 1843480 ----a-w- c:\windows\system32\LkmdfCoInst.dll
    2015-08-20 22:57 . 2013-05-30 16:16 64280 ----a-w- c:\windows\system32\drivers\LGSHidFilt.Sys
    2015-08-18 04:44 . 2014-07-24 20:21 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-08-18 04:44 . 2013-07-21 22:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-08-17 23:30 . 2014-07-21 01:07 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2015-08-17 23:30 . 2013-10-30 08:44 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2015-08-17 23:29 . 2014-07-21 01:07 1756608 ----a-w- c:\windows\system32\nvspbridge64.dll
    2015-08-17 23:29 . 2013-10-30 08:44 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
    2015-08-13 22:59 . 2014-09-29 05:56 1048344 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2015-08-12 10:23 . 2012-03-30 04:19 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-08-12 10:23 . 2011-12-29 20:26 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-08-05 10:59 . 2014-09-29 05:56 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-08-05 10:59 . 2014-09-29 05:56 150672 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2015-08-05 10:59 . 2014-09-29 05:56 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2015-08-05 10:59 . 2015-08-05 10:59 378880 ----a-w- c:\windows\system32\aswBoot.exe
    2015-08-05 10:59 . 2014-09-29 05:55 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2015-08-05 10:59 . 2014-09-29 05:55 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-08-05 10:59 . 2014-09-29 05:55 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2015-08-05 10:59 . 2014-09-29 05:55 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-08-05 10:58 . 2015-08-05 10:58 43112 ----a-w- c:\windows\avastSS.scr
    2015-08-05 10:58 . 2015-08-05 10:59 115152 ----a-w- c:\windows\system32\drivers\ngvss.sys
    2015-07-20 21:39 . 2015-07-20 21:39 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2015-07-20 21:39 . 2015-07-20 21:39 46080 ----a-w- c:\windows\system32\atmlib.dll
    2015-07-20 21:39 . 2015-07-20 21:39 41984 ----a-w- c:\windows\system32\lpk.dll
    2015-07-20 21:39 . 2015-07-20 21:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2015-07-20 21:39 . 2015-07-20 21:39 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
    2015-07-20 21:39 . 2015-07-20 21:39 25600 ----a-w- c:\windows\SysWow64\lpk.dll
    2015-07-20 21:39 . 2015-07-20 21:39 14336 ----a-w- c:\windows\system32\dciman32.dll
    2015-07-20 21:39 . 2015-07-20 21:39 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
    2015-07-20 21:39 . 2015-07-20 21:39 100864 ----a-w- c:\windows\system32\fontsub.dll
    2015-07-19 14:01 . 2011-12-31 15:03 130333168 ----a-w- c:\windows\system32\MRT.exe
    2015-07-15 01:59 . 2015-07-20 21:39 372224 ----a-w- c:\windows\system32\atmfd.dll
    2015-07-15 01:25 . 2015-07-15 01:25 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2015-07-15 01:25 . 2015-07-15 01:25 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2015-07-15 01:25 . 2015-07-15 01:25 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2015-07-15 01:25 . 2015-07-15 01:25 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2015-07-15 01:25 . 2015-07-15 01:25 720384 ----a-w- c:\windows\system32\ie4uinit.exe
    2015-07-15 01:25 . 2015-07-15 01:25 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2015-07-15 01:25 . 2015-07-15 01:25 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2015-07-15 01:25 . 2015-07-15 01:25 504320 ----a-w- c:\windows\SysWow64\vbscript.dll
    2015-07-15 01:25 . 2015-07-15 01:25 34304 ----a-w- c:\windows\system32\iernonce.dll
    2015-07-15 01:25 . 2015-07-15 01:25 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
    2015-07-15 01:25 . 2015-07-15 01:25 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2015-07-15 01:25 . 2015-07-15 01:25 389832 ----a-w- c:\windows\system32\iedkcs32.dll
    2015-07-15 01:25 . 2015-07-15 01:25 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2015-07-15 01:25 . 2015-07-15 01:25 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2015-07-15 01:25 . 2015-07-15 01:25 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2015-07-15 01:25 . 2015-07-15 01:25 801280 ----a-w- c:\windows\system32\msfeeds.dll
    2015-07-15 01:25 . 2015-07-15 01:25 800768 ----a-w- c:\windows\system32\ieapfltr.dll
    2015-07-15 01:25 . 2015-07-15 01:25 66560 ----a-w- c:\windows\system32\iesetup.dll
    2015-07-15 01:25 . 2015-07-15 01:25 316928 ----a-w- c:\windows\system32\dxtrans.dll
    2015-07-15 01:25 . 2015-07-15 01:25 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
    2015-07-15 01:25 . 2015-07-15 01:25 584192 ----a-w- c:\windows\system32\vbscript.dll
    2015-07-15 01:25 . 2015-07-15 01:25 54784 ----a-w- c:\windows\system32\jsproxy.dll
    2015-07-15 01:25 . 2015-07-15 01:25 1951232 ----a-w- c:\windows\SysWow64\wininet.dll
    2015-07-15 01:25 . 2015-07-15 01:25 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2015-07-15 01:25 . 2015-07-15 01:25 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2015-07-15 01:25 . 2015-07-15 01:25 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2015-07-15 01:25 . 2015-07-15 01:25 490496 ----a-w- c:\windows\system32\dxtmsft.dll
    2015-07-15 01:25 . 2015-07-15 01:25 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2015-07-15 01:25 . 2015-07-15 01:25 816640 ----a-w- c:\windows\system32\jscript.dll
    2015-07-15 01:25 . 2015-07-15 01:25 2427392 ----a-w- c:\windows\system32\wininet.dll
    2015-07-15 01:25 . 2015-07-15 01:25 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2015-07-15 01:25 . 2015-07-15 01:25 199680 ----a-w- c:\windows\system32\msrating.dll
    2015-07-15 01:17 . 2015-07-15 01:17 1545728 ----a-w- c:\windows\system32\urlmon.dll
    2015-07-15 01:17 . 2015-07-15 01:17 615936 ----a-w- c:\windows\system32\ieui.dll
    2015-07-15 01:17 . 2015-07-15 01:17 25193984 ----a-w- c:\windows\system32\mshtml.dll
    2015-07-15 01:17 . 2015-07-15 01:17 14453248 ----a-w- c:\windows\system32\ieframe.dll
    2015-07-15 01:17 . 2015-07-15 01:17 2885632 ----a-w- c:\windows\system32\iertutil.dll
    2015-07-15 01:11 . 2015-07-15 01:11 429568 ----a-w- c:\windows\system32\wksprt.exe
    2015-07-15 01:11 . 2015-07-15 01:11 7077376 ----a-w- c:\windows\system32\mstscax.dll
    2015-07-15 01:11 . 2015-07-15 01:11 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
    2015-07-15 01:11 . 2015-07-15 01:11 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
    2015-07-15 01:11 . 2015-07-15 01:11 62976 ----a-w- c:\windows\system32\tsgqec.dll
    2015-07-15 01:11 . 2015-07-15 01:11 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
    2015-07-15 01:11 . 2015-07-15 01:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
    2015-07-15 01:08 . 2015-07-15 01:08 729088 ----a-w- c:\windows\system32\kerberos.dll
    2015-07-15 01:08 . 2015-07-15 01:08 315392 ----a-w- c:\windows\system32\msv1_0.dll
    2015-07-15 01:08 . 2015-07-15 01:08 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
    2015-07-15 01:08 . 2015-07-15 01:08 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-07-15 01:08 . 2015-07-15 01:08 86528 ----a-w- c:\windows\system32\TSpkg.dll
    2015-07-15 01:08 . 2015-07-15 01:08 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2015-07-15 01:08 . 2015-07-15 01:08 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
    2015-07-15 01:08 . 2015-07-15 01:08 64000 ----a-w- c:\windows\system32\auditpol.exe
    2015-07-15 01:08 . 2015-07-15 01:08 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
    2015-07-15 01:08 . 2015-07-15 01:08 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
    2015-07-15 01:08 . 2015-07-15 01:08 44032 ----a-w- c:\windows\system32\cryptbase.dll
    2015-07-15 01:08 . 2015-07-15 01:08 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
    2015-07-15 01:08 . 2015-07-15 01:08 342016 ----a-w- c:\windows\system32\schannel.dll
    2015-07-15 01:08 . 2015-07-15 01:08 31232 ----a-w- c:\windows\system32\lsass.exe
    2015-07-15 01:08 . 2015-07-15 01:08 309760 ----a-w- c:\windows\system32\ncrypt.dll
    2015-07-15 01:08 . 2015-07-15 01:08 290816 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-10-11 2327248]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-25 6111824]
    "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2015-01-10 448856]
    .
    c:\users\icenhour76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-4 41160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Content Manager Assistant for PlayStation(R).lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-10-15 3526776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    R2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 L6PODHDBEAN;Service - Line 6 POD HD;c:\windows\system32\Drivers\L6PODHDBEAN64.sys;c:\windows\SYSNATIVE\Drivers\L6PODHDBEAN64.sys [x]
    R3 L6PODX3;L6 POD X3 Service;c:\windows\system32\Drivers\L6PODX364.sys;c:\windows\SYSNATIVE\Drivers\L6PODX364.sys [x]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
    R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
    R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
    R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
    R3 SaiKF622;SaiKF622;c:\windows\system32\DRIVERS\SaiKF622.sys;c:\windows\SYSNATIVE\DRIVERS\SaiKF622.sys [x]
    R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
    R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys;c:\windows\SYSNATIVE\drivers\MO3v2Driver.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
    S0 ngvss;ngvss; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    S2 LGCoreTemp;Logitech CPU Core Tempurature;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [x]
    S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
    S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
    S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
    S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
    S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
    S3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
    S3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
    S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-09-09 22:11 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:23]
    .
    2015-09-10 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-03 20:51]
    .
    2015-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19 19:48]
    .
    2015-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19 19:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-08-05 10:59 778056 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
    "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
    "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-25 13320808]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-17 1710568]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-21 2634872]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2015-01-12 3100440]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2015-08-20 14601160]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137}: NameServer = 208.67.220.222
    FF - ProfilePath - c:\users\icenhour76\AppData\Roaming\Mozilla\Firefox\Profiles\ntebj8uu.default\
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3248671020-3738731255-3598294349-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):a9,02,94,de,50,49,8a,df,05,1a,ed,a5,0a,b0,c7,b5,1b,20,fe,1d,2f,
    48,d7,53,3a,cb,b3,91,d4,69,33,7a,bf,5f,f0,20,af,4c,f2,95,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3248671020-3738731255-3598294349-1001_Classes\Wow6432Node\CLSID\{5edfaf09-d210-4871-96d9-313263d5bf2f}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000083
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,53,4e,1a,5b,76,50,55,59,9d,cc,e7,b1,95,58,29,cd,57,86,fd,49,12,56,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.18"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2015-09-10 01:22:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-09-10 05:22
    ComboFix2.txt 2014-09-27 08:49
    ComboFix3.txt 2014-09-27 04:13
    ComboFix4.txt 2014-09-19 05:56
    ComboFix5.txt 2014-09-28 23:53
    .
    Pre-Run: 40,278,171,648 bytes free
    Post-Run: 40,928,616,448 bytes free
    .
    - - End Of File - - AC518107940CB70C7D278D33EB267463
    A36C5E4F47E84449FF07ED3517B43A31
     
  11. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    And aslo just added information this is the longest its ran stable and not acted wacky or strange in about 2 days which was about when this started had to uninstall commod fire wall to run combo fix also but that was all before the running of farbar
     
  12. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    atapi.sys

    Click Search files button and post the log (Search.txt) it makes in your reply.
     
  13. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
    Ran by icenhour76 (2015-09-10 19:24:11)
    Running from C:\Users\icenhour76\Desktop
    Boot Mode: Normal

    ================== Search Files: "atapi.sys" =============

    C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
    [2009-07-13 19:19][2009-07-13 21:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C [File is digitally signed]

    C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
    [2009-07-13 19:19][2009-07-13 21:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C [File is digitally signed]

    C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
    [2009-07-13 19:19][2009-07-13 21:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C [File is digitally signed]

    C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009-07-13 19:19][2009-07-13 21:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C [File is digitally signed]

    C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
    [2009-07-13 19:19][2009-07-13 21:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C [File is digitally signed]

    C:\Windows\System32\drivers\atapi.sys
    [2009-07-13 19:19][2009-07-13 21:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C [File is digitally signed]

    C:\Windows\erdnt\cache64\atapi.sys
    [2013-06-18 11:06][2009-07-13 21:52] 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C [File is digitally signed]

    C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.10240.16384_none_e53899c8bc371940\atapi.sys
    [2015-07-10 06:30][2015-07-10 06:30] 0028512 ____A (Microsoft Corporation) 8921DF6060DB5C7700AA48CB12E9EA08 [File is digitally signed]

    C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_5689072091519d03\atapi.sys
    [2015-07-10 06:30][2015-07-10 06:30] 0028512 ____A (Microsoft Corporation) 8921DF6060DB5C7700AA48CB12E9EA08 [File is digitally signed]

    C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\drivers\atapi.sys
    [2015-07-10 06:30][2015-07-10 06:30] 0028512 ____A (Microsoft Corporation) 8921DF6060DB5C7700AA48CB12E9EA08 [File is digitally signed]

    ====== End of Search ======
     
  14. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  15. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    RogueKiller V10.10.4.0 [Sep 4 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : icenhour76 [Administrator]
    Started from : C:\Users\icenhour76\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 09/10/2015 20:02:42

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 10 ¤¤¤
    [Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | ZoneAlarm Windows 10 Upgrader : "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay [x][x] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | ZoneAlarm Windows 10 Upgrader : "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay [x][x] -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | ZoneAlarm Windows 10 Upgrader : "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay [x][x] -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | ZoneAlarm Windows 10 Upgrader : "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay [x][x] -> ERROR [2]
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137} | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137} | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137} | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)]) -> Replaced ()

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST1000DL002-9TT153 ATA Device +++++
    --- User ---
    [MBR] f10bd13662e6ee41b42d50dde31bca48
    [BSP] a6aac6f13a1c6a1ea71c3a6276a59484 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Seagate FreeAgent GoFlex USB Device +++++
    --- User ---
    [MBR] c12da8a36023e8c182bc01060ebb34c3
    [BSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1430796 MB [Windows XP Bootstrap | Windows XP Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  16. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/10/2015
    Scan Time: 8:05 PM
    Logfile: mwab.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.09.10.07
    Rootkit Database: v2015.08.16.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: icenhour76

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 376067
    Time Elapsed: 19 min, 37 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  17. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    # AdwCleaner v5.007 - Logfile created 10/09/2015 at 20:51:30
    # Updated 08/09/2015 by Xplode
    # Database : 2015-09-10.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : icenhour76 - ICENHOUR76-PC
    # Running from : C:\Users\icenhour76\Desktop\adwcleaner_5.007.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk

    ***** [ Files ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP

    ***** [ Web browsers ] *****

    [-] [C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dkpejdfnpdkhifgbancbammdijojoffk

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C14].txt - [975 bytes] ##########
     
  18. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.1 (09.08.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by icenhour76 on Thu 09/10/2015 at 21:06:23.81
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] C:\Users\icenhour76\AppData\Roaming\System
    Successfully deleted: [Folder] C:\Users\icenhour76\AppData\Roaming\wyupdate au



    ~~~ Chrome


    [C:\Users\icenhour76\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\icenhour76\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\icenhour76\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\icenhour76\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 09/10/2015 at 21:12:01.47
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  19. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    There are all those logs
     
  20. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  21. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    ComboFix 15-09-07.01 - icenhour76 09/10/2015 21:24:25.21.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16383.14003 [GMT -4:00]
    Running from: c:\users\icenhour76\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: ZoneAlarm Free Firewall Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\ar\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\bg\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\ca\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\cs\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\da\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\de\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\el\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\en\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\es\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\fi\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\fr\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\gu\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\he\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\hr\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\hu\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\id\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\it\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\ja\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\nb\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\nl\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\pl\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\pt_BR\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\pt_PT\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\ro\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\ru\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\sk\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\sl\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\sr\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\sv\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\te\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\tr\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\uk\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\vi\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\zh_CN\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_locales\zh_TW\messages.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_metadata\computed_hashes.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\_metadata\verified_contents.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\adblock_start_chrome.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\adblock_start_common.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\background.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\bandaids.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\button\popup.css
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\button\popup.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\button\popup.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\CHANGELOG.txt
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\checkupdates.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\chrome_oauth_receiver.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\chrome_oauth_receiver.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\datacollection.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\dropbox-datastores.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\domainset.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\filternormalizer.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\filteroptions.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\filterset.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\filtertypes.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\filtering\myfilters.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\functions.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\gab_question.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\idlehandler.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\delete.gif
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\dropbox1.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\dropbox2.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\dropbox3.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\facebook-sprite.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\gifloader.gif
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\gplus-sprite.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon128.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon16.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon16_grayscale.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon16_grayscale@2x.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon19-grayscale.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon19-whitelisted.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon19.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon24.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon32.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon38-grayscale.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon38-whitelisted.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon38.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\icon48.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\logo.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\check.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\magnifying_glass.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\search-engine-card_no-shadow.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\search-engine-icons.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\search-omnibox-card_no-shadow.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\search\search_engine_select_arrow.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\img\twitter-sprite.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-icons_056b93_256x240.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\jquery-ui.custom.css
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\css\override-page.css
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\jquery-ui.custom.min.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\jquery.cookie.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\jquery\jquery.min.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\LICENSE
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\manifest.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\notificationoverlay.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\customize.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\customize.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\filters.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\filters.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\general.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\general.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\index.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\index.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\options.css
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\support.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\options\support.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\pages\adreport.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\pages\adreport.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\pages\subscribe.css
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\pages\subscribe.html
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\pages\subscribe.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\port.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\punycode.min.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\README.markdown
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\stats.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\survey.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\translators.json
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\blacklisting\blacklistui.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\blacklisting\clickwatcher.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\blacklisting\elementchain.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\blacklisting\overlay.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\blacklisting\rightclick_hook.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\load_jquery_ui.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\send_content_to_back.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\top_open_blacklist_ui.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\uiscripts\top_open_whitelist_ui.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39_0\ytchannel.js
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Preferences
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-08-11 to 2015-09-11 )))))))))))))))))))))))))))))))
    .
    .
    2015-09-11 01:38 . 2015-09-11 01:38 -------- d-----w- c:\users\Public\AppData\Local\temp
    2015-09-11 01:38 . 2015-09-11 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-09-11 01:08 . 2015-09-11 01:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{102274E7-1254-49F7-B3BD-398DED6C3C85}\offreg.4772.dll
    2015-09-10 21:18 . 2015-09-10 21:18 -------- d-----w- c:\program files\Common Files\AV
    2015-09-10 21:11 . 2015-09-10 21:14 -------- d-----w- c:\program files (x86)\CheckPoint
    2015-09-10 21:11 . 2015-09-10 21:11 -------- d-----w- c:\programdata\CheckPoint
    2015-09-10 05:29 . 2015-09-10 23:23 -------- d-----w- C:\FRST
    2015-09-09 23:02 . 2015-09-09 23:02 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{102274E7-1254-49F7-B3BD-398DED6C3C85}\offreg.3248.dll
    2015-09-08 14:36 . 2015-09-08 14:36 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{102274E7-1254-49F7-B3BD-398DED6C3C85}\offreg.4448.dll
    2015-09-08 14:34 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{102274E7-1254-49F7-B3BD-398DED6C3C85}\mpengine.dll
    2015-08-21 11:44 . 2015-08-21 11:44 573048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2015-08-21 11:43 . 2015-08-21 11:43 937592 ----a-w- c:\windows\system32\nvvsvc.exe
    2015-08-21 11:43 . 2015-08-07 04:34 62768 ----a-w- c:\windows\system32\nvshext.dll
    2015-08-21 11:43 . 2015-08-07 04:34 2558768 ----a-w- c:\windows\system32\nvsvcr.dll
    2015-08-21 11:43 . 2015-08-07 04:34 385328 ----a-w- c:\windows\system32\nvmctray.dll
    2015-08-21 11:43 . 2015-08-07 04:34 6883448 ----a-w- c:\windows\system32\nvcpl.dll
    2015-08-21 11:43 . 2015-08-07 04:34 3492144 ----a-w- c:\windows\system32\nvsvc64.dll
    2015-08-21 11:43 . 2015-08-03 10:12 5133709 ----a-w- c:\windows\system32\nvcoproc.bin
    2015-08-21 10:49 . 2015-08-21 10:49 1898128 ----a-w- c:\windows\system32\nvdispco6435362.dll
    2015-08-21 10:49 . 2015-08-21 10:49 1557648 ----a-w- c:\windows\system32\nvdispgenco6435362.dll
    2015-08-21 09:57 . 2015-08-21 09:58 1898104 ----a-w- c:\windows\system32\nvdispco6435560.dll
    2015-08-21 09:57 . 2015-08-21 09:58 1558832 ----a-w- c:\windows\system32\nvdispgenco6435560.dll
    2015-08-21 06:55 . 2015-08-21 06:55 69416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2015-08-21 06:55 . 2015-08-21 06:55 50472 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2015-08-20 22:59 . 2015-08-20 22:59 -------- d-----w- c:\users\icenhour76\AppData\Local\Logitech
    2015-08-20 22:55 . 2015-08-20 22:58 -------- d-----w- c:\program files\Logitech Gaming Software
    2015-08-17 16:33 . 2015-08-17 16:33 -------- d-----w- C:\usb_driver
    2015-08-17 16:25 . 2012-11-06 02:26 1983440 ----a-w- c:\windows\system32\msvcr110d.dll
    2015-08-17 16:17 . 2015-08-17 16:17 -------- d-----w- c:\program files (x86)\YiHiEcigar
    .
    .
    .
     
  22. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-09-11 00:04 . 2014-07-24 20:21 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-09-10 23:54 . 2014-07-21 04:26 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-09-10 03:47 . 2014-01-13 07:51 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-08-21 06:55 . 2013-09-03 11:30 72504 ----a-w- c:\windows\system32\nvaudcap64v.dll
    2015-08-20 22:58 . 2015-06-10 23:33 26912 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
    2015-08-20 22:58 . 2015-06-10 23:33 68384 ----a-w- c:\windows\system32\drivers\LGJoyXlCore.sys
    2015-08-20 22:58 . 2015-06-10 23:33 37408 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
    2015-08-20 22:57 . 2011-12-29 20:34 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2015-08-20 22:57 . 2013-05-31 19:19 1843480 ----a-w- c:\windows\system32\LkmdfCoInst.dll
    2015-08-20 22:57 . 2013-05-30 16:16 64280 ----a-w- c:\windows\system32\drivers\LGSHidFilt.Sys
    2015-08-18 04:44 . 2014-07-24 20:21 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-08-18 04:44 . 2013-07-21 22:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-08-17 23:30 . 2014-07-21 01:07 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2015-08-17 23:30 . 2013-10-30 08:44 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2015-08-17 23:29 . 2014-07-21 01:07 1756608 ----a-w- c:\windows\system32\nvspbridge64.dll
    2015-08-17 23:29 . 2013-10-30 08:44 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
    2015-08-13 22:59 . 2014-09-29 05:56 1048344 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2015-08-12 10:23 . 2012-03-30 04:19 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-08-12 10:23 . 2011-12-29 20:26 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-08-11 07:39 . 2015-08-11 07:39 461792 ----a-w- c:\windows\system32\drivers\vsdatant.sys
    2015-08-05 10:59 . 2014-09-29 05:56 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-08-05 10:59 . 2014-09-29 05:56 150672 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2015-08-05 10:59 . 2014-09-29 05:56 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2015-08-05 10:59 . 2015-08-05 10:59 378880 ----a-w- c:\windows\system32\aswBoot.exe
    2015-08-05 10:59 . 2014-09-29 05:55 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2015-08-05 10:59 . 2014-09-29 05:55 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-08-05 10:59 . 2014-09-29 05:55 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2015-08-05 10:59 . 2014-09-29 05:55 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-08-05 10:58 . 2015-08-05 10:58 43112 ----a-w- c:\windows\avastSS.scr
    2015-08-05 10:58 . 2015-08-05 10:59 115152 ----a-w- c:\windows\system32\drivers\ngvss.sys
    2015-07-20 21:39 . 2015-07-20 21:39 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2015-07-20 21:39 . 2015-07-20 21:39 46080 ----a-w- c:\windows\system32\atmlib.dll
    2015-07-20 21:39 . 2015-07-20 21:39 41984 ----a-w- c:\windows\system32\lpk.dll
    2015-07-20 21:39 . 2015-07-20 21:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2015-07-20 21:39 . 2015-07-20 21:39 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
    2015-07-20 21:39 . 2015-07-20 21:39 25600 ----a-w- c:\windows\SysWow64\lpk.dll
    2015-07-20 21:39 . 2015-07-20 21:39 14336 ----a-w- c:\windows\system32\dciman32.dll
    2015-07-20 21:39 . 2015-07-20 21:39 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
    2015-07-20 21:39 . 2015-07-20 21:39 100864 ----a-w- c:\windows\system32\fontsub.dll
    2015-07-19 14:01 . 2011-12-31 15:03 130333168 ----a-w- c:\windows\system32\MRT.exe
    2015-07-15 01:59 . 2015-07-20 21:39 372224 ----a-w- c:\windows\system32\atmfd.dll
    2015-07-15 01:25 . 2015-07-15 01:25 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2015-07-15 01:25 . 2015-07-15 01:25 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2015-07-15 01:25 . 2015-07-15 01:25 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2015-07-15 01:25 . 2015-07-15 01:25 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2015-07-15 01:25 . 2015-07-15 01:25 720384 ----a-w- c:\windows\system32\ie4uinit.exe
    2015-07-15 01:25 . 2015-07-15 01:25 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2015-07-15 01:25 . 2015-07-15 01:25 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2015-07-15 01:25 . 2015-07-15 01:25 504320 ----a-w- c:\windows\SysWow64\vbscript.dll
    2015-07-15 01:25 . 2015-07-15 01:25 34304 ----a-w- c:\windows\system32\iernonce.dll
    2015-07-15 01:25 . 2015-07-15 01:25 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
    2015-07-15 01:25 . 2015-07-15 01:25 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2015-07-15 01:25 . 2015-07-15 01:25 389832 ----a-w- c:\windows\system32\iedkcs32.dll
    2015-07-15 01:25 . 2015-07-15 01:25 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2015-07-15 01:25 . 2015-07-15 01:25 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2015-07-15 01:25 . 2015-07-15 01:25 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2015-07-15 01:25 . 2015-07-15 01:25 801280 ----a-w- c:\windows\system32\msfeeds.dll
    2015-07-15 01:25 . 2015-07-15 01:25 800768 ----a-w- c:\windows\system32\ieapfltr.dll
    2015-07-15 01:25 . 2015-07-15 01:25 66560 ----a-w- c:\windows\system32\iesetup.dll
    2015-07-15 01:25 . 2015-07-15 01:25 316928 ----a-w- c:\windows\system32\dxtrans.dll
    2015-07-15 01:25 . 2015-07-15 01:25 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
    2015-07-15 01:25 . 2015-07-15 01:25 584192 ----a-w- c:\windows\system32\vbscript.dll
    2015-07-15 01:25 . 2015-07-15 01:25 54784 ----a-w- c:\windows\system32\jsproxy.dll
    2015-07-15 01:25 . 2015-07-15 01:25 1951232 ----a-w- c:\windows\SysWow64\wininet.dll
    2015-07-15 01:25 . 2015-07-15 01:25 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2015-07-15 01:25 . 2015-07-15 01:25 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2015-07-15 01:25 . 2015-07-15 01:25 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2015-07-15 01:25 . 2015-07-15 01:25 490496 ----a-w- c:\windows\system32\dxtmsft.dll
    2015-07-15 01:25 . 2015-07-15 01:25 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2015-07-15 01:25 . 2015-07-15 01:25 816640 ----a-w- c:\windows\system32\jscript.dll
    2015-07-15 01:25 . 2015-07-15 01:25 2427392 ----a-w- c:\windows\system32\wininet.dll
    2015-07-15 01:25 . 2015-07-15 01:25 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2015-07-15 01:25 . 2015-07-15 01:25 199680 ----a-w- c:\windows\system32\msrating.dll
    2015-07-15 01:17 . 2015-07-15 01:17 1545728 ----a-w- c:\windows\system32\urlmon.dll
    2015-07-15 01:17 . 2015-07-15 01:17 615936 ----a-w- c:\windows\system32\ieui.dll
    2015-07-15 01:17 . 2015-07-15 01:17 25193984 ----a-w- c:\windows\system32\mshtml.dll
    2015-07-15 01:17 . 2015-07-15 01:17 14453248 ----a-w- c:\windows\system32\ieframe.dll
    2015-07-15 01:17 . 2015-07-15 01:17 2885632 ----a-w- c:\windows\system32\iertutil.dll
    2015-07-15 01:11 . 2015-07-15 01:11 429568 ----a-w- c:\windows\system32\wksprt.exe
    2015-07-15 01:11 . 2015-07-15 01:11 7077376 ----a-w- c:\windows\system32\mstscax.dll
    2015-07-15 01:11 . 2015-07-15 01:11 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
    2015-07-15 01:11 . 2015-07-15 01:11 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
    2015-07-15 01:11 . 2015-07-15 01:11 62976 ----a-w- c:\windows\system32\tsgqec.dll
    2015-07-15 01:11 . 2015-07-15 01:11 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
    2015-07-15 01:11 . 2015-07-15 01:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
    2015-07-15 01:08 . 2015-07-15 01:08 729088 ----a-w- c:\windows\system32\kerberos.dll
    2015-07-15 01:08 . 2015-07-15 01:08 315392 ----a-w- c:\windows\system32\msv1_0.dll
    2015-07-15 01:08 . 2015-07-15 01:08 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
    2015-07-15 01:08 . 2015-07-15 01:08 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-07-15 01:08 . 2015-07-15 01:08 86528 ----a-w- c:\windows\system32\TSpkg.dll
    2015-07-15 01:08 . 2015-07-15 01:08 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2015-07-15 01:08 . 2015-07-15 01:08 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
    2015-07-15 01:08 . 2015-07-15 01:08 64000 ----a-w- c:\windows\system32\auditpol.exe
    2015-07-15 01:08 . 2015-07-15 01:08 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
    2015-07-15 01:08 . 2015-07-15 01:08 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
    2015-07-15 01:08 . 2015-07-15 01:08 44032 ----a-w- c:\windows\system32\cryptbase.dll
    2015-07-15 01:08 . 2015-07-15 01:08 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
    2015-07-15 01:08 . 2015-07-15 01:08 342016 ----a-w- c:\windows\system32\schannel.dll
    2015-07-15 01:08 . 2015-07-15 01:08 31232 ----a-w- c:\windows\system32\lsass.exe
    2015-07-15 01:08 . 2015-07-15 01:08 309760 ----a-w- c:\windows\system32\ncrypt.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-25 6111824]
    "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2015-01-10 448856]
    "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2015-08-11 134792]
    .
    c:\users\icenhour76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-4 41160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Content Manager Assistant for PlayStation(R).lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-10-15 3526776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
    R2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 L6PODHDBEAN;Service - Line 6 POD HD;c:\windows\system32\Drivers\L6PODHDBEAN64.sys;c:\windows\SYSNATIVE\Drivers\L6PODHDBEAN64.sys [x]
    R3 L6PODX3;L6 POD X3 Service;c:\windows\system32\Drivers\L6PODX364.sys;c:\windows\SYSNATIVE\Drivers\L6PODX364.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
    R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
    R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
    R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
    R3 SaiKF622;SaiKF622;c:\windows\system32\DRIVERS\SaiKF622.sys;c:\windows\SYSNATIVE\DRIVERS\SaiKF622.sys [x]
    R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
    R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys;c:\windows\SYSNATIVE\drivers\MO3v2Driver.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
    S0 ngvss;ngvss; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 LGCoreTemp;Logitech CPU Core Tempurature;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [x]
    S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
    S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
    S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
    S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
    S3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
    S3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
    S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-09-09 22:11 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:23]
    .
    2015-09-11 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-03 20:51]
    .
    2015-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19 19:48]
    .
    2015-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19 19:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-08-05 10:59 778056 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
    "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
    "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-25 13320808]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-17 1710568]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-21 2634872]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2015-01-12 3100440]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2015-08-20 14601160]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137}: NameServer = 208.67.220.222
    FF - ProfilePath - c:\users\icenhour76\AppData\Roaming\Mozilla\Firefox\Profiles\ntebj8uu.default\
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3248671020-3738731255-3598294349-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):a9,02,94,de,50,49,8a,df,05,1a,ed,a5,0a,b0,c7,b5,1b,20,fe,1d,2f,
    48,d7,53,3a,cb,b3,91,d4,69,33,7a,bf,5f,f0,20,af,4c,f2,95,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3248671020-3738731255-3598294349-1001_Classes\Wow6432Node\CLSID\{5edfaf09-d210-4871-96d9-313263d5bf2f}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000083
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,53,4e,1a,5b,76,50,55,59,9d,cc,e7,b1,95,58,29,cd,57,86,fd,49,12,56,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.18"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-09-10 21:41:20
    ComboFix-quarantined-files.txt 2015-09-11 01:41
    ComboFix2.txt 2014-09-27 08:49
    ComboFix3.txt 2014-09-27 04:13
    ComboFix4.txt 2014-09-19 05:56
    ComboFix5.txt 2014-09-28 23:53
    .
    Pre-Run: 37,109,350,400 bytes free
    Post-Run: 37,037,465,600 bytes free
    .
    - - End Of File - - 11D4E9A3E4F747898D6FC2E3F5A298BB
    A36C5E4F47E84449FF07ED3517B43A31
     
  23. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  24. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
    Ran by icenhour76 (administrator) on ICENHOUR76-PC (10-09-2015 21:52:41)
    Running from C:\Users\icenhour76\Desktop
    Loaded Profiles: icenhour76 (Available Profiles: icenhour76)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek)
    HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13320808 2011-10-25] (Realtek Semiconductor)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-21] (NVIDIA Corporation)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2015-01-12] (Logitech, Inc.)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-08-20] (Logitech Inc.)
    HKLM-x32\...\Run: [Zboard] => C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe [182784 2011-02-22] (Ideazon, Inc.)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2015-01-10] (DivX, LLC)
    HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-08-11] (Check Point Software Technologies Ltd.)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-05] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk [2013-12-06]
    ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
    Startup: C:\Users\icenhour76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2012-11-19]
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
    Tcpip\..\Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137}: [NameServer] 208.67.220.222
    Tcpip\..\Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137}: [DhcpNameServer] 10.0.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3248671020-3738731255-3598294349-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-03] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-03] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
    DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\icenhour76\AppData\Roaming\Mozilla\Firefox\Profiles\ntebj8uu.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-03] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-03] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-09-05] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-21] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-21] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
    FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
    FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3248671020-3738731255-3598294349-1001: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll [2012-06-28] (OnLive)
    FF Plugin HKU\S-1-5-21-3248671020-3738731255-3598294349-1001: @plugin.couponnetwork.com/Coupon Print Activator;version=4.5 -> C:\Users\icenhour76\AppData\Roaming\E-centives\NPcolPM460.dll [2011-12-31] (Invenda)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-05-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-05-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-05-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-05-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-05-24] (Apple Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-28]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-12]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com","hxxps://www.yahoo.com/?fr=hp-avast&type=odc179"
    CHR Profile: C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-10]
    CHR Extension: (Google Docs) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-10]
    CHR Extension: (Google Drive) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-10]
    CHR Extension: (Adguard AdBlocker) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-09-10]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-09-09]
    CHR Extension: (YouTube) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-10]
    CHR Extension: (Google Cast) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-09-09]
    CHR Extension: (Classic Games) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2015-09-09]
    CHR Extension: (Guitarist's Reference) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk [2015-09-09]
    CHR Extension: (Adblock Plus) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-09]
    CHR Extension: (Adblock for Youtube™) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-09-10]
    CHR Extension: (Google Search) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-09]
    CHR Extension: (Netflix) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-09-09]
    CHR Extension: (uBlock) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2015-09-09]
    CHR Extension: (Google Sheets) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-10]
    CHR Extension: (Full Screen Weather) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-09-09]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-09-09]
    CHR Extension: (Google Docs Offline) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-10]
    CHR Extension: (Click&Clean) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-09-09]
    CHR Extension: (No Name) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-09-10]
    CHR Extension: (Avast Online Security) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-18]
    CHR Extension: (Crackle) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-09]
    CHR Extension: (Disconnect) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-09-09]
    CHR Extension: (Google Play) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-09-09]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-18]
    CHR Extension: (Monster Force 5) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnalgkbpcpkocdkonfbnghhgjccnnga [2015-09-09]
    CHR Extension: (Click&Clean App) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-09-09]
    CHR Extension: (Gmail) - C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]

    Opera:
    =======
    OPR Extension: (Adblock Plus) - C:\Users\icenhour76\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-09-18]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-05] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-05] (Avast Software)
    S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe [69448 2015-08-18] (Google Inc.)
    S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-21] (NVIDIA Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-08-18] (Malwarebytes Corporation)
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2015-04-17] (Motorola Mobility LLC)
    S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
    S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-21] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-21] (NVIDIA Corporation)
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2015-04-17] (Motorola) [File not signed]
    S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-08-11] (Check Point Software Technologies Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-14] (Check Point Software Technologies, Ltd.)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
    R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-05] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-05] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-05] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-05] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-13] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-05] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-05] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-05] (AVAST Software)
    R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-19] (Disc Soft Ltd)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-06-22] (Glarysoft Ltd)
    S3 L6PODHDBEAN; C:\Windows\System32\Drivers\L6PODHDBEAN64.sys [772864 2015-04-15] (Line 6)
    S3 L6PODX3; C:\Windows\System32\Drivers\L6PODX364.sys [772096 2011-11-30] (Line 6)
    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
    R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-08-20] (Logitech Inc.)
    R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2015-08-20] (Logitech Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-08-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-08-18] (Malwarebytes Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-05] (AVAST Software)
    S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
    R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-21] (NVIDIA Corporation)
    S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2012-02-04] ()
    S3 SaiKF622; C:\Windows\System32\DRIVERS\SaiKF622.sys [140800 2009-06-02] (Saitek)
    R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek)
    R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek)
    S3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [23040 2010-12-17] (Sagatek Co. Ltd.) [File not signed]
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-10] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-05] (Avast Software)
    R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461792 2015-08-11] (Check Point Software Technologies Ltd.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
    S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
    S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
    S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-10 21:52 - 2015-09-10 21:52 - 00026306 _____ C:\Users\icenhour76\Desktop\FRST.txt
    2015-09-10 21:41 - 2015-09-10 21:41 - 00051985 _____ C:\ComboFix.txt
    2015-09-10 21:22 - 2015-09-10 21:22 - 05635119 ____R (Swearware) C:\Users\icenhour76\Desktop\ComboFix.exe
    2015-09-10 21:22 - 2015-09-10 21:22 - 05635119 _____ (Swearware) C:\Users\icenhour76\Downloads\ComboFix (1).exe
    2015-09-10 21:12 - 2015-09-10 21:12 - 00001357 _____ C:\Users\icenhour76\Desktop\JRT.txt
    2015-09-10 21:06 - 2015-09-10 21:06 - 01800104 _____ (Malwarebytes Corporation) C:\Users\icenhour76\Desktop\JRT.exe
    2015-09-10 20:39 - 2015-09-10 20:39 - 00001054 _____ C:\Users\icenhour76\Desktop\mwab.txt
    2015-09-10 19:52 - 2015-09-10 19:52 - 01660416 _____ C:\Users\icenhour76\Desktop\adwcleaner_5.007.exe
    2015-09-10 19:51 - 2015-09-10 19:51 - 01800104 _____ (Malwarebytes Corporation) C:\Users\icenhour76\Desktop\JRT (1).exe
    2015-09-10 19:49 - 2015-09-10 19:49 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\icenhour76\Downloads\mbam-setup-2.1.8.1057.exe
    2015-09-10 19:49 - 2015-09-10 19:49 - 18779208 _____ C:\Users\icenhour76\Desktop\RogueKiller.exe
    2015-09-10 19:49 - 2015-09-10 19:49 - 00000000 ____D C:\Users\icenhour76\Desktop\New folder
    2015-09-10 19:24 - 2015-09-10 19:33 - 00002555 _____ C:\Users\icenhour76\Desktop\Search.txt
    2015-09-10 19:23 - 2015-09-10 19:23 - 02190848 _____ (Farbar) C:\Users\icenhour76\Desktop\FRST64.exe
    2015-09-10 19:23 - 2015-09-10 19:23 - 00000000 ____D C:\Users\icenhour76\Desktop\FRST-OlderVersion
    2015-09-10 19:22 - 2015-09-10 19:22 - 02190848 _____ (Farbar) C:\Users\icenhour76\Downloads\FRST64 (1).exe
    2015-09-10 17:18 - 2015-09-10 17:18 - 00000000 ____D C:\Program Files\Common Files\AV
    2015-09-10 17:15 - 2015-09-10 17:17 - 00430818 _____ C:\Windows\system32\Drivers\vsconfig.xml
    2015-09-10 17:14 - 2015-09-10 17:14 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
    2015-09-10 17:14 - 2015-09-10 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
    2015-09-10 17:11 - 2015-09-10 17:14 - 00000000 ____D C:\Program Files (x86)\CheckPoint
    2015-09-10 17:11 - 2015-09-10 17:11 - 03387352 _____ (Check Point Software Technologies Ltd.) C:\Users\icenhour76\Downloads\zafwSetupWeb_140_508_000 (1).exe
    2015-09-10 17:11 - 2015-09-10 17:11 - 00000000 ____D C:\ProgramData\CheckPoint
    2015-09-10 17:10 - 2015-09-10 17:10 - 03387352 _____ (Check Point Software Technologies Ltd.) C:\Users\icenhour76\Downloads\zafwSetupWeb_140_508_000.exe
    2015-09-10 01:30 - 2015-09-10 01:31 - 00179206 _____ C:\Users\icenhour76\Downloads\Addition.txt
    2015-09-10 01:30 - 2015-09-10 01:31 - 00046383 _____ C:\Users\icenhour76\Downloads\FRST.txt
    2015-09-10 01:29 - 2015-09-10 21:52 - 00000000 ____D C:\FRST
    2015-09-10 01:29 - 2015-09-10 01:29 - 02190336 _____ (Farbar) C:\Users\icenhour76\Downloads\FRST64.exe
    2015-09-10 00:40 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-09-10 00:40 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-09-10 00:40 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-09-10 00:40 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-09-10 00:40 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-09-10 00:40 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
    2015-09-10 00:40 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
    2015-09-10 00:40 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
    2015-09-09 23:47 - 2015-09-09 23:47 - 00000000 ____D C:\Users\icenhour76\Desktop\mbar
    2015-09-09 19:02 - 2015-09-09 19:02 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\icenhour76\Desktop\TDSSKiller.exe
    2015-09-09 19:01 - 2015-09-09 19:01 - 04383777 _____ C:\Users\icenhour76\Desktop\tdsskiller.zip
    2015-09-09 18:45 - 2015-09-10 20:56 - 00000896 _____ C:\Windows\setupact.log
    2015-09-09 18:45 - 2015-09-10 16:48 - 00002178 _____ C:\Windows\PFRO.log
    2015-09-09 18:45 - 2015-09-09 18:45 - 00283448 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-09-09 18:45 - 2015-09-09 18:45 - 00000000 _____ C:\Windows\setuperr.log
    2015-09-09 18:11 - 2015-09-09 18:11 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-09-09 18:11 - 2015-09-09 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-09-09 18:09 - 2015-09-09 18:09 - 00059992 _____ C:\Users\icenhour76\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-09-04 19:23 - 2015-09-04 19:28 - 147484216 _____ (Seagate) C:\Users\icenhour76\Documents\Seagate Dashboard Installer.exe
    2015-09-03 11:34 - 2015-09-03 11:34 - 00178915 _____ C:\Users\icenhour76\Desktop\smdk_fat322.zip
    2015-09-03 11:30 - 2015-09-03 11:31 - 00000000 ____D C:\Users\icenhour76\Desktop\ExtFat32_v2.00
    2015-09-03 11:30 - 2015-09-03 11:30 - 00564213 _____ C:\Users\icenhour76\Desktop\ExtFat32_v2.00.zip
    2015-09-03 10:24 - 2015-09-03 10:25 - 00000000 ____D C:\Users\icenhour76\Desktop\PS4
    2015-08-21 07:44 - 2015-08-21 07:44 - 00573048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-08-21 07:43 - 2015-08-21 07:43 - 00937592 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2015-08-21 07:43 - 2015-08-07 00:34 - 06883448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-08-21 07:43 - 2015-08-07 00:34 - 03492144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2015-08-21 07:43 - 2015-08-07 00:34 - 02558768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2015-08-21 07:43 - 2015-08-07 00:34 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2015-08-21 07:43 - 2015-08-07 00:34 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-08-21 07:43 - 2015-08-03 06:12 - 05133709 _____ C:\Windows\system32\nvcoproc.bin
    2015-08-21 07:40 - 2015-08-21 07:43 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
    2015-08-21 07:40 - 2015-08-21 07:43 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2015-08-21 07:40 - 2015-08-21 07:43 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 22520624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 18540336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 17124832 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 16630096 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 15510112 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 14928048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 14673920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 13656016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 12513288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 12179496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 11076216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-08-21 07:40 - 2015-08-21 07:41 - 03518248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 03106384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 02937648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 02624816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 01104440 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 01063216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 01059960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00985208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00942688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00931448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00177088 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2015-08-21 07:40 - 2015-08-21 07:41 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2015-08-21 07:40 - 2015-08-07 07:06 - 42840184 _____ C:\Windows\system32\nvcompiler.dll
    2015-08-21 07:40 - 2015-08-07 07:06 - 00033050 _____ C:\Windows\system32\nvinfo.pb
    2015-08-21 06:49 - 2015-08-21 06:49 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
    2015-08-21 06:49 - 2015-08-21 06:49 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
    2015-08-21 05:57 - 2015-08-21 05:58 - 01898104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435560.dll
    2015-08-21 05:57 - 2015-08-21 05:58 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435560.dll
    2015-08-21 02:55 - 2015-08-21 02:55 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2015-08-21 02:55 - 2015-08-21 02:55 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2015-08-20 23:43 - 2015-08-20 23:43 - 08667136 _____ C:\Users\icenhour76\Desktop\SCEVMC1.VME
    2015-08-20 23:43 - 2015-08-20 23:43 - 00334591 _____ C:\Users\icenhour76\Desktop\DJKM 2015 STARTER PACK.max
    2015-08-20 18:59 - 2015-08-20 18:59 - 00000000 ____D C:\Users\icenhour76\AppData\Local\Logitech
    2015-08-20 18:55 - 2015-08-20 18:58 - 00000000 ____D C:\Program Files\Logitech Gaming Software
    2015-08-20 18:44 - 2015-08-20 18:46 - 82596072 _____ (Logitech Inc.) C:\Users\icenhour76\Desktop\LGS_8.70.315_x64_Logitech.exe
    2015-08-20 18:37 - 2015-08-20 18:37 - 01164056 _____ (Logitech Inc.) C:\Users\icenhour76\Desktop\G602Flash.exe
    2015-08-18 01:26 - 2015-08-18 01:26 - 01791580 _____ (Malwarebytes Corporation) C:\Users\icenhour76\Downloads\JRT.exe
    2015-08-18 00:23 - 2015-09-10 21:46 - 01339438 _____ C:\Windows\WindowsUpdate.log
    2015-08-17 12:34 - 2015-08-17 12:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01011.Wdf
    2015-08-17 12:33 - 2015-08-17 12:33 - 00000044 _____ C:\Users\icenhour76\Desktop\StdOut_native.txt
    2015-08-17 12:33 - 2015-08-17 12:33 - 00000044 _____ C:\Users\icenhour76\Desktop\StdOut.txt
    2015-08-17 12:33 - 2015-08-17 12:33 - 00000000 ____D C:\usb_driver
    2015-08-17 12:33 - 2015-08-17 12:33 - 00000000 _____ C:\Users\icenhour76\Desktop\Stderr_Native.txt
    2015-08-17 12:33 - 2015-08-17 12:33 - 00000000 _____ C:\Users\icenhour76\Desktop\Stderr.txt
    2015-08-17 12:25 - 2012-11-05 22:26 - 01983440 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110d.dll
    2015-08-17 12:19 - 2015-08-17 12:19 - 00039918 _____ C:\Users\icenhour76\Desktop\SX330-iPV3Li-Upgrade-200W-V1.6-20150623-1435556516.rar
    2015-08-17 12:17 - 2015-08-17 12:17 - 00001051 _____ C:\Users\Public\Desktop\SXi.lnk
    2015-08-17 12:17 - 2015-08-17 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YiHi SXi
    2015-08-17 12:17 - 2015-08-17 12:17 - 00000000 ____D C:\Program Files (x86)\YiHiEcigar
    2015-08-17 01:50 - 2015-08-17 01:50 - 05324377 _____ C:\Users\icenhour76\Desktop\1636 - Pokemon Fire Red (U)(Squirrels).zip
    2015-08-11 03:39 - 2015-08-11 03:39 - 00461792 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-10 21:53 - 2014-01-19 04:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-10 21:41 - 2014-01-16 09:20 - 00000000 ____D C:\Qoobox
    2015-09-10 21:38 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
    2015-09-10 21:23 - 2012-10-25 14:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-09-10 21:22 - 2013-02-14 03:41 - 00000000 ____D C:\ProgramData\TEMP
    2015-09-10 21:14 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-09-10 21:14 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-09-10 21:07 - 2012-09-25 19:44 - 00000000 ____D C:\temp
    2015-09-10 20:58 - 2014-09-29 01:56 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-09-10 20:55 - 2014-01-19 04:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-10 20:55 - 2012-04-03 18:53 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize.job
    2015-09-10 20:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-09-10 20:54 - 2012-02-04 02:06 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-09-10 20:51 - 2013-09-03 20:24 - 00000000 ____D C:\AdwCleaner
    2015-09-10 20:04 - 2014-07-24 16:21 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-09-10 19:54 - 2014-07-21 00:26 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-09-10 17:06 - 2013-02-11 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    2015-09-10 01:17 - 2013-06-18 09:36 - 00000000 ____D C:\Windows\erdnt
    2015-09-10 01:06 - 2013-02-11 23:46 - 00000000 ____D C:\ProgramData\COMODO
    2015-09-10 00:39 - 2013-02-11 23:48 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
    2015-09-10 00:26 - 2014-01-22 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-09-09 23:47 - 2014-01-13 03:51 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-09-09 18:41 - 2014-06-07 16:06 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-09-09 18:18 - 2015-03-23 08:29 - 00000848 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2015-09-09 18:18 - 2015-03-15 04:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2015-09-09 18:18 - 2015-03-15 04:21 - 00000000 ____D C:\Program Files\RogueKiller
    2015-09-09 18:14 - 2014-01-01 20:39 - 00000000 ____D C:\Users\icenhour76\AppData\Local\CrashDumps
    2015-09-09 18:11 - 2011-12-29 16:10 - 00000000 ____D C:\Program Files (x86)\Google
    2015-09-09 18:09 - 2015-04-20 04:27 - 00000000 __SHD C:\Users\icenhour76\AppData\Local\EmieBrowserModeList
    2015-09-09 18:09 - 2014-06-07 16:27 - 00000000 __SHD C:\Users\icenhour76\AppData\Local\EmieUserList
    2015-09-09 18:09 - 2014-06-07 16:27 - 00000000 __SHD C:\Users\icenhour76\AppData\Local\EmieSiteList
    2015-09-05 04:12 - 2012-01-31 05:31 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-09-04 19:28 - 2009-07-14 01:13 - 00897522 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-08-30 10:45 - 2011-12-29 16:13 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2015-08-30 10:45 - 2011-12-29 16:13 - 00000000 ____D C:\Program Files\CCleaner
    2015-08-29 15:48 - 2014-01-19 04:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-08-29 15:48 - 2014-01-19 04:43 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-08-23 21:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-08-21 16:53 - 2012-11-20 00:18 - 00000000 ____D C:\Users\icenhour76\Desktop\Games
    2015-08-21 07:51 - 2012-02-04 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2015-08-21 07:44 - 2012-02-04 22:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2015-08-21 07:43 - 2012-02-04 02:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2015-08-21 07:42 - 2012-02-04 02:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2015-08-21 06:22 - 2015-06-24 11:48 - 00000000 ____D C:\ProgramData\boost_interprocess
    2015-08-21 02:56 - 2013-05-24 16:44 - 00001381 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2015-08-21 02:55 - 2013-09-03 07:30 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2015-08-20 18:58 - 2015-06-10 19:33 - 00068384 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGJoyXlCore.sys
    2015-08-20 18:58 - 2015-06-10 19:33 - 00037408 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGBusEnum.sys
    2015-08-20 18:58 - 2015-06-10 19:33 - 00026912 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGVirHid.sys
    2015-08-20 18:57 - 2013-05-31 15:19 - 01843480 _____ (Logitech, Inc.) C:\Windows\system32\LkmdfCoInst.dll
    2015-08-20 18:57 - 2013-05-30 12:16 - 00064280 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGSHidFilt.Sys
    2015-08-20 18:57 - 2011-12-29 16:34 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
    2015-08-20 18:56 - 2011-12-29 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2015-08-20 18:55 - 2013-12-16 10:44 - 00000000 ____D C:\ProgramData\Package Cache
    2015-08-20 18:53 - 2011-12-29 16:28 - 00000000 ____D C:\Users\icenhour76\AppData\Roaming\Logishrd
    2015-08-19 14:25 - 2014-11-28 22:18 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1411089266
    2015-08-19 14:25 - 2011-12-29 16:03 - 00000000 ____D C:\Program Files (x86)\Opera
    2015-08-18 03:29 - 2011-12-30 07:46 - 00000000 ____D C:\Windows\Panther
    2015-08-18 03:16 - 2015-07-10 09:39 - 00000000 ____D C:\$Windows.~BT
    2015-08-18 02:31 - 2012-04-27 21:35 - 00000000 ____D C:\Windows\Minidump
    2015-08-18 00:44 - 2014-07-24 16:21 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-08-18 00:44 - 2014-07-24 16:21 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-08-18 00:44 - 2014-07-24 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-08-18 00:44 - 2013-07-21 18:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-08-18 00:44 - 2012-02-03 13:19 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2015-08-17 19:30 - 2014-07-20 21:07 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2015-08-17 19:30 - 2013-10-30 04:44 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2015-08-17 19:29 - 2014-07-20 21:07 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2015-08-17 19:29 - 2013-10-30 04:44 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2015-08-17 12:33 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2015-08-15 11:45 - 2011-12-29 23:17 - 00000000 ____D C:\Users\icenhour76\.FBReader
    2015-08-13 18:59 - 2014-09-29 01:56 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2015-08-12 06:23 - 2012-10-25 14:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-08-12 06:23 - 2012-03-30 00:19 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-08-12 06:23 - 2011-12-29 16:26 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2012-05-26 02:13 - 2012-05-26 02:13 - 0074181 _____ () C:\Users\icenhour76\AppData\Roaming\icarus-dxdiag.xml
    2011-12-29 22:29 - 2012-11-16 08:40 - 0007668 _____ () C:\Users\icenhour76\AppData\Local\Resmon.ResmonCfg
    2011-12-31 19:55 - 2011-12-31 19:55 - 0000057 _____ () C:\ProgramData\Ament.ini
    2012-06-17 12:19 - 2012-04-18 12:19 - 0000032 ____R () C:\ProgramData\hash.dat

    Files to move or delete:
    ====================
    C:\ProgramData\hash.dat
    C:\Users\icenhour76\DisplayLink_6.3M1.exe
    C:\Users\icenhour76\Link Paring Tool v3.exe
    C:\Users\icenhour76\RivaTuner224c-[Guru3D.com].exe
    C:\Users\icenhour76\Saitek_Cyborg_V3_Pad_SD6_64_Drivers_pfw.exe
    C:\Users\icenhour76\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
    C:\Users\icenhour76\Smart_Technology_7_0_2_7_64bit.exe
    C:\Users\icenhour76\SUPERAntiSpyware.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-09-01 00:23

    ==================== End of FRST.txt ============================
     
  25. Randy icenhour

    Randy icenhour TS Enthusiast Topic Starter Posts: 162

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
    Ran by icenhour76 (2015-09-10 21:53:11)
    Running from C:\Users\icenhour76\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2011-12-29 19:59:17)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3248671020-3738731255-3598294349-500 - Administrator - Disabled)
    Guest (S-1-5-21-3248671020-3738731255-3598294349-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3248671020-3738731255-3598294349-1002 - Limited - Enabled)
    icenhour76 (S-1-5-21-3248671020-3738731255-3598294349-1001 - Administrator - Enabled) => C:\Users\icenhour76

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: ZoneAlarm Free Firewall Firewall (Disabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
    99 Levels To Hell (HKLM-x32\...\Steam App 264280) (Version: - Zaxis Games)
    Actual Multiple Monitors 3.4.2 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 3.4.2 - Actual Tools)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
    Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
    Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
    Aiseesoft Total Media Converter Platinum 6.3.8 (HKLM-x32\...\{240E8FDB-BF8B-4bc3-963B-B28B7528BEBD}_is1) (Version: - )
    AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
    AnVir Task Manager (HKLM-x32\...\AnVir Task Manager) (Version: - AnVir Software)
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
    ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version: - Spellbound Studios)
    Arcania: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios)
    Armada 2526 Gold Edition (HKLM-x32\...\Steam App 229970) (Version: - )
    Armed and Dangerous (HKLM-x32\...\Steam App 6090) (Version: - Planet Moon Studios)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - BestGameEver)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
    AVG 2012 (Version: 12.0.4031 - AVG Technologies) Hidden
    Aztaka (HKLM-x32\...\Steam App 37100) (Version: - Citeremis)
    Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version: - Overhaul Games)
    Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
    Beyond Divinity (HKLM-x32\...\Steam App 219760) (Version: - )
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.1 - BitRaider, LLC)
    Blade of Darkness (HKLM-x32\...\GOGPACKBLADEOFDARKNESS_is1) (Version: 2.0.0.5 - GOG.com)
    Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
    Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
    Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version: - Rockstar New England)
    Card Hunter (HKLM-x32\...\Steam App 293260) (Version: - Blue Manchu)
    CastleStorm (HKLM-x32\...\Steam App 241410) (Version: - Zen Studios)
    Cave Story+ (HKLM-x32\...\Steam App 200900) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
    Chrome Remote Desktop Host (HKLM-x32\...\{912422D4-0A22-4F70-BF8D-802B4BCD0999}) (Version: 45.0.2454.17 - Google Inc.)
    ComicRack v0.9.155 (HKLM\...\ComicRack) (Version: v0.9.155 - cYo Soft)
    Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{32C46540-7693-49E1-A81E-121B09C8303B}) (Version: 3.00.7187.47 - Sony Computer Entertainment Inc.)
    Cubemen (HKLM-x32\...\Steam App 207250) (Version: - 3 Sprockets)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
    Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - )
    Darwinia (HKLM-x32\...\Steam App 1500) (Version: - Introversion Software)
    DEFCON (HKLM-x32\...\Steam App 1520) (Version: - Introversion Software)
    DEFCON Beta Demo (HKLM-x32\...\Steam App 1523) (Version: - Introversion Software)
    Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version: - )
    Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)
    Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
    Desktop Dungeons (HKLM-x32\...\Steam App 226620) (Version: - QCF Design)
    Deus Ex Human Revolution Augmented Edition Bonus Content (HKLM-x32\...\Steam App 28110) (Version: - )
    Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version: - Eidos)
    Deus Ex: Human Revolution - The Missing Link (HKLM-x32\...\Steam App 201280) (Version: - Eidos Montreal)
    Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)
    Deus Ex: Invisible War (HKLM-x32\...\Steam App 6920) (Version: - Eidos)
    DFOLauncher (HKLM-x32\...\DFO) (Version: - )
    Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Divine Divinity (HKLM-x32\...\Steam App 214170) (Version: - )
    Divinity II: Developer's Cut (HKLM-x32\...\Steam App 219780) (Version: - )
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
    Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - )
    Dungeon Fighter Online (HKLM-x32\...\Steam App 212220) (Version: - )
    Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version: - AMPLITUDE Studios)
    Dungeon Siege 2 (HKLM-x32\...\DungeonSiege2) (Version: - Microsoft)
    Dungeon Siege 2 Broken World (HKLM-x32\...\{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}) (Version: 1.00.0000 - Gas Powered Games)
    Dungeons of Dredmor (HKLM-x32\...\Steam App 98800) (Version: - )
    Earth Defense Force: Insect Armageddon (HKLM-x32\...\Steam App 23530) (Version: - )
    Enclave (HKLM-x32\...\Steam App 253980) (Version: - Topware)
    Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)
    Enhance/MP3 (remove only) (HKLM-x32\...\EnhanceMP3) (Version: - )
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Evil Genius (HKLM-x32\...\Steam App 3720) (Version: - Elixir Studios)
    Evoland (HKLM-x32\...\Steam App 233470) (Version: - )
    Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - )
    Fallen Earth (HKLM-x32\...\Steam App 113420) (Version: - )
    Fallout (HKLM-x32\...\Steam App 38400) (Version: - Black Isle Studios)
    Fallout 2 (HKLM-x32\...\Steam App 38410) (Version: - )
    Fallout 3 (HKLM-x32\...\Steam App 22300) (Version: - Bethesda Softworks)
    Fallout Tactics (HKLM-x32\...\Steam App 38420) (Version: - )
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version: - )
    ffdshow v1.1.3800 [2011-03-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3800.0 - )
    FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
    Fist Puncher (HKLM-x32\...\Steam App 238630) (Version: - Team2Bit)
    Foul Play (HKLM-x32\...\Steam App 244810) (Version: - )
    Freedom Force (HKLM-x32\...\Steam App 8880) (Version: - Irrational Games)
    Freedom Force vs. the 3rd Reich (HKLM-x32\...\Steam App 8890) (Version: - Irrational Games)
    Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version: - )
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - )
    Galactic Civilizations I: Ultimate Edition (HKLM-x32\...\Steam App 214150) (Version: - Stardock Entertainment)
    Galactic Civilizations II: Ultimate Edition (HKLM-x32\...\Steam App 202200) (Version: - Stardock Entertainment)
    Gemini Wars (HKLM-x32\...\Steam App 216130) (Version: - Iceberg Interactive)
    Ghost Master (HKLM-x32\...\Steam App 6200) (Version: - Empire Interactive)
    Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
    God Mode (HKLM-x32\...\Steam App 227480) (Version: - )
    GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
    GOG.com Planescape Torment (HKLM\...\{8f376ce2-c213-4a6c-a329-0b2a7eb2bad8}.sdb) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
    Google Earth (HKLM-x32\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
    Gothic (HKLM-x32\...\Steam App 65540) (Version: - Piranha – Bytes )
    Gothic 3 (HKLM-x32\...\Steam App 39500) (Version: - Piranha – Bytes )
    Gothic 3 Forsaken Gods Enhanced Edition (HKLM-x32\...\Steam App 65600) (Version: - Trine Studios)
    Gothic II: Gold Edition (HKLM-x32\...\Steam App 39510) (Version: - Piranha – Bytes)
    GPGNet (HKLM-x32\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
    Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version: - Positech Games)
    Grim Dawn (HKLM-x32\...\Steam App 219990) (Version: - )
    Grotesque Tactics 2 - Dungeons and Donuts (HKLM-x32\...\Steam App 46570) (Version: - )
    Grotesque Tactics: Evil Heroes (HKLM-x32\...\Steam App 46450) (Version: - Silent Dreams)
    Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
    Hack, Slash, Loot (HKLM-x32\...\Steam App 207430) (Version: - David Williamson)
    Half Minute Hero: Super Mega Neo Climax Ultimate Boy (HKLM-x32\...\Steam App 214830) (Version: - )
    Hammerwatch (HKLM-x32\...\Steam App 239070) (Version: - )
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
    Hero Siege (HKLM-x32\...\Steam App 269210) (Version: - Elias Viglione)
    Heroes of Steel: Tactics RPG (HKLM-x32\...\Steam App 291190) (Version: - Trese Brothers)
    Highborn (HKLM-x32\...\Steam App 209850) (Version: - Jet Set Games)
    Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
    HP Photosmart 6510 series Basic Device Software (HKLM\...\{EB0D4D8B-A604-42D3-84D8-CCAFA75F753E}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
    HP Photosmart 6510 series Product Improvement Study (HKLM\...\{7EC37923-61DD-4C31-A602-8A9F0C5CF2A1}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
    Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
    JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
    Krater (HKLM-x32\...\Steam App 42170) (Version: - )
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Leawo Video Accelerator Version: 4.1.0.1 (HKLM-x32\...\{6D217AEE-2D67-4486-A73D-106C726BCDF1}_is1) (Version: - )
    Legend of Dungeon (HKLM-x32\...\Steam App 238280) (Version: - )
    Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version: - )
    Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
    Live Update 5 (HKLM-x32\...\{36F6E986-D2D1-403C-8BD3-D95EF7BC705D}}_is1) (Version: 5.0.109 - MSI)
    Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Magic DVD Copier V7.1.1 (HKLM-x32\...\Magic DVD Copier_is1) (Version: - Magic DVD Software, Inc.)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Marvel Heroes (HKLM-x32\...\Steam App 226320) (Version: - )
    Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare)
    Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version: - BioWare)
    MechWarrior Online (HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\...\{74d11f91-05cc-44f6-8e49-94fe7f33c79b}) (Version: 1.2.0.0 - Piranha Games Inc.)
    MechWarrior Online (x32 Version: 1.2.0.0 - Piranha Games Inc.) Hidden
    Mercenary Kings (HKLM-x32\...\Steam App 218820) (Version: - Tribute Games Inc.)
    Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - THQ)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games)
    Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
    Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
    Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Multiwinia (HKLM-x32\...\Steam App 1530) (Version: - Introversion Software)
    Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.60 - NVIDIA Corporation)
    NVIDIA 3DTV Play Activation Utility (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DTV) (Version: 266.7 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.13.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.13.6 - NVIDIA Corporation)
    NVIDIA Graphics Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
    NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
    One Way Heroics (HKLM-x32\...\Steam App 266210) (Version: - Smoking WOLF)
    OnLive (HKLM-x32\...\OnLive) (Version: - OnLive)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
    Opera Stable 31.0.1889.174 (HKLM-x32\...\Opera 31.0.1889.174) (Version: 31.0.1889.174 - Opera Software)
    Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - Robot Entertainment)
    Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
    Overlord (HKLM-x32\...\Steam App 11450) (Version: - CodeMasters)
    Overlord II (HKLM-x32\...\Steam App 12810) (Version: - Codemasters)
    Overlord: Raising Hell (HKLM-x32\...\Steam App 12710) (Version: - )
    Painkiller Overdose (HKLM-x32\...\Steam App 3270) (Version: - DreamCatcher)
    Painkiller: Black Edition (HKLM-x32\...\Steam App 39530) (Version: - People Can Fly)
    Painkiller: Resurrection (HKLM-x32\...\Steam App 39560) (Version: - Homegrown Games)
    Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
    PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
    Planescape Torment (HKLM-x32\...\GOGPACKPLANESCAPETORMENT_is1) (Version: 2.0.0.8 - GOG.com)
    PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
    Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap)
    Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
    PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.53.0 - PS3 Media Server)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.4 r1678 - )
    Realizer 1.1 for Winamp (HKLM-x32\...\Realizer 1.1 for Winamp) (Version: - )
    Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - )
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6487 - Realtek Semiconductor Corp.)
    Retrovirus (HKLM-x32\...\Steam App 227800) (Version: - Cadenza Interactive)
    Reus (HKLM-x32\...\Steam App 222730) (Version: - Abbey Games)
    Risen (HKLM-x32\...\Steam App 40300) (Version: - Piranha – Bytes )
    Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - Piranha Bytes)
    Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
    Rocksmith (HKLM-x32\...\Steam App 205190) (Version: - )
    RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
    S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version: - GSC Game World)
    S.T.A.L.K.E.R.: Clear Sky (HKLM-x32\...\Steam App 20510) (Version: - GSC Game World)
    S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version: - GSC Game World)
    Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
    Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
    Sanctum (HKLM-x32\...\Steam App 91600) (Version: - Coffee Stain Studios)
    Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)
    Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - )
    Serious Sam 2 (HKLM-x32\...\Steam App 204340) (Version: - )
    Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam)
    Serious Sam Classic: The First Encounter (HKLM-x32\...\Steam App 41050) (Version: - )
    Serious Sam Classic: The Second Encounter (HKLM-x32\...\Steam App 41060) (Version: - )
    Serious Sam Double D (HKLM-x32\...\Steam App 111600) (Version: - Mommy's Best Games)
    Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version: - Croteam)
    Serious Sam HD: The Second Encounter (HKLM-x32\...\Steam App 41010) (Version: - Croteam)
    Serious Sam: The Random Encounter (HKLM-x32\...\Steam App 201480) (Version: - )
    Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
    SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
    Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version: - Firaxis)
    Sir, You Are Being Hunted (HKLM-x32\...\Steam App 242880) (Version: - )
    Smart Technology Programming Software 7.0.2.7 (HKLM\...\{6D41B4C4-FCD7-4F9B-99B9-A01F63F71F0F}) (Version: 7.0.2.7 - Mad Catz)
    Sol Survivor (HKLM-x32\...\Steam App 45000) (Version: - Cadenza Interactive)
    Solar 2 (HKLM-x32\...\Steam App 97000) (Version: - Murudai)
    South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
    Space Empires IV Deluxe (HKLM-x32\...\Steam App 1610) (Version: - Malfador Machinations)
    Space Empires V (HKLM-x32\...\Steam App 1690) (Version: - Malfador Machinations)
    Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - )
    Space Siege (HKLM-x32\...\Steam App 10530) (Version: - Gas Powered Games)
    SpaceForce: Rogue Universe (HKLM-x32\...\Steam App 3220) (Version: - Provox)
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - SEGA)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
    Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
    Star Wars - Jedi Knight II: Jedi Outcast (HKLM-x32\...\Steam App 6030) (Version: - Raven Software)
    Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
    Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version: - LucasArts)
    Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
    Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - LucasArts)
    Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
    Starpoint Gemini (HKLM-x32\...\Steam App 108110) (Version: - Little Green Man Games)
    State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    STP (HKLM-x32\...\{0B5A201C-A9D3-4596-AAE6-9FD71ED7A5FD}) (Version: 1.0.0 - Dawning.ca)
    Sunless Sea (HKLM-x32\...\Steam App 304650) (Version: - Failbetter Games)
    Supreme Commander (HKLM-x32\...\Steam App 9350) (Version: - )
    Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version: - )
    Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version: - Kerberos Productions)
    Symphony (HKLM-x32\...\GOGPACKSYMPHONY_is1) (Version: 2.0.0.10 - GOG.com)
    System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
    Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version: - Test3 Projects)
    Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
    The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
    The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Softworks)
    The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Softworks)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Incredible Adventures of Van Helsing (HKLM-x32\...\Steam App 215530) (Version: - NeocoreGames)
    The Incredible Adventures of Van Helsing II (HKLM-x32\...\Steam App 272470) (Version: - NeocoreGames)
    The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
    The Witcher 2: Bonus Content (HKLM-x32\...\Steam App 20930) (Version: - )
    The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
    Time Gentlemen, Please! (HKLM-x32\...\Steam App 37400) (Version: - Zombie Cow)
    Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
    Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
    To the Moon (HKLM-x32\...\Steam App 206440) (Version: - )
    Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games, Inc.)
    Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - )
    Tower of Guns (HKLM-x32\...\1207660863_is1) (Version: 2.1.0.9 - GOG.com)
    Tower Wars (HKLM-x32\...\Steam App 214360) (Version: - )
    Two Worlds II (HKLM-x32\...\Steam App 7520) (Version: - Reality Pump Studios)
    Two Worlds II Castle Defense (HKLM-x32\...\Steam App 7530) (Version: - Reality Pump Studios)
    Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version: - Reality Pump Studios)
    UFO: Afterlight (HKLM-x32\...\Steam App 237950) (Version: - Altar Games)
    Unepic (HKLM-x32\...\Steam App 233980) (Version: - Francisco Téllez de Meneses)
    Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version: - Giant Army)
    Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
    Uplink (HKLM-x32\...\Steam App 1510) (Version: - Introversion Software)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
    Vigil: Blood Bitterness (HKLM-x32\...\Steam App 2570) (Version: - Meridian4)
    VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
    VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Wanderlust: Rebirth (HKLM-x32\...\Steam App 211580) (Version: - )
    Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version: - Relic)
    Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic)
    Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic)
    Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic)
    Wasteland Angel (HKLM-x32\...\Steam App 46520) (Version: - Octane Games)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.541 - Nullsoft, Inc)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
    WinUtilities 10.53 Professional Edition (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043009}_is1) (Version: - YL Computing, Inc)
    WinX DVD Ripper Platinum 6.9.2 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
    X-COM: Apocalypse (HKLM-x32\...\Steam App 7660) (Version: - MicroProse)
    X-COM: Enforcer (HKLM-x32\...\Steam App 7770) (Version: - MicroProse)
    X-COM: Interceptor (HKLM-x32\...\Steam App 7730) (Version: - MicroProse)
    X-COM: Terror from the Deep (HKLM-x32\...\Steam App 7650) (Version: - MicroProse)
    X-COM: UFO Defense (HKLM-x32\...\Steam App 7760) (Version: - MicroProse)
    XIII (HKLM-x32\...\XIII_is1) (Version: - GOG.com)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    yBook2 (HKLM-x32\...\yBook2_is1) (Version: - Spacejock Software)
    YiHi SXi (HKLM-x32\...\{83D44CC3-6F2D-4625-A1E7-9C6CA633DA50}) (Version: 2.3.0 - YiHiEcigar)
    Ys I (HKLM-x32\...\Steam App 223810) (Version: - )
    Ys II (HKLM-x32\...\Steam App 223870) (Version: - )
    Ys Origin (HKLM-x32\...\Steam App 207350) (Version: - Falcom)
    Ys: The Oath in Felghana (HKLM-x32\...\Steam App 207320) (Version: - Falcom)
    Z Engine (HKLM-x32\...\{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}) (Version: 2.5.0.30_NA - Ideazon)
    Zafehouse Diaries (HKLM-x32\...\GOGPACKZAFEHOUSEDIARIES_is1) (Version: 2.0.0.3 - GOG.com)
    Zeno Clash (HKLM-x32\...\Steam App 22200) (Version: - ACE Team)
    Zombie Bowl-O-Rama (HKLM-x32\...\Steam App 32160) (Version: - MumboJumbo)
    Zombie Driver (HKLM-x32\...\Steam App 31410) (Version: - EXOR Studios)
    ZoneAlarm Firewall (x32 Version: 14.0.508.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.0.508.000 - Check Point)
    ZoneAlarm Security (x32 Version: 14.0.508.000 - Check Point Software Technologies Ltd.) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3248671020-3738731255-3598294349-1001_Classes\CLSID\{83AC3620-533A-4FEA-902E-88978E9C51E8}\InprocServer32 -> C:\Users\icenhour76\AppData\Roaming\E-centives\BSTIEPrintCtl2PM.dll (Invenda)

    ==================== Restore Points =========================

    10-09-2015 00:40:18 ComboFix created restore point
    10-09-2015 17:03:38 Removed GeekBuddy.
    10-09-2015 21:06:37 JRT Pre-Junkware Removal

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2015-09-10 21:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {116669EB-1D7B-4E01-AEC0-CA2C93F95E45} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: {11FBB195-ED29-4425-A982-420236426DE5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {2B05F928-F4D0-424D-94EF-CC7631585846} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {31332FD8-AF95-44B2-B810-7DAE826370B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: {51C43AB2-2F3E-46F4-8316-2C90891539CE} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2015-04-17] ()
    Task: {53304530-8B46-4882-A4A5-C4ABAA7ECC90} - System32\Tasks\Opera scheduled Autoupdate 1411089266 => C:\Program Files (x86)\Opera\launcher.exe [2015-08-19] (Opera Software)
    Task: {68A2268E-AD9E-43FA-9032-B24DE47AA9F5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {6943994E-753E-4136-B8D2-50F5380A27C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-17] (Adobe Systems Incorporated)
    Task: {81EEC6B2-B43A-481F-B82D-E2DA0642E9E9} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2015-04-17] ()
    Task: {83EFE047-FDEE-47E1-9B63-3A4C9777D837} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
    Task: {8F4499E7-2960-4D62-A2CA-587456606667} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-05] (AVAST Software)
    Task: {90267D06-F92F-4A3A-8ED1-761BA13272F1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {921178A8-6443-4F97-A066-CEC944E874C7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Task: {959C9530-DB6C-44B2-B414-2B2169696B6A} - System32\Tasks\HPCustParticipation HP Photosmart 6510 series => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-05-25] (Hewlett-Packard Co.)
    Task: {A42E3CD8-E866-4328-89E0-EF998B918BC0} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
    Task: {B6A498E9-92FA-41BB-BAA4-F54174E60887} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {C52AD2F5-9B3C-4C6C-AB20-DD1E40EB566C} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
    Task: {CB7B5DE7-3AF4-4192-B8BD-E4C4EFD43046} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {D5A4FBB1-E9E9-4C79-8EE5-BC9814EEDCA1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
    Task: {D6DF9C04-F0B4-4B4B-8DEB-C62EEDB26D20} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
    Task: {F67B994E-B498-4220-BBFC-0F06DF93A894} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    Task: {F94EB559-7C27-4B9A-851D-08819CA0F928} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...