Solved Network problem caused by malware

V

vonvergara

Posts: 20   +0
Incident: All internet connectivity halted to a stop while using the computer, network sharing center only says "no internet access" "connected". Restarted, tried System Restore, scanned using Avira Antivirus, scanned using SUPERAntispyware, nothing worked. Made this thread in safe mode. All help will be appreciated.


First scan of Farbar Recovery Scan Tool (FRST):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Von (administrator) on VON-PC on 25-05-2015 00:37:13
Running from C:\Users\Von\Desktop
Loaded Profiles: Von (Available Profiles: Von)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392872 2011-02-22] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel(R) Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [703088 2010-12-17] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-02-01] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1545584 2011-01-10] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9981888 2015-04-20] ()
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-16] (SUPERAntiSpyware)
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Policies\Explorer: []
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\MountPoints2: F - F:\SETUP.EXE
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\MountPoints2: {0b68aafb-2826-11e3-8d20-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\MountPoints2: {7670b033-cdeb-11e3-95e3-5c260a8383bf} - F:\LG_PC_Programs.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-09] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-830139751-45031778-2959669199-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555
HKU\S-1-5-21-830139751-45031778-2959669199-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Von\AppData\Roaming\Mozilla\Firefox\Profiles\z1tsjag7.default-1424441790278
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-09] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-830139751-45031778-2959669199-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Von\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-830139751-45031778-2959669199-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Von\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-24] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-07] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-07] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Von\AppData\Roaming\Mozilla\Firefox\Profiles\z1tsjag7.default-1424441790278\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-20]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-05-16]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2014-07-01]

Chrome:
=======
CHR Profile: C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-25]
CHR Extension: (Google Drive) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-25]
CHR Extension: (YouTube) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-25]
CHR Extension: (Adblock Plus) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-25]
CHR Extension: (Google Search) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-06]
CHR Extension: (Bookmark Manager) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Hatsune Miku) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigfdicgjnpjkhbnngdfgjfffmdaonfg [2014-03-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (No Name) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-25]
CHR Extension: (Gmail) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) []
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-28] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-02] (NVIDIA Corporation)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) []
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) []
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
S2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1851008 2013-10-10] (Locktime Software)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-02] (NVIDIA Corporation)
S2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [83456 2009-12-29] () []
S2 QDLService2kAlienware; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kAlienware.exe [331512 2010-06-25] (QUALCOMM, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-14] (Sony Mobile Communications)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [87472 2013-06-12] (Locktime Software)
S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-04-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-02] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 00:37 - 2015-05-25 00:37 - 00019036 _____ () C:\Users\Von\Desktop\FRST.txt
2015-05-25 00:37 - 2015-05-25 00:37 - 00000000 ____D () C:\FRST
2015-05-25 00:34 - 2015-05-25 00:34 - 02108416 _____ (Farbar) C:\Users\Von\Desktop\FRST64.exe
2015-05-24 23:56 - 2015-05-24 23:56 - 00000000 ____D () C:\SUPERDelete
2015-05-24 23:55 - 2015-05-24 23:55 - 00000000 ____D () C:\Users\Von\AppData\Roaming\SUPERAntiSpyware.com
2015-05-24 23:54 - 2015-05-24 23:55 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-24 23:54 - 2015-05-24 23:54 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-05-24 23:54 - 2015-05-24 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-05-22 21:28 - 2015-05-22 21:28 - 00007708 _____ () C:\Users\Von\Documents\startup.txt
2015-05-22 13:03 - 2015-05-12 14:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-21 21:13 - 2015-05-21 21:13 - 00000000 ____D () C:\Users\Von\AppData\Local\Locktime
2015-05-21 21:11 - 2015-05-24 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
2015-05-21 21:10 - 2015-05-21 21:10 - 00000000 ____D () C:\Program Files\NetLimiter 3
2015-05-21 21:01 - 2015-05-21 21:09 - 10190344 _____ (Locktime Software) C:\Users\Von\Desktop\netlimiter-3.0.0.11-x64.exe
2015-05-21 20:12 - 2015-05-21 20:12 - 00000000 ____D () C:\Users\Von\AppData\Roaming\Locktime
2015-05-21 20:12 - 2015-05-21 20:12 - 00000000 ____D () C:\ProgramData\Locktime
2015-05-17 12:44 - 2015-05-24 23:59 - 00022360 _____ () C:\Windows\PFRO.log
2015-05-17 12:41 - 2015-05-24 23:24 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-05-17 12:41 - 2015-05-24 23:24 - 00000000 ____D () C:\Windows\system32\NV
2015-05-17 12:41 - 2015-04-09 04:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-17 12:38 - 2015-04-09 08:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 15716232 _____ (NVIDIA Corporation)

continued in next reply


 
C:\Windows\system32\nvopencl.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-17 12:38 - 2015-04-09 08:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 00299664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2015-05-17 12:38 - 2015-04-09 08:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-05-17 12:37 - 2015-05-25 00:27 - 00004080 _____ () C:\Windows\setupact.log
2015-05-17 12:37 - 2015-05-17 12:37 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-17 12:18 - 2015-05-01 21:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 12:18 - 2015-05-01 21:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 12:17 - 2015-04-22 10:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-17 12:17 - 2015-04-22 09:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-17 12:17 - 2015-04-22 01:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-17 12:17 - 2015-04-22 01:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-17 12:17 - 2015-04-22 01:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-17 12:17 - 2015-04-22 00:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-17 12:17 - 2015-04-22 00:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-17 12:17 - 2015-04-22 00:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-17 12:17 - 2015-04-22 00:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-17 12:17 - 2015-04-22 00:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-17 12:17 - 2015-04-22 00:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-17 12:17 - 2015-04-22 00:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-17 12:17 - 2015-04-22 00:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-17 12:17 - 2015-04-22 00:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-17 12:17 - 2015-04-22 00:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-17 12:17 - 2015-04-22 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-17 12:17 - 2015-04-22 00:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-17 12:17 - 2015-04-22 00:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-17 12:17 - 2015-04-22 00:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-17 12:17 - 2015-04-22 00:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-17 12:17 - 2015-04-22 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-17 12:17 - 2015-04-22 00:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-17 12:17 - 2015-04-22 00:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-17 12:17 - 2015-04-22 00:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-17 12:17 - 2015-04-22 00:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-17 12:17 - 2015-04-22 00:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-17 12:17 - 2015-04-22 00:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-17 12:17 - 2015-04-22 00:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-17 12:17 - 2015-04-22 00:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-17 12:17 - 2015-04-22 00:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-17 12:17 - 2015-04-22 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-17 12:17 - 2015-04-22 00:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-17 12:17 - 2015-04-22 00:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-17 12:17 - 2015-04-22 00:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-17 12:17 - 2015-04-22 00:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-17 12:17 - 2015-04-22 00:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-17 12:17 - 2015-04-21 23:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-17 12:17 - 2015-04-21 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-17 12:17 - 2015-04-21 23:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-17 12:17 - 2015-04-21 23:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-17 12:17 - 2015-04-21 23:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-17 12:17 - 2015-04-21 23:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-17 12:17 - 2015-04-21 23:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-17 12:17 - 2015-04-21 23:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-17 12:17 - 2015-04-21 23:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-17 12:17 - 2015-04-21 23:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-17 12:17 - 2015-04-21 23:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-17 12:17 - 2015-04-21 23:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-17 12:17 - 2015-04-21 23:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-17 12:17 - 2015-04-21 23:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-17 12:17 - 2015-04-21 23:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-17 12:17 - 2015-04-21 23:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-17 12:17 - 2015-04-21 23:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-17 12:17 - 2015-04-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-17 12:17 - 2015-04-21 23:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-17 12:17 - 2015-04-21 23:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-17 12:17 - 2015-04-21 23:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-17 12:17 - 2015-04-21 23:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-17 12:17 - 2015-04-21 22:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-17 12:17 - 2015-04-21 22:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-17 12:11 - 2015-05-05 09:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-17 12:11 - 2015-05-05 09:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-17 12:11 - 2015-04-28 03:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-17 12:11 - 2015-04-28 03:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-17 12:11 - 2015-04-28 03:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-17 12:11 - 2015-04-28 03:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-17 12:11 - 2015-04-28 03:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-17 12:11 - 2015-04-28 03:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-17 12:11 - 2015-04-28 03:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-17 12:11 - 2015-04-28 03:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-17 12:11 - 2015-04-28 03:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-17 12:11 - 2015-04-28 03:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-17 12:11 - 2015-04-28 03:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-17 12:11 - 2015-04-28 03:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-17 12:11 - 2015-04-28 03:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-17 12:11 - 2015-04-28 03:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-17 12:11 - 2015-04-28 03:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-17 12:11 - 2015-04-28 03:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-17 12:11 - 2015-04-28 03:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-17 12:11 - 2015-04-28 03:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-17 12:11 - 2015-04-28 03:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-17 12:11 - 2015-04-28 03:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-17 12:11 - 2015-04-28 03:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-17 12:11 - 2015-04-28 03:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-17 12:11 - 2015-04-28 03:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-17 12:11 - 2015-04-28 03:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-17 12:11 - 2015-04-28 03:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-17 12:11 - 2015-04-28 03:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-17 12:11 - 2015-04-28 01:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-17 12:11 - 2015-04-28 01:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-17 12:11 - 2015-04-28 01:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 01:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-17 12:11 - 2015-04-18 11:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-17 12:11 - 2015-04-18 10:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-17 12:09 - 2015-04-20 11:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-17 12:09 - 2015-04-20 11:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-17 12:09 - 2015-04-20 10:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-17 12:09 - 2015-04-20 10:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-17 12:09 - 2015-04-08 11:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-17 12:09 - 2015-04-08 11:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-17 12:09 - 2015-04-08 11:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-17 12:09 - 2015-03-04 12:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-17 12:09 - 2015-03-04 12:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-17 12:09 - 2015-03-04 12:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-17 12:09 - 2015-03-04 12:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-17 12:09 - 2015-03-04 12:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-17 12:09 - 2015-03-04 12:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-17 12:09 - 2015-03-04 12:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-17 12:09 - 2015-02-18 15:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-17 12:09 - 2015-02-18 15:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-17 12:08 - 2015-04-13 11:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-17 12:08 - 2015-01-29 11:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-17 12:08 - 2015-01-29 11:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-16 13:32 - 2015-05-16 13:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 11:32 - 2015-05-25 00:28 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Von
2015-04-27 09:23 - 2015-04-27 09:23 - 00025088 _____ () C:\Users\Von\Documents\Book1.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 00:28 - 2014-03-25 08:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 00:27 - 2013-09-28 08:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-25 00:27 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-25 00:26 - 2013-09-28 08:14 - 01092211 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 00:10 - 2009-07-14 12:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 00:10 - 2009-07-14 12:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 23:56 - 2014-07-01 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-05-24 23:40 - 2014-03-25 08:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 23:34 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-24 23:25 - 2013-09-28 08:14 - 00000000 ____D () C:\Users\Von
2015-05-24 23:24 - 2015-04-09 08:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-24 23:24 - 2015-04-09 08:49 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-24 23:24 - 2010-11-21 15:16 - 00000000 ____D () C:\Windows\ShellNew
2015-05-24 23:23 - 2014-11-11 20:54 - 00000000 ____D () C:\Users\Von\AppData\Roaming\Dev-Cpp
2015-05-24 23:23 - 2014-11-11 20:53 - 00000000 ____D () C:\Dev-Cpp
2015-05-24 23:23 - 2014-03-25 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-24 23:23 - 2013-11-14 05:31 - 00000000 ____D () C:\Program Files (x86)\GarenaLoLPH
2015-05-24 23:23 - 2013-11-07 15:28 - 00000000 ____D () C:\Users\Von\AppData\Roaming\GarenaPlus
2015-05-24 23:23 - 2013-11-07 15:26 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-05-24 23:23 - 2013-09-28 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-24 23:23 - 2013-09-28 08:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-05-24 23:23 - 2013-09-28 08:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-24 23:23 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2015-05-24 23:23 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Help
2015-05-24 23:20 - 2013-09-28 08:34 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-24 23:18 - 2013-09-29 23:10 - 00000000 __RHD () C:\MSOCache
2015-05-21 21:11 - 2013-09-28 09:08 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-05-21 20:21 - 2014-06-30 09:36 - 00000000 ____D () C:\Users\Von\AppData\Local\Adobe
2015-05-20 23:58 - 2014-03-28 12:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-20 12:56 - 2013-09-28 20:51 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000UA.job
2015-05-20 12:38 - 2014-03-07 12:38 - 00000426 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Von).job
2015-05-18 22:35 - 2014-03-25 08:40 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 22:35 - 2014-03-25 08:40 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 17:46 - 2014-07-19 10:12 - 00000000 ____D () C:\Users\Von\AppData\Local\NFS Underground 2
2015-05-18 15:56 - 2013-09-28 20:51 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000Core.job
2015-05-18 10:41 - 2009-07-14 13:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 19:17 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-05-17 13:01 - 2013-11-17 20:49 - 00000000 ____D () C:\Users\Von\Desktop\models
2015-05-17 12:48 - 2013-09-28 08:48 - 00158632 _____ () C:\Users\Von\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-17 12:45 - 2009-07-14 12:45 - 05076848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-17 12:43 - 2010-11-21 15:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 12:43 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-17 12:32 - 2013-12-31 17:55 - 00000000 ____D () C:\Users\Von\AppData\Roaming\BitTorrent
2015-05-17 12:30 - 2015-01-20 06:21 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-05-17 12:29 - 2015-01-20 16:13 - 00000000 ____D () C:\Users\Von\AppData\Local\Razer
2015-05-17 12:29 - 2015-01-20 06:21 - 00000000 ____D () C:\ProgramData\Razer
2015-05-17 12:26 - 2013-10-01 13:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-17 12:20 - 2013-10-01 13:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-17 12:04 - 2013-09-28 09:18 - 00000000 ____D () C:\Users\Von\Desktop\unused icon
2015-05-17 12:03 - 2014-11-30 16:19 - 00000000 ____D () C:\Users\Von\Desktop\the ****
2015-05-17 12:03 - 2014-02-11 16:11 - 00000000 ____D () C:\Users\Von\Desktop\E-Books
2015-05-17 12:01 - 2014-11-13 06:27 - 00000000 ____D () C:\Users\Von\Desktop\txt
2015-05-16 20:26 - 2014-01-16 11:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 12:39 - 2013-11-07 15:28 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2015-05-15 00:03 - 2015-04-12 18:17 - 00000000 ____D () C:\Users\Von\AppData\Roaming\CodeBlocks
2015-05-14 20:48 - 2015-04-10 06:04 - 00000000 ____D () C:\Users\Von\Desktop\bikepics
2015-05-13 18:43 - 2013-10-09 21:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-06 14:26 - 2009-07-14 13:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-05 18:03 - 2013-09-28 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 18:02 - 2013-09-28 09:49 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 18:02 - 2013-09-28 09:49 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-02 00:51 - 2014-06-19 05:23 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-02 00:51 - 2013-10-30 06:08 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-02 00:50 - 2014-06-19 05:23 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-02 00:50 - 2013-10-30 06:08 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-01 15:27 - 2014-02-26 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-01 15:27 - 2013-09-28 08:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-27 14:36 - 2015-01-31 11:14 - 00000000 ____D () C:\Users\Von\AppData\Roaming\vlc
2015-04-27 09:25 - 2013-11-21 21:14 - 00000000 ____D () C:\Users\Von\Desktop\RAS

==================== Files in the root of some directories =======

2014-01-09 21:17 - 2014-01-09 21:17 - 0000132 _____ () C:\Users\Von\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-02-19 16:34 - 2014-02-19 16:42 - 0040248 _____ () C:\Users\Von\AppData\Roaming\ICARE.LOG
2014-09-26 05:52 - 2014-09-26 05:52 - 0045270 _____ () C:\Users\Von\AppData\Roaming\room_v3.dat
2014-04-08 16:35 - 2014-09-09 21:41 - 0007607 _____ () C:\Users\Von\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Von\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 03:21

==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Von at 2015-05-25 00:38:23
Running from C:\Users\Von\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-830139751-45031778-2959669199-500 - Administrator - Disabled)
Guest (S-1-5-21-830139751-45031778-2959669199-501 - Limited - Disabled)
Von (S-1-5-21-830139751-45031778-2959669199-1000 - Administrator - Enabled) => C:\Users\Von

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Algebrator 5.1 rc1 (HKLM-x32\...\Algebrator_is1) (Version: - Softmath Inc)
Alienware Command Center (HKLM-x32\...\InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}) (Version: 2.8.8.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.31.1.8C - )
Alienware On-Screen Display (x32 Version: 0.31.1.8C - ) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2291.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.3.2291.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\BitTorrent) (Version: 7.9.2.34947 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CodeBlocks (HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)
Dell Mobile Broadband Utility (HKLM-x32\...\Dell Mobile Broadband Utility) (Version: 3.00.23.003a - Novatel Wireless)
Dell Mobile Broadband Utility (x32 Version: 3.00.23.003a - Novatel Wireless Inc.) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version: - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Game Dev Tycoon version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version: - Garena Online Pte Ltd.)
Garena Plus (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{857F4F6C-3CEF-4E80-8EB5-2DF65DFD8ED9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM-x32\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet Ink Adv 2060 K110 Product Improvement Study (HKLM\...\{CC25768B-BC3C-4D5D-B511-9BE035616B11}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
i686-4.9.1-posix-dwarf-rt_v3-rev0 (HKLM-x32\...\i686-4.9.1-posix-dwarf-rt_v3-rev0) (Version: - MinGW-W64)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NetLimiter 3 (HKLM-x32\...\NetLimiter 3 3.0.0.11) (Version: 3.0.0.11 - Locktime Software)
NetLimiter 3 (Version: 3.0.0.11 - Locktime Software) Hidden
NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
Qualcomm Gobi 2000 Package for Alienware (HKLM-x32\...\{1AB3D8C5-7FF5-4EF7-B0BB-23346FAEB462}) (Version: 1.1.170 - QUALCOMM)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6291 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.75 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.19.0 - Synaptics Incorporated)
Tunngle - Brio HD Skin version 1.0 (HKLM-x32\...\{FE600607-335B-4CC2-A50D-90EECE0356ED}_is1) (Version: 1.0 - Brioche for the Tunngle.Net Community)
Tunngle version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-830139751-45031778-2959669199-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-830139751-45031778-2959669199-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-830139751-45031778-2959669199-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-830139751-45031778-2959669199-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)

==================== Restore Points =========================

21-05-2015 21:10:33 Installed NetLimiter 3
21-05-2015 21:29:21 Windows Update
24-05-2015 23:14:58 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05D47E72-5238-4F19-B63F-F37C1101BF13} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1A1B2334-F92E-4502-AD12-C89F4257825A} - System32\Tasks\{1BC62905-747B-42B6-BA3A-9CBF3DE1D768} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {2DE8B23B-D3C2-4C50-8F59-E79E4705A78F} - System32\Tasks\HPCustParticipation HP Deskjet Ink Adv 2060 K110 => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {33C10A2B-CF2B-41A0-A6E3-56F78115440A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {40DE6CDB-5DA4-4EEF-8367-D7E9DC64C1B2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {5B6F8F8C-8CEB-4F03-B06E-2E23C72B6C46} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Von) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {622306E4-5CAB-4810-B97A-B5DDEC164721} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {65B117EC-77D2-4541-91BF-3A6FDB8B83D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000UA => C:\Users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-28] (Facebook Inc.)
Task: {8220D173-753C-44A0-85B7-4ED3E4641C24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-25] (Google Inc.)
Task: {8943B938-A461-4A01-A19E-037C3097D567} - System32\Tasks\{A0CE7D9B-D19E-40F5-B5CF-AE148155F9FB} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {8DDB6AC3-C3B2-44F5-AEAB-A50441C47CBB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9E5D03B7-0EB8-45C8-8E1B-54C443788B8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-25] (Google Inc.)
Task: {AD7A7FAC-0AB8-4FC7-9092-DF3346E42666} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BCC9767A-185C-4BD0-B34C-5A288DF20233} - System32\Tasks\gg_uac_daemon_Von => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {BEEB918B-B64C-46D8-B8EF-C14E47A56CA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {E812A54A-B8FD-4897-BBC3-16BA3E56CF4D} - System32\Tasks\{3B78B6E0-AA31-45EE-AF24-6CE3ED0FE1D2} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {F10A80C4-1B11-495A-8B8A-8D658BA0B825} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000Core => C:\Users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-28] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000Core.job => C:\Users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000UA.job => C:\Users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Von).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (Whitelisted) ==============

2011-03-17 05:07 - 2011-03-17 05:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 20:23 - 2010-10-20 20:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-03-17 05:11 - 2011-03-17 05:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 20:45 - 2010-10-20 20:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\dell.com -> dell.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-830139751-45031778-2959669199-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Von\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\startupfolder: C:^Users^Von^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Facebook Update => "C:\Users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{58653F96-35BC-4AAA-9CCE-F840D949778A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9568BE20-2AF7-4453-B915-70612F9514E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A303D73B-69E4-435D-9221-0F5E9F724BED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{17470ABC-D171-4203-8793-E955A0CBE53B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A2BCC203-63C4-4B97-AC38-8EA7E493A4EF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1DDB40A1-FB68-46CD-B76B-9A13DF775FAC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A320C21A-EE96-4DA1-8100-00EAE5F5C29E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{488D747B-F009-476F-A487-C78AFE54D4A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D063A5F0-EE4A-404C-823C-99ABE5117FD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8E7B69DF-304D-447F-B69F-F5C59C2A751D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AEDD88CA-56DF-47F3-9C75-5E8F3B90BF40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A211BEF2-8F83-450D-A012-3279F23A6A7D}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{6F8D76FE-0DA6-460C-80D0-4973D1EE7F08}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe
FirewallRules: [{4E06F173-F951-4299-8055-40F18809AF48}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe
FirewallRules: [TCP Query User{9FF2C89B-DEBA-498F-8DB3-0B6F0113B02E}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{49E9C577-8C29-432F-A274-231B855183AE}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [{C8E92EF7-957D-48BB-BC95-DAFAF1C7D00B}] => (Allow) LPort=8370
FirewallRules: [{7F53EDAD-E6DB-4C65-B38B-CCC9FB3C114A}] => (Allow) LPort=8370
FirewallRules: [{967BF24A-703F-445C-B65D-0E968EF646BF}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{40AB9DF5-8212-4C90-BF02-430612A1F3C7}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{03417E02-5F46-4C12-8397-593C578D68A5}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{B74B279D-BBF1-42C1-ABF1-42139CC342BB}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{A666E49E-63A2-4F6A-ADE0-F0186C8785FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{479B3E4F-D04C-40DD-AC9E-BB8E13D4C48C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CD187C1E-6BC9-48FE-A00A-51902EF82F08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{80160630-1405-4606-845F-4353626ADB23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
 
FirewallRules: [{5FD0A948-29F8-43E8-9719-C7E627427898}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FE8578DD-3D41-4BE5-AF9C-07367BFC109F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7D4EB281-7BCB-49AB-91E8-92010507B32D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FCB3DDAE-D8FE-4567-9BEB-F7EB550C5F11}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{94F60C30-04B2-4E8B-A6F7-449D29D8283F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F0F5BD60-92F7-4EFD-9240-C46E69B2842C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3673D077-FCC7-49AB-94B8-DCE30A819CA3}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{252BD1EC-FEC6-46C4-8DBB-091A45AD64F8}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{ACE8121E-B91E-480F-B3F5-DB94286D892F}] => (Allow) LPort=6925
FirewallRules: [{0C8302FD-F48F-423A-838E-4B5488B9E72C}] => (Allow) LPort=6925
FirewallRules: [{54745310-DFBC-46B4-BA2E-DF678B584A6C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{9077517C-B243-4541-A70B-725A94808C20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EEFE3ED8-641F-4F7B-A5F6-C9EEC2F82C91}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EB1010DA-6D81-4112-87C9-F098C0788651}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{0E2086C7-88BA-4E0A-8855-68616F04D05D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{28F0D1EA-F614-4AB8-B5F2-D948A96D7C08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{26E18846-3789-4870-9EC3-E17A032C92CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{9566D0C5-582E-4B63-A801-96D52A0F4F2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{E8D6E3D3-5426-4B83-A77E-F2E3A37D06DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BBF6E463-AD19-4C25-9080-F687DE63D033}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{983165E9-A51A-41E6-8469-ECAB838B5A49}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{40478DD4-D1F5-4F9E-8B38-F38218B6E35D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{1D0A69EE-AA1A-4734-B3BF-57E83A14313F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EA76F805-11D9-411E-9A07-9D30C7898ACC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{DC789FF5-6B20-4BC2-B89E-61BE9C8C2AE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{17772B98-78AA-4A5F-9D77-67437F1B6518}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{3FBEF94C-AA64-4751-8275-DC8830615AEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5D58F236-D0BF-4538-B8F3-36B0E38B7924}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{2A6C9EC1-75EB-49FB-8BC6-2BF2FEBC3E20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{1BE938BB-5F7F-400E-8E5B-5421CF091DCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{471F6FAF-D776-465D-B075-3A4D0D2F2A63}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{691FFB72-3DF3-48F3-A05B-62CDA84D28F3}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{CBF8F3EC-9B2C-44F4-B997-3A1CABA992CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{1674F97D-17A3-4003-87A0-251384D8CD11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B91AF718-D29A-4776-BE36-64B8330781A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{E71997AA-DB00-4584-B4CD-3BD18B04F2AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{6D96F902-B192-42AF-A0E0-C7D6AF0349BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5CA9723E-BF0D-411E-85AD-1672FD558354}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{885260A3-27F2-4E76-8D4B-8BB79F40F03B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{983BB925-C382-4F1D-8FFB-4DC51D00BBA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{7BF800D6-344D-4CA8-B483-09510ECABD14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{CEA07F35-AF40-4C52-AA5C-E7CE692DBA2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{4FDB5C2C-2EE3-4235-9D79-476DFD4FA90D}] => (Allow) LPort=6966
FirewallRules: [{5FDC0D39-D2D4-4773-8F50-39D671C62513}] => (Allow) LPort=6966
FirewallRules: [{389AFADF-8F49-4EF6-A675-582558F692A3}] => (Allow) LPort=6909
FirewallRules: [{126FF730-E455-4793-B1BB-018370E1EEB3}] => (Allow) LPort=6909
FirewallRules: [{D2B1DC90-F901-4D0C-B392-4C054EC628F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{252202C8-6B3E-40AB-BCFC-048F7F097A0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{6D2E11FD-AA26-4F9E-AD86-F01CFE3BA859}] => (Allow) C:\GarenaDownload\Games\elsph\elsphInstaller.exe
FirewallRules: [{F1CDAA1C-76F8-4DC2-B33A-51F859028E32}] => (Allow) C:\GarenaDownload\Games\elsph\elsphInstaller.exe
FirewallRules: [{C07285F1-F4B6-49DB-B8CA-9FA976FC400B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B354623E-723F-4D99-BFD7-8F1B31CFD78B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EBEA1D4C-CD0F-4C9C-8B28-80047BDD35B8}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [{BA40E2D6-5036-46B2-B155-581E713E3404}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D769075A-2733-436B-8620-36F3E6EF6779}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{E27483EB-7DDB-4F1F-A990-8F7D42A06BD5}C:\users\von\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\von\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{87893D5F-BA85-4167-974B-ED24641E34FF}C:\users\von\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\von\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{54E190A0-DA15-491E-8C1C-4693C6AEA544}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6143CF8E-9CEB-48E1-9894-B397552766A0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{96DDE664-7DD3-4C8C-B6C2-F8F98286571E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{90AAFF99-16FC-4CA1-9858-A9B1E9C037E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{48C5398A-821A-4950-B522-A93A6BF48057}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{ABB48A56-EA03-4F4A-91E7-B2C57351C036}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{FDE7C8BD-89DB-4242-A695-43920F188D56}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E6139464-D412-4424-B73F-2D3DAF0CE126}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5FE71710-0052-4578-805E-6BA101568A51}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{834621D4-420E-4E2C-A7E4-4F76BB8912A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CB007AB2-6C07-4F12-B8FB-795E971500D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7331779E-A471-47C1-81F1-D532219D3F0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5524B4E9-7408-43AA-A994-9926F8C87074}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{5DFA2DB8-2753-42FD-A5E2-0BE35E52A51F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [TCP Query User{CD590199-D9A6-4741-8BEB-64E3DAD5A09C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{61C49713-032B-445B-8D89-EF0C236E4D2C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{C76B5788-F675-48FF-8C88-6376A5070C44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{45FFCDA6-791E-4960-8BC6-ADDAD9D78A75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{6B2A94E3-B7D4-4B04-B06B-F712FBB0B5E9}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{5CF283B3-50B2-4DD7-886F-F2E958D37FFC}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [TCP Query User{E24E57D6-F0CA-4E1E-A17A-1B8CC5E0F9E8}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{4D28E577-3088-4D73-83C6-2AD1F3830D73}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [{EEC9641E-2081-4AF9-A65C-DDBD09CFED77}] => (Allow) LPort=8370
FirewallRules: [{9201CCB2-ACAA-4033-BD8C-CD03FA405644}] => (Allow) LPort=8370
FirewallRules: [{44D31DB0-3C48-4B8A-9FDB-0ECA106D84B7}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{8B4627AA-DAD0-4DC2-B8C5-A700AAAEB140}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{19A89949-5539-4E52-9311-8E7511084A6B}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{3BA7CE4F-EC2E-4288-A863-9F05BBFFC59C}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{B90CF4C4-E4B6-4B2E-A30F-B4C8CE1A2753}] => (Allow) C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{ECA0DF0F-3AC7-4EF5-8EDE-589B56B22BD9}] => (Allow) C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{5DE988C6-9B94-4CAA-82D6-65015AC308A4}] => (Allow) LPort=6963
FirewallRules: [{C3214969-59F4-4FA7-830D-A4A44E22919B}] => (Allow) LPort=6963
FirewallRules: [{38ADB6DD-E299-43B2-AD8A-1F609C2B852A}] => (Allow) LPort=6916
FirewallRules: [{139C95AA-7C5E-47BF-B6E5-0332C332A6BC}] => (Allow) LPort=6916
FirewallRules: [{027D65BC-63AC-428A-903B-72E60C28EBB0}] => (Allow) LPort=6930
FirewallRules: [{A6144774-243E-4194-81C0-182BBFC3D57B}] => (Allow) LPort=6930
FirewallRules: [{65306482-FAEA-4587-B385-DC3644674B08}] => (Allow) C:\Users\Von\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{48E34F3B-7448-4F23-8624-190FB67EE7E6}] => (Allow) LPort=6904
FirewallRules: [{12B01026-9765-40EA-9D08-45CE673A3DE8}] => (Allow) LPort=6904
FirewallRules: [{94C44946-46AB-4EDF-AF15-2CC5E03456F9}] => (Allow) LPort=50248
FirewallRules: [{EFE743C1-82BD-424F-BF4B-049F8C897B33}] => (Allow) LPort=6973
FirewallRules: [{ED389E9E-2846-459D-8C2E-D46BBC94E7BF}] => (Allow) LPort=6973
FirewallRules: [{112E5EAC-91A5-4292-9F12-E9D1104506A6}] => (Allow) LPort=6917
FirewallRules: [{D9AFCE12-2E1C-44B4-ACB2-058EDF07A69F}] => (Allow) LPort=6917
FirewallRules: [{98417FFB-A1CD-4FC8-A967-D03525311A21}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{B5C73753-5775-4A4F-9EE3-6C10E239D83C}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{DBF24938-D5DF-41F7-A39E-8901D88BE6FB}] => (Allow) LPort=6945
FirewallRules: [{9C43A23E-1EB8-4CDF-A4C8-6F007C2BA3AB}] => (Allow) LPort=6945
FirewallRules: [{486040AA-915E-4133-AA4E-6BFDB328F3F0}] => (Allow) LPort=6962
FirewallRules: [{F4A369E8-4B57-4861-8400-98152FD79524}] => (Allow) LPort=6962
FirewallRules: [{95E033FA-3EA7-41E0-9DB6-71E68BBB8936}] => (Allow) LPort=6932
FirewallRules: [{F6BCC76A-0A83-4009-A454-C33CBD73429A}] => (Allow) LPort=6932
FirewallRules: [{89447BEE-1BB0-472D-80EE-879484E9A723}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F2E76DCD-9713-4B70-AD34-AC5E8921E163}] => (Allow) LPort=6992
FirewallRules: [{77C6A06A-B0DE-487F-BB52-8BFC6E8EBC14}] => (Allow) LPort=6992
FirewallRules: [{73E25E22-0543-4C29-B8BA-FC9490978085}] => (Allow) LPort=6981
FirewallRules: [{14842317-F6AA-4791-9444-EDD5C377AA38}] => (Allow) LPort=6981
FirewallRules: [{0CB59091-7280-4BF5-B34F-922E9C31EA79}] => (Allow) LPort=6931
FirewallRules: [{6FAD9FE1-F0C8-49AD-AC59-8CE7031D7D48}] => (Allow) LPort=6931
FirewallRules: [{6A80B20D-5425-4F58-BD20-3B73645AD6B4}] => (Allow) LPort=6961
FirewallRules: [{05275FAE-307E-452C-9A4D-B45368B8748C}] => (Allow) LPort=6961
FirewallRules: [{A586FE12-38CE-4DAC-9F06-19DC8F6A5B70}] => (Allow) LPort=6911
FirewallRules: [{A94B6E2E-E92A-4DD7-B028-2B554C6CB1C1}] => (Allow) LPort=6911
FirewallRules: [{844E309B-9633-4A9D-87AA-FEB285F465DC}] => (Allow) LPort=6926
FirewallRules: [{A63FE3D1-9112-4A38-9127-63CDE2A2FEE5}] => (Allow) LPort=6926
FirewallRules: [{030469B8-F120-4C7B-BBB9-1A28AB537A35}] => (Allow) LPort=6947
FirewallRules: [{D6E3CE0F-083C-4CF3-8132-227655B5BCEC}] => (Allow) LPort=6947
FirewallRules: [{F0FDB410-6514-44F9-859E-B514F3DC49FC}] => (Allow) LPort=6935
FirewallRules: [{5882427E-0FC7-4547-82A2-0E3B6A115211}] => (Allow) LPort=6935
FirewallRules: [{6DC23451-ADC1-4D29-8C6B-C18715584984}] => (Allow) LPort=6980
FirewallRules: [{40C43296-A980-4B41-ABC6-6DA45938B41B}] => (Allow) LPort=6980
FirewallRules: [{805697B2-E8A5-4BA2-AB7B-5C869666922E}] => (Allow) LPort=6937
FirewallRules: [{4BB22DA5-0677-4FCB-8F55-46A6C4F9DABA}] => (Allow) LPort=6937
FirewallRules: [{5C496452-7FC1-4A1E-A39D-6914915B4723}] => (Allow) LPort=6993
FirewallRules: [{397578A4-1D20-4E69-8AAA-18037D7AA9B0}] => (Allow) LPort=6993
FirewallRules: [{DD63B039-B0E1-4DE3-8E3E-C5AE592F578F}] => (Allow) LPort=6893
FirewallRules: [{3758BDB2-FF25-4819-8599-8F4D8A6A7417}] => (Allow) LPort=6893
FirewallRules: [TCP Query User{A783E43F-8054-4494-82E0-E38096BD10F9}C:\users\von\desktop\2k games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\users\von\desktop\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{6E49F92F-7A68-4B05-8A7E-E757DBA11CEA}C:\users\von\desktop\2k games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\users\von\desktop\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{504E67B5-2DC3-4A36-9615-874F38A6B8EB}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{D9CCADFB-513F-44D9-9844-1F6686BECF74}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{735DF379-95BA-4AC1-AC1C-4E9FE06F311A}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{7AED47CB-0506-4561-96A3-96505726F857}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{C0F7BC5D-F4F7-4EAA-972A-E88ADD2D621D}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{37C09FE3-29F2-4DDB-91C5-2EF4BCE6F8E8}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{015998B4-CBAA-4165-9A0B-808C3052131B}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{42E4437B-F99D-410F-9983-E6832DE31B40}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{DFAEB44F-DFAD-4407-9BAB-5252A3D050B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{FB2576E1-328F-41DE-B955-982036F810E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{820D157C-DB9C-4618-AF8E-4FFCA398BD73}] => (Allow) LPort=6934
FirewallRules: [{8377A94C-365A-49E3-9AF4-5319AF6AF238}] => (Allow) LPort=6934
FirewallRules: [{F1433F74-F25A-4FF7-844E-0CCC66DCE386}] => (Allow) LPort=6917
FirewallRules: [{E76A62B4-37A2-4805-99FB-408190CD198A}] => (Allow) LPort=6917
FirewallRules: [{7CE1ED74-7094-4E57-BE31-4E35163727CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ACF35BC8-4E65-4BE7-907F-C68BADE3B4A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E0A56A7-E6E9-4AC1-BD4C-AB9DA92C1BA5}] => (Allow) LPort=6943
FirewallRules: [{AA7C6E52-ACA2-435B-A9BE-1F2B8031A1D2}] => (Allow) LPort=6943
FirewallRules: [{DF04F52F-707C-4459-8B5A-C2CFDE7392CD}] => (Allow) LPort=6903
FirewallRules: [{4870C10D-B36E-4E21-A69C-77AC2E7BC42E}] => (Allow) LPort=6903
FirewallRules: [{A239FED8-C0B5-4FFB-B9A5-86A6804BF2E5}] => (Allow) LPort=6983
FirewallRules: [{B90ED79C-73ED-45EA-8BC9-77001F878C63}] => (Allow) LPort=6983
FirewallRules: [TCP Query User{74AF9D95-E9A3-44F8-8844-0C8475A6C1E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F8817194-DAA8-4968-9170-2538B6DC8F82}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C6F34985-55FD-4A6C-B100-23F3C4F677B6}] => (Allow) LPort=6912
FirewallRules: [{92394650-4C47-4A65-8E0A-2F7BC2B6F15A}] => (Allow) LPort=6912
FirewallRules: [{42C3609E-D66A-4006-BD4E-DF7B5E8BE17B}] => (Allow) LPort=6898
FirewallRules: [{64A2C3B1-BA3F-4DB6-BA15-022C46DC9BC7}] => (Allow) LPort=6898
FirewallRules: [{2157905E-8688-412E-9A9A-DC845A9C79B8}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{20E7FE83-D34A-42BC-A6E4-E74BB7D50E9B}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{8D9EABB0-87FB-469F-B260-0305CFA1ADDB}] => (Allow) LPort=8393
FirewallRules: [{1716DDD2-8FE0-42EF-88D4-97388204ACED}] => (Allow) LPort=8393
FirewallRules: [{4049228A-2FC6-499B-86DA-2D254DFBFD77}] => (Allow) LPort=8390
FirewallRules: [{BF101257-250D-43C5-85D6-14F6FC7CEF06}] => (Allow) LPort=8390
FirewallRules: [{771B2EC3-9611-4B99-B5B8-4B4F3BF9682A}] => (Allow) LPort=6995
FirewallRules: [{034BDB4E-9B1D-4514-9ECD-D8D2BCC027CA}] => (Allow) LPort=6995
FirewallRules: [{F0DBAC5D-C275-41F0-837E-9FB3F0E14582}] => (Allow) LPort=6957
FirewallRules: [{B74BF661-4CBE-4E3C-940C-C27F90C6DA31}] => (Allow) LPort=6957
FirewallRules: [{19459B20-7555-4399-9D6A-CFED71314B41}] => (Allow) LPort=6977
FirewallRules: [{2443C7D6-A00E-47D2-81E6-E12FF3807179}] => (Allow) LPort=6977
FirewallRules: [{0B12DF25-613D-4312-B0DA-7D08BC390523}] => (Allow) LPort=6984
FirewallRules: [{5AF4C62C-F819-4D5C-BCA6-ED2D5B29F191}] => (Allow) LPort=6984
FirewallRules: [{DCD0B873-C984-47E8-97CA-862C81131C17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A8EC008C-AE44-4BE9-B9C3-2858ABEEDF72}] => (Allow) LPort=6961
FirewallRules: [{43617698-1335-42AE-90B8-3B51ACF4C5B2}] => (Allow) LPort=6961
FirewallRules: [{7A55F2AC-2E7B-4DFE-9C36-399F64005630}] => (Allow) LPort=6895
FirewallRules: [{49402942-E979-4F18-9C03-58D50266FBAF}] => (Allow) LPort=6895
FirewallRules: [{C3E7EDC3-BFEC-4BB9-AF78-3074BB7C94F7}] => (Allow) LPort=6941
FirewallRules: [{17F471C8-E256-4CA6-8D77-75771DE86278}] => (Allow) LPort=6941
FirewallRules: [{091506F0-7228-4691-B59D-3CC1979C215C}] => (Allow) LPort=6945
FirewallRules: [{DCAB5DD4-906E-49C0-A5E1-335036CA0EA4}] => (Allow) LPort=6945
FirewallRules: [{E479F68A-43DE-45C8-9FEC-A250973704B1}] => (Allow) LPort=6947
FirewallRules: [{8592B7A6-97A4-453D-87E2-E33C2D793579}] => (Allow) LPort=6947
FirewallRules: [{99367E62-02AF-47A0-9274-10940197AADB}] => (Allow) LPort=6931
FirewallRules: [{574ABA4C-43C1-4A97-942B-A6673D8E9F46}] => (Allow) LPort=6931
FirewallRules: [{C23A28AC-83B9-4A4C-BD1D-515341E919C0}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{6CFECDC8-834E-499F-8D77-A28B03B5908C}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{D68D2256-8BD7-4EB1-A424-475340974F3F}] => (Allow) LPort=8393
FirewallRules: [{AA1F9EB3-1BF9-4BC6-9177-3941AF99B395}] => (Allow) LPort=8393
FirewallRules: [{D64FE8DD-87EA-4441-92BC-43B012848E4F}] => (Allow) LPort=8390
FirewallRules: [{5B5D3E77-4155-4667-8C79-EC889F89C90A}] => (Allow) LPort=8390
FirewallRules: [{2984F6A5-AE20-4168-B243-284C8BFCAEBB}] => (Allow) LPort=6942
FirewallRules: [{475E7905-F739-4175-9624-CC2FD9A87F69}] => (Allow) LPort=6942
FirewallRules: [{D6ED8B4A-ABD3-458C-9124-8FE591AF25F0}] => (Allow) LPort=6915
FirewallRules: [{F068A345-473A-4972-AA68-01A692258FED}] => (Allow) LPort=6915
FirewallRules: [{6D9F4A9A-D961-42B4-A19B-FA29823C7DBD}] => (Allow) LPort=6930
FirewallRules: [{BD0277BF-7A96-4F9A-B1E3-56F26DC2E9F4}] => (Allow) LPort=6930

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 00:33:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 00:29:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 00:01:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 11:53:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 11:47:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 11:44:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

Error: (05/24/2015 11:32:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 448

Start Time: 01d09635eb6622d8

Termination Time: 8

Application Path: C:\Windows\Explorer.EXE

Report Id: 1de8253c-022a-11e5-94f7-9a8fa01c6833

Error: (05/24/2015 11:27:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 11:11:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 10:29:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/25/2015 00:34:50 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (05/25/2015 00:32:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/25/2015 00:32:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/25/2015 00:32:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/25/2015 00:32:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/25/2015 00:32:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/25/2015 00:32:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/25/2015 00:32:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/25/2015 00:32:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/25/2015 00:32:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (05/25/2015 00:33:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 00:29:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 00:01:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 11:53:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 11:47:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 11:44:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

Error: (05/24/2015 11:32:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756744801d09635eb6622d88C:\Windows\Explorer.EXE1de8253c-022a-11e5-94f7-9a8fa01c6833

Error: (05/24/2015 11:27:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 11:11:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 10:29:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 15%
Total physical RAM: 8139.86 MB
Available physical RAM: 6897.47 MB
Total Pagefile: 16277.93 MB
Available Pagefile: 15099.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:520.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1B072A5C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of log ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

I assume you have connection in safe mode with networking, correct?

If so, download following tool in safe mode with networking but run it from normal mode.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
Thanks for the quick reply, my computer is still acting the same as I left it. Anyway, here is the log you asked:


Farbar Service Scanner Version: 17-01-2015
Ran by Von (administrator) on 25-05-2015 at 07:34:25
Running from "C:\Users\Von\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Okay, progress. I did as you have instructed but there was an unexpected error after the operation of Junkware Removal Tool. I couldn't open any program after using JRT so I restarted my computer. Suddenly there was a bluescreen error! (logs provided) Internet connection appeared as "connected" with no problems before the use of JRT, but the problem returned after the Bluescreen error. Here are the logs:

RogueKiller:

RogueKiller V10.6.5.0 [May 20 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Von [Administrator]
Started from : C:\Users\Von\Desktop\RogueKiller.exe
Mode : Delete -- Date : 05/25/2015 12:40:25

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 25 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {8dcb7100-df86-4384-8842-8fa844297b3f} : -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssWd (C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HssWd (C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HssWd (C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe) -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-830139751-45031778-2959669199-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-830139751-45031778-2959669199-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ED7BFFA-305B-44D1-A6D1-2EF38A65D11A} | DhcpNameServer : 10.77.0.254 [X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ED7BFFA-305B-44D1-A6D1-2EF38A65D11A} | DhcpNameServer : 10.77.0.254 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ED7BFFA-305B-44D1-A6D1-2EF38A65D11A} | DhcpNameServer : 10.77.0.254 [(Private Address) (XX)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] z1tsjag7.default-1424441790278 : Hotspot Shield Extension [afproxy@anchorfree.com] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPKT-75PK4T0 +++++
--- User ---
[MBR] 94b18538ecb3df34637640a160dc93d9
[BSP] e6af169705f5792d9694b0ffdad29496 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 715302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05252015_123820.log - RKreport_DEL_05252015_123947.log


MBAM log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/25/2015
Scan Time: 12:49:37 PM
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.25.02
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Von

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367396
Time Elapsed: 11 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller, Quarantined, [86500d8a3b4f2a0c5416c30641c2ce32],

Files: 2
PUP.Optional.OpenCandy, C:\Users\Von\AppData\Roaming\PowerISO\Upgrade\PowerISO6.exe, Quarantined, [c115f6a11c6e75c1551edc739a6c4db3],
PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe, Quarantined, [86500d8a3b4f2a0c5416c30641c2ce32],

Physical Sectors: 0
(No malicious items detected)


(end)

ADWCleaner:

# AdwCleaner v4.205 - Logfile created 25/05/2015 at 13:11:07
# Updated 21/05/2015 by Xplode
# Database : 2015-05-24.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Von - VON-PC
# Running from : C:\Users\Von\Desktop\adwcleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : hshld

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\Coupons
File Deleted : C:\Users\Von\AppData\Roaming\ICARE.LOG

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\Condut
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8555;hxxps=127.0.0.1:8555
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Google Chrome v42.0.2311.152

[C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=f612cf1400000000000068942397016a&toi=16079
[C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://us.yahoo.com/", "hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=48&cc=&mi=f612cf1400000000000068942397016a&toi=16079

*************************

AdwCleaner[R0].txt - [2948 bytes] - [25/05/2015 13:09:57]
AdwCleaner[S0].txt - [2395 bytes] - [25/05/2015 13:11:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2454 bytes] ##########


JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows 7 Home Premium x64
Ran by Von on Mon 05/25/2015 at 13:25:46.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\slimware utilities inc
Successfully deleted: [Folder] C:\Users\Von\appdata\local\slimware utilities inc
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin



~~~ FireFox

Emptied folder: C:\Users\Von\AppData\Roaming\mozilla\firefox\profiles\z1tsjag7.default-1424441790278\minidumps [24 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/25/2015 at 13:28:53.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

BLUESCREEN txt:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 19
BCP1: 0000000000000020
BCP2: FFFFFA8007425458
BCP3: FFFFFA8007425A78
BCP4: 0000000004626BD0
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\052515-24570-01.dmp
C:\Users\Von\AppData\Local\Temp\WER-132148-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
 
redtarget.gif
Download BlueScreenView
Unzip downloaded file.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Did not check if problem was solved after following instructions because ComboFix was supposed to disconnect the internet connection. (Made this reply in safe mode) Anyway, thanks so far! Here are the logs:

BSOD.txt:

==================================================
Dump File : 052515-24570-01.dmp
Crash Time : 5/25/2015 1:32:46 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 00000000`00000020
Parameter 2 : fffffa80`07425458
Parameter 3 : fffffa80`07425a78
Parameter 4 : 00000000`04626bd0
Caused By Driver : ndis.sys
Caused By Address : ndis.sys+4e267
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+748c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\052515-24570-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 311,312
Dump File Time : 5/25/2015 1:33:57 PM
==================================================


Combofix log:

ComboFix 15-05-25.01 - Von 05/26/2015 1:28.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5868 [GMT 8:00]
Running from: c:\users\Von\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Von\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-04-25 to 2015-05-25 )))))))))))))))))))))))))))))))
.
.
2015-05-25 05:25 . 2015-05-25 05:25 -------- d-----w- C:\RegBackup
2015-05-25 05:09 . 2015-05-25 05:11 -------- d-----w- C:\AdwCleaner
2015-05-25 04:48 . 2015-05-25 17:23 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-25 04:47 . 2015-05-25 04:47 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-25 04:47 . 2015-04-14 01:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-25 04:47 . 2015-04-14 01:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-25 04:34 . 2015-05-25 04:34 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-25 04:34 . 2015-05-25 04:43 -------- d-----w- c:\programdata\RogueKiller
2015-05-24 16:37 . 2015-05-24 16:38 -------- d-----w- C:\FRST
2015-05-24 15:56 . 2015-05-24 15:56 -------- d-----w- C:\SUPERDelete
2015-05-24 15:55 . 2015-05-24 15:55 -------- d-----w- c:\users\Von\AppData\Roaming\SUPERAntiSpyware.com
2015-05-24 15:54 . 2015-05-24 15:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-05-22 05:03 . 2015-05-12 06:27 1557648 ----a-w- c:\windows\system32\nvdispgenco6435286.dll
2015-05-21 13:13 . 2015-05-21 13:13 -------- d-----w- c:\users\Von\AppData\Local\Locktime
2015-05-21 13:10 . 2015-05-21 13:10 -------- d-----w- c:\program files\NetLimiter 3
2015-05-21 12:12 . 2015-05-21 12:12 -------- d-----w- c:\users\Von\AppData\Roaming\Locktime
2015-05-21 12:12 . 2015-05-21 12:12 -------- d-----w- c:\programdata\Locktime
2015-05-17 04:41 . 2015-05-24 15:24 -------- d-----w- c:\windows\SysWow64\NV
2015-05-17 04:41 . 2015-05-24 15:24 -------- d-----w- c:\windows\system32\NV
2015-05-17 04:41 . 2015-04-08 20:32 560968 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-05-17 04:18 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 04:18 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 04:11 . 2015-04-27 19:23 1254400 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-17 04:09 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-17 04:08 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-17 04:08 . 2015-01-29 03:19 2543104 ----a-w- c:\windows\system32\wpdshext.dll
2015-05-17 04:08 . 2015-01-29 03:19 1195008 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-05-17 04:08 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-17 04:20 . 2013-10-01 05:11 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 10:02 . 2013-09-28 01:49 152744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-05-05 10:02 . 2013-09-28 01:49 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-05-01 16:51 . 2014-06-18 21:23 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-05-01 16:51 . 2013-10-29 22:08 1316184 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-05-01 16:50 . 2014-06-18 21:23 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-05-01 16:50 . 2013-10-29 22:08 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
2015-04-27 19:04 . 2015-05-17 04:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-15 11:59 . 2014-03-28 04:39 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 11:59 . 2014-03-28 04:39 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 01:37 . 2014-02-19 08:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-09 00:58 . 2013-10-22 13:43 927440 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-04-09 00:58 . 2013-09-28 00:33 3317344 ----a-w- c:\windows\system32\nvapi64.dll
2015-04-09 00:58 . 2013-09-28 00:33 175880 ----a-w- c:\windows\system32\nvinitx.dll
2015-04-09 00:58 . 2013-09-28 00:33 154256 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-04-09 00:58 . 2013-09-28 00:33 12689592 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-04-09 00:58 . 2013-09-28 00:33 1086424 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-04-08 21:30 . 2011-02-18 09:19 6841488 ----a-w- c:\windows\system32\nvcpl.dll
2015-04-08 21:30 . 2011-02-18 09:19 3478344 ----a-w- c:\windows\system32\nvsvc64.dll
2015-04-08 21:30 . 2011-02-18 09:19 936264 ----a-w- c:\windows\system32\nvvsvc.exe
2015-04-08 21:30 . 2011-02-18 09:19 75080 ----a-w- c:\windows\system32\nv3dappshextr.dll
2015-04-08 21:30 . 2011-02-18 09:19 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-04-08 21:30 . 2011-02-18 09:19 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2015-04-08 21:30 . 2011-02-18 09:19 1047696 ----a-w- c:\windows\system32\nv3dappshext.dll
2015-04-08 21:30 . 2011-02-18 09:19 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-04-08 17:52 . 2011-02-18 09:19 4336074 ----a-w- c:\windows\system32\nvcoproc.bin
2015-03-25 03:24 . 2015-04-15 09:18 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 09:18 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 09:18 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 09:18 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 09:18 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 09:18 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 09:18 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 09:18 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 09:18 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 09:18 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 09:18 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 09:18 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 09:18 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 09:18 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 09:18 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 09:18 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 09:17 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 09:17 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 09:17 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 09:17 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 09:17 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 09:17 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 09:17 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 09:17 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-13 19:41 . 2015-03-25 23:51 1557648 ----a-w- c:\windows\system32\nvdispgenco6434788.dll
2015-03-13 19:41 . 2015-03-25 23:51 1896136 ----a-w- c:\windows\system32\nvdispco6434788.dll
2015-03-10 08:30 . 2013-09-28 01:49 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-03-10 03:25 . 2015-04-15 09:17 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 09:17 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 09:17 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 09:17 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 09:17 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 09:17 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 09:17 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 09:17 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-17 04:09 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-17 04:09 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 09:17 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-17 04:09 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-17 04:09 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-17 04:09 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:18 . 2015-04-15 09:17 754688 ----a-w- c:\windows\system32\drivers\http.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-04 1081224]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2015-04-10 455392]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2015-04-20 9981888]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-29 6501656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-02-01 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-01-10 1545584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-05 728312]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-04 1081224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS;c:\windows\SYSNATIVE\DRIVERS\EMSC.SYS [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [x]
S2 QDLService2kAlienware;Qualcomm Gobi 2000 Download Service (Alienware);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kAlienware.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kAlienware.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-14 04:32 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-28 11:59]
.
2015-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000Core.job
- c:\users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-28 12:51]
.
2015-05-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000UA.job
- c:\users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-28 12:51]
.
2015-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-25 00:40]
.
2015-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-25 00:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-01 6602856]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-02-01 2186856]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 703088]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-06-15 12656]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-05-01 1570672]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-01 2685072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Von\AppData\Roaming\Mozilla\Firefox\Profiles\z1tsjag7.default-1424441790278\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Garena Plus\ggdllhost.exe
c:\users\Von\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-05-26 01:43:06 - machine was rebooted
ComboFix-quarantined-files.txt 2015-05-25 17:43
.
Pre-Run: 557,465,001,984 bytes free
Post-Run: 557,003,468,800 bytes free
.
- - End Of File - - D891464DE83AF969AE1FCABFED89E5A9
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
UPDATE: Booted the computer in normal mode, Internet connections showed "no internet access" for a few minutes until I disconnected the LAN cable. After disconnecting and a couple more minutes, Internet connections appeared to be working fine showing "internet acess" but when I open my browsers it doesn't load. Strange. Also notable: It took few tries to boot my computer again in safe mode to make this reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Von (administrator) on VON-PC on 26-05-2015 02:24:14
Running from C:\Users\Von\Desktop
Loaded Profiles: Von (Available Profiles: Von)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Users\Von\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kAlienware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392872 2011-02-22] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel(R) Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [703088 2010-12-17] ()
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-02-01] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1545584 2011-01-10] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9981888 2015-04-20] ()
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [175880 2015-04-09] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-09] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-830139751-45031778-2959669199-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-830139751-45031778-2959669199-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Von\AppData\Roaming\Mozilla\Firefox\Profiles\z1tsjag7.default-1424441790278
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-09] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-830139751-45031778-2959669199-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Von\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-830139751-45031778-2959669199-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Von\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-24] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-07] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-07] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Von\AppData\Roaming\Mozilla\Firefox\Profiles\z1tsjag7.default-1424441790278\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-20]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-05-16]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2014-07-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://us.yahoo.com/
CHR StartupUrls: Default -> "hxxp://us.yahoo.com/", "hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=48&cc=&mi=f612cf1400000000000068942397016a&toi=16079"
CHR Profile: C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-25]
CHR Extension: (Google Drive) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-25]
CHR Extension: (YouTube) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-25]
CHR Extension: (Adblock Plus) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-25]
CHR Extension: (Google Search) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-06]
CHR Extension: (Bookmark Manager) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Hatsune Miku) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigfdicgjnpjkhbnngdfgjfffmdaonfg [2014-03-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-25]
CHR Extension: (Gmail) - C:\Users\Von\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) []
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-28] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-02] (NVIDIA Corporation)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) []
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1851008 2013-10-10] (Locktime Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-02] (NVIDIA Corporation)
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [83456 2009-12-29] () []
R2 QDLService2kAlienware; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kAlienware.exe [331512 2010-06-25] (QUALCOMM, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-14] (Sony Mobile Communications)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [87472 2013-06-12] (Locktime Software)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-04-09] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-25] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 01:45 - 2015-05-26 01:45 - 00025126 _____ () C:\Users\Von\Desktop\ComboFix.txt
2015-05-26 01:43 - 2015-05-26 01:43 - 00025126 _____ () C:\ComboFix.txt
2015-05-26 01:25 - 2015-05-26 01:43 - 00000000 ____D () C:\Qoobox
2015-05-26 01:25 - 2015-05-26 01:43 - 00000000 ____D () C:\ComboFix
2015-05-26 01:25 - 2015-05-26 01:41 - 00000000 ____D () C:\Windows\erdnt
2015-05-26 01:25 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-26 01:25 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-26 01:25 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-26 01:25 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-26 01:25 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-26 01:25 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-26 01:25 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-26 01:25 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-26 01:16 - 2015-05-26 01:16 - 00001854 _____ () C:\Users\Von\Desktop\BSOD.txt
2015-05-26 01:07 - 2015-05-26 01:16 - 00000000 ____D () C:\Users\Von\Desktop\Bluescreenview
2015-05-26 01:07 - 2015-05-26 01:08 - 05628291 ____R (Swearware) C:\Users\Von\Desktop\ComboFix.exe
2015-05-26 01:06 - 2015-05-26 01:06 - 00067310 _____ () C:\Users\Von\Downloads\bluescreenview.zip
2015-05-25 13:39 - 2015-05-25 13:39 - 00000717 _____ () C:\Users\Von\Desktop\error.txt
2015-05-25 13:33 - 2015-05-25 13:33 - 627024087 _____ () C:\Windows\MEMORY.DMP
2015-05-25 13:33 - 2015-05-25 13:33 - 00311312 _____ () C:\Windows\Minidump\052515-24570-01.dmp
2015-05-25 13:33 - 2015-05-25 13:33 - 00000000 ____D () C:\Windows\Minidump
2015-05-25 13:28 - 2015-05-25 13:28 - 00000970 _____ () C:\Users\Von\Desktop\JRT.txt
2015-05-25 13:25 - 2015-05-25 13:25 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-VON-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-25 13:25 - 2015-05-25 13:25 - 00000000 ____D () C:\RegBackup
2015-05-25 13:20 - 2015-05-25 13:20 - 00002538 _____ () C:\Users\Von\Desktop\AdwCleaner[S0].txt
2015-05-25 13:16 - 2015-05-25 13:16 - 00003288 ____N () C:\bootsqm.dat
2015-05-25 13:09 - 2015-05-25 13:11 - 00000000 ____D () C:\AdwCleaner
2015-05-25 13:06 - 2015-05-25 13:08 - 02945770 _____ (Thisisu) C:\Users\Von\Desktop\JRT.exe
2015-05-25 13:06 - 2015-05-25 13:08 - 02223104 _____ () C:\Users\Von\Desktop\adwcleaner_4.205.exe
2015-05-25 12:48 - 2015-05-26 01:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-25 12:47 - 2015-05-25 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-25 12:47 - 2015-05-25 12:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-25 12:47 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-25 12:47 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-25 12:44 - 2015-05-25 12:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Von\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-25 12:42 - 2015-05-25 12:42 - 00005745 _____ () C:\Users\Von\Desktop\RKreport_DEL_05252015_124025.log
2015-05-25 12:34 - 2015-05-25 12:43 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-25 12:34 - 2015-05-25 12:34 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-25 12:29 - 2015-05-25 12:33 - 16986200 _____ () C:\Users\Von\Desktop\RogueKiller.exe
2015-05-25 07:34 - 2015-05-25 07:35 - 00003236 _____ () C:\Users\Von\Desktop\FSS.txt
2015-05-25 07:29 - 2015-05-25 07:29 - 00415232 _____ (Farbar) C:\Users\Von\Desktop\FSS.exe
2015-05-25 00:38 - 2015-05-25 00:38 - 00058684 _____ () C:\Users\Von\Desktop\Addition.txt
2015-05-25 00:37 - 2015-05-26 02:25 - 00023671 _____ () C:\Users\Von\Desktop\FRST.txt
2015-05-25 00:37 - 2015-05-26 02:24 - 00000000 ____D () C:\FRST
2015-05-25 00:34 - 2015-05-25 00:34 - 02108416 _____ (Farbar) C:\Users\Von\Desktop\FRST64.exe
2015-05-24 23:56 - 2015-05-24 23:56 - 00000000 ____D () C:\SUPERDelete
2015-05-24 23:55 - 2015-05-24 23:55 - 00000000 ____D () C:\Users\Von\AppData\Roaming\SUPERAntiSpyware.com
2015-05-24 23:54 - 2015-05-24 23:55 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-24 23:54 - 2015-05-24 23:54 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-05-24 23:54 - 2015-05-24 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-05-22 21:28 - 2015-05-22 21:28 - 00007708 _____ () C:\Users\Von\Documents\startup.txt
2015-05-22 13:03 - 2015-05-12 14:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-21 21:13 - 2015-05-21 21:13 - 00000000 ____D () C:\Users\Von\AppData\Local\Locktime
2015-05-21 21:11 - 2015-05-24 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
2015-05-21 21:10 - 2015-05-21 21:10 - 00000000 ____D () C:\Program Files\NetLimiter 3
2015-05-21 21:01 - 2015-05-21 21:09 - 10190344 _____ (Locktime Software) C:\Users\Von\Desktop\netlimiter-3.0.0.11-x64.exe
2015-05-21 20:12 - 2015-05-21 20:12 - 00000000 ____D () C:\Users\Von\AppData\Roaming\Locktime
2015-05-21 20:12 - 2015-05-21 20:12 - 00000000 ____D () C:\ProgramData\Locktime
2015-05-17 12:44 - 2015-05-26 01:34 - 00024410 _____ () C:\Windows\PFRO.log
2015-05-17 12:41 - 2015-05-24 23:24 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-05-17 12:41 - 2015-05-24 23:24 - 00000000 ____D () C:\Windows\system32\NV
2015-05-17 12:41 - 2015-04-09 04:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-17 12:38 - 2015-04-09 08:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-17 12:38 - 2015-04-09 08:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 01895568 _____ (NVIDIA Corporation)
 
C:\Windows\system32\nvdispco6435012.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 00299664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2015-05-17 12:38 - 2015-04-09 08:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-17 12:38 - 2015-04-09 08:58 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-05-17 12:37 - 2015-05-26 02:22 - 00005536 _____ () C:\Windows\setupact.log
2015-05-17 12:37 - 2015-05-17 12:37 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-17 12:18 - 2015-05-01 21:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 12:18 - 2015-05-01 21:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 12:17 - 2015-04-22 10:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-17 12:17 - 2015-04-22 09:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-17 12:17 - 2015-04-22 01:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-17 12:17 - 2015-04-22 01:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-17 12:17 - 2015-04-22 01:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-17 12:17 - 2015-04-22 00:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-17 12:17 - 2015-04-22 00:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-17 12:17 - 2015-04-22 00:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-17 12:17 - 2015-04-22 00:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-17 12:17 - 2015-04-22 00:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-17 12:17 - 2015-04-22 00:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-17 12:17 - 2015-04-22 00:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-17 12:17 - 2015-04-22 00:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-17 12:17 - 2015-04-22 00:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-17 12:17 - 2015-04-22 00:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-17 12:17 - 2015-04-22 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-17 12:17 - 2015-04-22 00:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-17 12:17 - 2015-04-22 00:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-17 12:17 - 2015-04-22 00:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-17 12:17 - 2015-04-22 00:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-17 12:17 - 2015-04-22 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-17 12:17 - 2015-04-22 00:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-17 12:17 - 2015-04-22 00:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-17 12:17 - 2015-04-22 00:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-17 12:17 - 2015-04-22 00:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-17 12:17 - 2015-04-22 00:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-17 12:17 - 2015-04-22 00:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-17 12:17 - 2015-04-22 00:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-17 12:17 - 2015-04-22 00:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-17 12:17 - 2015-04-22 00:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-17 12:17 - 2015-04-22 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-17 12:17 - 2015-04-22 00:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-17 12:17 - 2015-04-22 00:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-17 12:17 - 2015-04-22 00:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-17 12:17 - 2015-04-22 00:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-17 12:17 - 2015-04-22 00:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-17 12:17 - 2015-04-21 23:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-17 12:17 - 2015-04-21 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-17 12:17 - 2015-04-21 23:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-17 12:17 - 2015-04-21 23:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-17 12:17 - 2015-04-21 23:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-17 12:17 - 2015-04-21 23:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-17 12:17 - 2015-04-21 23:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-17 12:17 - 2015-04-21 23:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-17 12:17 - 2015-04-21 23:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-17 12:17 - 2015-04-21 23:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-17 12:17 - 2015-04-21 23:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-17 12:17 - 2015-04-21 23:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-17 12:17 - 2015-04-21 23:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-17 12:17 - 2015-04-21 23:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-17 12:17 - 2015-04-21 23:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-17 12:17 - 2015-04-21 23:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-17 12:17 - 2015-04-21 23:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-17 12:17 - 2015-04-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-17 12:17 - 2015-04-21 23:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-17 12:17 - 2015-04-21 23:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-17 12:17 - 2015-04-21 23:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-17 12:17 - 2015-04-21 23:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-17 12:17 - 2015-04-21 22:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-17 12:17 - 2015-04-21 22:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-17 12:11 - 2015-05-05 09:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-17 12:11 - 2015-05-05 09:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-17 12:11 - 2015-04-28 03:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-17 12:11 - 2015-04-28 03:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-17 12:11 - 2015-04-28 03:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-17 12:11 - 2015-04-28 03:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-17 12:11 - 2015-04-28 03:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-17 12:11 - 2015-04-28 03:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-17 12:11 - 2015-04-28 03:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-17 12:11 - 2015-04-28 03:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-17 12:11 - 2015-04-28 03:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-17 12:11 - 2015-04-28 03:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 03:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-17 12:11 - 2015-04-28 03:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-17 12:11 - 2015-04-28 03:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-17 12:11 - 2015-04-28 03:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-17 12:11 - 2015-04-28 03:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-17 12:11 - 2015-04-28 03:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-17 12:11 - 2015-04-28 03:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-17 12:11 - 2015-04-28 03:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-17 12:11 - 2015-04-28 03:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-17 12:11 - 2015-04-28 03:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-17 12:11 - 2015-04-28 03:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-17 12:11 - 2015-04-28 03:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-17 12:11 - 2015-04-28 03:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-17 12:11 - 2015-04-28 03:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-17 12:11 - 2015-04-28 03:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-17 12:11 - 2015-04-28 03:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-17 12:11 - 2015-04-28 03:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-17 12:11 - 2015-04-28 03:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-17 12:11 - 2015-04-28 03:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-17 12:11 - 2015-04-28 03:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 02:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-17 12:11 - 2015-04-28 01:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-17 12:11 - 2015-04-28 01:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-17 12:11 - 2015-04-28 01:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 01:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-17 12:11 - 2015-04-28 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-17 12:11 - 2015-04-18 11:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-17 12:11 - 2015-04-18 10:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-17 12:09 - 2015-04-20 11:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-17 12:09 - 2015-04-20 11:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-17 12:09 - 2015-04-20 10:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-17 12:09 - 2015-04-20 10:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-17 12:09 - 2015-04-08 11:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-17 12:09 - 2015-04-08 11:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-17 12:09 - 2015-04-08 11:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-17 12:09 - 2015-03-04 12:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-17 12:09 - 2015-03-04 12:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-17 12:09 - 2015-03-04 12:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-17 12:09 - 2015-03-04 12:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-17 12:09 - 2015-03-04 12:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-17 12:09 - 2015-03-04 12:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-17 12:09 - 2015-03-04 12:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-17 12:09 - 2015-02-18 15:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-17 12:09 - 2015-02-18 15:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-17 12:08 - 2015-04-13 11:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-17 12:08 - 2015-01-29 11:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-17 12:08 - 2015-01-29 11:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-16 13:32 - 2015-05-16 13:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 11:32 - 2015-05-26 02:20 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Von
2015-04-27 09:23 - 2015-04-27 09:23 - 00025088 _____ () C:\Users\Von\Documents\Book1.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 02:20 - 2014-03-25 08:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 02:19 - 2013-09-28 08:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-26 02:19 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 02:04 - 2013-09-28 08:14 - 01151454 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 01:58 - 2014-03-28 12:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 01:46 - 2009-07-14 12:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-26 01:46 - 2009-07-14 12:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-26 01:43 - 2014-03-25 08:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 01:37 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-25 12:47 - 2014-02-19 16:26 - 00000000 ____D () C:\Users\Von\AppData\Roaming\Malwarebytes
2015-05-25 12:47 - 2014-02-19 16:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-24 23:34 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-24 23:25 - 2013-09-28 08:14 - 00000000 ____D () C:\Users\Von
2015-05-24 23:24 - 2015-04-09 08:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-24 23:24 - 2015-04-09 08:49 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-24 23:24 - 2010-11-21 15:16 - 00000000 ____D () C:\Windows\ShellNew
2015-05-24 23:23 - 2014-11-11 20:54 - 00000000 ____D () C:\Users\Von\AppData\Roaming\Dev-Cpp
2015-05-24 23:23 - 2014-11-11 20:53 - 00000000 ____D () C:\Dev-Cpp
2015-05-24 23:23 - 2014-03-25 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-24 23:23 - 2013-11-14 05:31 - 00000000 ____D () C:\Program Files (x86)\GarenaLoLPH
2015-05-24 23:23 - 2013-11-07 15:28 - 00000000 ____D () C:\Users\Von\AppData\Roaming\GarenaPlus
2015-05-24 23:23 - 2013-11-07 15:26 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-05-24 23:23 - 2013-09-28 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-24 23:23 - 2013-09-28 08:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-05-24 23:23 - 2013-09-28 08:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-24 23:23 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2015-05-24 23:23 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Help
2015-05-24 23:20 - 2013-09-28 08:34 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-24 23:18 - 2013-09-29 23:10 - 00000000 ___RD () C:\MSOCache
2015-05-21 20:21 - 2014-06-30 09:36 - 00000000 ____D () C:\Users\Von\AppData\Local\Adobe
2015-05-20 12:56 - 2013-09-28 20:51 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000UA.job
2015-05-18 22:35 - 2014-03-25 08:40 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 22:35 - 2014-03-25 08:40 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 17:46 - 2014-07-19 10:12 - 00000000 ____D () C:\Users\Von\AppData\Local\NFS Underground 2
2015-05-18 15:56 - 2013-09-28 20:51 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000Core.job
2015-05-18 10:41 - 2009-07-14 13:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 19:17 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-05-17 13:01 - 2013-11-17 20:49 - 00000000 ____D () C:\Users\Von\Desktop\models
2015-05-17 12:48 - 2013-09-28 08:48 - 00158632 _____ () C:\Users\Von\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-17 12:45 - 2009-07-14 12:45 - 05076848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-17 12:43 - 2010-11-21 15:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 12:43 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-17 12:32 - 2013-12-31 17:55 - 00000000 ____D () C:\Users\Von\AppData\Roaming\BitTorrent
2015-05-17 12:30 - 2015-01-20 06:21 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-05-17 12:29 - 2015-01-20 16:13 - 00000000 ____D () C:\Users\Von\AppData\Local\Razer
2015-05-17 12:29 - 2015-01-20 06:21 - 00000000 ____D () C:\ProgramData\Razer
2015-05-17 12:26 - 2013-10-01 13:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-17 12:20 - 2013-10-01 13:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-17 12:04 - 2013-09-28 09:18 - 00000000 ____D () C:\Users\Von\Desktop\unused icon
2015-05-17 12:03 - 2014-11-30 16:19 - 00000000 ____D () C:\Users\Von\Desktop\the ****
2015-05-17 12:03 - 2014-02-11 16:11 - 00000000 ____D () C:\Users\Von\Desktop\E-Books
2015-05-17 12:01 - 2014-11-13 06:27 - 00000000 ____D () C:\Users\Von\Desktop\txt
2015-05-16 20:26 - 2014-01-16 11:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 12:39 - 2013-11-07 15:28 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2015-05-15 00:03 - 2015-04-12 18:17 - 00000000 ____D () C:\Users\Von\AppData\Roaming\CodeBlocks
2015-05-14 20:48 - 2015-04-10 06:04 - 00000000 ____D () C:\Users\Von\Desktop\bikepics
2015-05-13 18:43 - 2013-10-09 21:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-06 14:26 - 2009-07-14 13:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-05 18:03 - 2013-09-28 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 18:02 - 2013-09-28 09:49 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 18:02 - 2013-09-28 09:49 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-02 00:51 - 2014-06-19 05:23 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-02 00:51 - 2013-10-30 06:08 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-02 00:50 - 2014-06-19 05:23 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-02 00:50 - 2013-10-30 06:08 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-01 15:27 - 2014-02-26 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-01 15:27 - 2013-09-28 08:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-27 14:36 - 2015-01-31 11:14 - 00000000 ____D () C:\Users\Von\AppData\Roaming\vlc
2015-04-27 09:25 - 2013-11-21 21:14 - 00000000 ____D () C:\Users\Von\Desktop\RAS

==================== Files in the root of some directories =======

2014-01-09 21:17 - 2014-01-09 21:17 - 0000132 _____ () C:\Users\Von\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-09-26 05:52 - 2014-09-26 05:52 - 0045270 _____ () C:\Users\Von\AppData\Roaming\room_v3.dat
2014-04-08 16:35 - 2014-09-09 21:41 - 0007607 _____ () C:\Users\Von\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Von\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 03:21

==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Von at 2015-05-26 02:25:42
Running from C:\Users\Von\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-830139751-45031778-2959669199-500 - Administrator - Disabled)
Guest (S-1-5-21-830139751-45031778-2959669199-501 - Limited - Disabled)
Von (S-1-5-21-830139751-45031778-2959669199-1000 - Administrator - Enabled) => C:\Users\Von

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Algebrator 5.1 rc1 (HKLM-x32\...\Algebrator_is1) (Version: - Softmath Inc)
Alienware Command Center (HKLM-x32\...\InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}) (Version: 2.8.8.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.31.1.8C - )
Alienware On-Screen Display (x32 Version: 0.31.1.8C - ) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2291.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.3.2291.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\BitTorrent) (Version: 7.9.2.34947 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CodeBlocks (HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)
Dell Mobile Broadband Utility (HKLM-x32\...\Dell Mobile Broadband Utility) (Version: 3.00.23.003a - Novatel Wireless)
Dell Mobile Broadband Utility (x32 Version: 3.00.23.003a - Novatel Wireless Inc.) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version: - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Game Dev Tycoon version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version: - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{857F4F6C-3CEF-4E80-8EB5-2DF65DFD8ED9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM-x32\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet Ink Adv 2060 K110 Product Improvement Study (HKLM\...\{CC25768B-BC3C-4D5D-B511-9BE035616B11}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
i686-4.9.1-posix-dwarf-rt_v3-rev0 (HKLM-x32\...\i686-4.9.1-posix-dwarf-rt_v3-rev0) (Version: - MinGW-W64)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NetLimiter 3 (HKLM-x32\...\NetLimiter 3 3.0.0.11) (Version: 3.0.0.11 - Locktime Software)
NetLimiter 3 (Version: 3.0.0.11 - Locktime Software) Hidden
NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
Qualcomm Gobi 2000 Package for Alienware (HKLM-x32\...\{1AB3D8C5-7FF5-4EF7-B0BB-23346FAEB462}) (Version: 1.1.170 - QUALCOMM)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6291 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.75 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.19.0 - Synaptics Incorporated)
Tunngle - Brio HD Skin version 1.0 (HKLM-x32\...\{FE600607-335B-4CC2-A50D-90EECE0356ED}_is1) (Version: 1.0 - Brioche for the Tunngle.Net Community)
Tunngle version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-830139751-45031778-2959669199-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-830139751-45031778-2959669199-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-830139751-45031778-2959669199-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-830139751-45031778-2959669199-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)

==================== Restore Points =========================

21-05-2015 21:10:33 Installed NetLimiter 3
21-05-2015 21:29:21 Windows Update
24-05-2015 23:14:58 Restore Operation
26-05-2015 01:25:49 ComboFix created restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2015-05-26 01:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05D47E72-5238-4F19-B63F-F37C1101BF13} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1A1B2334-F92E-4502-AD12-C89F4257825A} - System32\Tasks\{1BC62905-747B-42B6-BA3A-9CBF3DE1D768} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {2DE8B23B-D3C2-4C50-8F59-E79E4705A78F} - System32\Tasks\HPCustParticipation HP Deskjet Ink Adv 2060 K110 => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {33C10A2B-CF2B-41A0-A6E3-56F78115440A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {40DE6CDB-5DA4-4EEF-8367-D7E9DC64C1B2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {622306E4-5CAB-4810-B97A-B5DDEC164721} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {65B117EC-77D2-4541-91BF-3A6FDB8B83D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000UA => C:\Users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-28] (Facebook Inc.)
Task: {7BE0E55C-8D3E-46C8-8F2C-1B274305FE49} - System32\Tasks\gg_uac_daemon_Von => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {8220D173-753C-44A0-85B7-4ED3E4641C24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-25] (Google Inc.)
Task: {8943B938-A461-4A01-A19E-037C3097D567} - System32\Tasks\{A0CE7D9B-D19E-40F5-B5CF-AE148155F9FB} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {8DDB6AC3-C3B2-44F5-AEAB-A50441C47CBB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9E5D03B7-0EB8-45C8-8E1B-54C443788B8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-25] (Google Inc.)
Task: {AD7A7FAC-0AB8-4FC7-9092-DF3346E42666} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BEEB918B-B64C-46D8-B8EF-C14E47A56CA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {E812A54A-B8FD-4897-BBC3-16BA3E56CF4D} - System32\Tasks\{3B78B6E0-AA31-45EE-AF24-6CE3ED0FE1D2} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {F10A80C4-1B11-495A-8B8A-8D658BA0B825} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000Core => C:\Users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-28] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000Core.job => C:\Users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830139751-45031778-2959669199-1000UA.job => C:\Users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-11-02 17:58 - 2010-11-02 17:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-09-28 14:15 - 2015-04-09 05:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-17 05:07 - 2011-03-17 05:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 20:23 - 2010-10-20 20:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-24 10:16 - 2015-01-20 20:20 - 00055896 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2010-11-02 17:58 - 2010-11-02 17:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-09-28 08:40 - 2010-12-17 15:27 - 00703088 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2013-09-28 08:29 - 2011-03-14 15:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-10-24 10:16 - 2015-04-20 19:07 - 09981888 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
2014-05-17 06:34 - 2014-05-17 06:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2014-09-14 18:06 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2011-01-10 21:16 - 2011-01-10 21:16 - 01545584 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
2009-12-29 21:35 - 2009-12-29 21:35 - 00083456 _____ () C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
2013-10-24 10:17 - 2015-04-20 19:07 - 00865728 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2013-10-22 21:43 - 2015-04-09 08:58 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-31 22:28 - 2015-05-02 00:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-09-14 18:06 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-09-14 18:06 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-09-14 18:06 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-09-14 18:06 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2014-07-09 16:35 - 2014-07-09 16:35 - 00644096 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-10-24 10:16 - 2015-01-20 20:20 - 00111192 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2013-10-24 10:16 - 2015-01-20 20:20 - 00040024 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2013-10-24 11:30 - 2015-05-14 22:06 - 00034752 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2013-10-24 10:16 - 2015-01-20 20:20 - 00057944 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00093784 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2013-10-24 10:16 - 2015-01-20 20:20 - 00493656 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00031832 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00177240 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00380504 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00191064 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2013-10-24 10:17 - 2015-01-20 20:20 - 00226392 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00112728 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00964696 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00061528 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00231000 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2013-10-24 10:17 - 2015-05-14 22:06 - 01242560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00199256 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00161880 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2013-10-24 10:16 - 2015-01-20 20:20 - 02947672 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00072280 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00023128 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 01551960 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00962648 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00251480 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00032856 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00523352 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2013-10-24 10:17 - 2015-01-20 20:20 - 00074840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2014-05-17 08:11 - 2014-05-17 08:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2009-12-18 16:07 - 2009-12-18 16:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2014-10-18 13:23 - 2014-10-18 13:23 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2013-09-28 08:39 - 2010-11-06 04:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\dell.com -> dell.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-830139751-45031778-2959669199-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Von\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\startupfolder: C:^Users^Von^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Facebook Update => "C:\Users\Von\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{58653F96-35BC-4AAA-9CCE-F840D949778A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9568BE20-2AF7-4453-B915-70612F9514E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A303D73B-69E4-435D-9221-0F5E9F724BED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{17470ABC-D171-4203-8793-E955A0CBE53B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A2BCC203-63C4-4B97-AC38-8EA7E493A4EF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1DDB40A1-FB68-46CD-B76B-9A13DF775FAC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A320C21A-EE96-4DA1-8100-00EAE5F5C29E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{488D747B-F009-476F-A487-C78AFE54D4A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D063A5F0-EE4A-404C-823C-99ABE5117FD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8E7B69DF-304D-447F-B69F-F5C59C2A751D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AEDD88CA-56DF-47F3-9C75-5E8F3B90BF40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A211BEF2-8F83-450D-A012-3279F23A6A7D}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{6F8D76FE-0DA6-460C-80D0-4973D1EE7F08}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe
FirewallRules: [{4E06F173-F951-4299-8055-40F18809AF48}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe
FirewallRules: [TCP Query User{9FF2C89B-DEBA-498F-8DB3-0B6F0113B02E}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{49E9C577-8C29-432F-A274-231B855183AE}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [{C8E92EF7-957D-48BB-BC95-DAFAF1C7D00B}] => (Allow) LPort=8370
FirewallRules: [{7F53EDAD-E6DB-4C65-B38B-CCC9FB3C114A}] => (Allow) LPort=8370
FirewallRules: [{967BF24A-703F-445C-B65D-0E968EF646BF}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{40AB9DF5-8212-4C90-BF02-430612A1F3C7}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{03417E02-5F46-4C12-8397-593C578D68A5}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{B74B279D-BBF1-42C1-ABF1-42139CC342BB}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{A666E49E-63A2-4F6A-ADE0-F0186C8785FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{479B3E4F-D04C-40DD-AC9E-BB8E13D4C48C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CD187C1E-6BC9-48FE-A00A-51902EF82F08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{80160630-1405-4606-845F-4353626ADB23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5FD0A948-29F8-43E8-9719-C7E627427898}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FE8578DD-3D41-4BE5-AF9C-07367BFC109F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7D4EB281-7BCB-49AB-91E8-92010507B32D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FCB3DDAE-D8FE-4567-9BEB-F7EB550C5F11}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
 
FirewallRules: [{94F60C30-04B2-4E8B-A6F7-449D29D8283F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F0F5BD60-92F7-4EFD-9240-C46E69B2842C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3673D077-FCC7-49AB-94B8-DCE30A819CA3}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{252BD1EC-FEC6-46C4-8DBB-091A45AD64F8}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{ACE8121E-B91E-480F-B3F5-DB94286D892F}] => (Allow) LPort=6925
FirewallRules: [{0C8302FD-F48F-423A-838E-4B5488B9E72C}] => (Allow) LPort=6925
FirewallRules: [{54745310-DFBC-46B4-BA2E-DF678B584A6C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{9077517C-B243-4541-A70B-725A94808C20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EEFE3ED8-641F-4F7B-A5F6-C9EEC2F82C91}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EB1010DA-6D81-4112-87C9-F098C0788651}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{0E2086C7-88BA-4E0A-8855-68616F04D05D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{28F0D1EA-F614-4AB8-B5F2-D948A96D7C08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{26E18846-3789-4870-9EC3-E17A032C92CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{9566D0C5-582E-4B63-A801-96D52A0F4F2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{E8D6E3D3-5426-4B83-A77E-F2E3A37D06DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BBF6E463-AD19-4C25-9080-F687DE63D033}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{983165E9-A51A-41E6-8469-ECAB838B5A49}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{40478DD4-D1F5-4F9E-8B38-F38218B6E35D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{1D0A69EE-AA1A-4734-B3BF-57E83A14313F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EA76F805-11D9-411E-9A07-9D30C7898ACC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{DC789FF5-6B20-4BC2-B89E-61BE9C8C2AE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{17772B98-78AA-4A5F-9D77-67437F1B6518}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{3FBEF94C-AA64-4751-8275-DC8830615AEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5D58F236-D0BF-4538-B8F3-36B0E38B7924}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{2A6C9EC1-75EB-49FB-8BC6-2BF2FEBC3E20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{1BE938BB-5F7F-400E-8E5B-5421CF091DCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{471F6FAF-D776-465D-B075-3A4D0D2F2A63}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{691FFB72-3DF3-48F3-A05B-62CDA84D28F3}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{CBF8F3EC-9B2C-44F4-B997-3A1CABA992CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{1674F97D-17A3-4003-87A0-251384D8CD11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B91AF718-D29A-4776-BE36-64B8330781A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{E71997AA-DB00-4584-B4CD-3BD18B04F2AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{6D96F902-B192-42AF-A0E0-C7D6AF0349BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5CA9723E-BF0D-411E-85AD-1672FD558354}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{885260A3-27F2-4E76-8D4B-8BB79F40F03B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{983BB925-C382-4F1D-8FFB-4DC51D00BBA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{7BF800D6-344D-4CA8-B483-09510ECABD14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{CEA07F35-AF40-4C52-AA5C-E7CE692DBA2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{4FDB5C2C-2EE3-4235-9D79-476DFD4FA90D}] => (Allow) LPort=6966
FirewallRules: [{5FDC0D39-D2D4-4773-8F50-39D671C62513}] => (Allow) LPort=6966
FirewallRules: [{389AFADF-8F49-4EF6-A675-582558F692A3}] => (Allow) LPort=6909
FirewallRules: [{126FF730-E455-4793-B1BB-018370E1EEB3}] => (Allow) LPort=6909
FirewallRules: [{D2B1DC90-F901-4D0C-B392-4C054EC628F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{252202C8-6B3E-40AB-BCFC-048F7F097A0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{6D2E11FD-AA26-4F9E-AD86-F01CFE3BA859}] => (Allow) C:\GarenaDownload\Games\elsph\elsphInstaller.exe
FirewallRules: [{F1CDAA1C-76F8-4DC2-B33A-51F859028E32}] => (Allow) C:\GarenaDownload\Games\elsph\elsphInstaller.exe
FirewallRules: [{C07285F1-F4B6-49DB-B8CA-9FA976FC400B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B354623E-723F-4D99-BFD7-8F1B31CFD78B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EBEA1D4C-CD0F-4C9C-8B28-80047BDD35B8}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [{BA40E2D6-5036-46B2-B155-581E713E3404}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D769075A-2733-436B-8620-36F3E6EF6779}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{E27483EB-7DDB-4F1F-A990-8F7D42A06BD5}C:\users\von\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\von\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{87893D5F-BA85-4167-974B-ED24641E34FF}C:\users\von\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\von\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{54E190A0-DA15-491E-8C1C-4693C6AEA544}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6143CF8E-9CEB-48E1-9894-B397552766A0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{96DDE664-7DD3-4C8C-B6C2-F8F98286571E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{90AAFF99-16FC-4CA1-9858-A9B1E9C037E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{48C5398A-821A-4950-B522-A93A6BF48057}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{ABB48A56-EA03-4F4A-91E7-B2C57351C036}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{FDE7C8BD-89DB-4242-A695-43920F188D56}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E6139464-D412-4424-B73F-2D3DAF0CE126}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5FE71710-0052-4578-805E-6BA101568A51}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{834621D4-420E-4E2C-A7E4-4F76BB8912A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CB007AB2-6C07-4F12-B8FB-795E971500D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7331779E-A471-47C1-81F1-D532219D3F0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5524B4E9-7408-43AA-A994-9926F8C87074}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{5DFA2DB8-2753-42FD-A5E2-0BE35E52A51F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [TCP Query User{CD590199-D9A6-4741-8BEB-64E3DAD5A09C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{61C49713-032B-445B-8D89-EF0C236E4D2C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{C76B5788-F675-48FF-8C88-6376A5070C44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{45FFCDA6-791E-4960-8BC6-ADDAD9D78A75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{6B2A94E3-B7D4-4B04-B06B-F712FBB0B5E9}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{5CF283B3-50B2-4DD7-886F-F2E958D37FFC}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [TCP Query User{E24E57D6-F0CA-4E1E-A17A-1B8CC5E0F9E8}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{4D28E577-3088-4D73-83C6-2AD1F3830D73}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [{EEC9641E-2081-4AF9-A65C-DDBD09CFED77}] => (Allow) LPort=8370
FirewallRules: [{9201CCB2-ACAA-4033-BD8C-CD03FA405644}] => (Allow) LPort=8370
FirewallRules: [{44D31DB0-3C48-4B8A-9FDB-0ECA106D84B7}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{8B4627AA-DAD0-4DC2-B8C5-A700AAAEB140}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{19A89949-5539-4E52-9311-8E7511084A6B}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{3BA7CE4F-EC2E-4288-A863-9F05BBFFC59C}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{B90CF4C4-E4B6-4B2E-A30F-B4C8CE1A2753}] => (Allow) C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{ECA0DF0F-3AC7-4EF5-8EDE-589B56B22BD9}] => (Allow) C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{5DE988C6-9B94-4CAA-82D6-65015AC308A4}] => (Allow) LPort=6963
FirewallRules: [{C3214969-59F4-4FA7-830D-A4A44E22919B}] => (Allow) LPort=6963
FirewallRules: [{38ADB6DD-E299-43B2-AD8A-1F609C2B852A}] => (Allow) LPort=6916
FirewallRules: [{139C95AA-7C5E-47BF-B6E5-0332C332A6BC}] => (Allow) LPort=6916
FirewallRules: [{027D65BC-63AC-428A-903B-72E60C28EBB0}] => (Allow) LPort=6930
FirewallRules: [{A6144774-243E-4194-81C0-182BBFC3D57B}] => (Allow) LPort=6930
FirewallRules: [{65306482-FAEA-4587-B385-DC3644674B08}] => (Allow) C:\Users\Von\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{48E34F3B-7448-4F23-8624-190FB67EE7E6}] => (Allow) LPort=6904
FirewallRules: [{12B01026-9765-40EA-9D08-45CE673A3DE8}] => (Allow) LPort=6904
FirewallRules: [{94C44946-46AB-4EDF-AF15-2CC5E03456F9}] => (Allow) LPort=50248
FirewallRules: [{EFE743C1-82BD-424F-BF4B-049F8C897B33}] => (Allow) LPort=6973
FirewallRules: [{ED389E9E-2846-459D-8C2E-D46BBC94E7BF}] => (Allow) LPort=6973
FirewallRules: [{112E5EAC-91A5-4292-9F12-E9D1104506A6}] => (Allow) LPort=6917
FirewallRules: [{D9AFCE12-2E1C-44B4-ACB2-058EDF07A69F}] => (Allow) LPort=6917
FirewallRules: [{98417FFB-A1CD-4FC8-A967-D03525311A21}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{B5C73753-5775-4A4F-9EE3-6C10E239D83C}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{DBF24938-D5DF-41F7-A39E-8901D88BE6FB}] => (Allow) LPort=6945
FirewallRules: [{9C43A23E-1EB8-4CDF-A4C8-6F007C2BA3AB}] => (Allow) LPort=6945
FirewallRules: [{486040AA-915E-4133-AA4E-6BFDB328F3F0}] => (Allow) LPort=6962
FirewallRules: [{F4A369E8-4B57-4861-8400-98152FD79524}] => (Allow) LPort=6962
FirewallRules: [{95E033FA-3EA7-41E0-9DB6-71E68BBB8936}] => (Allow) LPort=6932
FirewallRules: [{F6BCC76A-0A83-4009-A454-C33CBD73429A}] => (Allow) LPort=6932
FirewallRules: [{89447BEE-1BB0-472D-80EE-879484E9A723}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F2E76DCD-9713-4B70-AD34-AC5E8921E163}] => (Allow) LPort=6992
FirewallRules: [{77C6A06A-B0DE-487F-BB52-8BFC6E8EBC14}] => (Allow) LPort=6992
FirewallRules: [{73E25E22-0543-4C29-B8BA-FC9490978085}] => (Allow) LPort=6981
FirewallRules: [{14842317-F6AA-4791-9444-EDD5C377AA38}] => (Allow) LPort=6981
FirewallRules: [{0CB59091-7280-4BF5-B34F-922E9C31EA79}] => (Allow) LPort=6931
FirewallRules: [{6FAD9FE1-F0C8-49AD-AC59-8CE7031D7D48}] => (Allow) LPort=6931
FirewallRules: [{6A80B20D-5425-4F58-BD20-3B73645AD6B4}] => (Allow) LPort=6961
FirewallRules: [{05275FAE-307E-452C-9A4D-B45368B8748C}] => (Allow) LPort=6961
FirewallRules: [{A586FE12-38CE-4DAC-9F06-19DC8F6A5B70}] => (Allow) LPort=6911
FirewallRules: [{A94B6E2E-E92A-4DD7-B028-2B554C6CB1C1}] => (Allow) LPort=6911
FirewallRules: [{844E309B-9633-4A9D-87AA-FEB285F465DC}] => (Allow) LPort=6926
FirewallRules: [{A63FE3D1-9112-4A38-9127-63CDE2A2FEE5}] => (Allow) LPort=6926
FirewallRules: [{030469B8-F120-4C7B-BBB9-1A28AB537A35}] => (Allow) LPort=6947
FirewallRules: [{D6E3CE0F-083C-4CF3-8132-227655B5BCEC}] => (Allow) LPort=6947
FirewallRules: [{F0FDB410-6514-44F9-859E-B514F3DC49FC}] => (Allow) LPort=6935
FirewallRules: [{5882427E-0FC7-4547-82A2-0E3B6A115211}] => (Allow) LPort=6935
FirewallRules: [{6DC23451-ADC1-4D29-8C6B-C18715584984}] => (Allow) LPort=6980
FirewallRules: [{40C43296-A980-4B41-ABC6-6DA45938B41B}] => (Allow) LPort=6980
FirewallRules: [{805697B2-E8A5-4BA2-AB7B-5C869666922E}] => (Allow) LPort=6937
FirewallRules: [{4BB22DA5-0677-4FCB-8F55-46A6C4F9DABA}] => (Allow) LPort=6937
FirewallRules: [{5C496452-7FC1-4A1E-A39D-6914915B4723}] => (Allow) LPort=6993
FirewallRules: [{397578A4-1D20-4E69-8AAA-18037D7AA9B0}] => (Allow) LPort=6993
FirewallRules: [{DD63B039-B0E1-4DE3-8E3E-C5AE592F578F}] => (Allow) LPort=6893
FirewallRules: [{3758BDB2-FF25-4819-8599-8F4D8A6A7417}] => (Allow) LPort=6893
FirewallRules: [TCP Query User{A783E43F-8054-4494-82E0-E38096BD10F9}C:\users\von\desktop\2k games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\users\von\desktop\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{6E49F92F-7A68-4B05-8A7E-E757DBA11CEA}C:\users\von\desktop\2k games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\users\von\desktop\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{504E67B5-2DC3-4A36-9615-874F38A6B8EB}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{D9CCADFB-513F-44D9-9844-1F6686BECF74}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{735DF379-95BA-4AC1-AC1C-4E9FE06F311A}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{7AED47CB-0506-4561-96A3-96505726F857}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{C0F7BC5D-F4F7-4EAA-972A-E88ADD2D621D}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{37C09FE3-29F2-4DDB-91C5-2EF4BCE6F8E8}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{015998B4-CBAA-4165-9A0B-808C3052131B}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{42E4437B-F99D-410F-9983-E6832DE31B40}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{DFAEB44F-DFAD-4407-9BAB-5252A3D050B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{FB2576E1-328F-41DE-B955-982036F810E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{820D157C-DB9C-4618-AF8E-4FFCA398BD73}] => (Allow) LPort=6934
FirewallRules: [{8377A94C-365A-49E3-9AF4-5319AF6AF238}] => (Allow) LPort=6934
FirewallRules: [{F1433F74-F25A-4FF7-844E-0CCC66DCE386}] => (Allow) LPort=6917
FirewallRules: [{E76A62B4-37A2-4805-99FB-408190CD198A}] => (Allow) LPort=6917
FirewallRules: [{7CE1ED74-7094-4E57-BE31-4E35163727CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ACF35BC8-4E65-4BE7-907F-C68BADE3B4A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E0A56A7-E6E9-4AC1-BD4C-AB9DA92C1BA5}] => (Allow) LPort=6943
FirewallRules: [{AA7C6E52-ACA2-435B-A9BE-1F2B8031A1D2}] => (Allow) LPort=6943
FirewallRules: [{DF04F52F-707C-4459-8B5A-C2CFDE7392CD}] => (Allow) LPort=6903
FirewallRules: [{4870C10D-B36E-4E21-A69C-77AC2E7BC42E}] => (Allow) LPort=6903
FirewallRules: [{A239FED8-C0B5-4FFB-B9A5-86A6804BF2E5}] => (Allow) LPort=6983
FirewallRules: [{B90ED79C-73ED-45EA-8BC9-77001F878C63}] => (Allow) LPort=6983
FirewallRules: [TCP Query User{74AF9D95-E9A3-44F8-8844-0C8475A6C1E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F8817194-DAA8-4968-9170-2538B6DC8F82}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C6F34985-55FD-4A6C-B100-23F3C4F677B6}] => (Allow) LPort=6912
FirewallRules: [{92394650-4C47-4A65-8E0A-2F7BC2B6F15A}] => (Allow) LPort=6912
FirewallRules: [{42C3609E-D66A-4006-BD4E-DF7B5E8BE17B}] => (Allow) LPort=6898
FirewallRules: [{64A2C3B1-BA3F-4DB6-BA15-022C46DC9BC7}] => (Allow) LPort=6898
FirewallRules: [{2157905E-8688-412E-9A9A-DC845A9C79B8}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{20E7FE83-D34A-42BC-A6E4-E74BB7D50E9B}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{8D9EABB0-87FB-469F-B260-0305CFA1ADDB}] => (Allow) LPort=8393
FirewallRules: [{1716DDD2-8FE0-42EF-88D4-97388204ACED}] => (Allow) LPort=8393
FirewallRules: [{4049228A-2FC6-499B-86DA-2D254DFBFD77}] => (Allow) LPort=8390
FirewallRules: [{BF101257-250D-43C5-85D6-14F6FC7CEF06}] => (Allow) LPort=8390
FirewallRules: [{771B2EC3-9611-4B99-B5B8-4B4F3BF9682A}] => (Allow) LPort=6995
FirewallRules: [{034BDB4E-9B1D-4514-9ECD-D8D2BCC027CA}] => (Allow) LPort=6995
FirewallRules: [{F0DBAC5D-C275-41F0-837E-9FB3F0E14582}] => (Allow) LPort=6957
FirewallRules: [{B74BF661-4CBE-4E3C-940C-C27F90C6DA31}] => (Allow) LPort=6957
FirewallRules: [{19459B20-7555-4399-9D6A-CFED71314B41}] => (Allow) LPort=6977
FirewallRules: [{2443C7D6-A00E-47D2-81E6-E12FF3807179}] => (Allow) LPort=6977
FirewallRules: [{0B12DF25-613D-4312-B0DA-7D08BC390523}] => (Allow) LPort=6984
FirewallRules: [{5AF4C62C-F819-4D5C-BCA6-ED2D5B29F191}] => (Allow) LPort=6984
FirewallRules: [{DCD0B873-C984-47E8-97CA-862C81131C17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A8EC008C-AE44-4BE9-B9C3-2858ABEEDF72}] => (Allow) LPort=6961
FirewallRules: [{43617698-1335-42AE-90B8-3B51ACF4C5B2}] => (Allow) LPort=6961
FirewallRules: [{7A55F2AC-2E7B-4DFE-9C36-399F64005630}] => (Allow) LPort=6895
FirewallRules: [{49402942-E979-4F18-9C03-58D50266FBAF}] => (Allow) LPort=6895
FirewallRules: [{C3E7EDC3-BFEC-4BB9-AF78-3074BB7C94F7}] => (Allow) LPort=6941
FirewallRules: [{17F471C8-E256-4CA6-8D77-75771DE86278}] => (Allow) LPort=6941
FirewallRules: [{091506F0-7228-4691-B59D-3CC1979C215C}] => (Allow) LPort=6945
FirewallRules: [{DCAB5DD4-906E-49C0-A5E1-335036CA0EA4}] => (Allow) LPort=6945
FirewallRules: [{E479F68A-43DE-45C8-9FEC-A250973704B1}] => (Allow) LPort=6947
FirewallRules: [{8592B7A6-97A4-453D-87E2-E33C2D793579}] => (Allow) LPort=6947
FirewallRules: [{99367E62-02AF-47A0-9274-10940197AADB}] => (Allow) LPort=6931
FirewallRules: [{574ABA4C-43C1-4A97-942B-A6673D8E9F46}] => (Allow) LPort=6931
FirewallRules: [{C23A28AC-83B9-4A4C-BD1D-515341E919C0}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{6CFECDC8-834E-499F-8D77-A28B03B5908C}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{D68D2256-8BD7-4EB1-A424-475340974F3F}] => (Allow) LPort=8393
FirewallRules: [{AA1F9EB3-1BF9-4BC6-9177-3941AF99B395}] => (Allow) LPort=8393
FirewallRules: [{D64FE8DD-87EA-4441-92BC-43B012848E4F}] => (Allow) LPort=8390
FirewallRules: [{5B5D3E77-4155-4667-8C79-EC889F89C90A}] => (Allow) LPort=8390
FirewallRules: [{2984F6A5-AE20-4168-B243-284C8BFCAEBB}] => (Allow) LPort=6942
FirewallRules: [{475E7905-F739-4175-9624-CC2FD9A87F69}] => (Allow) LPort=6942
FirewallRules: [{D6ED8B4A-ABD3-458C-9124-8FE591AF25F0}] => (Allow) LPort=6915
FirewallRules: [{F068A345-473A-4972-AA68-01A692258FED}] => (Allow) LPort=6915
FirewallRules: [{6D9F4A9A-D961-42B4-A19B-FA29823C7DBD}] => (Allow) LPort=6930
FirewallRules: [{BD0277BF-7A96-4F9A-B1E3-56F26DC2E9F4}] => (Allow) LPort=6930

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2015 02:22:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 02:13:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:57:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:48:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:37:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:34:16 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

Error: (05/26/2015 01:15:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:04:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:01:56 AM) (Source: Microsoft-Windows-EFS) (EventID: 4376) (User: NT AUTHORITY)
Description: EFS Service failed to start. Error code: 0x80070013.

Error: (05/25/2015 02:00:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.


System errors:
=============
Error: (05/26/2015 02:26:08 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (05/26/2015 02:26:06 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (05/26/2015 02:26:04 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (05/26/2015 02:26:02 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (05/26/2015 02:26:00 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (05/26/2015 02:25:58 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (05/26/2015 02:25:56 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (05/26/2015 02:25:54 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (05/26/2015 02:25:52 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (05/26/2015 02:25:50 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.


Microsoft Office:
=========================
Error: (05/26/2015 02:22:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 02:13:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:57:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:48:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:37:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:34:16 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

Error: (05/26/2015 01:15:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:04:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 01:01:56 AM) (Source: Microsoft-Windows-EFS) (EventID: 4376) (User: NT AUTHORITY)
Description: 181750x80070013

Error: (05/25/2015 02:00:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.


CodeIntegrity Errors:
===================================
Date: 2015-05-26 01:33:45.636
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-26 01:33:45.616
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 25%
Total physical RAM: 8139.86 MB
Available physical RAM: 6032.34 MB
Total Pagefile: 16277.93 MB
Available Pagefile: 14034.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:518.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1B072A5C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of log ============================
 
redtarget.gif

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

redtarget.gif
Your Event Viewer list number of these errors:
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
Click to expand...
Click Start button and in "Start search" type:
cmd
Hold CTRL and SHIFT buttons and press Enter.
Command prompt window will open.
Paste this in:
chkdsk /r (<------watch for "space")
Press Enter.
Chkdsk will run.
Reboot.
Download ListChkdskResult.exe (by SleepyDude) from the link below:
https://dl.dropboxusercontent.com/u/12354842/My Tools/ListChkdskResult.exe
Double click on it to run it. It will take a few seconds to scan, then it will open a Notepad window with the log. Copy and paste the contents of this into your next post
 

Attachments

  • fixlist.txt
    1 KB · Views: 1
After downloading the files from safe mode, I booted normally. While booting up, the computer flashed the CHKDSK screen for a second and continued booting. Was that supposed to happen? Anyway, I did the Fix and no such error from Event Viewer showed up, do I still need to do checkdisk and listcheckdiskresult?

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Von at 2015-05-26 10:20:27 Run:1
Running from C:\Users\Von\Desktop
Loaded Profiles: Von (Available Profiles: Von)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-830139751-45031778-2959669199-1000\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-830139751-45031778-2959669199-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR StartupUrls: Default -> "hxxp://us.yahoo.com/", "hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=48&cc=&mi=f612cf1400000000000068942397016a&toi=16079"
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
2014-01-09 21:17 - 2014-01-09 21:17 - 0000132 _____ () C:\Users\Von\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-09-26 05:52 - 2014-09-26 05:52 - 0045270 _____ () C:\Users\Von\AppData\Roaming\room_v3.dat
2014-04-08 16:35 - 2014-09-09 21:41 - 0007607 _____ () C:\Users\Von\AppData\Local\Resmon.ResmonCfg
C:\Users\Von\AppData\Local\Temp\avgnt.exe

*****************

HKU\S-1-5-21-830139751-45031778-2959669199-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value Removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\S-1-5-21-830139751-45031778-2959669199-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key Removed successfully
Chrome StartupUrls Removed successfully
catchme => Service Removed successfully
GGSAFERDriver => Service Removed successfully
C:\Users\Von\AppData\Roaming\Adobe PNG Format CS5 Prefs => Moved successfully.
C:\Users\Von\AppData\Roaming\room_v3.dat => Moved successfully.
C:\Users\Von\AppData\Local\Resmon.ResmonCfg => Moved successfully.
C:\Users\Von\AppData\Local\Temp\avgnt.exe => Moved successfully.

==== End of Fixlog 10:20:27 ====
 
When I booted, computer automatically did a CHKDSK. Do I have to do another? or just listcheckdiskresult this one?
 
If yes, then this is the log. It is also noted that the problem still persists. :(

Log:

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 5/26/2015 1:28:31 PM >------
Category: 0
Computer Name: Von-PC
Event Code: 1001
Record Number: 409063
Source Name: Microsoft-Windows-Wininit
Time Written: 05-26-2015 @ 05:26:19
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
The attribute of type 0x80 and instance tag 0x4 in file 0x849e
has allocated length of 0x38000 instead of 0x1000.
Deleting corrupt attribute record (128, "")
from file record segment 33950.
291328 file records processed.

File verification completed.
952 large file records processed.

0 bad file records processed.

0 EA records processed.

61 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
416866 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
291328 file SDs/SIDs processed.

Cleaning up 74 unused index entries from index $SII of file 0x9.
Cleaning up 74 unused index entries from index $SDH of file 0x9.
Cleaning up 74 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 33950.
62771 data files processed.

CHKDSK is verifying Usn Journal...
37062760 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

732469247 KB total disk space.
187319696 KB in 218860 files.
127672 KB in 62771 indexes.
0 KB in bad sectors.
418011 KB in use by the system.
65536 KB occupied by the log file.
544603868 KB available on disk.

4096 bytes in each allocation unit.
183117311 total allocation units on disk.
136150967 allocation units available on disk.

Internal Info:
00 72 04 00 2c 4c 04 00 8b 76 07 00 00 00 00 00 .r..,L...v......
45 04 00 00 3d 00 00 00 00 00 00 00 00 00 00 00 E...=...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: Von-PC
Event Code: 1001
Record Number: 408630
Source Name: Microsoft-Windows-Wininit
Time Written: 05-25-2015 @ 05:17:57
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
291328 file records processed.

File verification completed.
950 large file records processed.

0 bad file records processed.

0 EA records processed.

63 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Unable to locate the file name attribute of index entry Resource.dat
of index $I30 with parent 0xf2c8 in file 0x35ab.
Deleting index entry Resource.dat in index $I30 of file 62152.
417566 index entries processed.

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file ~FONTC~1.DAT (1190) into directory file 2140.
Recovering orphaned file ~FontCache-FontFace.dat (1190) into directory file 2140.
Recovering orphaned file Resource.old (13739) into directory file 62152.
Recovering orphaned file LASTAL~1.DAT (25954) into directory file 2140.
Recovering orphaned file lastalive0.dat (25954) into directory file 2140.
Recovering orphaned file SEPE53F.tmp (42488) into directory file 3594.
5 unindexed files scanned.

Recovering orphaned file ETILQS~1 (61836) into directory file 3594.
Recovering orphaned file etilqs_w0ey1zWVS0zfKSi (61836) into directory file 3594.
0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
291328 file SDs/SIDs processed.

Cleaning up 157 unused index entries from index $SII of file 0x9.
Cleaning up 157 unused index entries from index $SDH of file 0x9.
Cleaning up 157 unused security descriptors.
Security descriptor verification completed.
63120 data files processed.

CHKDSK is verifying Usn Journal...
36742816 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

732469247 KB total disk space.
185944880 KB in 218957 files.
127696 KB in 63121 indexes.
0 KB in bad sectors.
417739 KB in use by the system.
65536 KB occupied by the log file.
545978932 KB available on disk.

4096 bytes in each allocation unit.
183117311 total allocation units on disk.
136494733 allocation units available on disk.

Internal Info:
00 72 04 00 ea 4d 04 00 3c 7a 07 00 00 00 00 00 .r...M..<z......
3c 04 00 00 3f 00 00 00 00 00 00 00 00 00 00 00 <...?...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: Von-PC
Event Code: 1001
Record Number: 407959
Source Name: Microsoft-Windows-Wininit
Time Written: 05-22-2015 @ 16:27:38
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
291328 file records processed.

File verification completed.
1073 large file records processed.

0 bad file records processed.

0 EA records processed.

63 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
417196 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
291328 file SDs/SIDs processed.

Cleaning up 1456 unused index entries from index $SII of file 0x9.
Cleaning up 1456 unused index entries from index $SDH of file 0x9.
Cleaning up 1456 unused security descriptors.
Security descriptor verification completed.
62935 data files processed.

CHKDSK is verifying Usn Journal...
36072080 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
291312 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
136005780 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

732469247 KB total disk space.
187903840 KB in 214222 files.
125216 KB in 62936 indexes.
0 KB in bad sectors.
417067 KB in use by the system.
65536 KB occupied by the log file.
544023124 KB available on disk.

4096 bytes in each allocation unit.
183117311 total allocation units on disk.
136005781 allocation units available on disk.

Internal Info:
00 72 04 00 b2 3a 04 00 a5 52 07 00 00 00 00 00 .r...:...R......
40 04 00 00 3f 00 00 00 00 00 00 00 00 00 00 00 @...?...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
 
Let's see about your connection...

Go Start>Run (Start Search in Vista/7), type in:
msconfig
Click OK (hit Enter in Vista/7).
Windows 8/8.1 users. Press Windows logo key
aa922834-ed43-40f1-8830-d5507badb56c_91.jpg
and start typing the following:
msconfig
Press Enter.

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?
 
Broni thanks for all the help, my connection is behaving correctly now that I booted my computer in normal mode. Do I still need to do the last thing you instructed?
 
In that case no.
Good news :)

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
checkup.txt :

Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Avira Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (38.0.1)
Google Chrome (42.0.2311.135)
Google Chrome (42.0.2311.152)
Google Chrome (43.0.2357.65)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

FSS Log:

Farbar Service Scanner Version: 17-01-2015
Ran by Von (administrator) on 27-05-2015 at 23:51:28
Running from "C:\Users\Von\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back